South Korea: Opposition to draft legislation on "Communication Data Retention"
SEOUL, SOUTH KOREA, 19 April 2007
The South Korean Parliament is discussing a dangerous revision of the "Protection of Communications Secrets Act" on April 26. The revision would legally enforce telecommunications companies and GenderIT.org. ">internetservice providers (ISPs) to retain 'communications data' for at least three months to one year and would require mobile phone service providers to redesign their networks to permit wiretapping. Currently, data retention is voluntary.
Communication data includes the following:
* Date and time of user's telecommunication
* Date and time of the start (or end) of the connection session
* Telephone numbers of caller and receiver
* Location information for telecommunications base station to confirm the location of network access
* Communications data for use of and access to the internet or log-files of internet user
* Information to trace or confirm the location of a user's equipment used to access a network or the internet
We are concerned that this revision will severely jeopardise the Korean's people's right to privacy and freedom of expression, and therefore support their actions against this legislation, request that the parliament halt the revision process and conduct a public hearing or consultation to solicit the opinions of the public, including those of civil society and human rights organisations.
April 17 2007
Bangladesh Friendship and Education Society (BFES), Bangladesh
BlueLink Information Network, Bulgaria
Digital Rights, Denmark
Foundation For Media Alternatives (FMA), Philippines
Japan Computer Access for Empowerment (JCAFE), Japan
Institute For Popular Democracy (IPD), Philippines
IRIS (Imaginons un réseau Internet solidaire), France
IuRe, Czech Republic
Netzwerk Neue Medien, Germany
Open Institute, Cambodia
Swiss Internet User Group (SIUG), Switzerland
(see the updated list of endorsements here)
Of particular concern, is retention of internet log files which record every detail of an individual's internet activities including:
* Online transactions conducted
* Websites visited
* Time of access
* People they communicate with, and people they meet with
* Files downloaded, edited, read and uploaded and so on.
This information will disclose people's friends and colleagues, political and religious interests, hobbies, medical information. This information will be at risk of abuse from hackers, while increasing the cost of using these services.
The IP address is a unique location identifier of the computer location within a network and sometimes geographically. If the communications data and IP addresses become available, it is very easy to locate the physical location and the real identity of internet users.
The revision requires legal retention of communications data and installation of a system of wire-tapping mobile phone calls on the grounds that these would be requested for the purposes of effective crime investigations. In other words, if law enforcement authorities request communications data, ISPs and telecommunications companies should provide them immediately in order not to incur any penalties.
This data should be protected for the users' privacy and correspondent rights which are guaranteed by Article 12 of the Universal Declaration of Human Rights and constitutional law. The government should uphold these basic rights, not infringe them.
Retaining users' communications data as a normal procedure is contrary to the aim of the 'Protection of Communications Secrets Act'. Data retention means that governments may interfere with your private life and private communications regardless whether you are suspected of a crime or not. If this revision is passed, severe surveillance regime "BigBrother" on people's communication by the government will start. It will infringe not just the human rights, but destroy people's democracy. It also interferes with the right to free expression as people who are lawfully accessing and communicating are placed under indiscriminate surveillance.
Furthermore, data retention policy is useless without more draconian measures. First it is likely that the retention periods will expand, as some countries have already moved to three-, five- and even ten-year retention periods without any consideration of the risks to privacy or costs to industry. Second, the purposes for which data is accessed are always increased, removing judicial and constitutional safeguards and permitting government officials to gain access to the personal and sensitive information about our habits without any protection against inevitable abuse. Third, it leads to governments passing laws requiring the identification of all users of communication services.
For several years, law enforcement agencies in various countries have tried to establish similar data retention policies, however every attempt has been criticized by diverse entities including international civil societies, human rights organizations, opposition parties, legal experts, and industry. Petitions against data retention act have been conducted continually for a long time. The European Digital Rights and XS4ALL petition against data retention has attracted over 58,000 signatures from citizens from across Europe. Privacy officials in governments across Europe have come out in opposition to data retention. Most recently, the Dutch Data Protection Authority published an opinion advising against the draft Dutch data retention law purporting to implement the EU Directive on Mandatory Retention of Communications Traffic Data. And International Civil society organizations, which participated in the World Summit on the Information Society (WSIS) deeply warned the problems of data retentions opposed.