As the world reflects on the decade following September 11th, Freedom not Fear protesters are attempting to reverse the unfortunate post-911 legacy of online anti-privacy measures. In the wake of 9/11, international government responses had significant impact on Internet privacy. The “war on terror” rhetoric enabled one of the most effective international policy laundering campaigns to quickly enact unpopular and often covert policies with minimal fanfare. Within 45 days of 9/11, then-president George W. Bush already sent his much-wanted surveillance wish list to the European Union. In a letter to the European Commission President in Brussels, the United States sets out a blueprint for privacy erosions the EU could undertake that have sacrificed privacy for little gain in the struggle against terrorism.
The letter called on the EU to eliminate existing privacy protections so that online companies would be free to retain their customers’ online activities: “[r]evise draft privacy directives that call for mandatory destruction to permit the retention of critical data for a reasonable period.” What did this proposed revision mean? One of the key European privacy protections is the data minimization principle. This provision compels companies to limit their collection of personal information to a specific purpose [e.g., billing], and keep their data for only a specific period of time before destroying or irreversibly anonymizing it. This helps prevent online companies from developing sweeping databases on their customers’ activities, while the U.S. Government wished to encourage retention of everyone’s data, whether innocent or not, so investigators will have access to it...