Retaining telecommunications data is no help in fighting crime, according to a study of German police statistics, released Thursday. Indeed, it could even make matters worse, according to a civil liberties group.
The European Union's Data Retention Directive, which is currently under review, requires telecom providers to store data about customers' communications in order to facilitate "the investigation, detection and prosecution of serious crime."
The directive was established in 2006 and was implemented by Germany two years later. But this has made almost no difference to the prosecution of serious crime, according to an in-depth study by civil liberties group AK Vorrat. German authorities would seem to agree as courts annulled the data retention law last year for interfering disproportionately with fundamental rights. Romania has also declared the law unconstitutional.
The Data Retention Directive requires fixed and mobile telephone companies and ISPs providers to retain traffic, location and subscriber information of all their customers. Germany wrote the E.U. law into national legislation in 2008, mandating a six-month retention period. During the period that data retention was in effect, serious crimes went up by nearly 64,000. Yet, despite access to retained data, fewer crimes were solved: 77.6 percent in 2007 compared to 76.3 percent in 2009.
This is because users began to employ avoidance techniques, says AK Vorrat. A plethora of options are available to those who do not want their data recorded, including Internet cafés, wireless Internet access points, anonymization services, public telephones and unregistered mobile telephone cards.
"This avoidance behavior can not only render retained data meaningless, but also frustrate more targeted investigation techniques that would otherwise have been available to law enforcement. Overall, blanket data retention can thus be counterproductive to criminal investigations, facilitating some, but rendering many more futile," said the organization.
But there is a middle way. German Justice Minister Sabine Leutheusser-Schnarrenberger wants to see a targeted investigative approach where data would be collected only for specific, suspicious cases.
The European Data Protection Supervisor (EDPS) Peter Hustinx seemed to call for the same thing in December when he demanded that the European Commission demonstrate the necessity and justification for the directive with concrete facts and figures. "Without such proof, the directive should be withdrawn or replaced by a less privacy invasive instrument which meets the requirements of necessity and proportionality," he said.
According to the European Commission there are on average 148,000 requests per year for the retained data in each of the 20 member states that have implemented the directive. "If the data were not helpful, law enforcement authorities would presumably not spend human and financial resources on requesting them in those numbers," argued Home Affairs Commissioner Cecilia Malmström.
Lawsuits challenging blanket data retention are currently under way in several E.U. countries and member states Austria, Belgium, Greece, Ireland, Luxembourg and Sweden have not implemented the directive. The European Court of Justice is expected to decide the matter in 2012.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.