ITAA said that "inconsistent and disproportionately heavy retention requirements will drain limited resources without strengthening either the cooperative bond between law enforcement authorities and communication service providers or the investigative utility of the information retrieved from such measures."
Responding to a European Commission Consultation on the issue, ITAA said on-going cooperation and recent cases demonstrate that the overwhelming majority of law enforcement data access requests are addressed with data less than weeks old. ITAA indicated that no justification exists for retaining data longer than individual provider business cases and certainly for no more than three to six months. ITAA noted that longer proposals -- some to retain data for three years or more -- neither constitute an appropriate and proportionate measure within democratic society nor provide necessary safeguards to national and public security-related interests.
In noting that the overhead costs fail to justify the law enforcement benefits of longer term data storage and retention, ITAA President Harris N. Miller made a comparison, "Imagine, for example, that a postal service would have to make a copy of every single parcel, letter or postcard, in addition to all information on the movements of the individual postal courier, and store it for 12-36 months or greater."
Miller indicated that any directive or framework decision addressing retention should harmonize rules among the 25 European Union member states, and he pointed out several other concerns with the draft:
- Data "preservation" -- the retention of data for a specific case and for a finite period, as practiced in the U.S. and elsewhere -- should remain the preferred method for investigative cooperation, and member states should be permitted to favor preservation over retention
- To be useful to law enforcement, raw data -- even in limited cases where it is retained in the course of business -- must be restored to become identifiable, a process that is both time-consuming and costly
- Existing and proposed member state laws differ greatly both in the durations and definitions of data to be retained
- Traffic data definitions lack clarity in current laws and proposals and must be sufficiently flexible to assimilate next generation communications services
- If retention is to be viable in the single market, any duration established by a framework should act as a ceiling supported by the demonstrable need of law enforcement, not as a suggested scope.
A copy of the ITAA letter is available on the Web.