EU Approves Data Retention

submanifold writes "The EU have ratified rules that will force ISP's and other telecommunication companies to retain data for two years. This data includes the time, date and locations of both mobile and landline calls (as well as whether or not they were answered) along with logs of internet activity and email. Apparently the content itself would not be accessible, merely the data concerning it. However, despite being touted as an anti-terrorist measure, the record industry has already admitted interest in aquiring such data."

Good point

[Anonymous Coward]

FTA: "At the end of the day ISPs are not law enforcement agencies so they should not have to pay for it all"

Re:Volumes of Data

[LilWolf]

At least in Finland the government is going to be paying for it. Though I believe it varies by member state, so in some countries the costs would actually fall on the ISPs and other such operators.

Re:Basic IT Knowledge

[Pxtl]

Afaik, it's specifically logging info they want - this ip connects to that ip on such and such port, this dynamic ip is that user, this email header was sent to that address. I doubt they want the ISP to store every packet that comes through.

Yes, it will still be an expensive PITA, but probably no worse than running a Usenet service.

Of course...

[omeg]

Of course the music industry is interested in that data. But that doesn't mean they can just obtain it like that. As long as this is kept an anti-terrorist measure, they have no foot to stand on.

Keep in mind that data will be kept for UP TO two years; most will opt for the minimum of half a year instead.

Welcome to our brave new world...

[isotope23]

Everything is justified in the global war on TERRA....
When the President can call the Constitution "just a goddamned piece of paper" [federalobserver.com] this kind of stuff should not surprise anyone. Its a brave new world full of chickenshit people.

Re:Time to pack up?

[LilWolf]

No, the way I've understood it this only applies to registered telecommunication companies(ie. internet service providers, telephone companies and such). So you should be safe from any obligations to keep such logs.

Now, the place hosting your servers/providing the net connection might be a different story..

Re:Who doubts the endgame?

[dada21]

Couple times per year.

A friend is visiting the States with us right now, her first visit. 23, female, college degree in economics. After converting from metric, she's blown away at how cheap electronics, food, gas, and even liquor is.

I'm starting a business right now in Europe (acrylics) and the pay vs taxes vs cost of living saddens me.

Re:Volumes of Data

[MooCows]

The Dutch government has made it clear that they won't be paying ISP's for it.
The Dutch ISP xs4all [xs4all.nl] is actively campaigning [dataretent...lution.com] against this law.
They give the realistic argument that this law will commercially cripple European ISPs, and the government paying for the storage is unrealistic.

Encryption

[MikeBabcock]

It seems nobody has said the obvious yet ...

Encrypt your private communications.

Use anonymous remailers.

If you actually get charged, they'll require you to give up your keys, but they won't be snooping at your E-mails behind your back.

pgp.com [pgp.com]
gnupg.org [gnupg.org]

Press release from FFII

[Christian Engstrom]

FFII, Foundation for a Free Information Infrastructure, has issued the following press release today regarding this matter:

PRESS RELEASE FFII -- [ Europe / ICT / Information Society ]

EU adopts Big Brother directive, ignores industry and civil society

14 December 2005 (Strasbourg, France) The European Parliament today adopted a directive that will create the largest monitoring database in the world, tracking all communications within the EU. "From today, all EU citizens are to be tracked and monitored like common criminals," says Pieter Hintjens, president of the FFII.

The Data Retention Directive was passed by 378 votes to 197, following deals between the Council and the leaders of the two largest parties in Parliament, the EPP-ED (Conservatives) and the PSE (Socialists). The Rapporteur for the directive, Alexander Alvaro (Liberals) had his name removed from the report in protest.

Jonas Maebe of the FFII says: "Among other harsh measures, the directive mandates recording of the source and destination of all emails you send and every call you make, and your location and movement during mobile phone calls. Additionally, the directive says nothing about who has to pay for all this logging, which will significantly distort the internal telecommunications market."

"Moreover, the directive disregards how Internet protocols work. For example, tracking Internet telephony calls is generally impossible without closely watching the content of all data packets. The reason is that such connections are not necessarily set up via a central server which can perform the necessary logging. On top of that you have techniques like tunneling (VPN's) which make it simply impossible to look at the content", he adds.

The gathered data can be made available without special warrants, and without limit to certain types of crime. There will be no independent evaluation, and no extra privacy and no specific security safeguards. The data will be retained for periods ranging from 6 months up to any duration a member state can convince the Commission of.

Hartmut Pilch of the FFII says: "This outcome proves that we have to remain vigilant at all times and work on every relevant directive from the start. Even now, the planned IPRED2 directive, also unanimously condemned by industry and civil society, threatens to turn everyone caught by a patent into a criminal."

Background Information

* Two-page overview of the effects of the most important amendments
http://www.ffii.org/~jmaebe/dataret/plen1/summary. pdf [ffii.org]

* English video stream of today's plenary session
http://media.vrijschrift.org/ep_vote_datared_05121 4_en.wmv [vrijschrift.org]

* Original language video stream of today's plenary session
http://media.vrijschrift.org/ep_vote_datared_05121 4_or.wmv [vrijschrift.org]

* Data retention: legislative sausage machine in overdrive
http://wiki.ffii.org/DataRet0512En [ffii.org]

* News, position papers on and analysis of the directive
http://wiki.dataretentionisnosolution.com [dataretent...lution.com]

* Permanent link to this press release
http://wiki.ffii.org/DataRetPr051214En [ffii.org]

About the FFII -- http://www.ffii.org [ffii.org]

The Foundation for a Free Information Infrastructure (FFII) is a non-profit association registered in several European countries, which is dedicated to the spread of data processing literacy. FFII supports the development of public information goods based on copyright, free competition, open standards. More than 850 members, 3,000 companies and 90,000 supporters h

Not for webhosting

[Anonymous Coward]

Webhosting is not caught under this, since it only applies to providers of public telecommunications services and networks as defined by the New Regulatory Framework. You do not fall under the new regulatory framework, unless you do a public offering, route your own traffic (multi-homed) etc etc. You probably don't. Your ISP is not obliged to sniff through all the traffic to filter out who has e-mailed who using private e-mail adresses, since that is content to him and it would be lawful interception. It also doesn't oblige providers of corporations to save all the e-mail that goes to and from the corporation, nor does it oblige the corporation to retain all internal mail.

GMail/Hotmail/Yahoo? anybody willing to guess?

Background

[D4C5CE]

The European Parliament (which would have had a power of veto in the procedure) approved the draconian directive on first reading without much of a fight - putting 450 million people under massive surveillance with no justification whatsoever (other than the Four Horsemen of the Infocalypse [wikipedia.org]).

According to their own Press Service: Deal on EU data retention law [eu.int]; more comprehensive version in German: Ja zur Vorratsdatenspeicherung bis zu zwei Jahren - Keine Speicherung der Kommunikationsinhalte [eu.int]. Incidentally, even the latter "limitation" (allegedly no storage of the contents of communications) is void in particular with respect to URLs - these being identifiers for the contents transmitted anyway.

Loopholes aplenty have already triggered plans e.g. in Poland to extend the storage even further, to a staggering 15 years (!), and remaining safeguards (if any) are not expected to last: The media industry wants access to that data, too [zdnet.co.uk] (and a further directive is in the works, cf. the EU Legislative Observatory [eu.int]).

Re:Basic IT Knowledge

[Anonymous Coward]

You forgot to mention that they will log every URL you visit.

Re:A scenario

[Todd Knarr]

There's one major problem with your scenario. It's actually fairly obvious: when you go looking through the e-mail, the only stuff identifiable as coming from an Abdullah won't have anything to do with the anthrax. Do you think the real Abdullah will be stupid enough to use an e-mail address clearly matching his name? No, his e-mail will come from something like hot18yo84172@hotmail.com or somesuch, and it'll be buried in the mountain of sex-spam e-mails your target receives and discards every day just like the rest of us. Now, if you have Abdullah and want to find out who he's been talking to, then this kind of retention might be useful. Unfortunately it's also unneccesary, since if you've already got enough to nail Abdullah you've got enough to go into court, get a warrant and tap his computer directly without having to mess with his ISP.

There's also the side-effects that've already been noted. While the retention may not be useful for tracking terrorists (it's purported justification), it'll be very useful to people whose investigations have nothing to do with terrorism and who've been unable to get anything like this on their own merits. That makes me thing the whole thing's an end-run, and "terrorism" is just an excuse.

Re:Poisoning the logs

[Maljin Jolt]

What if someone created a screensaver that continually accessed thousands of websites, IP addresses. Basically create as much junk data as possible to pollute their logs.

Real geeks do not run screenasvers.

wget --background --spider --mirror --limitrate=2k http://www.google.com/search?hl=en&q=sex&btnG=Goog le+Search [google.com] --output-file=/dev/null

Bot for making massive data amounts.

[pdjohe]

If this is the case, what if there was some sort of bot that would simply go around the Internet visiting random sites. If everybody had this installed, then the noise ratio would be too high for accurate data retention, right? After all, you don't pay for the usage of bandwidth generally, you pay per month. Just use all the bandwidth you can on useless stuff. In the end, it will push the amount of storage the ISP's have to use and their bandwidth usage through the roof.