EU Still Looking at Mandatory Data Retention

An anonymous reader writes "Following up on a previous Slashdot article, European civil rights advocacy group Statewatch is detecting more rumbles of a possible weakening of privacy rights in the EU. The European council has been testing the waters for a new policy mandating retention of communications "traffic data" by all member states. The previous policy (adopted May 30) merely allowed an exception to EU privacy law for member states who wished to retain such data. Under the leaked draft proposal, law enforcement is to be allowed access to "traffic data" (identifying source, destination, time, etc.), which is similar to current US law. However, much worse is the requirement that telco providers retain such data for 12-24 months. Text of the draft framework decision is available. Also analysis by Statewatch. Backup link (in case of Slashdot effect)."

Noise Generators illegal?

[sllort]

If/when this becomes law, will so-called "noise generators" become legal? Overflowing an IDS by generating a bunch of false positives (ala Stick/Snot) is a technique used by folks attacking corporate networks... what happens if I buy cable modem access in the UK and choose to spend my bandwidth sending a continuous stream of garbage packets to random IPs from random IPs? It wouldn't be hard for a single user to consume entire gigabytes of storage per month in such a "traffic retention" system.

Makes you wonder if they'll outlaw generating bogus traffic as a defense mechanism.

KWTCMA