Digital Surveillance for EC Governments

Joel Rowbottom writes: "The Council of the European Union (the 15 EU governments) is about to back the demands of EU "law enforcement agencies" for full access to all telecommunications data to be written into all Community legislation in the future, and for existing laws to be re-examined - a move that is even more far-reaching than the decision to sign up to the FBI plan for the interception of telecommunications. At the centre is the issue of a seven-year period of data retention. There's a lot more about it at statewatch.org including an up-to-date store of relevant documents." The BBC and the Register have articles about this. Both news articles mention this seven-year data retention period, but I don't see it in any of the recent documents, which only discuss general "requirements" for law enforcement, such as tapping and access to calling records. From what I'm reading, law enforcement seems to be concerned about getting rid of the requirements to erase data about communications traffic (under the EU privacy laws) rather than creating affirmative requirements to store such data.

Re:*sigh*

[joss]

unbelievable... how can such a bigoted, uninformed, logically preposterous, virtually fascist, article reach 5 ?

Did you read the articles at all or did you just respond assuming that these "leftist" "terrorists" were opposing sensible law and order ?

1. the police cannot get to this information at the moment

2. if they could, why even bother with the legislation

3. the point of the EU is not that everyone comes under same legislation. It was originally created to increase economic prosperity, but like all organisations quickly took on an agenda of increasing it's size, scope and power until it runs into the barriers caused by other entities pushing back against it.

Purile propoganda tricks like associating one organisation with another to discredit it "same leftist agenda" or invoking bogeymen like kiddie porn to justify any intrusion only impress morons.

Re:*sigh*

[rw2]

Come on, you know that's a logical fallacy. There's no need or reason to assume that this is the start of anything else without further evidence.

But there is futher evidence, isn't there? I mean isn't every YRO story on slashdot about something being stretched and twisted beyond reasonable comprehension by folks who either don't understand technology or are trying to limit rights in order to suit their misguided needs?

Sounds like they're getting what they want so why would they need anything else?

Sorry. I didn't realize you were joking until I read this line again.

Yes, clearly they won't stop with this any more than they stopped at any of the previous points.

--
Poliglut

Re:*sigh*

[rw2]

your bad tape forgets redunancy.

Nope, my bad tape assumes that sometime a tape and it's redundent copy will go bad. It happens. A lot.

The problem is that tape basically sucks. In the 80's I can't tell you how many hours I spent re-running jobs at NCR because the needed tape and it's backup were trashed. Today I work at a major lab and we're building a PB scale tape farm. Our problem is that we can't find anything sufficiently reliable. Between the falability of the media itself and the firmware in the drives and awful lot can go wrong!

--
Poliglut

Re:*sigh*

[rw2]

Yup. I hear you. Unfortunately there aren't any PB scale non-tape solutions yet.

We're investigating disk farms though! That would be cool!

--
Poliglut

Re:*sigh*

[rw2]

Come on people, this information already exists in server logs across the world! It's not like they are proposing something that is novel


What they are proposing is novel (and significant) in that they are *requiring* that logging be turned on (which on many servers, for many reasons, it is not) *and* that the company spend it's time and money ensuring that the logs persist for seven years. Presumably one gets heavily fined if a backup tape goes bad!

Ok, the backup tape might be a frear mongering, but I can imagine that if a tape goes bad and the gummint finds a memo outlining to backup processes that talks about the cost of media, the half-life of the media selected *and* then chooses to go the cheap route rather than ensure that they comply with the law that a fine for a bad tape is certainly going to happen.

Slippery slope baby, slippery slope.

--
Poliglut

Re:*sigh*

[fitsy]

My friend, I really don't know why you have been modded up for that blatant troll.

This information already exists, but for how long? 30 days by law in EU.

So if you are so happy for international policing, why don't you place a camera into your home straight to the police so they can keep an eye on you, you never know, someone might break in and "hurt" your family.

Although not a perfect example, I cannot illustrate the uses this data retention would allow, seven years is a long time.

Can you imagine yourself running for mayor and the local news is publishing stories about you posting links to goatse.cx when you were a teenager? Or a story about you posing as a teenager in a chatroom talking dirty to some bloke in Afghanistan? You might have thought it was funny at the time, and its only a joke. Or your prospective employer asking you about your visits to a AIDS information website?

Wouldn't like it would you?

So in future before posting your inflammatory comments, think about the implications for others who might use the internet for human rights issues or those who are critical of a government regime.

Its a serious issue and one not worth the above purile comments in the hope of scoring some trivial little "karma".

Well... if you insist...

[Steve+B]

I hope your anti-virus updates include everything that's come down the pike in the past seven years.
/.

Re:Incompetence.

[jazman_777]

I agree with most of your points. There is a definite need for a police force. My concern is that the aim of the police force is becoming to make sure there is a police force, rather than to protect and serve.

OK, this is a _bit_ offtopic...

I took a short course given by a couple of Atlanta police officers. The topic: self-defense with a gun (we went out to the range and shot at targets, too). They said the term "protect and serve" is a bunch of hooey, they don't stand around guarding you, they show up to write the crime report. I liked these guys, they even handed out copies of the pertinent state laws on using lethal force for self-defense, and said, "better judged by 12 than carried by 6". Remember, these are _police officers_ talking. But also, it was Atlanta, GA, where the crime is HIGH.

Also, when the risk of being caught is increased, casual crime will decrease. Serious (professional) criminals don't care what the chance of being caught is, they just charge more. This is what makes organized crime fruitful.

What makes it fruitful is the economic payoff. Something that is in demand (say, illegal drugs in the US) but has no supply, will find bootleggers and smugglers stepping in to provide the supply. There's too much money to be made. The cost to the consumer is higher, because of the risks and precautions the suppliers must take. But the payoffs are still too good to pass up. This is the economics of the black market.
--

Global prosperity and criminalities

[joq]

Besides, statewatch is part of the same leftist agenda as organisations like IMC, who fear that if their "privacy" is breached, then they can't continue their terrorist campaigns against innocent people who work towards ensuring global prosperity.

You say toe * may * toe I say toe * mah * toe. One thing I will say from my perspective on this which doesn't count for shit in the real world, but I like to look at things from all angles.

Global Prosperity: Things were just fine before bills such as this, so why would you want to introduce one to ripple the waves in still water?

If you don't know the EU is passing a Cybercrime Treaty document which would (hopefully for them) give Law Enforcement Agency's the right to cross investigate crimes and act on them which at first seems like a good idea. But what's forseen is abuse.

Take the FBI who seeks a warrant and gets denied in the United States. That same agent will be able to seek another country to serve that warrant up for them, circumventing the laws of this land. See a problem with this or notion of future abuse?

Why shouldn't citizens have the same right to privacy as governments tout. If anything the governments should not be the ones to hide anything for any reason, we put them there, and we have every right to know what our government is doing.

Just because you have people that keep a close watch on government doesn't mean they're criminals, and I suggest you read the interview I did with John Young from Cryptome.org who shed light to dispel those anti government theories here.

So while you see things one way, doesn't mean its wrong, doesn't mean someone else is wrong, but there are always alternative sides to an issue which you may not see so clearly.

More on EU

[joq]

News coverage:

http://www.theregister.co.uk/content/5/19003.html
The Council of the European Union, which represents the 15 member governments, will discuss implementing a policy originally designed with the FBI six years ago. It calls for the retention of "every phone call, every mobile phone call, every fax, every e-mail, every website's contents, all internet usage, from anywhere, by everyone, to be recorded, archived and be accessible for at least seven years," notes the journal.

After reading that I was a bit amused since I think its part of the Cybercrime bill they're trying to pass which would allow LEA's to exchange information, and cross warrants to be served, however for those who don't know, Dubya said no to the bill so lets get that out. (I'll find the link when I can just woke up).

Anyways here is the most insighful/interesting document I found on it with an excerpt. [link]

Privacy is dead. We are watched by 1.5m closed-circuit television cameras, more per head of population than any country on Earth. Our government, police and intelligence services have more legal powers to poke around in our private lives than those of communist China. And thanks to new technologies from mobile phones to the internet, they can use those powers to find out where we are, whom we talk or send e-mails to, and what websites we click on. According to most experts in the field, a police state with powers of control and surveillance beyond the wildest dreams of Hitler or Stalin could now be established in Britain within 24 hours. And guess what: MI5 probably read this article before you did. It was delivered by e-mail, a hopelessly insecure system. It is full of the sort of security-sensitive words the spooks look out for, and, as I shall explain, I seem to be an MI5
target.

But the weirdest thing of all is that we really don't care. To take an example that may sound trivial but isn't, the Television Licensing Authority is currently running an advertising campaign boasting of its ability to invade our privacy. Hoardings show a local street sign with the caption that declares, four people in this street don't have a TV licence and the TLA knows who they are.

Sad to see these things, but soon we're going to have an influx of either zombies, or guys like Gene Hackman's Enemy of the State character around.

Re:More on EU

[ledgeerama]

> But the weirdest thing of all is that we really don't care.
>To take an example that may sound trivial but isn't, the
> Television Licensing Authority is currently running an
> advertising campaign boasting of its ability to invade our
> privacy. Hoardings show a local street sign with the
> caption that declares, four people in this street don't
> have a TV licence and the TLA knows who they are.

I read once that the TLA don't have any advanced equipment to detect who has a tv license and who doesn't and use the less technologically impressive method of assuming that everyone has a television and hassling people at addresses that don't have a license. This came from someone who was hassled pretty much every year despite not having a tv in his house.

PGP/GPG

[Drone-X]

As more and more governments start doing this I'm really planning to start using GPG on a regular basis. Not that I have a lot of interesting things to say but they don't have the right to know if I have interesting things to say IMO! If we all start doing this then those logs will be useless (ignoring Quantum computing for a moment here.. and Quantum key transportation would come to the rescue anyway ;-D).

LICQ seems to be supporting SSL connections, I'm sure there's a plug-in for Windows but I couldn't find it. A more interesting thing that I found for Windows, however, is a PGP-ICQ plug-in. This plug-in is claimed to be open-source though the license seems to be one they invented themself [1]. Anyone care to port this thing? Perhaps they're willing to relicense to an(other) open-source license.

[1] I found this (I changed the formatting because of the lameness filter) at the top of PGPICQ.cpp and found no other license notices:

PGPICQ.cpp : implementation file

Copyright (c) 2000 Samopal Corporation.
All right are all right (tm)

For news and updates visit http://www.samopal.com/soft/pgpicq/
Email your comments to pgpicq@samopal.com

Free use and distribution of this source code allowed
under the condition of keeping this header intact.

PS: Are the Slashdot admins hosting Quake games or something? Uptimes are terrible lately. I've spent way to much time trying to get this thing posted.

Re:Incompetence.

[boaworm]

It will sure require a lot of manpower to keep track of this. But what if they dont ? One could argue that it's not worth having a police force, since it cost money as well.

There has to be a balance between cost and effect. The basic reason is to prevent crime from being profitable. As long as most criminals dont make money on robbing a bank, they will think twise about doing it. People dont cheat when telling the goverment about their earnings the year before, since the consequences (and chance of) being caught is to large.

The same must go for software piracy and other illegal activities online. When the risk of being caught is increased, crime will decline.

Re:Seven years of backups

[Alien54]

I'm going to have to buy a case of CDR's just to keep a copy of all my SPAM ;-). What, I can't delete it anymore?

It's evidence.

I can imagine the horrors of that for ISPs, etc. cancelbots illegal, etc.

Check out the Vinny the Vampire comic strip

Seven years of backups

[Alien54]

Just the idea that someone could be required to have seven years of backups is scary.

Strangely enough there are suggestions that europe has strong elements that are pushng towards social control and social purity on many fronts.

This cuts both ways, in that the proposed controls on dangerous groups are applauded by many, until the amount of research that a eurocop would want to have at his finger tips is added up. Typically, it boils down to the idea of folks being in favor of the benefits of a police state only for certain people. People need to sort out their thinking on this just a bit.

The SOS Europe site is at:

http://www.statewatch.org/soseurope.htm

The page with the listing of the full documentation is here:

http://www.statewatch.org/news/2001/may/03Cenfopol .htm

alot of the docs are in PDF format, but the documentation you seek is on the second page.

as noted here
http://www.statewatch.org/news/dec00/01tapping.htm

The demand for a new law for all records to be held and maintained for at least seven years comes out of the discussions held in the G8 group on High-Tec Crime. Public pronouncements on how long records of all communications should be held varies from one to six months.The period of seven years requested by the NCIS matches the demands of the FBI in the G8 discussions where it is being argued that every country has to have the same, extensive, time-limit because otherwise it will be impossible to track communications. It is said that if a communication, say a telephone call, involves four different countries (A, B, C & D) intelligence-gathering will be useless if countries B & C do not hold full data for the same time period.

The G8 discussions have centred on the "problems" created for law enforcement and security and intelligence agencies by the 1995 and 1996 EU Data Protection Directives which require communications data to be destroyed once it is surplus to commercial needs - after a few days or weeks. Faced with this situation the agencies attending the G8 meetings are campaigning at national level for their governments to opt out of the Directives in order to establish de facto "international standards for data retention" (NCIS).

I am fascinated and alarmed by the FBI connection

Check out the Vinny the Vampire comic strip

Re:Seven years of backups

[Technician]

I'm going to have to buy a case of CDR's just to keep a copy of all my SPAM ;-). What, I can't delete it anymore?

Re:Seven years of backups

[imipak]

Cheers for the links.

Speaking as a UK citizen who was once (looong ago :) politically active in one of the mainstream political parties, I find that I'm getting more, not less, radicalised as I get older (I'm in my early 30s now.) I think there are broad generalised conclusions we can all draw, which more-or-less hold true throughout the developed world:

• Politicians don't understand the internet;
• The more they find out about it (mostly from to highly tendentious briefings from the organisations of state and corporate control - see below), the more frightening they find it.
• Police and spook organisations see it as a magic carpet to increased powers, greater control, and bigger budgets.
• We who see that freedom of speech, increased communication across borders (geographical, political, cultural) have a moral duty to educate others, agitate against such terrible laws as much as practical, and push the boundaries of freedom back.

These proposals are up there with the current proposal here in the UK to enforce compulsory licenses for all sysadmins. No, really!! http://www.theregister.co.uk/content/7/18879.html

Like RIP (trust PGP communication with a UK citizen? Sucker!), there are a lot of laws stacking up that are impractical, or too unpopular, to be enforced yet. These are *more* repressive - when enforcement of the law becomes discretionary, the scene is set for corruption and repression. The drug laws are a good example: as a 30-something white middle class male in regular employment and no record, recreational drugs are de-facto decriminalised for me. But if the cops want to "get" some working class black kid who gets up their nose by (say) protesting about deaths in custody... guess how easy it is for him to "disappear" into prison, with the likely destruction of his future prospects even if it's a short sentence? Pure evil. These things are going onto the statute books so that they can be pulled out of their sleeves when they're needed by the powers-that-be.

We've got an election in progress here at present, let's try to raise these issues at every opportunity.
-- "I'm not downloaded, I'm just loaded and down"

This sounds familiar.

[Jetifi]

This is probably in the same vein as the leaked document "NCIS submission on communication data retention law". they proposed much the same thing, allegedle to confirm alibis and track known criminals. It's on Cryptome

It was mentioned on Slashdot, but it was a while ago.

It wasn't clear in the document whether or not it was the content of the communication or the record of the communication. The cost of storing the data (UK only) was estimated at nine million pounds per year, based on the current running costs of the National DNA Database. Initial costs would probably be higher.

Re:*sigh*

[Phillip2]

"You can bet that these organisations will be raising a stink, because it's their "freedom" that allows them to get away with such criminal activities."

Freedom is a simple enough concept. People have to be free to disagree with what you think. Simply describing someone as a terrorist does not make them so. Simply because someone disagrees with the currently prevailing neoliberal agenda does not make them a terrorist.

Its very easy for governments to pass ever more draconian laws to protect "law and order". When they do these laws will get abused (take for instance the previous article about scientologists). Organisations like statewatch are no doubt scared of seeing these abuses in the future because they have seen them again and again in the past.

Phil

Re:Incompetence.

[MegaGremlin]

I agree with most of your points. There is a definite need for a police force. My concern is that the aim of the police force is becoming to make sure there is a police force, rather than to protect and serve.
Also, when the risk of being caught is increased, casual crime will decrease. Serious (professional) criminals don't care what the chance of being caught is, they just charge more. This is what makes organized crime fruitful.

My Answer, Give 'em What They Want

[ackthpt]

Create apps which generate bogus network traffic among sites, I.E. generate emails out of your spelling dictionary, and stuff like that. Use bots to surf, download, etc. Create extraneous garbage posts to bulletin boards..uh..like..goats.ex..uh...kinda like..uh..on slashdot...er... Well, anyway, it'll keep em hopping and maybe drive up employment in the mass storage businesses. :)

Sir, the cracker refered to a Beowulf Cluster of VIC-20 computers.
Good work, Johnson, what have searches turned up?
7.43e14 references to Beowulf Clusters on a site called Slashdot between 2000 and 2006.
Right! Shut them down and haul them in. Break out the rubber gloves, men!

--
All your .sig are belong to us!

Re:You'd expect the industry to reply in some way!

[Alioth]

Please, don't tell me that you should be allowed to break the laws in the country that you're in -- you agreed to be bound by those laws or you, right now, would be campaiging against your 70mph motorway speed limit (I'm British). You'd be campaigning against the drink-driving laws there are, and more.

Unfortunately you are stuck with them. Not enough people will care about the laws addressed by this article, and the tyranny of the majority will win. The only option is then emigration, which is only an option to very few people.

Odd how you can't campaign against the social shame of being caught with your hard disk full of pr0n, or the social shame of maknig a fool of yourself ;-). This is what I really believe to be the issue.

These are really minor issues - few people care these days if you've got a hard disk full of pr0n, and for most private citizens, you won't get made a fool of publically.

But what about corruption? Say you're in a competitive business, and one of your competitors happens to know a law-enforcement official. What if said official was corrupt enough to allow your competitor to view all your phone traffic and your IP traffic? You're terribly naive if you think that won't happen, because it's almost certain to happen. And even if you encrypt it, under the RIP bill, the enforcer can force you to decrypt it and you can't even tell anyone you're being forced to do this without risking prison.

Stego

[The+Monster]

It's time to get behind development of good steganographic protocols to make it flat imposssible to know if information had been exchanged, much less the content of that exchange.

Re:Incompetence.

[hillct]

You'd never have seen proposed legislation like this a couple of years ago when storage media and technology was significantly more expensive. Technology changes and governments move to take advantage of it, rather than asking HOW SHOULD we make use of this technology?, They as CAN we make use of this technology?

It creates a larger burocracy and many more jobs. Weather it's useful - who's to say... It might be valuable to go back, 6 years from now and re-evaluate a communivation make by an indevidual who has risen to a position where they are a threat to someone else. Wait a minute? Didn't the FBI do this back in the 1950s? This is just on a somewhat larget scale...

--CTH

--

Re:Incompetence.

[hillct]

Yah, my bad.
--

Missed in story - MSFT forced to respect privacy

[WillSeattle]

Seriously, it's in tons of business articles.

The EU, as I've been saying, is not waiting for the US to get it's act together and respect privacy rights. They know they're right, that we on the Net need data and personal privacy, and if big business and the US government (aka Big Business' Little Brother) can't grok that, too bad.

Give me opt-in or give me death!

Re:They're coming for me

[dvoosten]

A nice way of doing this would be to tell your application (ssh for instance), to not only encrypt the data, but to padd it with hot words in plain ascii. btw. if you really want to go paranoia, using long encryption keys is not enough. Get rid of your signature, it appears in every email and gives big brother food for doing correlations.

Business Opportunity

[Sven+Tuerpe]

I guess a lawyer service watching all my communications and warning me about what may become illegal in the next seven years will be the long-searched killer application for next generation (i.e. UMTS) mobile networks.

The best place is now...Canada?

[tb3]

Based on this article and the scientology flap, it seems like Canada is the best place to live right now. I've been in the States for about three years, but I'm thinking it's time to move back.

Any resident Canadians care to update me on the current electronic privacy legislation in Canada?
-----------------

Re:The best place is now...Canada?

[tb3]

Thanks. The most useful page is the summary page here. From the summary page: The Act gives you control over your personal information by requiring organizations to obtain your consent to collect, use or disclose information about you. The Act confers certain rights on individuals, and imposes specific obligations on organizations.

It certainly sounds a lot better than anything going on in the U.S. or Europe right now. Of course, Canada doesn't have any monolithic "Law Enforcement" agencies like the FBI to impose their will on anyone. (CSIS is a little scary, but I don't they have any way to circumvent the privacy laws.)
-----------------