The European Court of Justice (ECJ) has today modified its case law on indiscriminate communications data retention and authorised the use of retained internet connection data for the prosecution of file sharing. Pirate Party Member of the European Parliament and long-time opponent of blanket data retention Patrick Breyer comments:

‘First the Court permitted blanket internet connection data retention to prosecute child sexual abuse imagery and other serious offences. From today on our retained online behaviour can be disclosed for the prosecution of file sharing and other petty offences. That is why we must do everything we can to prevent indiscriminate data retention in the first place. The EU is already working behind the scenes to make internet data retention mandatory again. We Pirates will fight for citizen’s right to use the Internet anonymously!

IP data retention is like every citizen having a visible licence plate hung around their neck and having it recorded at every corner. No one would put up with such a total recording of their daily lives. IP data retention places every internet user under general suspicion and make the internet usage of the entire population, which reflects our most intimate preferences and weaknesses, traceable. Such total recording jeopardises crime prevention through anonymous counselling and pastoral care, victim support through anonymous self-help forums and also the free press, which relies on anonymous informers. 99.99% of this data is completely useless, as it concerns citizens who are never even suspected of committing a crime.’
Patrick Breyer

Background: EPP chairman Manfred Weber called for EU IP data retention legislation on Saturday. Meanwhile, the so-called #EUGoingDark working group is preparing such legislation on behalf of the EU Commission and EU government.

Information on data retention

https://www.patrick-breyer.de/en/pirates-on-data-retention-judgement-where-theres-a-trough-the-pigs-will-gather/

Data retention

Data retention is the collection of information about a person’s location and communications from phone, text, email or other services.

^{Patrick Breyer}

Europol has published its Internet Organised Crime Assessment (IOCTA) (PDF). The report assesses the cybercrime landscape and describes how threads have changed over the last two years.

Patrick Breyer MEP (German Pirate Party / Greens/EFA) and digital freedom fighter, comments:

“Europol’s support for indiscriminate data retention does not reflect the facts. The agency’s report identifies real threats that can’t be addressed with data retention or any other means of blanket mass surveillance of all citizen’s communication data. It is time for Europol and the European Union in general to refocus on targeted investigations and strenghening civil society.”

Europol’s role in the “Going Dark” program (#EUGoingDark)

In the report the European Union’s law enforcement agency focuses on cybercrime-as-a-service, underground communities, criminal markets for stolen credentials and victim data as well as on fraud strategies.

As member of the High-Level Expert Group on access to data for effective law enforcement which is also know as the “Going Dark” program Europol is tasked to “contribute to integrating a law enforcement perspective, including privacy and data protection requirements, in all relevant EU policies and actions (‘security by design’)” and to “explore how security by design could be a standard requirement in the development of new technologies.” Most pressing “challenges” identified are: Encryption (access, en clair, to stored content and digital communication data), data retention of localisation data and roaming data, as well as anonymisation, including VPN and Darknets. (Council document 8281/23 https://data.consilium.europa.eu/doc/document/ST-8281-2023-INIT/en/pdfPDF)

Europol is a strong proponent of reintroducing provisions on the indiscriminate retention of citizen’s communications metadata such as IP addresses. In 2018 the agency was unsuccessful with a “Data Retention Matrix” – a proposal to introduce data retention in the European Union. (WK 3005/2018 INIT PDF)

Organised criminals can circumvent data retention – most law-abiding citizens cannot

According to the Internet Organised Crime Assessment Europol observes “a high level of specialisation inside criminal networks” and the agency faces the development that “[o]ffenders (…) mask their actions and identities as their knowledge of countermeasures increases.”

Patrick Breyer MEP comments:

“Europol’s report confirms the fact that blanket data retention is unsuitable for fighting organised crime because it can easily be circumvented, for example by using anonymisation services. What is needed instead of bulk storage of citizen’s communications meta data are fast, well equipped and targeted investigations.”

The role of Internet Service Providers

In the report, Europol presents Internet Service Providers as service providers for crimes: “Many Internet Service Providers (ISPs) frequently used by criminals do not engage in extensive customer monitoring practices such as Know-Your-Customer (KYC) procedures and storing of customer and metadata (e.g. IP address)”

Patrick Breyer MEP comments:

“Europol places Internet Service Providers under general suspicion and seems to expect them to violate privacy legislation. We have a right to use the Internet anonymously! Targeting ISP’s privacy policies is like generally blaming landlords for domestic violence.
The task and duty of Internet Service Providers in democracies is to enable citizens to communicate securely and confidentially.”

Child grooming

The report finds that “[c]hild sexual exploitation offenders make extensive use of social media to engage with their victims, interacting with them often behind a false identity. (…) Child sexual exploitation offenders groom victims in order to obtain sensitive information that can be then exploited for extortion purposes.”

Patrick Breyer MEP comments:

“In fact Europol’s report rightly underlines the need for better education and training of (potential) victims, especially children and teenagers. Instead of data retention and other means of mass surveillance, we need more competent and better equipped social workers, training young people on perpetrator strategies and how to defeat them, anonymous online counselling, awareness programs, privacy-friendly design of social media platforms and other measures that actually address the
problem.”

Prevent data theft

Addressing the economics of cybercrime Europol finds that “the central commodity of this illicit economy is stolen data”.

Patrick Breyer MEP comments:

“Europol’s report underlines the importance of privacy, anonymity and encryption to protect citizens from identity theft and other crimes. Bulk retention of personal data provokes hacks and leaks. Only data that is not being stored is secure data.”

https://www.patrick-breyer.de/en/europol-report-insistence-on-data-retention-contradicts-the-threats-presented/

Conference: Media freedom & journalists under pressure : the cases of Assange and Radi & the way forward ahead of EU elections

Together with the law firm Jus Cogens, Patrick Breyer and Saskia Bricmont are delighted to invite you to the conference on Media Freedom and Journalists under pressure that will take …\n

^{Patrick Breyer}

The EU High-Level Group (HLG) on access to data for effective law enforcement, also known as the #EUGoingDark group, is consulting non-governmental organisations today. Newly published documents confirm criticism by Pirate Party Members of the European Parliament.

MEP Patrick Breyer (Pirate Party / Greens/EFA) comments:

„The #EUGoingDark work group should be dissolved! I have received the answer to my latest request for documents conceding that this group sees itself as “first step in the preparatory process of possible legislative proposals” (PDF). This makes it clear that undemocratic preliminary negotiations are conducted here with the predefined goal to re-introduce EU-wide blanket data retention of citizen’s communications data, to undermine secure encryption and to introduce the »Security by Design«-concept that should better be called »Surveilance by Design«. The group is undemocratic because NGOs and scientists are prevented from participating on an equal footing. How is equal participation supposed to work if NGOs have access neither to the actual meetings of the group and its sub-groups, nor to other participants nor to the actual work documents? It must be assumed that today’s input of NGOs has no chance of helping to shape the final result in favor of civil liberties. Meanwhile European and US-American police are forging surveillance plans behind closed doors. Belgium, for example, presented its unlawful data retention act as exemplary and spread the false claim that without data retention there is a need to resort to more intrusive methods of investigation. NGOs on the other hand, were only invited to today’s separate meeting after public pressure. The real purpose of this exercise is to keep them away from the table where the actual proposals are drafted. The results of the #EUGoingDark-group, which are to be presented as early as mid-2024, will be undemocratic and non-transparent. They must therefore not be used as legislative or political proposals. As the #EUGoingDark working group cannot achieve a useful result with this working method, the group should be dissolved.“

Marcel Kolaja, Member and Quaestor of the European Parliament for the Czech Pirate Party, comments:

“The right to privacy is a fundamental human right. Yet in recent years we have seen more and more attempts to challenge it. Whether it is the attempt to impose blanket spying on private messages or the legalisation of biometric cameras. The #EUGoingDark group is just another example of the way that many lawmakers see privacy as a burden rather than a priority. If it were a priority, we could observe a transparent debate that actively seeks out all relevant opinions. Instead, only representatives of the police or intelligence services were selectively invited, while representatives of human rights NGOs were left out. I find this practice unacceptable. The debate on privacy should be treated with the utmost respect. The #EUGoingDark group utterly fails to meet this requirement.”

Mikuláš Peksa, Member of the European Parliament for the Czech Pirate Party, comments:

“Activities and goals of this particular group present an attack on everything that keeps us safe in the online environment. We are used to see similar institutions in China’s digital dictatorship, where they persecute, bully and attack Tibetans and their fundamental rights, as well as Uighurs and other groups of citizens. In free and democratic Europe, such a thing has no place. Our private data should stay private, always.

“As Pirates, we call on the Commission to ensure the right to anonymity, free speech, access to information and right to encryption to all European citizens. Those protect not only citizens from data breaches, but also whistleblowers, human rights defenders and other activists.”

Anja Hirschel, top candidate of the German Pirate Party for the 2024 European elections, comments:

“The composition of the committee, in particular the exclusion of NGOs, already clearly shows what kind of encroachments on digital freedoms citizens are to face here: Even deeper and easier access to our data. Every previously private area is to be scrutinised in future. And this is being done by a working group that has its own interests in this data and has also avoided the public eye for the preparations themselves. Instead of the next step towards transparent citizens, we need more transparent EU policy!”

https://www.patrick-breyer.de/en/public-going-dark-consultation-pirate-meps-call-for-an-end-to-the-undemocratic-surveillance-forge/

Digital rights groups call for more EU transparency on law enforcement data discussions

European digital rights organisations have called in an open letter for more transparency in the experts group that will propose new data access policies for law enforcement.

^{Roberto Ferrer (Euronews.com)}