Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

In Denmark, Online Tracking of Citizens is an Unwieldy Failure

BY Torben Olander | Wednesday, May 22 2013

Screenshot from European Commission video advocating Internet privacy.

Half a decade after Denmark passed a law mandating that telecommunication companies retain and store their customers' personal data for up to one year, local advocacy groups and the telecom industry are pushing for immediate changes to the legislation. The practice of keeping records of private citizens' Internet use is an unjustifiable invasion of privacy, they say. The police, meanwhile, have concluded that requiring telecoms to store Internet subscriber data has not helped them track criminals, which was the the ostensible purpose of the practice. But the Danish government still wants to postpone an evaluation of the law for another two years.

The practice of tracking and storing Internet users' personal details is called data retention; in the case of telecommunications, it refers to Internet, banking (ATM, credit card) and mobile phone use, with the latter including SMS records plus incoming and outgoing phone calls. In the case of Internet user data, the service provider keeps a record of Internet users' online activity. This is called session logging. In other words, when a subscriber logs on to the Internet, the service provider tracks and stores the user's personal details — such as the location from which they logged on, the pages they visited and the length of time they stayed online.

With big data comes big responsibilities. When it came to the reality of managing and trying to use the data collected by the Internet service providers, some difficulties became apparent. According to a recent report produced by the Danish Ministry of Justice, five years of extensive Internet surveillance have proven to be of almost no use to the police.

“Session logging has caused serious practical problems,” the ministry's staffers write in the report. “The implementation of session logging proved to be unusable to the police; this became clear the first time they tried to use [the data] as part of a criminal investigation.”

The findings outlined in this report have provided new fuel to opponents of the data retention law. They argue that in addition to being an invasion of citizens' privacy, it is inconsistent: Libraries and schools, for example, are exempt from the law, so Internet use in those places is not logged and thus not traceable. But the same users will have their data logged when they surf the ‘net at home. The law's opponents have targeted session logging in particular because it is not required by the 2006 European Data Retention Directive, which compels all EU member states to register telecommunications and Internet traffic. But the means used to collect the data and the scope of the data targeted for retention is left up to the individual member states.

The EU Data Retention Directive has aroused a great deal of controversy in Europe, where EU member states are engaged in an ongoing debate about the right to privacy versus security concerns. Legislators in the European Parliament have argued, as the digital rights NGO Electronic Frontier Foundation puts it, that the directive "fosters a surveillance society and undermines fundamental rights.”

The European Parliament is now trying to address this issue.

Six months ago, the Justice Commission of the European Parliament published a detailed proposal for comprehensive reform of the EU's 1995 data retention rules. The Commission advocates a single law for all the member states rather than the current situation, with different laws leading to high costs of enforcement and a negative impact on business initiatives in the EU. One law for all would “...strengthen online privacy rights and boost Europe's digital economy.” In other words, the Commission is taking a pragmatic approach by appealing to both business and privacy advocates.

Video on the perils of losing digital privacy produced by the Justice Commission of the European Parliament.

“Session logging is a massive invasion of everyone’s privacy. Instead of placing surveillance on a single suspect, we now register and store information on every Danish citizen when they go online,” explained Troels Møller, spokesperson for Bitbureauet, an independent NGO working to keep the Internet open and secure user privacy.

He noted that the justice ministry's report mentions only two cases in which session logging proved useful to the police — and both were cases of financial crimes, not terrorism.


Denmark was one of the driving forces behind the 2006 European Data Retention Directive. The idea behind the directive was to make Internet users' data available to the police and security agencies as a means of fighting crime, particularly terrorism.

The directive compels all Internet service and telecommunication service providers operating in Europe to collect and retain subscribers' incoming and outgoing phone numbers, IP addresses, location data, and other key telecom and Internet traffic data for a period of six months to two years. This applies to all European citizens, including those neither convicted nor suspected of any crime. With a judge's warrant, police and security agencies can obtain the data and use it in their investigations.

Denmark's Data Retention Law, which was passed in 2007, exceeds the requirements of the European directive in several respects, making it the most comprehensive law of all the member states.

According to the Danish law, all Internet traffic must be logged, registered and stored for one year. As mentioned above, this practice is called session logging. But a casual Internet user can, and usually does, generate an enormous amount of data in a single sitting of casual web surfing. As a result, the police and security services are drowning in a tsunami of user data that they cannot sort and therefore cannot use. According to the above-cited report compiled by the Danish Ministry of Justice, 90 percent of the data collected under the Data Retention Law is acquired via session logging — i.e., Internet surveillance. But the software used by the Danish police has proven inadequate for the task of handling and analyzing the majority of the data, rendering it useless — even as the privacy rights of ordinary citizens not suspected of any crime is routinely violated.

In an interview with Danish media outlet Version 2, Justice Minister Morten Bødskov explained why he continued to defend the law. “Internet surveillance is extremely important to the Danish Security and Intelligence Service in cases concerning economic crimes and child pornography and it will continue to be important as the criminals move their communication online,” he said.

For security reasons, the report from the Danish Ministry of Justice does not mention any cases involving the Danish Security and Intelligence Service, but they do confirm that while logging phone calls has proven useful in their investigations, the value of session logging as a tool for tracking criminals is “very limited.”

Evaluation Postponed

But while Justice Minister Morten Bødskov is finding it difficult to justify his government's surveillance of Danes’ digital habits, he is in no hurry to remove session logging from the data retention law. Instead, he wants to postpone re-evaluation of the law for the third time, for two more years. Bødskov admits that session logging has not been useful to the police, but says that Denmark should wait until the EU has finished its evaluation of the European Data Retention Directive before revisiting its own law.

The Danish telecommunication industry, which bears the expense and responsibility of retaining its subscribers' data, has a hard time coming to terms with Bødskov's argument.

“Right now, the government is awaiting an evaluation from the EU, which might be completed in 2014, before they will even consider removing session logging from the Danish law. This is meaningless. Session logging is not a part of the EU's directive, so it won’t be a part of the evaluation, and the report from the Ministry of Justice clearly states that session logging has zero investigative value,” says Jakob Willer, Director of Telecom Industry Association Denmark.

But last week Bødskov offered his critics a little bit of hope — if not for actual amendment to the law, at least for an end to his ministry's stalling on its re-evaluation.

“If the evaluation [of the European Data Retention Law] from the EU is delayed further, we will initiate an evaluation of session logging in the parliamentary year of 2014-2015,” he said.

Until then the session logging continues.

Torben Olander is a freelance Danish journalist. He lives in Copenhagen.

Personal Democracy Media is grateful to the Omidyar Network for its generous support of techPresident's WeGov section.

News Briefs

RSS Feed tuesday > Reboots As a Candidate Digital Toolkit That's a Bit Too Like launched with big ambitions and star appeal, hoping to crack the code on how to get millions of people to pool their political passions through their platform. When that ambition stalled, its founder Nathan Daschle--son of the former Senator--decided to pivot to offering political candidates an easy-to-use free web platform for organizing and fundraising. Now the new is out from stealth mode, entering a field already being served by competitors like NationBuilder, Salsa Labs and And strangely enough, seems to want its early users to ask for help. GO

Armenian Legislators: You Can Be As Anonymous on the 'Net As You Like—Until You Can't

A proposed bill in Armenia would make it illegal for media outlets to include defamatory remarks by anonymous or fake sources, and require sites to remove libelous comments within 12 hours unless they identify the author.


monday >

The Good Wife Looks for the Next Snowden and Outwits the NSA

Even as the real Edward Snowden faces questions over his motives in Russia, another side of his legacy played out for the over nine million viewers of last night's The Good Wife, which concluded its season long storyline exploring NSA surveillance. In the episode titled All Tapped Out, one young NSA worker's legal concerns lead him to becoming a whistle-blower, setting off a chain of events that allows the main character, lawyer Alicia Florrick (Julianna Margulies), and her husband, Illinois Governor Peter Florrick (Chris Noth), to turn the tables on the NSA using its own methods. GO

The Expanding Reach of China's Crowdsourced Environmental Monitoring Site, Danger Maps

Last week billionaire businessman Jack Ma, founder of the e-commerce company Alibaba, appealed to his “500 million-strong army” of consumers to help monitor water quality in China. Inexpensive testing kits sold through his company can be used to measure pH, phosphates, ammonia, and heavy metal levels, and then the data can be uploaded via smartphone to the environmental monitoring site Danger Maps. Although the initiative will push the Chinese authorities' tolerance for civic engagement and activism, Ethan Zuckerman has high hopes for “monitorial citizenship” in China.


The 13 Worst Bits of Russia's Current and Maybe Future Internet Legislation

It appears that Russia is on the brink of passing still more repressive Internet regulations. A new telecommunications bill that would require popular blogs—those with 3,000 or more visits a day—to join a government registry and conform to government-mandated standards is expected to pass this week. What follows is a list of the worst bits of both proposed and existing Russian Internet law. Let us know in the comments or on Twitter if we missed anything.


Transparency and Public Shaming: Pakistan Tackles Tax Evasion

In Pakistan, where only one in 200 citizens files their income tax return, authorities published a directory of taxpayers' details for the first time. Officials explained the decision as an attempt to shame defaulters into paying up.


wednesday >

Facebook Seeks Approval as Financial Service in Ireland. Is the Developing World Next?

On April 13 the Financial Times reported that Facebook is only weeks away from being approved as a financial service in Ireland. Is this foray into e-money motivated by Facebook's desire to conquer the developing world before other corporate Internet giants do? Maybe.


The Rise and Fall of Iran's “Blogestan”

The robust community of Iranian bloggers—sometimes nicknamed “Blogestan”—has shrunk since its heyday between 2002 – 2010. “Whither Blogestan,” a recent report from the University of Pennsylvania's Iran Media Program sought to find out how and why. The researchers performed a web crawling analysis of Blogestan, survey 165 Persian blog users, and conducted 20 interviews with influential bloggers in the Persian community. They found multiple causes of the decline in blogging, including increased social media use and interference from authorities.