Mandatory retention of Internet and telecom traffic data has ‘no ...

framework decision and a proposed European Commission (EC) directive today (Thurs.) in Newcastle, U.K., ITAA urged govts. to move toward a data preservation approach taken by the U.S. and other nations. However, it said, any mandatory retention scheme must blend the most acceptable parts of the 2 documents and be based on best existing business practices on duration of retention and definitions of information to be held. For much of the sector, those likely would include retention for 6-12 months of some basic voice communications traffic and for no more than 3 months of Internet Protocol address data. ITAA criticized both proposals for claiming to require retention only of such data as can be processed and stored without extra industry effort, saying the texts don’t reflect that. It reiterated industry claims that law enforcement agencies (LEAs) have all the access they need to communications data via close working relationships with telcos and ISPs. If a data retention law is coming, the group said, it must blend current business practices with a standardized preservation regime in a way appropriate to industry cases, LEA needs and privacy requirements. Data retention costs - and who pays them - have intensified an already heated debate. Both drafts are “welcome departures” from earlier texts because they begin to address retention cost reimbursement, ITAA said. However, it added, its comments “are in no way an endorsement of mandatory retention as a concept.” Despite massive opposition from industry, privacy advocates and many lawmakers, the U.K. Presidency aims to make data retention a reality this year. Home Secy. Charles Clarke Wed. urged European Parliament members (MEPs) to “look closely at the case that we put forward” for this and other antiterrorism measures. Clarke told MEPs voluntary retention of telecom data has been invaluable in the inquiry into the London bombings and other cases, and circulated a report citing examples. He dismissed cost concerns, saying, “In the U.K. we have successfully established a system in partnership with a major service provider to retain essential data for up to 12 months for the cost of 1.2 million [$1.5 million]. Compared to the average costs for forensic work on a single murder case of over 0.5 million [$622,000], that is an acceptable cost to bear.” “If the U.K. government considers its present voluntary program for data retention in the U.K. satisfactory, as evidenced by a Home Office report on the program to Parliament, why do the proposed measures of the latest Council draft framework decision from the Presidency not reflect the program’s definitions and principles?” ITAA asked.