EU Approves Data Retention

submanifold writes "The EU have ratified rules that will force ISP's and other telecommunication companies to retain data for two years. This data includes the time, date and locations of both mobile and landline calls (as well as whether or not they were answered) along with logs of internet activity and email. Apparently the content itself would not be accessible, merely the data concerning it. However, despite being touted as an anti-terrorist measure, the record industry has already admitted interest in aquiring such data."

I am going to be rich!

[Nichotin (794369)]

Heh, I guess buying stocks in storage related companies would be a good idea now :)

Press release from FFII

[Christian Engstrom (633834)]

FFII, Foundation for a Free Information Infrastructure, has issued the following press release today regarding this matter:

PRESS RELEASE FFII -- [ Europe / ICT / Information Society ]

EU adopts Big Brother directive, ignores industry and civil society

14 December 2005 (Strasbourg, France) The European Parliament today adopted a directive that will create the largest monitoring database in the world, tracking all communications within the EU. "From today, all EU citizens are to be tracked and monitored like common criminals," says Pieter Hintjens, president of the FFII.

The Data Retention Directive was passed by 378 votes to 197, following deals between the Council and the leaders of the two largest parties in Parliament, the EPP-ED (Conservatives) and the PSE (Socialists). The Rapporteur for the directive, Alexander Alvaro (Liberals) had his name removed from the report in protest.

Jonas Maebe of the FFII says: "Among other harsh measures, the directive mandates recording of the source and destination of all emails you send and every call you make, and your location and movement during mobile phone calls. Additionally, the directive says nothing about who has to pay for all this logging, which will significantly distort the internal telecommunications market."

"Moreover, the directive disregards how Internet protocols work. For example, tracking Internet telephony calls is generally impossible without closely watching the content of all data packets. The reason is that such connections are not necessarily set up via a central server which can perform the necessary logging. On top of that you have techniques like tunneling (VPN's) which make it simply impossible to look at the content", he adds.

The gathered data can be made available without special warrants, and without limit to certain types of crime. There will be no independent evaluation, and no extra privacy and no specific security safeguards. The data will be retained for periods ranging from 6 months up to any duration a member state can convince the Commission of.

Hartmut Pilch of the FFII says: "This outcome proves that we have to remain vigilant at all times and work on every relevant directive from the start. Even now, the planned IPRED2 directive, also unanimously condemned by industry and civil society, threatens to turn everyone caught by a patent into a criminal."

Background Information

* Two-page overview of the effects of the most important amendments
http://www.ffii.org/~jmaebe/dataret/plen1/summary. pdf [ffii.org]

* English video stream of today's plenary session
http://media.vrijschrift.org/ep_vote_datared_05121 4_en.wmv [vrijschrift.org]

* Original language video stream of today's plenary session
http://media.vrijschrift.org/ep_vote_datared_05121 4_or.wmv [vrijschrift.org]

* Data retention: legislative sausage machine in overdrive
http://wiki.ffii.org/DataRet0512En [ffii.org]

* News, position papers on and analysis of the directive
http://wiki.dataretentionisnosolution.com [dataretent...lution.com]

* Permanent link to this press release
http://wiki.ffii.org/DataRetPr051214En [ffii.org]

About the FFII -- http://www.ffii.org [ffii.org]

The Foundation for a Free Information Infrastructure (FFII) is a non-profit association registered in several European countries, which is dedicated to the spread of data processing literacy. FFII supports the development of public information goods based on copyright, free competition, open standards. More than 850 members, 3,000 companies and 90,000 supporters h

two years?

[backslashdot (95548)]

Retain for two, retain forever.

Re:two years?

[cayenne8 (626475)]

"As the saying goes, there is nothing as permanent as a temporary government program."

Yeah...I think about that ever time I go across the damned toll bridge down here. Was supposed to be toll only as long a period till it was paid for, which by now is way overly paid for.

I think now...the only operating cost is the actual toll booths they have to pay to maintain and man....

As for actual laws being repealed...about the only one I can think of in the US is the amendments for prohibition. Anything else repealed since then?

Volumes of Data

[qw(name) (718245)]

There had better be some incentives for housing that kind data. For a busy ISP, that would mean GBs and GBs of data. Where's it going to be stored and who's going to pay for it?

Re:Volumes of Data

[castoridae (453809)]

And how's it going to be protected? This is another ChoicePoint leak just waiting to happen.

Re:Volumes of Data

[Wilson_6500 (896824)]

who's going to pay for it

EU ISP customers. One way or the other.

Re:Volumes of Data

[Maxo-Texas (864189)]

And where is finland going to be getting the money to pay for this?

And where are the ISP's going to get the money to pay for this?

So for 50 bonus mod points, ... who's going to be paying for this again?

Re:Volumes of Data

[digitaldc (879047)]

that would mean GBs and GBs of data

I should have said TBs and TBs of data.

You mean YBs and YBs of data.

(http://en.wikipedia.org/wiki/Byte [wikipedia.org])

This story belongs in "Your Rights Online"

[o'reor (581921)]

not in the "Hardware" section, dammit !

Re:This story belongs in "Your Rights Online"

[Volanin (935080)]

With this amount of information to be stored?
You might change your mind after a few months...

encrypted proxies

[brontus3927 (865730)]

I guess thats a good reason to start using encrypted proxies.

Why this is not ok

[Nichotin (794369)]

Seeing that many people have been harassed by the FBI and similar entitys just because they belong in a certain group (peace protestor, black, etc.), I really do not want the government to find out that I from time to time engage in peaceful marches agianst the man. As noted, the record industry wants to have a look at the data, and that is just another pen stroke to accomplish after the money has passed under the table.

Time to pack up?

[mccalli (323026)]

I run a co-lo webserver as a sideline to my limited company. It's based in the UK, and houses around sixteen low traffic sites. It generates no money - I really just wanted a raw server out in the wild and sold space on it to known friends who felt the same - we exactly cover our hosting costs and no more.

Am I caught by this? It sounds like I am. Am I now expected to keep mail logs for two years and be legally liable if I don't? If so, I am almost certainly out of the business. Just not worth the risk to me.

Cheers,
Ian

Phew, that's a relief

[slushbat (777142)]

Now we should be able to round up all of the terrorists within a few minutes, and all will be well in the garden again. I am so lucky to be looked after by such wise leaders. Seriously, I bet you will be able to count the number of terrorists caught by this on the fingers of one foot.

Time to get off the grid

[gasmonso (929871)]

Having every aspect of my life recorded just scares the hell out of me. We have countried collecting Internet and phone usage. Many cities are putting cameras up to monitor your travel. All your purchases made via credit card are recorded. At work, your company probably monitors your email. Even companies like Tivo monitor your tv viewing habits. What else is left?? Governments/corporations will know damn near everything about you and what you do. I say to hell with this... I'm buying an island in the Pacific and starting my own country.

http://religiousfreaks.com/ [religiousfreaks.com]

Exemptions for individuals

[adnonsense (826530)]

European individuals can gain exemptions from having their data retentioned if they sign a waiver giving away all rights to their first-born to the audio-video retail industry.

Those without children may instead put their signature at the bottom of a blank terrorist confession sheet and mail it to their local secret service. This will also automatically enter them into a free prize draw with many chances to win free flights to a European location of the CIA's choice.

--
I for one welcome our new data-retentive overlords

I run a small startup telco in the UK

[tezza (539307)]

I'm a little shocked by all the posters thinking that this is a change of what is already happening. all this data is already collected.

Any arguments from telcos who complain about the volumes of data are only using it so that they are not liable if someone arse deletes it.

Under UK privacy laws you have to delete the data identifying the particular person after you're done with the connection and the billing thereof.

Almost all transaction data is anonymised by a one way hash. Say md5sum. All the keys are done this way. Hashing removes the particular identification, and satisfies this. Almost always this hash uses more space than the original data anyways.

telcos use the hashed equivalents to evaluate aggregate data.

The law could ask for a tap and require you to retain those records anyway. These new laws just put into legislation what was already happening, and creating an offence for not doing it properly.

Make the records publically available.

[by Anonymous Coward]

You may think it, um, counterintuitive.

But the _reason_ they want these is to maintain social/political power over people. An elite with privileged access to all that information can control society. In a free society, either everyone should have the communications metadata, or no-one: It's unbalanced information availability that would give the police power to become the classic Big Brother. I'm a lot safer if everyone knows I have a particular embarassing sexual inclination or whatever than if only a small, powerful subset knows.

See David Brin's book "The Transparent Society: Will Technology force use to choose between privacy and freedom?"

Background

[D4C5CE (578304)]

The European Parliament (which would have had a power of veto in the procedure) approved the draconian directive on first reading without much of a fight - putting 450 million people under massive surveillance with no justification whatsoever (other than the Four Horsemen of the Infocalypse [wikipedia.org]).

According to their own Press Service: Deal on EU data retention law [eu.int]; more comprehensive version in German: Ja zur Vorratsdatenspeicherung bis zu zwei Jahren - Keine Speicherung der Kommunikationsinhalte [eu.int]. Incidentally, even the latter "limitation" (allegedly no storage of the contents of communications) is void in particular with respect to URLs - these being identifiers for the contents transmitted anyway.

Loopholes aplenty have already triggered plans e.g. in Poland to extend the storage even further, to a staggering 15 years (!), and remaining safeguards (if any) are not expected to last: The media industry wants access to that data, too [zdnet.co.uk] (and a further directive is in the works, cf. the EU Legislative Observatory [eu.int]).

How soon we forget...

[hpa (7948)]

20 years ago, it was explained to me that the reason European telephone companies didn't issue itemized bills except by explicit customer request was that telephone billing records had been used by Gestapo after invading other countries to figure out who to eliminate as possible "security threats" -- if X was suspected of being involved with the resistance, and Y had called X some time before the invasion, X and Y would both find themselves in a box car pretty soon.

It wasn't just that the data wasn't retained, the data was never even collected unless you requested it -- otherwise the only billing information that would be kept was a running counter.

Today, the supposedly-democratic countries want to use surveillance that would have given Gestapo and Stasi wet dreams; it's probably no coincidence that the prime ministers in the countries that have pushed the most (UK and Sweden) have been ones acting like power is a God-given right to them personally.

Send in your data voluntarily in protest

[lordholm (649770)]

Go to http://www.stoppaovervakningen.nu/ [stoppaovervakningen.nu] (stop the monitoring) and type in your name, after "Jag heter", a number of webpages that you have visited, telephone numbers after "telefonnummer" an optional comment in the big textbox and finally your e-mail address.

When you click on the "Skicka"-button, the information will be sent to the Swedish minister of justice (the guy on the picture), so that he has access to the data immediatelly instead of having to look through the ISPs.

Now, the point with this protest is to make mr. Bodström realise how much data that is going to be stored. So, slashdot-people, you can do it. :)

Re:Gimme a break

[meisenst (104896)]

Yet another ploy for the record industry to put fear into individuals. I hope one day the record industry burns and dies.

In order for this to happen, you have to stop supporting them. Don't buy (or download) their products. Don't listen to their mass marketed drivel. Tell your friends, your family, and everyone else you think will listen that every time you support these companies, you are chipping away at your freedoms.

As long as the majority of us continute to pay the record industries money, they will simply continue in their quest to make sure that we all pay them more money. If we stand up for our rights, stop buying their products, and make sure that they realize that they are here to sell entertainment to us, and that we do not exist to buy entertainment from them, then that will be a start.

All this talk of "screw them" and "I hope they die off" and whatever else will do nothing to protect our rights, especially when governments are making it easier and easier for these corrupt and greedy companies to infringe on our privacy.

Re:Filesharing and this law

[Oersoep (938754)]

"logs with ports and IPs"

No ports, no IP's. The folks who came up with this don't think that far.

They think that:
- e-mail is just like phone
- spam does not exist
- ISP's only handle private traffic
- ISP's handle ALL traffic, and have full access to it
- Only EU citizens use ISPs in Europe
- Encryption does not exist
- No-one has his own mailserver
- No-one is going to try to make money by offering tunneling services to non-EU countries
- Terrorists are dumber than they are

It's not that they want every ISP to scan all packets. They're just thinking like lusers. They think internet is managable.

Their plan sucks. It doesn't work, it's leaking like a raincloud, it's unconstitutional for a lot of member states, and they bombard ISPs with costs, work and responsibilities they never asked for and they KNOW is bullcrap.

It's absurd.

Re:A scenario

[Hektor_Troy (262592)]

You're looking at it from the wrong direction. What good can come from it is of little consequence. After all - if EVEYRONE were forced to wear $surveilancethingie, allowing $government to see where they are, who they talk to and about what, we wouldn't have much to fear from terrorists would we? After all - they talk, we know about it.

What you need to do instead is look at the opposite situation - what bad can come from it? Why stop at just the ones you talk to directly? Maybe you're talking through secrect codes on mailing lists, so we need to up the net to the ones you've talked to AND the ones that the ones you've talked to have talked to. Two degrees of seperation. Then we'll be getting somewhere. And we can then get a much clearer picture.

Of course, the terrorists know this, so they'll be very elaborate and set up systems with three degrees of seperation. Might even get brilliant and go to four.

Then what? Even with two degrees of seperation, just how many people do you think will come under suspicion (which of late seems to equate with guilty until proven innocent - but we won't give you that chance)? Me, I have maybe 50 people I talk to directly in any given month. Two degrees of seperation that's at LEAST 2,500 people suspected of whatever I am. Go to three, and it's 125,000.

You'll be throwing out nets so far, you'll drown in useless data. So now you have information you can't use AND you've incriminated 125,000 people because you suspect one guy. They're now on your watch list - just in case.

Me - I'd rather we said "fuck the best case scenario" and concentrate on the worst case scenario. And by that I don't mean me barely surviving being near $explosion. I mean me getting assraped by $government_agency for no aparent reason and no way of redeeming myself - after all, I wouldn't be on their list if I hadn't done something bad, would I?

It's like torture. Sure, the upside is "suppose we know for a fact, 100% irrefutable, that $person knows what we need to do to prevent $bad_thing" - do we torture him to get the information? That's not an interesting question - the interesting question is - "we are fairly confident that YOU (yes, you, Syberghost) know what we need to do to prevent $bad_thing. You refuse to tell us (because you are innocent), but we are even more confident that we can break your spirit and make you tell us what we want to know - how to stop $bad_thing from happening." Do we torture you?

THAT is the question you need to ask. Best case scenarios are like dreaming of getting blowjobs from beautiful women while being served great food prepared by the best chefs in the world - not very useful.