EU Still Looking at Mandatory Data Retention

An anonymous reader writes "Following up on a previous Slashdot article, European civil rights advocacy group Statewatch is detecting more rumbles of a possible weakening of privacy rights in the EU. The European council has been testing the waters for a new policy mandating retention of communications "traffic data" by all member states. The previous policy (adopted May 30) merely allowed an exception to EU privacy law for member states who wished to retain such data. Under the leaked draft proposal, law enforcement is to be allowed access to "traffic data" (identifying source, destination, time, etc.), which is similar to current US law. However, much worse is the requirement that telco providers retain such data for 12-24 months. Text of the draft framework decision is available. Also analysis by Statewatch. Backup link (in case of Slashdot effect)."

Information used by Drug Cartels..

[sadr]

This is exactly the information used by drug cartels to assassinate informants, as described in a previous Slashdot article.

If the information is being kept, unauthorized access will occur.

SKG

Re:US law???

[Amazing+Quantum+Man]

They weren't talking about US law re data retention. They were talking about US law re what's accessible to law enforcement such as "traffic data".

Completely infeasable

[jpmorgan]

I think this would definately tempt me to put any websites I run onto https and leave http with a simple redirector. Be nice if other people would do the same. I wonder how much they'd enjoy trawling through a few terrabytes of session encrypted traffic...

Seriously though, the sheer data management problem this would pose would be extraordinary. For every 1mbps, you're talking ~4TB of traffic per year! Consider how much traffic there actually is going across the wires:

T1 (1.54mbps): 6.07TB
DS3 (45mbps) : 177.39TB
OC3 (155mbps) : 611.01TB
OC48(2.48gbps): 9,776.16TB

Just for the hell of it, 9,776.16TB is 48,881 200GB drives. Now, you can buy one of those from Western Digital for ~$400US (retail). You'd be buying a lot of drives, so lets say you get a discount, and can get one for $300 (I don't know how big a discount you'd really get). That's almost $15 million dollars in hard drives per year for an OC48. That's about three times as much as the actual cost of an OC48 (even worse for peering arrangements).

Of course, scale that kind of hard drive usage up across Europe, and I don't think there is the manafacturing capacity to supply that kind of demand. Oh well, I guess we've found holographic storage's killer app, eh?

Also, who records what? Does every router have to record everythign that passes through it? Or only the ISPs that serve end users? What about businesses? What about co-located servers? If you don't want to miss anything, you'll have to cover all of those, and end up grabbing 2-3x as much data as you really have to. Otherwise it'd be trivial to setup a colocated server at a company or a hosting provider, and tunnel an encrypted connection through to that.

On top of that, there's the problem of how you sift through ~10,000TB of data for something useful. We're talking raw data on a totally unmanageable scale.

Why not just record all voice communications too? I'm sure that'd be invaluable in any police investigations. Ah well, nothing to worry about since neither's going to happen. Both are totally infeasable.