Last Tuesday, barely three weeks after the European Parliament voted to annul the EU-U.S. SWIFT agreement on bank data sharing, Germany’s Constitutional Court struck another major blow against counterterrorism efforts by overturning a law that required telecommunications firms and internet providers to retain basic communications data for a period of six months.
Indeed, the court did not merely overturn the requirement to retain the data. It ordered the data to be deleted, thus setting in motion what appears to be a frenzied process of data destruction at German telecommunications and IT firms.
The German data retention law served to implement the minimum data retention requirement laid out in a 2006 European Union directive. The directive was jointly approved by both the European Council, representing the EU member states, and the European Parliament. It was adopted in the aftermath of the July 2005 London transport bombings and in recognition of the major benefit that basic communications data provides to law enforcement agencies in connection with terror investigations, as well as investigations into organized crime. The directive notes, for instance, that
On 13 July 2005, the Council reaffirmed in its declaration condemning the terrorist attacks on London the need to adopt common measures on the retention of telecommunications data as soon as possible.
The data concerned is exclusively framework data that is “generated or processed in the course of the supply of communications services:” information such as calling phone number, called phone number, subscriber name, user ID, IP addresses, and so on. The directive only applies to electronic communications, whether by phone or e-mail. It does not apply to other internet usage data: for example, on surfing habits or consulted web pages. Moreover, the directive expressly prohibits the retention of the content of any communications.
The directive lays down a minimum retention period of six months and a maximum period of two years. After the end of the period established by each member state, the data in question must be destroyed. The establishment of the two-year maximum represents an obvious obstacle to long-term investigations into terror or organized crime. It is clear that it was a subject of controversy in EU negotiations, since the directive also lays down that member states may under particular circumstances apply for an extension.
In March 2008, just three months after the German implementing law came into force, the German Constitutional Court issued an injunction limiting the conditions under which saved data could be furnished to government agencies. In October 2008, it made the conditions even more restrictive. The German court’s latest ruling specifically requires all such data as has been requested by government agencies, but not yet delivered, to be “deleted at once” — a measure that looks suspiciously like court-ordered destruction of evidence.
The ruling allows telecommunications firms to continue to save such data as they require for administrative purposes such as billing. But it appears that even this data is to be quickly destroyed. Thus, Markus Michels of the IT firm Cedros told the Frankfurter Allgemeine Zeitung (March 4 edition):
As long as this data is saved, there will still be information requests from government authorities. But in the future they will have to be made faster, since the data will be deleted after just a few weeks.
Michels also explained that since the EU directive is still in force, German IT and telecommunications firms are segregating the data of German clients from the data of foreign clients and then deleting just the data of the German clients — a practice that raises obvious questions about equality before the law in Europe.
Incidentally, this is not the first time that the German Constitutional Court has defied the EU on counter-terrorism matters. In November 2004, the court issued a last-minute injunction stopping the extradition to Spain of reputed al-Qaeda financier Mamoun Darkazanli under the so-called European arrest warrant. The court would later overturn the German law implementing the European arrest warrant. In the meanwhile, the law has been rewritten, but German authorities continue to refuse to extradite Darkazanli. (On the Darkazanli case, see Stefan Frank’s report on Pajamas Media here.)
In 2006, Germany simply “opted out” of the application of the complementary “European evidence warrant” with regards to six categories of crimes. One of the categories was terrorism. (See my contemporaneous report “Asymmetrical Europe” on Transatlantic Intelligencer.)
Although the mere retention of communications data is obviously not tantamount to surveillance, the German court claimed that the practice creates “a diffuse threatening feeling of being observed” and that this “feeling” was somehow incompatible with the basic rights guaranteed under the German constitution. The argument appears particularly ironic — not to say downright flimsy — in light of the remarkably regular practice that German law enforcement makes of monitoring communications via wiretaps and other forms of electronic surveillance. To an extent that would be inconceivable in the United States, German residents are in fact being observed. They are being so, moreover, with the express blessing of the German courts, which appear to require nothing even remotely approaching the probable cause standards that obtain in American courts.
As reported by the Berliner Morgenpost, in 2007 nearly one million phone calls were monitored by police in Berlin alone. Some 1100 Berlin residents were the targets of wiretaps. The number of wiretaps authorized in the same year for the entire United States was just over 2200. (See the U.S. federal government’s 2007 Wiretap Report.) A 2003 study conducted by Germany’s Max Plank Institute for Foreign and International Criminal Law found that wiretaps are used by law enforcement authorities some thirty times more frequently in Germany than in the USA. The same report found that only 0.33% of the German wiretaps were associated with subsequent prosecutions and convictions: one-fifth of the corresponding figure for American wiretaps.
In 2005, the total number of phone numbers, e-mail accounts and internet connections placed under surveillance in Germany reached a new high of nearly 50,000 (49,243) according to the official statistics. The new record numbers prompted Bundestag member Jerzy Montag of the German Green Party to pronounce Germany the wiretap “world champion” (source: Heise.de).
Numerous Islamic extremists in Germany are known, for example, to have been kept under electronic surveillance by German police without, however, charges ever being brought against them by German prosecutors. Their number includes Mohammed Haydar Zammar, the reputed recruiter of the members of the Hamburg cell, and Christian Ganczarski, a German convert to Islam who is presently serving an 18 year prison sentence in France for his role in the 2002 Djerba synagogue bombing.