According to the proposal, governments would require communication service providers — such as telecoms companies and Internet service providers — to store information about every communication made by each of their customers. This could include location data of mobile phones, lists of websites visited, all details of phone calls made including the caller and recipients, and details of emails and text messages sent. In addition, companies that temporarily retain indi vidual customer information for billing purposes would be required to keep it in a form accessible to law enforcement and other government agencies for between one and three years.
Business supports and assists law enforcement efforts to fight crime and terrorism in a legally compliant way, but inconsistent and disproportionately heavy implementation requirements will drain limited industry and government resources without strengthening cooperation between law enforcement authorities and communication service providers.
Last year, ICC was part of a coalition of industry organizations – including the Union of Industrial and Employers’ Confederations of Europe, The European Information and Communication Technology Association and the International Telecommunications Users Group – that urged governments to consider data preservation as an alternative to the wide scale, mandatory rules imposed by communications data retention. Data preservation allows for specific data to be ‘frozen’ until law enforcement agents can access it using a legal warrant. The measure was agreed upon in the Council of Europe Convention on Cybercrime.
Philippe Wintrebert, chair of the ICC Task Force on Telecoms Policy, said: “It is extraordinary to see council members calling industry to retain traffic for one to three years or more when senior member state experts to the European Commission have repeatedly cautioned governments about the legality of any whole scale traffic data retention measure of greater than 12 months. It is also striking that two of the countries proposing this measure (Sweden and Ireland) stated in 2002 that they saw no clear need for it. Where is the business case for data retention on this scale? We need to fight terrorism and serious crime – but not by crippling the communications sector and destroying public confidence”.
Business is deeply concerned that the costs and technical difficulty of data retention and subsequent access to data, and the damage to user confidence, make data retention a far less effective alternative to data preservation. Business is also concerned that the wide-ranging definitions of data included in the proposal could include any type of communications-related device.
ICC maintains that data storage requirements should not exceed what is necessary to achieve law enforcement objectives, and should exhaust less intrusive measures such as data preservation first. An open dialogue between governments and industry is paramount to ensure that law enforcement authorities get the support they need from communication providers while avoiding exorbitant technical and financial burdens on business.