Theo Lietaert alerted us
to the very troubling news out of Belgium, that a "royal decree" has been passed
requiring Belgian telcos, internet service providers, information service providers, email providers, etc. to log a ridiculous amount of metadata for a year. The full decree
(in French) includes an awful lot of information that will be tracked (though it's been published in a manner that's nearly impossible to read). Among the examples listed: how many emails you send, if you use a VoIP provider (like Skype), how long your calls are, how you pay your bills -- basically any and all (non-content) data that ISPs can collect, they are required
to keep. And
then they need to make it available to basically all
law enforcement. That is, this is not just for anti-terrorism purposes, but for any government purpose under the sun, allowing them to troll through basically all of your internet activity.
The justification for all of this? Because law enforcement "needs" this data do their job better. This is not all that different than the excuses we've heard from those defending NSA surveillance, that this data is somehow "needed" because it might stop "bad guys." But that turns the privacy questions upside down entirely. As we've noted, law enforcement would, most likely, be able to stop a lot more crime if we were all required to have video cameras hooked up to a giant database installed in every room in every home. But we don't do that
because it's a massive breach of privacy.
The ministers behind this abomination, Johan Vande Lanotte and Annemie Turtelboom appear to recognize that this goes "far beyond" what's allowed under the European privacy directive, but they don't seem to care, claiming that the privacy directive is "obsolete." The whole situation is fairly sketchy as well, since it was done by royal decree, allowing them to totally bypass Parliament
, but is equally binding
. I guess they're worried that Parliament (*gasp*) might actually protect the rights of the people.
This seems like a horrifyingly broad attack on privacy rights in Belgium, and while the Privacy Commission is reviewing the issue
, it's possible that this will be considered the law in Belgium. If you're a VPN vendor, it would seem like a marketing campaign in Belgium might be appropriate just about now.