When the UK Presidency suggested to the EU that telecoms service providers and ISPs should be forced to retain information about the telephone calls you make and the sites you visit, they stated that it was an essential "balance" struck between liberty and security: a grave compromise necessitated by the threat of terrorism and serious crime. We don't remember them mentioning "and might help the recording industry fish for file-sharing networks, DRM workarounds, and spurious patent infringers". The newly-formed Creative and Media Business Alliance (CMBA), made up of companies such as Sony BMG, Disney, EMI, IFPI, MPA and Universal Music International, this week expressed an interest in communications traffic data so that they can more easily prosecute "intellectual property infringements". Thanks to a combination of two fast-tracked EU directives, they may just get their wish: and allow a UK plan to limit civil liberties to turn into a privacy-invading free-for-all by the entertainment lobby. Data Retention to Fight Piracy? This week, the CMBA emailed all MEPs (Word doc), calling for the data retention legislation currently under discussion in Europe to be widened far beyond its original scope. The CMBA want data retention legislation to be an "effective instrument in the fight against piracy", and believes that "the conditions set out in the proposal are too restrictive and would create obstacles to law enforcement in a number of situations. Moreover, many amendments submitted, including to the Industry Committee, seek to further reduce the scope of the Commission proposal." You can read and cross-reference the amendments that the CBMA object to here, and here. These amendments are some of the few that try to rein in already bad legislation which may well violate the European Convention on Human Rights. For these companies, however, industry interests trump democracy, human rights and civil liberties. The CMBA demands:
1. The scope of the proposal should include all criminal offences The Directive, as proposed, is limited to "the prevention, investigation, detection and prosecution of serious criminal offences such as terrorism and organized crime" (Article 1.1). The position of the CMBA is that the scope of the proposal should be extended to all criminal offences. Limiting the proposal to "serious" offences would hamper the effectiveness of the Directive and the enforcement activities for other forms of criminal offences.Liberal Democrat MEP Bill Newton Dunn has already helped the industry out here, by requesting that the word 'serious' be removed from the legislation:
Original version: "...data is available for ... prevention, investigation, detection and prosecution of serious criminal offences, such as terrorism and organised crime." Dunn version: "... data is available for ... investigation, detection and prosecution of criminal offences."Remember that under current EU law, copyright criminals include not just large-scale commercial infringement operations, but thanks to the EUCD, also anyone who sells or "distributes ... as to affect prejudicially the copyright owner" circumvention devices or components. In other words, if you put the DeCSS code on a web page - six months of phone calls and sites visited may be used against you. Or if you reveal that putting tape on a CD will circumvent Sony rootkits. Furthermore, the CMBA demands:
3. The access and use of data for law enforcement purposes must not be limited. If the proposed directive is limited, in particular in its scope, it must be clear that it does not preclude the possibilities to obtain data for the enforcement of rights under EU or national legislation, in compliance with Data Protection rules. The possibility for law enforcement authorities to use data in other cases, to be determined by national law or other EU instruments, is essential, otherwise there will be no way to prosecute the infringements that are not covered by this proposal.Whether or not you agree with the need to retain traffic data for fighting terrorism and serious crime, there can be no benefit to national security from allowing the creative industries to use this information for prosecuting simple "infringement" cases. Copyright Criminals Now tie this in with IPRED2, another nasty bit of legislation which criminalises all "intellectual property" infringement on a commercial scale and "aiding and abetting such infringement", with very thin definitions of what "commercial scale" or "intellectual property" means. The two directives together become even more alarming. IPRED2 mandates that the police work with rightsholders to pursue suspected cases of IP infringement - including patent infringements - or merely vocal encouragement of infringement. And the Data Retention directive provides them with reams of data they can mine for evidence against these suspected infringers. At the latest IPRED2 hearing, that's exactly what the CBMA's parent organisation, the International Federation of the Phonographic Industry (IFPI), demanded. This opens up a very ugly can of worms where entire industries can get unparalleled powers of investigation, provided at the taxpayer's expense. Moreover, if the CMBA get their way, the number of data retention enquiries that the telcos and ISPs will have to process will be far higher than if restricted to terrorism and serious crime. This will put far more pressure on the telcos and ISPs who will not only have to bear the cost of storing the data, but also of providing access to the information to the authorities. So, why is this important right now, this minute? Both Data Retention and IPRED2 are being frogmarched through the European Parliament at an alarming speed. Votes are being held by three committees over the next few days on Data Retention, with secret meetings going on in the background between the Council, the Commission and the Parliament, with the aim of reaching a tacit agreement on what this legislation should look like. On 13 December 2005, the Parliament votes on the Data Retention directive. Usually, they get two stabs at it, with the Council having a say in between. This time, they get just one vote. This time, MEPs will have just a few days between being presented with the proposed legislation as drawn up in the secret meetings and being expected to come to an informed, considered decision on whether it should become law. Word has it that there are some MEPs who do not even realise that this is a single reading process - they are expecting the normal two reading process instead. Most MEPs have probably not been following the debate around Data Retention in detail, and giving them just a few days to absorb, understand, and analyse the proposals will ensure that, by the time they must cast their vote, they will through no fault of their own still not be in a position to make a reasoned decision. This is not democracy. What can you do? Email your MEP now. Tell him or her that you oppose Data Retention, and that you are concerned about the way it is being rushed through the European Parliament. Read this pamphlet (sent to all MEPs by EDRI) for talking points to discuss. Read up about IPRED2. With all the work going on with software patents and data retention, IPRED2 has not had the coverage it deserves. The FFII (the Foundation for a Free Information Infrastructure) has been doing a fine job tracking it, but it needs more exposure. Blog about your concerns and encourage your readers to contact their MEP and particularly the Green Party, who may yet play a vital role in protecting your civil liberties by tabling a rejection of the Data Retention proposal. The recording industry and the UK presidency are determined to get their way through stealth, not debate. We can't let the European Parliament sleep-walk their way into these statutes.