Slashdot Mirror
Europol Describes Data Retention Desires
freakyboff writes "Found this on cryptome.org - It's a confidential document from Europol, basically a wish list of all data that they would like people to keep. Many things that violate peoples privacy are in the minimum requirements, such as caller line identification and assigned IP for dial-up Internet access; e-mail and ftp server logs; and companies running web servers should keep information on what information users put on their servers." Statewatch is a good source for more information. I find it odd that Europe is moving from a position of protecting a great deal of data with fairly strong laws to requiring that telecommunications companies store data on their customers for as long as seven years so that law enforcement can go data-mining - skipping the intermediate step of making it optional.
Use a mirror:
o rg /
Thanks to A for mirror:
http://www.lessgov.org/cryptome
Thanks to SC for crypto software:
http://mrstef.dns2go.com/crypto
Thanks to AJ for mirrors:
http://cryptome.sabotage.org
ftp://ftp.zedz.net/pub/varia/Cryptome/cryptome.
the whole shebang is available at:
ftp://ftp.zedz.net/pub/varia/Cryptome/
Thanks to mb for mirror:
http://while1.org/~xm/cryptome.tgz
Thanks to VP for mirror:
http://munitions.vipul.net/documents/cryptome/
At a certain point, the gov't must take cost into consideration. So, I stole 15 blank licenses from the DMV The gov't spent 50 for my court paperwork and an additional 200 in probation costs. hmm.......should they have just fined me instead? or not bothered? they lost money, given that each blank is 89 cents to produce. In Britain, repairing graffeti has got to be cheaper then maintaining 7 camperas on a public bus. You get my point. THe ISPs will eventually rebel due to cost. Either that, or they will try and turn over monitoring and data storage to the government.
Sig (appended to the end of comments you post, 120 chars)
George Bush, President of the USA, sent this demand -- among many others -- to the EU on October 16, 2001:
Well, I'm a syadmin at a University research lab, and when I want to do something the University may not like on the net (visit websites that may violate AUP or something) and I don't want those nosy upstream admins to notice, I pipe it through an IPSec tunnel I set up between my lab and my home network, since my DSL provider doesn't care what I do. So, I'll login remotely and run mozilla or something on my home comp and pipe the display back through the tunnel, so all anybody between my computer at the lab and my computer at home would see is a bunch of encrypted ESP packets flowing back and forth.
I wonder if a company in a place where laws like this don't exist (is Sealand still around?) could set up a proxy service provider, so all your traffic (or at least any traffic you don't want somebody spying on, like email, some web traffic) would be routed securely through them, so your local ISP wouldn't have anything but encrypted packets to monitor. Then they wouldn't have anything of consequence to share when the cops come knocking. I'd pay for such a service, would you?
We don't have a state-run media we have a media-run state.
I didn't know RMS posted here on a regular basis. Doesn't that fit in with his new idea on an "open-source spy satellite?"
There probably is another, more secret, document floating around Europol. In this document, they ask for
- Every EU citizen submitting a full report each month about all Internet activity they had that month;
- Each of those reports to be compared against the actual internet usage, by a bunch of underpaid exploited 3rd world country workers
- Any activity unaccounted-for punished by a slap in the face with a largeish wet fish.
When this highly secret document makes it into a proposal for EU legislation, then I'll start to petition against the proposal. Gah... If i had to worry about every little paper that fell off some clerk's desk...
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Data that must be retained by Internet Service Providers:
1. Network Access Systems - Date and time of connection of client to server - User-id and password - Assigned IP address NAS Network attached storage IP address - Number of bytes transmitted and received - Call Line Identification (CLI) - User's credit card number / bank account for the subscription payment
2. Email servers - Date and time of connection of client to server - IP address of sending computer
- Message ID (msgid) - Sender (login@domain)
- Receiver (login@domain) - In some cases identifying information of email retrieved
3. File upload and download servers - Date and time of connection of client to server - P source address - User-id and password - Path and filename of data object uploaded or downloaded
4. Web servers - Date and time of connection of client to server - IP source address - Operation (i.e. GET command) - Path of operation (to retrieve html page or image file) - Those companies which are offering their servers to accommodate web pages should retain details of the users who inserts these web pages (date, time, IP, User ID, etc.) - "Last visited page" - Response codes
5. Usenet - Date and time of connection of client to server - Protocol process ID (nnrpd[NNN...N]) - Hostname (DNS name of assigned dynamic IP address)
- Basic client activity (no content) - Posted message ID
6. Internet Relay Chat - Date and time of connection of client to server - Duration of session - Nickname used during IRC connection - Hostname and/or IP address
7. Data that must be retained by telephone companies for fixed numbers' users: - Called number even if the call was not successful - Calling number even if the call was not successful
- Date and time of the start and the end of the communication - Type of communication (incoming, outgoing, link through, conference) - In case of conference calls or call to link through services, all intermediate numbers - Information both on the subscriber and on the user (name, date of birth, address) - Address where the bill is sent - Both dates (starting and ending) from when the subscription has been signed and dismissed - Type of connection the user has (normal, ISDN, ADSL, etc., and whether it is for in-out calls or for incoming only) - The forwarded called number - The time span of the call - Bank account number/other means of payment - For a better investigative purpose Telcos should be able to know the nature of the telecommunication: voice/modem/fax etc.
8. Data that must be retained by telephone companies for mobile / satellite numbers' users:- Called number even if the call was not successful- Calling number even if the call was not successful - Date and time of the start and the end of the communication - Type of communication (incoming, outgoing, link through, conference) - For conference calls or call to link through services, all intermediate numbers - Information both on the subscriber and on the user (name, date of birth, address) - IMSI and IMEI numbers - Address where the bill is sent - Both dates (starting and ending) from when the subscription has been signed and dismissed - The identification of the end user device - The identification and geographical location of the cells that were used to link the end users (caller, called user) to the telecommunication network - Geographical llocation (coordinates) of the mobile satellite ground station - Type of communication (incoming, outgoing, link through, conference) [duplicate item] - GPRS service - For conference calls or call to link through services, all intermediate numbers [duplicate item] - The forwarded called number - The time span of the call - Bank account number/other means of payment - As GPRS and UMTS work on Internet base, thus all the data above mentioned (as IP address) should be preserved - For a better investigative purpose Telcos should be able to know the nature of the tgelecommunication: voice/modem/fax etc.
It seems to me that it's more likely to be a side effect of the US War On Terror that is driving them to keep better log info.
I doubt the EU is just waiting for the US to tell them what to do all the time. It's probably just the normal disconnect between the people whose job it is to investigate things and other elements of the gov't. The law enforcement elements will obviously focus on the benefits of collecting and keeping data that will make it easier for them to investigate things (especially in internal documents, like this one). It is to be hoped that their wish list, once offered, will be turned back due to privacy concerns. I guess what I am saying is that the bigger story will be the larger EU reaction to this, not the proposal itself.
Why is this a violation of privacy? While the information may be handled casually in many cases, it is not published publicly. Do users really think they have an expectation of privacy in this way? Do they really think they have a right to be untracable and unaccountable for their actions online?
I know slashdotters seem to be always fighting a losing battle for privacy, but these logs seem to be common sense.
Seriously, what the hell are these governments up to? Seems to me you'd have to be pretty afraid of something to mandate surveilence on the scale of what's going on in Europe these days, and last time I checked the climate wasn't right for a revolution (not enough poverty!).
So, what's going on in Europe?
Hexayurt - open source refugee shelter,
I'm sure to get flamed for this, but they aren't really asking for that much. Let's face it, most of this information is available with verbose logs on systems. A lost of it is stuff that ISPs in the US have to keep anyway, for legal reasons and just to help with tech support.
These are actually very reasonable requests. I work for a large company that is sometimes asked to produce some of this kind of information. Most of this is kept in our basic logs. Again, this is partly for legal reasons, but also so taht we can effectively troubleshoot problems that customers may have.
"All the things I really like to do are either immoral, illegal, or fattening."
- Alexandar Woolcot
Pretty horrid, I'd say.
We've had bombs placed in the centers of our cities, people being shot, mugged, raped and generally fucked over so whats wrong with putting up the cameras if they help prevent it, or at least track down the guilty person afterwards.
Why should I care if the police/govt/anyone watches me walk down the main street of town or sitting on a bus? I never understood the argument that they're invading our privacy by putting camera's in public places.
These types of records will be gold mines for all kinds of people... political opponents, blackmailers putting the squeeze on unfaithful spouses, spies following government employee activities, stalkers, etc.
something tells me that when some bigshot gets tagged and embarrassed by what is divulged, there will be some additional restrictions placed on what/how data can be stored and accessed.
Europol != Europe. Seriously, does Chicago PD equal the US government? It's a draft of a law enforcement agency's wish list - a starting point for one side of a debate, not anything that's passed in to law. Just because the MPAA have probably had a debate along the lines of "OK, what'd it be cool if we could force on users?" doesn't mean they get it - or even ask for it.
Okay, there are huge privacy concerns at stake. I know that. I'm just curious what good could come from it. If that's the type of thing that can stop another 9/11 from happening, then it's possible I'd reluctantly approve of something like that.
Unfortunately, I don't see the immediate connection between logging ftp logs and stopping terrorism. If anything, I think the MPAA or the RIAA would have more to gain than the War on Terrorism.
So my question is, can anybody think of benfitis to this type of surveillance? I'm not looking for justification, just silver linings here and there.
Heck, I'd love to hunt down that guy who modded me down earlier. Heh.
"Derp de derp."
It's not what it's used for now, it's what it WILL be used for in the future, once the infrastructure is there to be abused it will be abused.. Have you never read 1984, yes i know it's a cliche, but it is SOO on the money.. How do you disagree with a government that has you under surveilance 24/7? How do you organise a resistance or a revolution without planning with other people? How can this EVER happen when you are under this constant surveillance. The more you hand people the means to control you the more they will try. Do you think it could never get to this stage? Well it will with people like you saying 'So What?' at every turn. These things are never a sudden shock, they are a gradual eroding change.. Barely perceptibly slipping towards complete control, before you know it, complee control IS possible and then it is a matter of time before it IS exerted.. once you are in that situation there is no way out.. Fully automated surveilance with facial recognition and computer controlled tracking of all subjects it's already theoretically possible, the infrastructure just needs setting up.. and THAT is why you should care..
Hey. We're all in this together!
-b
Who would want to retain data? I always feel bloated when that happens.
This is a wish list compiled by an investigative police agency. What did you think would be on their wish list? A Barbie Dream House?
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
You appear to have misunderstood me. I'm not saying "so what?" and letting it go by. I've made an informed decision that I'd rather we had the camera's than not have them and run a much higher risk of being shot/blown up/robbed/beaten up in public. I've read 1984 and the (imo much closer to the money) brave new world and they're both scary books. A little paranoia never did anyone any harm but there are perfectly valid reasons to have camera's on the streets other than some great orwellian conspiracy.
iirc neither in 1984 nor in brave new world were the oppressive regimes brought on as a "gradually eroding change", instead they were created fairly suddenly and violently by wars (I think, don't have either book to hand now) so it's not a great example.
I would have loved a static IP back when I had dial-up, sounds great to me. The other stuff is another story.
Moderation Totals: Flamebait=2, Troll=1, Redundant=1, Insightful=6, Overrated=1, Underrated=1, Total=12. (not mine)
Studied game theory at all? That only works for me if everyone else does it. Otherwise, it's like wearing a big "INVESTIGATE ME" sign. Better to blend in with all the other traffic, and hope they don't have a reason to look. Unfortunately, if that's the logic most people use, we're all screwed.
Another proud carrier of the $rtbl flag
people being shot, mugged, raped and generally fucked over so whats wrong with putting up the cameras if they help prevent it, or at least track down the guilty person afterwards.
People are shot, raped, beat up, get drunk, get high, write anti-government essays, organize terrorist activities, and plan revolutions all from their own private homes! So what's wrong with putting up the cameras in everyone's house, if it helps prevent it, or at least track down the guilty person afterwards?
I've had enough abrasive sigs. Kittens are cute and fuzzy.
but turnabout is fair game I've taken so much shiz from canadians and europeans on how my government (USA) is so evil and corrupt and the antichrist and how does it feel euroslut or canadaslut now :P
when will you think it's a good idea to get along and not bitch and make fun of the people you relied on 50 years ago for your very existance :P
It's not a black and white issue of simply what prevents crime and what doesn't. It's a case of balancing the need for security with the needs for privacy (to avoid big brother syndrome). Putting everyone in the country in prison would prevent crime but that doesn't make it a good idea. Putting cameras in public isn't even really a compromise because as far as I'm concerned I only gain from it.
If any party here tried to put cameras in peoples houses they would be thrown out at the next election (or probably before). If any military government took over for whatever reason (e.g. a 1984 style ww3) and decided to put CCTV everywhere, they could do it anyway regardless of whether a public system was already in place.
I understand your arguments, I just can't see the British public or government ever buying into it. Maybe it's me being shortsighted but after hearing all the dodgy shit some politicians get up to I hardly think they're going to want cameras watching them all the time either.
After all, Europe is the birthplace of the modern police state.
Personally I like my cops walking the beat, not watching TV.
Cheers,
-b
The really scary part is that afaik Europol is under no parliamentary control at all, they can do whatever they want and eavesdrop on each and everybuddy. Knowing that you somehow don't feel like being on the western side of the iron curtain.
You just recapitulated the original document. Nice formatting :-)
Actually, most neo-fascist European UberISPs already log all the data requested in items 1-5 as most of them use (transparent) proxies for http and ftp. I wonder why the "last page visited" is so important to them, maybe they're trying to piece sessions together where a user disconnects and then logs on to another ISP. I'm not so sure about 6. IRC whether they already monitor it, but it's good OPSEC to assume that they do. Incidentally, the UberISP I'm subscribing to, actively assisted a German Pay-TV company by redirecting http-requests for a website containing hacking information to the homepage of the national police.
I know that my telephone Ubercompany is logging all the data they ask for and in addition to that "legitimate interests" can connect at any time without having to present a warrant to their switches to listen in to all my calls. Same thing goes for my mobile phone, and say did you know that the austrian police requested and received all cell phone subscriber information of people who were either participating or just for being in the vicinity of a demonstration?
The best kind of OPSEC in telecommunication is and always has been keeping your mouth shut.
Don't believe everything you read kids!
I am the NUL and the DEL, the beginning and the end.
Europe is one of those political unions that goes from fairly liberal democracy to fascist police state without an intervening period of civilization.
668: Neighbour of the Beast
The point is that while you are in a public place, you're being watched anyway, so what's the big problem with a camera being among the watchers? Are opposed to police partols, too? If you want to do something you don't want anyone to watch, you're not going to do it in a public place anyway.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Maybe about the same time the Israelis figure out that there is equally little sympathy for their "retalitation" which basically amounts to executions without trial or outright murder.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
I prefer my neo-fascist control fetish to your neo-liberal corporate masochism, thankyouverymuch, Mr. trailer-trash hillbilly. Glad to live in Europe, still the place where people actually care for each other and have a sense of community beyond "Those fucking cops better beat up that dirty bum or I'll shoot him myself!"
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Well what about my freedom to walk down the street safely? Doesn't that count for anything?
g y as it *could* all be concevably abused by some future evil government(tm). Or how about putting everyone in prison. Because thats just one tiny little step down the road from putting cameras in public places isn't it.
I just can't see any logical arguments here except conspiracy stories. It's a millions miles difference the government putting cameras in public places where there is already no privacy to them putting cameras in our houses.
Why the hell do you all think because we let cameras in public we would then roll straight over and let them into our homes?
By these paranoid arguments we should get rid of all weapons/army/police/cars/planes/tv/radio/technolo