Books I have co-authored

Data retention has been around for decades

Currently there is a heated debate in Sweden in which privacy advocates and civil rights activists are criticizing the EU directive about tele traffic data retention (Directive 2006/24/EC). The EU directive requires operators to store traffic information about every phone call that is made, every SMS, every website visited, etc. for a period of up to two years.

A fact that is unknown to most of the general public is that data retention has existed for decades in the billing system of Telia (Televerket). Ever since Televerket (the predecessor to Telia) installed mainframe computers in ancient times (in the 1970s?) for their invoicing it has been possible to extract traffic data from the systems. Televerket stored the information until they got paid. It was important for them to be able to prove that a call had been made if a customer challenged the invoice in court.

This has also been used by the police. In the mid 1990s (when I worked at Telia) I was told that the process looked like this: If the police got a court order and requested traffic data for a certain phone or phone call, Telia charged a consulting fee for manually extracting the information. The databases were not built for extracting information in this way and a typical fee would be between 2000 and 5000 Euros. And there was no guarantee that the information could be extracted.

The complicated procedure and the high costs put a natural cap to the extent of usage. This is a system I think most people would accept. The information is stored by the operators themselves and the systems are not designed for easy mass extraction.

If the police want to extract information they first need a court order and then they have to pay overpriced consulting hours for the operator’s technicians to perform the extraction. Even though the procedure is much cheaper today it takes time and costs money, which raises the bar for overusage and abuse.

In an ideal world I could accept tele data retention being used to combat serious crime. But that would require very strong measures against mission creep, a constitutional court that could enforce civil liberties, and respect for due process and the rule of law throughout the system. Unfortunately, reality is far from this ideal with rampant mission creep and more and more intrusive surveillance systems. Therefore I am against data retention.

An additional factor is that the build-out of the surveillance society is a threat to the growth of the tech sector. One example is Germany, where data retention has already made people wary of calling drug abuse helplines. Will consumers be afraid of using GPS in their mobiles if they suspect that they can be positioned in real-time? Will consumers have their mobiles turned off to avoid being positioned? Will people begin to feel a general uneasiness about electronic communication in general if they suspect that their most private messages will be stored and may be leaked from a secret unaccountable security bureaucracy?

This article has previously been published on my Swedish blog.

Comments are closed.