Forgot your password?
typodupeerror
Data Storage Your Rights Online

EU Approves Data Retention 350

Posted by CmdrTaco
from the finally-someone-is-being-data-retentive dept.
submanifold writes "The EU have ratified rules that will force ISP's and other telecommunication companies to retain data for two years. This data includes the time, date and locations of both mobile and landline calls (as well as whether or not they were answered) along with logs of internet activity and email. Apparently the content itself would not be accessible, merely the data concerning it. However, despite being touted as an anti-terrorist measure, the record industry has already admitted interest in aquiring such data."
This discussion has been archived. No new comments can be posted.

EU Approves Data Retention

Comments Filter:
  • by Nichotin (794369) on Wednesday December 14, 2005 @11:46AM (#14256345)
    Heh, I guess buying stocks in storage related companies would be a good idea now :)
    • by burnetd (90848) on Wednesday December 14, 2005 @11:52AM (#14256396)
      I'm off to patent the use of random RIAA artist names, and MPAA movie names in email signatures.
    • Heh, I guess buying stocks in storage related companies would be a good idea now :)

      Yeah! Finally there's a need for storage space! Hopefully this will get more people to start storing stuff and this straggling industry can finally start to grow.
    • by Christian Engstrom (633834) <christian.engstr ... .piratpartiet.se> on Wednesday December 14, 2005 @12:27PM (#14256712) Homepage
      FFII, Foundation for a Free Information Infrastructure, has issued the following press release today regarding this matter:

      PRESS RELEASE FFII -- [ Europe / ICT / Information Society ]

      EU adopts Big Brother directive, ignores industry and civil society

      14 December 2005 (Strasbourg, France) The European Parliament today adopted a directive that will create the largest monitoring database in the world, tracking all communications within the EU. "From today, all EU citizens are to be tracked and monitored like common criminals," says Pieter Hintjens, president of the FFII.

      The Data Retention Directive was passed by 378 votes to 197, following deals between the Council and the leaders of the two largest parties in Parliament, the EPP-ED (Conservatives) and the PSE (Socialists). The Rapporteur for the directive, Alexander Alvaro (Liberals) had his name removed from the report in protest.

      Jonas Maebe of the FFII says: "Among other harsh measures, the directive mandates recording of the source and destination of all emails you send and every call you make, and your location and movement during mobile phone calls. Additionally, the directive says nothing about who has to pay for all this logging, which will significantly distort the internal telecommunications market."

      "Moreover, the directive disregards how Internet protocols work. For example, tracking Internet telephony calls is generally impossible without closely watching the content of all data packets. The reason is that such connections are not necessarily set up via a central server which can perform the necessary logging. On top of that you have techniques like tunneling (VPN's) which make it simply impossible to look at the content", he adds.

      The gathered data can be made available without special warrants, and without limit to certain types of crime. There will be no independent evaluation, and no extra privacy and no specific security safeguards. The data will be retained for periods ranging from 6 months up to any duration a member state can convince the Commission of.

      Hartmut Pilch of the FFII says: "This outcome proves that we have to remain vigilant at all times and work on every relevant directive from the start. Even now, the planned IPRED2 directive, also unanimously condemned by industry and civil society, threatens to turn everyone caught by a patent into a criminal."

      Background Information

      * Two-page overview of the effects of the most important amendments
      http://www.ffii.org/~jmaebe/dataret/plen1/summary. pdf [ffii.org]

      * English video stream of today's plenary session
      http://media.vrijschrift.org/ep_vote_datared_05121 4_en.wmv [vrijschrift.org]

      * Original language video stream of today's plenary session
      http://media.vrijschrift.org/ep_vote_datared_05121 4_or.wmv [vrijschrift.org]

      * Data retention: legislative sausage machine in overdrive
      http://wiki.ffii.org/DataRet0512En [ffii.org]

      * News, position papers on and analysis of the directive
      http://wiki.dataretentionisnosolution.com [dataretent...lution.com]

      * Permanent link to this press release
      http://wiki.ffii.org/DataRetPr051214En [ffii.org]

      About the FFII -- http://www.ffii.org [ffii.org]

      The Foundation for a Free Information Infrastructure (FFII) is a non-profit association registered in several European countries, which is dedicated to the spread of data processing literacy. FFII supports the development of public information goods based on copyright, free competition, open standards. More than 850 members, 3,000 companies and 90,000 supporters h

  • two years? (Score:5, Insightful)

    by backslashdot (95548) on Wednesday December 14, 2005 @11:47AM (#14256347)
    Retain for two, retain forever.
  • Volumes of Data (Score:5, Insightful)

    by qw(name) (718245) on Wednesday December 14, 2005 @11:48AM (#14256363) Journal

    There had better be some incentives for housing that kind data. For a busy ISP, that would mean GBs and GBs of data. Where's it going to be stored and who's going to pay for it?
    • Re:Volumes of Data (Score:3, Insightful)

      by qw(name) (718245)
      that would mean GBs and GBs of data
      I should have said TBs and TBs of data.
    • Re:Volumes of Data (Score:5, Insightful)

      by castoridae (453809) on Wednesday December 14, 2005 @11:56AM (#14256435)
      And how's it going to be protected? This is another ChoicePoint leak just waiting to happen.
    • Re:Volumes of Data (Score:2, Informative)

      by LilWolf (847434)
      At least in Finland the government is going to be paying for it. Though I believe it varies by member state, so in some countries the costs would actually fall on the ISPs and other such operators.
      • Re:Volumes of Data (Score:5, Insightful)

        by Maxo-Texas (864189) on Wednesday December 14, 2005 @12:01PM (#14256473)
        And where is finland going to be getting the money to pay for this?

        And where are the ISP's going to get the money to pay for this?

        So for 50 bonus mod points, ... who's going to be paying for this again?
        • Ready?

          ***DRUMs ****
          BRAATATATATATATATATATA...
          .
          .
          .
          .

          YOU!
          Yep, the tax payer!

          You know mate, governments on some EU countries have to find ways to spend their high taxes (I am looking at you Britain).

      • Re:Volumes of Data (Score:4, Interesting)

        by malkavian (9512) on Wednesday December 14, 2005 @12:11PM (#14256570) Homepage
        Just as in the UK, the Government will probably be paying for it.
        And as the government's expenses have just risen, and it's workload increased, there will:

        a) Be a tax hike to cover the cost that is given to the ISPs to retain the data.
        b) Be a tax hike to cover the salaries of the extra bureaucrats required to fill in the paperwork to support the new directive.
        c) Be a tax hike to cover the cost of the consultants to work out a way of actually sifting the signal from the noise (or pay for extra M.O.D. staff to do the work).

        Part of that tax hike may be applied to the ISPs, so they'll end up paying more, so to recoup costs, they'll have to raise prices.
        All of which comes back to bite the basic guy in the street right in the ass.

        Lots of cost, no appreciable gain.
        One day, the governments will learn that just because you can do something doesn't mean you should. They'll end up with so much noise, they just can't pick out the signal.
      • Re:Volumes of Data (Score:3, Informative)

        by MooCows (718367)
        The Dutch government has made it clear that they won't be paying ISP's for it.
        The Dutch ISP xs4all [xs4all.nl] is actively campaigning [dataretent...lution.com] against this law.
        They give the realistic argument that this law will commercially cripple European ISPs, and the government paying for the storage is unrealistic.
      • At least in Finland the government is going to be paying for it.

        Our glorious government could, of course, also spend this money on hiring enough teachers for schools, nurses for hospitals, or caretakers for old peoples homes. But I guess that wouldn't make them feel that they have an essential role in fighting international terrorism.

        Oh well. In past they kneeled for the Soviet Union, nowadays they are a bit confused since they don't know which ones boots they should lick first: EU or the USA. So I gu

    • Re:Volumes of Data (Score:5, Insightful)

      by Wilson_6500 (896824) on Wednesday December 14, 2005 @12:10PM (#14256555)
      who's going to pay for it

      EU ISP customers. One way or the other.
    • Re:Volumes of Data (Score:4, Insightful)

      by Tom (822) on Wednesday December 14, 2005 @12:11PM (#14256571) Homepage Journal
      For a busy ISP, that would mean GBs and GBs of data. Where's it going to be stored

      EMC, for example, offers mass storage devices capable of coping with that.
      I know a major ISP in Europe who has an EMC storage with several TB of capacity.

      and who's going to pay for it?

      The ISP. Which in the end means you, the customer. Nice, isn't it? Not only are you now under constant surveilance, you also pay for it yourself.
    • There had better be some incentives for housing that kind data.

      There is - do it, or be prosecuted, then do it anyway when the court forces you to and submit to the punishment for not doing it in the first place.
  • by o'reor (581921) on Wednesday December 14, 2005 @11:49AM (#14256369) Journal
    not in the "Hardware" section, dammit !
  • encrypted proxies (Score:5, Insightful)

    by brontus3927 (865730) <edwardra3NO@SPAMgmail.com> on Wednesday December 14, 2005 @11:49AM (#14256379) Homepage Journal
    I guess thats a good reason to start using encrypted proxies.
    • by Elixon (832904)
      They are trying to steel the right to live and not be watched by government... Do you think that the next rules will not follow?

      1. Retain data for two years - IS HERE
      Will come:
      2. Retain content of e-mails and other content for 2 years.
      3. Encrypted transmition is forbidden.
      4. IPv6 will identify you securely - no anonymous proxies anymore!

      I hope that smart brains that will be one step in front of BigBrotherGoverning eye will survive.
    • Re:encrypted proxies (Score:3, Interesting)

      by legirons (809082)
      "I guess thats a good reason to start using encrypted proxies."

      Or to make 50 connections per second to random addresses

      "store that, fuckers!"

      Make it popular enough, then we can send BT offline as they realise they'll need 500TB/day of storage.
  • by Anonymous Coward on Wednesday December 14, 2005 @11:51AM (#14256390)
    ...is to publish the surfing habits and email of their executives over the past two years. If they have things like Porn, Payola, and Prostitutes showing up in public view, and they might lobby for Privacy.
  • Why this is not ok (Score:5, Insightful)

    by Nichotin (794369) on Wednesday December 14, 2005 @11:52AM (#14256399)
    Seeing that many people have been harassed by the FBI and similar entitys just because they belong in a certain group (peace protestor, black, etc.), I really do not want the government to find out that I from time to time engage in peaceful marches agianst the man. As noted, the record industry wants to have a look at the data, and that is just another pen stroke to accomplish after the money has passed under the table.
    • by IAmTheDave (746256) <{moc.oohay} {ta} {ds-evademanesab}> on Wednesday December 14, 2005 @06:19PM (#14259703) Homepage Journal
      Seeing that many people have been harassed by the FBI and similar entitys just because they belong in a certain group (peace protestor, black, etc.), I really do not want the government to find out that I from time to time engage in peaceful marches agianst the man.

      People often joke that George Orwell was a mere 20 years or so off the mark, such delay perhaps caused by the very fear his book invoked in the hearts of those who would fall victim to such surveillance.

      But the scary truth is, this is not a joke. As a majority of communications moves online, even as phone calls are now almost all routed at some point over an IP network, this is perhaps the single largest surveillance undertaking and law that I have ever seen pass. I cannot imagine that any citizen would accept this as representing their beliefs or desires. This is, in fact, one of the scariest things to happen in a long time.

      What concerns me further is the reach this has. This is all data that passes over any EU country's network, meaning that any time I visit a website hosted in Europe, my data will be tracked. Any time I email someone in Germany or France, my information will be tracked. This is in no way just surveillance of the EU's citizenry, but of the entire world's.

      I for one am off to fashion a tin foil hat.

  • by Pieroxy (222434) on Wednesday December 14, 2005 @11:52AM (#14256405) Homepage
    My mail comes to me through SMTP directly. I am wondering how they will keep track of my incoming mail... The mail I send, however, goes through their SMTP proxy, which is a bit of a pain but necessary because most properly configured mail servers will reject anything incoming from a DSL IP.

    So how can they keep track of my gmail account? That is unless they log all the throughput of data coming in and out of my computer, of course. Now I see a legal and proper use of eDonkey: keep on downloading and uploading free software!!! That way they have LOADS of data to log.

    With a bit of luck, the next DMCA will also make that illegal! What a relief for the ISPs. ;(
    • So how can they keep track of my gmail account?

      GMail will have to provide the data.
      Yes, they thought about webmail. I had a copy of the specifications for the whole thing in my hands once. Everything passing through an ISP or other service provider (such as GMail) will be captured. The only way to be safe is to run your own mailserver and use TLS. And even then, your mails will be logged on the "other end", i.e. the guy you talk to, unless he's also running his own mailserver.

      • GMail will have to provide the data
        They cannot force an american company down their European laws now, can they?
        • GE could not buy Honeywell because the EU competition people blocked it. That court decision was just reaffirmed. So, if an American listed company cannot buy another American listed company due to EU practice, expect US providers with European clients/customers/accounts to have to provide the data.
        • by PhilHibbs (4537) <snarks@gmail.com> on Wednesday December 14, 2005 @12:35PM (#14256776) Homepage Journal
          Google has assets in the UK, and does business in the UK. We can tell them to "obey UK law or go home and stop doing business here". China did it, and so can we.

          Hang on - did I just compare my country to China? 8-O
        • On the face of it, no they can't... in just the same way that Norway wasn't "encouraged" to go after 'DVD' Jon, or the Brits didn't turn a blind eye to CIA flights, or the way Europe doesn't go after infringers of US copyrights. In fact, if they don't do it already I bet it'll provide them with a great scapegoat: the EU can say that they implemented biometric passports because the US "told them to", the US can now sweep aside resistance to data retention there because the "EU told them to". Governments love
        • There is no longer such a thing as an American company - all the big companies - the ones whose names we all know - are international in scope and yes - subject to the laws of many nations.
      • Everything passing through an ISP or other service provider (such as GMail) will be captured.

        GMail uses HTTPS and POPS. Good luck on tracking that!! All the ISP will see is a) when you checked your mail and b) when you sent mail. The contents of the messages and the reciprients is private.

  • by dada21 (163177) * <adam.dada@gmail.com> on Wednesday December 14, 2005 @11:53AM (#14256408) Homepage Journal
    These are likely the same parties behind the push for UN control of ICANN's business.

    If you think they're merely out for fair sharing, think again. I may hate the rights I've lost through Bush and Clinton's wars and social programs, but I see no real difference in Europe. In some ways I see fewer freedom and more tyranny.

    Open WiFi access points make these rules useless.
    • In some ways I see fewer freedom and more tyranny.

      Haven't been across the pond in awhile, have we?
      • by dada21 (163177) *
        Couple times per year.

        A friend is visiting the States with us right now, her first visit. 23, female, college degree in economics. After converting from metric, she's blown away at how cheap electronics, food, gas, and even liquor is.

        I'm starting a business right now in Europe (acrylics) and the pay vs taxes vs cost of living saddens me.
    • Open WiFi access points make these rules useless.

      Wasn't there a story just a while ago, telling that open (unlogged) WiFi is going to be illegal for just this reason ?

  • Good point (Score:3, Informative)

    by Anonymous Coward on Wednesday December 14, 2005 @11:54AM (#14256416)
    FTA: "At the end of the day ISPs are not law enforcement agencies so they should not have to pay for it all"
  • Time to pack up? (Score:5, Interesting)

    by mccalli (323026) on Wednesday December 14, 2005 @11:54AM (#14256421) Homepage
    I run a co-lo webserver as a sideline to my limited company. It's based in the UK, and houses around sixteen low traffic sites. It generates no money - I really just wanted a raw server out in the wild and sold space on it to known friends who felt the same - we exactly cover our hosting costs and no more.

    Am I caught by this? It sounds like I am. Am I now expected to keep mail logs for two years and be legally liable if I don't? If so, I am almost certainly out of the business. Just not worth the risk to me.

    Cheers,
    Ian

    • Burn them to a cd every week or so. You have to keep them, you don't have to keep them on line.

      -jcr
    • Re:Time to pack up? (Score:2, Informative)

      by LilWolf (847434)
      No, the way I've understood it this only applies to registered telecommunication companies(ie. internet service providers, telephone companies and such). So you should be safe from any obligations to keep such logs.

      Now, the place hosting your servers/providing the net connection might be a different story..
      • I certainly hope you are right - I too run a local web/email hosting business in the UK and now I'm thinking that this legislation could prove benificial to me if it only applies to telcos and ISPs (rather than hosts). I can now sell security from government and police snooping as one of my features.

        I guess I'll have to wait until the law is actually implemented. At a push the Isle of Man http://www.gov.im/ [www.gov.im] sits right between Scotland, England, Ireland and Wales yet is not a part of the UK or the EU (its a

  • by slushbat (777142) on Wednesday December 14, 2005 @11:56AM (#14256432)
    Now we should be able to round up all of the terrorists within a few minutes, and all will be well in the garden again. I am so lucky to be looked after by such wise leaders. Seriously, I bet you will be able to count the number of terrorists caught by this on the fingers of one foot.
  • by Tim C (15259) on Wednesday December 14, 2005 @11:59AM (#14256455)
    That's fine, and is their right.

    It only becomes a problem when the authorities grant them access. They ask all they like, as long as they don't get it. If they do get it, then it's the authorities that should be blamed.
  • by gasmonso (929871) on Wednesday December 14, 2005 @11:59AM (#14256458) Homepage

    Having every aspect of my life recorded just scares the hell out of me. We have countried collecting Internet and phone usage. Many cities are putting cameras up to monitor your travel. All your purchases made via credit card are recorded. At work, your company probably monitors your email. Even companies like Tivo monitor your tv viewing habits. What else is left?? Governments/corporations will know damn near everything about you and what you do. I say to hell with this... I'm buying an island in the Pacific and starting my own country.

    http://religiousfreaks.com/ [religiousfreaks.com]
    • An ISP is a relay in the internet - this should mean it can only effectively monitor unencrypted channels

      If a P2P client can be set up to contact its peers using an HTTP port (TCP 80) and negotiate an encrypted direct data connection - either by an exchange of keys, a key based on say, a hash of the current date and time, or a web-accessible public/private key arrangement - then the ability of the ISP to monitor what passes between peers evaporates.

      Comment from people with greater understanding of enc
    • Can I join? I've already worked out a constitution and government model! Please please please?
    • Not physically of course, but instead raise your voice! The 'Net is the best damn communication medium I think anyones ever seen - use it. Seriously Slashdot may not seem like it makes a difference but collectivly the ebb and flow of conversation influences people and if what you say is coherent enough maybe many people. Logging? Doesn't matter. What would really matter is if civil conversations became prohibited because that's what it would take to stop the most amazing tool of freedom ever invented.
      • > Not physically of course, but instead raise your voice! The 'Net is the best damn communication medium I think anyones ever seen - use it.

        Yes, please, raise your voices! The 'net is the best damn unperson self-registration system I think Miniluv ever seen - go right ahead, use it.

        > Seriously Slashdot may not seem like it makes a difference but collectivly the ebb and flow of conversation influences people and if what you say is coherent enough maybe many people. Logging? Doesn't matter. What wo

        • You haven't been taken out back and shot at least. If you want to keep secrets don't tell them to anyone, not even your computer. And be on reasonable behaviour and it would be relatively more difficult to pull a skeleton out of the closet.
          Orwell and Huxley were warning of dystopic world information systems that were centralized and one-way - information about you to them. The Internet has turned out quite a bit better than feared no doubt and to keep it that way warnings of their nature do need to be b
    • " I'm buying an island in the Pacific and starting my own country."

      That's what flyovers and satellites are for. And, any telecom traffic in and out of your country can also be monitored.

      Maybe you should think about purchasing property on the moon.
  • Of course... (Score:3, Informative)

    by omeg (907329) on Wednesday December 14, 2005 @12:04PM (#14256504)
    Of course the music industry is interested in that data. But that doesn't mean they can just obtain it like that. As long as this is kept an anti-terrorist measure, they have no foot to stand on.

    Keep in mind that data will be kept for UP TO two years; most will opt for the minimum of half a year instead.
  • by adnonsense (826530) on Wednesday December 14, 2005 @12:05PM (#14256512) Homepage Journal

    European individuals can gain exemptions from having their data retentioned if they sign a waiver giving away all rights to their first-born to the audio-video retail industry.

    Those without children may instead put their signature at the bottom of a blank terrorist confession sheet and mail it to their local secret service. This will also automatically enter them into a free prize draw with many chances to win free flights to a European location of the CIA's choice.

    --
    I for one welcome our new data-retentive overlords
  • Own mail server (Score:2, Interesting)

    by SigILL (6475)
    I run my own mail server. Will I be asked to log my own email usage? Or will my ISP simply be forced to snoop all the SMTP traffic I generate? And what if I start using TLS for SMTP connections? I really wonder (and dread) how this is going to be enforced.

    I thought you guys in the US had it bad, but it looks like the EU is the current record holder in totalitarian tendencies.
    • Or will my ISP simply be forced to snoop all the SMTP traffic I generate? And what if I start using TLS for SMTP connections?

      Either:
      1/ they'll block outgoing port 25, forcing you to smarthost through their server. Their server won't support TLS.
      Or:
      2/ they'll just turn a blind eye. The law doesn't compel end users to send data through ISPs' servers, and they can't be subpoenaed for data that they don't have.

      -Stephen
  • Damn UK (Score:3, Interesting)

    by pubjames (468013) on Wednesday December 14, 2005 @12:19PM (#14256630)

    The UK opposes a lot of the good proposals of the EU (for instance, having completely free markets with respect to alcohol in Europe, so I would be able to order a crate of beer direct from Germany or a case of wine direct from Italy), and push through crap like this. And then the Brits all whine about the EU.
  • Ok, here's how I see it. This law only records logs with ports and IPs, not all the actual data. Now let's assume the govt is corrupt and the recording industry or software industry or Hollywood studios, etc. get their hands on the logs. Even if they can get the IP numbers and whatnot and say that person X connected to person Y on the port normally associated with LimeWire, they still have to prove what you LimeWired (is it a verb yet?). I mean, they can prove X connected to a torrent, but not what X go
    • by Oersoep (938754) on Wednesday December 14, 2005 @12:30PM (#14256736)
      "logs with ports and IPs"

      No ports, no IP's. The folks who came up with this don't think that far.

      They think that:
      - e-mail is just like phone
      - spam does not exist
      - ISP's only handle private traffic
      - ISP's handle ALL traffic, and have full access to it
      - Only EU citizens use ISPs in Europe
      - Encryption does not exist
      - No-one has his own mailserver
      - No-one is going to try to make money by offering tunneling services to non-EU countries
      - Terrorists are dumber than they are

      It's not that they want every ISP to scan all packets. They're just thinking like lusers. They think internet is managable.

      Their plan sucks. It doesn't work, it's leaking like a raincloud, it's unconstitutional for a lot of member states, and they bombard ISPs with costs, work and responsibilities they never asked for and they KNOW is bullcrap.

      It's absurd.
  • Encryption (Score:3, Informative)

    by MikeBabcock (65886) <mtb-slashdot@mikebabcock.ca> on Wednesday December 14, 2005 @12:19PM (#14256643) Homepage Journal
    It seems nobody has said the obvious yet ...

    Encrypt your private communications.

    Use anonymous remailers.

    If you actually get charged, they'll require you to give up your keys, but they won't be snooping at your E-mails behind your back.

    pgp.com [pgp.com]
    gnupg.org [gnupg.org]
    • Didja read the summary? Says right there that it's not the data, just the logs (which IP to which IP, which port, when, etc). Encrypt the traffic all you want to (and you should anyway!) but they can still guess what you're up to even if it's encrypted.
    • Except they're working on the principle of guilt by association at least for the terrorist justifications. If you communicate with a known terrorist consciously or not it will rub off on you. That's why they're only recording times, ip's, and ports - for what they need they don't need to record the data.
  • Hardware? (Score:3, Insightful)

    by NtroP (649992) on Wednesday December 14, 2005 @12:23PM (#14256683)
    I'd have put this under YRO.
  • by tezza (539307) on Wednesday December 14, 2005 @12:25PM (#14256697)
    I'm a little shocked by all the posters thinking that this is a change of what is already happening. all this data is already collected.

    Any arguments from telcos who complain about the volumes of data are only using it so that they are not liable if someone arse deletes it.

    Under UK privacy laws you have to delete the data identifying the particular person after you're done with the connection and the billing thereof.

    Almost all transaction data is anonymised by a one way hash. Say md5sum. All the keys are done this way. Hashing removes the particular identification, and satisfies this. Almost always this hash uses more space than the original data anyways.

    telcos use the hashed equivalents to evaluate aggregate data.

    The law could ask for a tap and require you to retain those records anyway. These new laws just put into legislation what was already happening, and creating an offence for not doing it properly.

  • by Anonymous Coward on Wednesday December 14, 2005 @12:27PM (#14256715)
    You may think it, um, counterintuitive.

    But the _reason_ they want these is to maintain social/political power over people. An elite with privileged access to all that information can control society. In a free society, either everyone should have the communications metadata, or no-one: It's unbalanced information availability that would give the police power to become the classic Big Brother. I'm a lot safer if everyone knows I have a particular embarassing sexual inclination or whatever than if only a small, powerful subset knows.

    See David Brin's book "The Transparent Society: Will Technology force use to choose between privacy and freedom?"
  • New Market (Score:3, Interesting)

    by jafiwam (310805) on Wednesday December 14, 2005 @12:29PM (#14256722) Homepage Journal
    Finally a new market for all of those "limited lifespan" drives IBM made a few years ago.

    "ServStor" 36 GB drive! Guaranteed to die within 10 months!

    Seriously though, how is the law going to deal with the inevitable but accidental data loss of that stuff? Criminal charges for obstructing justice just for being unlucky enough to choose equipment that turns out to be flakey?
  • by Anonymous Coward
    There is no way to stop this now. We're on our way to an Orwellian state.
    This is the fundamental step. From here on, it's let's add this crime, let's give access to that organisation, let's extend it to this data, let's save it for 100 years instead.
    And when there's a war, the occupier will have the ultimate oppressive weapon pre-installed.
    And what are you people babbling about? What protocols will be included, ways to obfuscate yourself, the costs of storing this data? There's a bigger picture, people!

    Say
  • specs? (Score:3, Interesting)

    by naelurec (552384) on Wednesday December 14, 2005 @12:30PM (#14256731) Homepage
    It seems like there are so many zombie computers, tunneling methods, insecure wireless access points, public terminals, cypto methods in a sea of trillions of packets of data/connections and ports that would render these logs useless for all but the most technophobe/idiot terrorist (which I'm guessing there are other more effective ways to nab this "low hanging fruit")

    Anyone more familiar with the system know how it will help the "good guys" nab the "bad guys"? Seems like there would be a higher degree of success hanging out in a hay field and search for a needle.
  • Madness (Score:3, Interesting)

    by steveo777 (183629) on Wednesday December 14, 2005 @12:31PM (#14256742) Homepage Journal
    While this may help, it's going to cost millions for every ISP to log everything, even if they're only storing it for a couple years. We're talking at least one new tech for every system. One system for every 2 - 5 thousand users. One user may not produce a great deal of work, but what about people who recieve hundreds of SPAM messages a month, send forwards to all their friends, and surf for 2-3 hours a day. There are tens of thousands of these people out there.

    Counter-terrorism vs. privacy invasion? I doubt any government cares whether or not you're browsing porn all night. Seems to me they're increasing their workload too, but only if they're actively sifting. Seems to me they should just have a system of flags set up. Like they most likely already do.

    Expect your high-speed and dial up rates to hike up if this goes through. Of course then there's the bells. They already keep a pretty decent record of your calling logs, so that wouldn't be that big of a deal.

  • Background (Score:5, Informative)

    by D4C5CE (578304) on Wednesday December 14, 2005 @12:32PM (#14256755)
    The European Parliament (which would have had a power of veto in the procedure) approved the draconian directive on first reading without much of a fight - putting 450 million people under massive surveillance with no justification whatsoever (other than the Four Horsemen of the Infocalypse [wikipedia.org]).

    According to their own Press Service: Deal on EU data retention law [eu.int]; more comprehensive version in German: Ja zur Vorratsdatenspeicherung bis zu zwei Jahren - Keine Speicherung der Kommunikationsinhalte [eu.int]. Incidentally, even the latter "limitation" (allegedly no storage of the contents of communications) is void in particular with respect to URLs - these being identifiers for the contents transmitted anyway.

    Loopholes aplenty have already triggered plans e.g. in Poland to extend the storage even further, to a staggering 15 years (!), and remaining safeguards (if any) are not expected to last: The media industry wants access to that data, too [zdnet.co.uk] (and a further directive is in the works, cf. the EU Legislative Observatory [eu.int]).

  • Wow imagine all the spam people get and delete, now the EU will have to store that along with the "real" data.

      I'm going to use Steganography and hide all my messages in porn-like e-mail, just read every second letter of each word.

      "My erection really rips your xxx muff, alright sexy!"

     
  • by hpa (7948) on Wednesday December 14, 2005 @12:55PM (#14256961) Homepage
    20 years ago, it was explained to me that the reason European telephone companies didn't issue itemized bills except by explicit customer request was that telephone billing records had been used by Gestapo after invading other countries to figure out who to eliminate as possible "security threats" -- if X was suspected of being involved with the resistance, and Y had called X some time before the invasion, X and Y would both find themselves in a box car pretty soon.

    It wasn't just that the data wasn't retained, the data was never even collected unless you requested it -- otherwise the only billing information that would be kept was a running counter.

    Today, the supposedly-democratic countries want to use surveillance that would have given Gestapo and Stasi wet dreams; it's probably no coincidence that the prime ministers in the countries that have pushed the most (UK and Sweden) have been ones acting like power is a God-given right to them personally.

  • by gilgongo (57446) on Wednesday December 14, 2005 @01:02PM (#14257025) Homepage Journal
    "Control can never be a means to any practical end... It can never be a means to anything but more control..."

  • A scenario (Score:3, Insightful)

    by Syberghost (10557) <syberghost@sybe[ ]ost.com ['rgh' in gap]> on Wednesday December 14, 2005 @01:34PM (#14257285) Homepage
    Ok, assume the following scenario:

    We catch a terrorist. I'm not talking about somebody we just think might maybe be a terrorist, I mean we yank him out from behind the wheel of the van bomb in the basement of the skyscraper, or the other passengers monkey-stomp him unconscious as he tries to break into the cockpit of the airplane.

    We search his home, and find a computer. On it, we find an email from Ayman Al-Zawahiri, saying "Abdullah will email you the instructions for where to pick up the anthrax." We don't find a copy of the email from Abdullah, and Thunderbird is configured to always prompt him for his Earthlink IMAP password. When we ask him for his password, he says "your mother sews socks that smell". After we type that in, we find out that it's not actually his password, it's just an insult.

    Are you saying that you don't think it would be a good thing if we could go ask Earthlink for a list of everybody that's emailed him in the last two years, and cross-reference that with emails received by other known terrorists? Maybe go talk to anybody with the address "abdullah1987@hotmail.com" who emailed him?

    If what people are objecting to is a feared misuse of this information, then oversight and legal protections are a better answer than throwing the smoking baby out with the bathwater.

    If you honestly think it's not safe for a private company to have this information sitting where a court-granted search warrant could retrieve it, then you probably need to be lobbying to replace your local landfill and garbage trucks with curbside incineration service, too; but don't imply, as the submitter did, that it's not an anti-terrorism effort just because it could also be misused.

    This is akin to deciding that a school isn't being honest when they say they're buying new computers for educational purposes just because some kid says he's going to install Quake on one of them.

    • Re:A scenario (Score:3, Informative)

      by Todd Knarr (15451)

      There's one major problem with your scenario. It's actually fairly obvious: when you go looking through the e-mail, the only stuff identifiable as coming from an Abdullah won't have anything to do with the anthrax. Do you think the real Abdullah will be stupid enough to use an e-mail address clearly matching his name? No, his e-mail will come from something like hot18yo84172@hotmail.com or somesuch, and it'll be buried in the mountain of sex-spam e-mails your target receives and discards every day just like

    • Re:A scenario (Score:5, Interesting)

      by Hektor_Troy (262592) on Wednesday December 14, 2005 @02:49PM (#14257892)
      You're looking at it from the wrong direction. What good can come from it is of little consequence. After all - if EVEYRONE were forced to wear $surveilancethingie, allowing $government to see where they are, who they talk to and about what, we wouldn't have much to fear from terrorists would we? After all - they talk, we know about it.

      What you need to do instead is look at the opposite situation - what bad can come from it? Why stop at just the ones you talk to directly? Maybe you're talking through secrect codes on mailing lists, so we need to up the net to the ones you've talked to AND the ones that the ones you've talked to have talked to. Two degrees of seperation. Then we'll be getting somewhere. And we can then get a much clearer picture.

      Of course, the terrorists know this, so they'll be very elaborate and set up systems with three degrees of seperation. Might even get brilliant and go to four.

      Then what? Even with two degrees of seperation, just how many people do you think will come under suspicion (which of late seems to equate with guilty until proven innocent - but we won't give you that chance)? Me, I have maybe 50 people I talk to directly in any given month. Two degrees of seperation that's at LEAST 2,500 people suspected of whatever I am. Go to three, and it's 125,000.

      You'll be throwing out nets so far, you'll drown in useless data. So now you have information you can't use AND you've incriminated 125,000 people because you suspect one guy. They're now on your watch list - just in case.

      Me - I'd rather we said "fuck the best case scenario" and concentrate on the worst case scenario. And by that I don't mean me barely surviving being near $explosion. I mean me getting assraped by $government_agency for no aparent reason and no way of redeeming myself - after all, I wouldn't be on their list if I hadn't done something bad, would I?

      It's like torture. Sure, the upside is "suppose we know for a fact, 100% irrefutable, that $person knows what we need to do to prevent $bad_thing" - do we torture him to get the information? That's not an interesting question - the interesting question is - "we are fairly confident that YOU (yes, you, Syberghost) know what we need to do to prevent $bad_thing. You refuse to tell us (because you are innocent), but we are even more confident that we can break your spirit and make you tell us what we want to know - how to stop $bad_thing from happening." Do we torture you?

      THAT is the question you need to ask. Best case scenarios are like dreaming of getting blowjobs from beautiful women while being served great food prepared by the best chefs in the world - not very useful.
  • by lordholm (649770) on Wednesday December 14, 2005 @01:38PM (#14257322) Homepage
    Go to http://www.stoppaovervakningen.nu/ [stoppaovervakningen.nu] (stop the monitoring) and type in your name, after "Jag heter", a number of webpages that you have visited, telephone numbers after "telefonnummer" an optional comment in the big textbox and finally your e-mail address.

    When you click on the "Skicka"-button, the information will be sent to the Swedish minister of justice (the guy on the picture), so that he has access to the data immediatelly instead of having to look through the ISPs.

    Now, the point with this protest is to make mr. Bodström realise how much data that is going to be stored. So, slashdot-people, you can do it. :)
  • Poisoning the logs (Score:3, Interesting)

    by Ilex (261136) on Wednesday December 14, 2005 @02:25PM (#14257707)
    I'm surprised no ones mentioned this already.

    What if someone created a screensaver that continually accessed thousands of websites, IP addresses. Basically create as much junk data as possible to pollute their logs.

    A similar technique was used to poison the databases of spammers who used web bots to harvest e-mail addresses.
  • by pdjohe (575876) on Wednesday December 14, 2005 @03:28PM (#14258180)
    If this is the case, what if there was some sort of bot that would simply go around the Internet visiting random sites. If everybody had this installed, then the noise ratio would be too high for accurate data retention, right? After all, you don't pay for the usage of bandwidth generally, you pay per month. Just use all the bandwidth you can on useless stuff. In the end, it will push the amount of storage the ISP's have to use and their bandwidth usage through the roof.
  • by Isao (153092) on Wednesday December 14, 2005 @03:33PM (#14258237)
    This is interesting. Many years ago (in the 1930's) European countries did in fact used to maintain call records. This was primarily for business purposes.

    Then came World War Two. As the German Army overcame and occupied Allied countries, they immediately headed for the Post & Telecommunications (or Telegraph) offices. This was to sieze the call records maintained there. They then looked up call records for known Allied agents and sympathizers, Jews and other groups. They used these call records to discover who was talking to whom and went to investigate and/or arrest people who might also be agents/Jews/Etc., or collaborators. These people were then sent to prison, or worse.

    After the war, Western European countries decided not to keep call records any longer and instead moved to a metered system. This prevented a reccurance of the bad situation they found themselves in while occupied.

    Now these records have been reinstated, in a blatent case of not learning from earlier mistakes. It seems the phrase "Those who cannot learn from history are doomed to repeat it" has once again been demonstrated.

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...