By Kurt Wimmer and Josephine Liu
The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks. Besides providing an overview of the existing legal frameworks to address terrorists’ use of the Internet, the report highlights a number of challenges associated with investigating and prosecuting terrorism cases — and specifically notes that “[o]ne of the major problems confronting all law enforcement agencies is the lack of an internationally agreed framework for retention of data held by ISPs.”
As the report notes, some countries already require ISPs to retain certain types of data for a specified time period. But even in the European Union, where Directive 2006/24/EC requires Member States to ensure that regulated providers retain specified communications data for a period between six months and two years, there is no consistent data-retention period. Some Member States require data to be retained for six months, others for two years. In addition, several Member States continue to grapple with implementing the Directive, including Germany (where an attempt to implement it was struck down by the constitutional court).