EU Approves Data Retention

submanifold writes "The EU have ratified rules that will force ISP's and other telecommunication companies to retain data for two years. This data includes the time, date and locations of both mobile and landline calls (as well as whether or not they were answered) along with logs of internet activity and email. Apparently the content itself would not be accessible, merely the data concerning it. However, despite being touted as an anti-terrorist measure, the record industry has already admitted interest in aquiring such data."

I am going to be rich!

[Nichotin]

Heh, I guess buying stocks in storage related companies would be a good idea now :)

two years?

[backslashdot]

Retain for two, retain forever.

Volumes of Data

[qw(name)]

There had better be some incentives for housing that kind data. For a busy ISP, that would mean GBs and GBs of data. Where's it going to be stored and who's going to pay for it?

This story belongs in "Your Rights Online"

[o'reor]

not in the "Hardware" section, dammit !

encrypted proxies

[brontus3927]

I guess thats a good reason to start using encrypted proxies.

Re:Volumes of Data

[qw(name)]

that would mean GBs and GBs of data

I should have said TBs and TBs of data.

The solution to the Recording Industry

[Anonymous Coward]

...is to publish the surfing habits and email of their executives over the past two years. If they have things like Porn, Payola, and Prostitutes showing up in public view, and they might lobby for Privacy.

Why this is not ok

[Nichotin]

Seeing that many people have been harassed by the FBI and similar entitys just because they belong in a certain group (peace protestor, black, etc.), I really do not want the government to find out that I from time to time engage in peaceful marches agianst the man. As noted, the record industry wants to have a look at the data, and that is just another pen stroke to accomplish after the money has passed under the table.

Music Industry?!

[twollamalove]

If the music industry is the biggest cause for concern here, we've got bigger problems than we think...

Who doubts the endgame?

[dada21]

These are likely the same parties behind the push for UN control of ICANN's business.

If you think they're merely out for fair sharing, think again. I may hate the rights I've lost through Bush and Clinton's wars and social programs, but I see no real difference in Europe. In some ways I see fewer freedom and more tyranny.

Open WiFi access points make these rules useless.

Re:Who doubts the endgame?

[C10H14N2]

In some ways I see fewer freedom and more tyranny.

Haven't been across the pond in awhile, have we?

Basic IT Knowledge

[Anonymous Coward]

Yet again politicians (and their advisers) demonstrate their complete lack of understanding in the field of IT. They obviously have no comprehension of the quantity of data that TelCos shift each day...

Phew, that's a relief

[slushbat]

Now we should be able to round up all of the terrorists within a few minutes, and all will be well in the garden again. I am so lucky to be looked after by such wise leaders. Seriously, I bet you will be able to count the number of terrorists caught by this on the fingers of one foot.

Re:Volumes of Data

[castoridae]

And how's it going to be protected? This is another ChoicePoint leak just waiting to happen.

Of COURSE they're interested in gaining access

[Tim C]

That's fine, and is their right.

It only becomes a problem when the authorities grant them access. They ask all they like, as long as they don't get it. If they do get it, then it's the authorities that should be blamed.

Re:Gimme a break

[meisenst]

Yet another ploy for the record industry to put fear into individuals. I hope one day the record industry burns and dies.

In order for this to happen, you have to stop supporting them. Don't buy (or download) their products. Don't listen to their mass marketed drivel. Tell your friends, your family, and everyone else you think will listen that every time you support these companies, you are chipping away at your freedoms.

As long as the majority of us continute to pay the record industries money, they will simply continue in their quest to make sure that we all pay them more money. If we stand up for our rights, stop buying their products, and make sure that they realize that they are here to sell entertainment to us, and that we do not exist to buy entertainment from them, then that will be a start.

All this talk of "screw them" and "I hope they die off" and whatever else will do nothing to protect our rights, especially when governments are making it easier and easier for these corrupt and greedy companies to infringe on our privacy.

Re:Volumes of Data

[Maxo-Texas]

And where is finland going to be getting the money to pay for this?

And where are the ISP's going to get the money to pay for this?

So for 50 bonus mod points, ... who's going to be paying for this again?

Re:Volumes of Data

[Wilson_6500]

who's going to pay for it

EU ISP customers. One way or the other.

Re:Gimme a break

[jawtheshark]

Sure, that's nice in theory... Problem is: if their revenues fall, they will blame it on piracy. If the revenues soar, they will say that their copy protection schemes (and other measures like the logging of ISP) work and that those should thus be mandatory.

Either way, the customer is screwed.

Re:Volumes of Data

[Tom]

For a busy ISP, that would mean GBs and GBs of data. Where's it going to be stored

EMC, for example, offers mass storage devices capable of coping with that.
I know a major ISP in Europe who has an EMC storage with several TB of capacity.

and who's going to pay for it?

The ISP. Which in the end means you, the customer. Nice, isn't it? Not only are you now under constant surveilance, you also pay for it yourself.

Re:Gimme a break

[MBGMorden]

Let them blame it on piracy then. They can whine all they want to, but whining will buy them but so much. If they use piracy as an excuse to DRM stuff, then we don't buy the DRM products, and they go out of business. Companies who avoid DRM will survive and eventually they'll all get the hint.

Hardware?

[NtroP]

I'd have put this under YRO.

Make the records publically available.

[Anonymous Coward]

You may think it, um, counterintuitive.

But the _reason_ they want these is to maintain social/political power over people. An elite with privileged access to all that information can control society. In a free society, either everyone should have the communications metadata, or no-one: It's unbalanced information availability that would give the police power to become the classic Big Brother. I'm a lot safer if everyone knows I have a particular embarassing sexual inclination or whatever than if only a small, powerful subset knows.

See David Brin's book "The Transparent Society: Will Technology force use to choose between privacy and freedom?"

The last man in Europe

[Anonymous Coward]

There is no way to stop this now. We're on our way to an Orwellian state.
This is the fundamental step. From here on, it's let's add this crime, let's give access to that organisation, let's extend it to this data, let's save it for 100 years instead.
And when there's a war, the occupier will have the ultimate oppressive weapon pre-installed.
And what are you people babbling about? What protocols will be included, ways to obfuscate yourself, the costs of storing this data? There's a bigger picture, people!

Say what you will about the US, atleast they don't have a back door for legislation that would never get by a national parliament. Make room, I'm hopping the pond.

Anti-terrorism business

[Anonymous Coward]

The recording industry has no business in data collected for anti-terrorism purposes.
Unless the recording industry is taking responsibility for issues that belong to the government.
But in this case the recording industry should have the same burden as governments: their leaders should be elected by the voters.

Re:Filesharing and this law

[Oersoep]

"logs with ports and IPs"

No ports, no IP's. The folks who came up with this don't think that far.

They think that:
- e-mail is just like phone
- spam does not exist
- ISP's only handle private traffic
- ISP's handle ALL traffic, and have full access to it
- Only EU citizens use ISPs in Europe
- Encryption does not exist
- No-one has his own mailserver
- No-one is going to try to make money by offering tunneling services to non-EU countries
- Terrorists are dumber than they are

It's not that they want every ISP to scan all packets. They're just thinking like lusers. They think internet is managable.

Their plan sucks. It doesn't work, it's leaking like a raincloud, it's unconstitutional for a lot of member states, and they bombard ISPs with costs, work and responsibilities they never asked for and they KNOW is bullcrap.

It's absurd.

Re:Well, what about SMTP?

[PhilHibbs]

Google has assets in the UK, and does business in the UK. We can tell them to "obey UK law or go home and stop doing business here". China did it, and so can we.

Hang on - did I just compare my country to China? 8-O

Re:encrypted proxies

[Elixon]

They are trying to steel the right to live and not be watched by government... Do you think that the next rules will not follow?

1. Retain data for two years - IS HERE
Will come:
2. Retain content of e-mails and other content for 2 years.
3. Encrypted transmition is forbidden.
4. IPv6 will identify you securely - no anonymous proxies anymore!

I hope that smart brains that will be one step in front of BigBrotherGoverning eye will survive.

How soon we forget...

[hpa]

20 years ago, it was explained to me that the reason European telephone companies didn't issue itemized bills except by explicit customer request was that telephone billing records had been used by Gestapo after invading other countries to figure out who to eliminate as possible "security threats" -- if X was suspected of being involved with the resistance, and Y had called X some time before the invasion, X and Y would both find themselves in a box car pretty soon.

It wasn't just that the data wasn't retained, the data was never even collected unless you requested it -- otherwise the only billing information that would be kept was a running counter.

Today, the supposedly-democratic countries want to use surveillance that would have given Gestapo and Stasi wet dreams; it's probably no coincidence that the prime ministers in the countries that have pushed the most (UK and Sweden) have been ones acting like power is a God-given right to them personally.

Re:Volumes of Data

[91degrees]

Western governments have failed to stop major terrorist attacks in the US, Spain, the UK and elsewhere, despite having later found numerous clues that might have tipped them off to some of these attacks. I'd say we're already at the point where the signal-to-noise ratio is beyond their ability to handle reliably.

What about the attempted bomb plant on the New York underground last week? Didn't hear about it? That's because the suspected perpetrators were arrested a year ago before they even considered planning it. Or maybe they wouldn't.

But I would like a requirement that this law is repealed unless there is an increase in prosecutions of terrorists or at least one attack is foiled as a direct result of this legislation.

A scenario

[Syberghost]

Ok, assume the following scenario:

We catch a terrorist. I'm not talking about somebody we just think might maybe be a terrorist, I mean we yank him out from behind the wheel of the van bomb in the basement of the skyscraper, or the other passengers monkey-stomp him unconscious as he tries to break into the cockpit of the airplane.

We search his home, and find a computer. On it, we find an email from Ayman Al-Zawahiri, saying "Abdullah will email you the instructions for where to pick up the anthrax." We don't find a copy of the email from Abdullah, and Thunderbird is configured to always prompt him for his Earthlink IMAP password. When we ask him for his password, he says "your mother sews socks that smell". After we type that in, we find out that it's not actually his password, it's just an insult.

Are you saying that you don't think it would be a good thing if we could go ask Earthlink for a list of everybody that's emailed him in the last two years, and cross-reference that with emails received by other known terrorists? Maybe go talk to anybody with the address "abdullah1987@hotmail.com" who emailed him?

If what people are objecting to is a feared misuse of this information, then oversight and legal protections are a better answer than throwing the smoking baby out with the bathwater.

If you honestly think it's not safe for a private company to have this information sitting where a court-granted search warrant could retrieve it, then you probably need to be lobbying to replace your local landfill and garbage trucks with curbside incineration service, too; but don't imply, as the submitter did, that it's not an anti-terrorism effort just because it could also be misused.

This is akin to deciding that a school isn't being honest when they say they're buying new computers for educational purposes just because some kid says he's going to install Quake on one of them.

Re:two years?

[Anonymous Coward]

On a similar note, how many people were aware that the US federal income tax -- arguably the tipping point of oppression in the US -- was supposed to be temporary? (If you are a US citizen and didn't know, don't be ashamed. Government schools are designed to sweep that kind of thing under the carpet.)

As the saying goes, there is nothing as permanent as a temporary government program. Here is a similar prediction: the US "patriot" act will never be abolished, and in fact, will pave the way for even greater acts of oppression. Don't belive it? Let's discuss this again in 50 years.

Re:two years?

[cayenne8]

"As the saying goes, there is nothing as permanent as a temporary government program."

Yeah...I think about that ever time I go across the damned toll bridge down here. Was supposed to be toll only as long a period till it was paid for, which by now is way overly paid for.

I think now...the only operating cost is the actual toll booths they have to pay to maintain and man....

As for actual laws being repealed...about the only one I can think of in the US is the amendments for prohibition. Anything else repealed since then?

Re:Press release from FFII

[pieterh]

The Directive will be rubber-stamped by the Council. It will be challenged in several national courts and possibly the European Court of Human Rights, for it breaks article 8 of this convention quite flagrantly.

But there appears to be no process for overturning the directive. EU directives override national law. This is a great success for the UK government which tried and failed to have this law passed in the UK.

Ironically, a report by the Commission just 4 years ago on the Echelon surveillance system [cr.yp.to] stated quite clearly that "Only in a 'police state' is the unrestricted interception of
communications permitted by government authorities."

The EU is now officially a 'police state', by the Commission's own words.

Re:Gimme a break

[KDR_11k]

You're lucky. I can't stand the kind of music that's on the radio. Internet radio works, though. Combine that with a ripping program (recording stuff off a broadcast is legal so I don't se a problem here) and you can get some passable music together.

Re:Volumes of Data

[bleckywelcky]

One day, the governments will learn that just because you can do something doesn't mean you should.

I doubt it.

Re:I am going to be rich!

[dgatwood]

This is, quite possibly, the most privacy-invading law I've seen in my lifetime. That said, there are at least a couple of nice solutions to this problem that technically comply with the law without contributing willingly to the police state. Call it... uh... civil disobedience.... While I haven't read the bill, nowhere in the descriptions I've seen does it say the data must be retained electronically, nor does it say that the person retaining the data must provide reasonable means to access it, only that the data must be retained.

Solution 1: The Mountain of Paperwork Method

Set up your system logging to pipe all that data to a line printer. When the authorities ask for your records, point them to a room in which there are a few hundred thousand pounds of unsorted stacks of fanfold paper. If you can convince all the ISPs out there to do this, the law will quickly be abandoned as not useful.

Solution 2: The Law of Information (a.k.a. Thermodynamics/Quantum Electrodynamics) Method

Send the data into a black hole. When they attempt to sue you for failing to retain the data, insist that they prove conclusively that the black hole did not, in fact, retain said data.

Solution 3: The One-Time Pad Method

Using an alpha emitter, generate a one-time pad. Make an offer to allow to use your OTP generator for a reasonable fee. Use this encrypted data stream to encrypt the log data. According to the rules of OTP encryption, destroy the pad immediately after encryption. Insist that if the police state wanted access to the data, they should have been paying for access to your OTP's data stream for the past several months. Hand them a hard drive containing random bytes.

Solution 4: The Laser Beam Into Space method

Encode the data by modulating a laser beam and bouncing the beam off of a planet orbiting a star that is at least three light years away. Upon questioning, insist that if the police state really needed that data, they should have launched a deep space probe centuries ago. Give them the opportunity to launch one now, but remind them that the Alpha Centaurians need the data, too, so if they hurry, they might be able to get the information by the year 2600.

Re:Why this is not ok

[IAmTheDave]

Seeing that many people have been harassed by the FBI and similar entitys just because they belong in a certain group (peace protestor, black, etc.), I really do not want the government to find out that I from time to time engage in peaceful marches agianst the man.

People often joke that George Orwell was a mere 20 years or so off the mark, such delay perhaps caused by the very fear his book invoked in the hearts of those who would fall victim to such surveillance.

But the scary truth is, this is not a joke. As a majority of communications moves online, even as phone calls are now almost all routed at some point over an IP network, this is perhaps the single largest surveillance undertaking and law that I have ever seen pass. I cannot imagine that any citizen would accept this as representing their beliefs or desires. This is, in fact, one of the scariest things to happen in a long time.

What concerns me further is the reach this has. This is all data that passes over any EU country's network, meaning that any time I visit a website hosted in Europe, my data will be tracked. Any time I email someone in Germany or France, my information will be tracked. This is in no way just surveillance of the EU's citizenry, but of the entire world's.

I for one am off to fashion a tin foil hat.