Sacrificing privacy for national security

  • 2007-10-17
  • By Kimberly Kweder

BIG BROTHER: EC-mandated legislation to retain data on calls and SMSs is making its way, largely unnoticed, into Lithuanian policy.

In a matter of weeks, the details of every phone call and text message in Lithuania could be under close police scrutiny. The Lithuanian Parliament is due to vote in early November on whether to adopt a European Commission directive on retaining data from telephone and mobile communication devices. Human rights observers are concerned about the potential for abuse, while mobile phone operators may be forced to increase their prices to cover the cost. Further concern has been raised by public servants who say the issue has barely been debated in Lithuania or across the European Union. Few citizens are aware of the impending changes, while few politicians have bothered to consider the issue.

VILNIUS - In March 2006 the EC adopted a directive for all member states to retain telephone data. Namely, the states would require communication provi-ders to retain data for six months to two years about what connections were made, by whom to whom, and for what duration.
The controversial measure came in the wake of the London and Madrid bombings. Under the name of combating terrorism and other serious crimes, the EC discussed common measures for how to allow law enforcement authorities to access data without infringing upon a person's privacy rights and freedoms.
However, many of the member states have delayed adopting the directive due to questions over legal issues and how it will affect mobile operators and society in the long-run.

Now, 19 months later, amendments are silently passing through committees in Lithuania's Parliament that would bring the directive into force in this country.
Valentinas Kvietkus, head of the Electronic Communication Division at the Ministry of Transport, said he was "shocked and confused" the directive has been passed through committees so far without much discussion from his ministry.
Kvietkus, who was Lithuania's telecommunications representative at the EC from 2003 until August 2006, was in Brussels when the directive was passed there.
"It [the directive] needed to be scrutinized, to understand what went on behind it," said Kvietkus.
It takes a qualified majority vote for an EC directive to be adopted. Irish and Slovakian delegates went against the council decision, and the Irish government applied to the European Court of Justice over the issue.
After the directive was adopted, Kveitkus said he "tried to follow how other countries were doing, but nothing was being done."

In Lithuania, he began drafting the amendments to the Law on Electronic Communications and amendments relating to the data retention directive in September 2006. The Ministry of Transport and Communication had posted on its Web site all the amendments for the public to read.
The Law on Electronic Communications Act is used to protect individual's privacy rights, but quick decisions were made to not consider evaluating parts of those amendments before Lithuania and the rest of the EU member states were obligated, on Sept. 15, to transfer the directive to the national government.
A parliamentary vote is expected to be held the second week of November to finalize the EC directive in Lithuania.

'We want specifics'
Leaders from mobile communications companies, human rights organizations, and public and government institutions have expressed their concern over the directive.  
The legal advisor to the European Data Protection supervisor, Hilke Hijmans, has criticized the directive for being "full of exceptions, even though the purpose was to harmonize  's for example, costs, periods of retention, types of data and access have not been harmonized."
For their part, communications companies are worried about how the bill for such a large scale undertaking will be paid, and whether it will affect their business.

In the UK, the operating costs for data retrieval and disclosure is estimated to be between 26 and 29 million euros per year.
Since the directive lists nothing on compensation, it's up to each member state to decide how to finance it.
What's currently under debate in Lithuania is whether or not to force mobile operators to increase prices for their users or collect government compensation from taxpayers so they can establish the additional services of collecting and retaining data.
"In adopting the directive, it's to provide an equal playing field for all the operators to provide the data to law authorities upon request," said Kveitkus.
TEO, a communications provider, opposes the whole concept of paying for such services out of their company budget.

"This directive is requiring [us] to save additional data and to save it for a year. This would mean additional costs for the company. Our opinion is that if such data collection is needed for public interest, it is not the private company who should pay these costs," said TEO spokesman Antanas Bubnelis.
The directive doesn't involve monitoring phone conversations. It is strictly the location of connection to network, the date, length and time of every phone call, SIM card activation and the location the service started.

Still, Human Rights Monitoring director Henrikas Mickevicius is worried about the social implications of the measure and the possibility that it will be used to victimize innocent citizens.
"Who will own the key to the group that has the responsibility over those who are in the system and promise not to disclose information to outside sources?" said Mickevicius.
He said the longer the data is kept, the possibility of abuse increases. He's also worried about the way the issue is being largely ignored by the public and by lawmakers.

"It's been a year since the directive was out in the public eye, but no Lithuanian politicians have taken a lot of interest. It's too late, the [EC] directive will not be appealed. It is enforced now," said Mickevicius.