Slashdot Mirror
EU Moves Forward with Data Retention
KokoBonobo writes "
euobserver.com reports on controversial proposals to require EU service operators to retain data about telephone calls and e-mails as part of an overall fight against crime and terrorism. The retained data would not only consist of logs, but of entire conversations and contents of the e-mails and SMS messages. This document from the European Commission's Information Society goes into further detail."
Well, if anything is going to drive people to personal encryption, this type of brain-damaged legislation will be it.
My username does not make me Apathetic. It's irony, get it?
It seems that with the rapid pace of new technology and the slow pace of legislation, that this will be largely ineffective.
Already it's easy to see how existing technologies could be used to effortlessly circumvent the proposals.
"Telephone calls", does this cover Skype? Does it cover VOIP in general which is just data passing over the network and could always be wrappered, encrypted, or routed via several points (to ensure no single intermediary could capture the whole conversation).
It's great that our politicians can find ever increasing ways to enforce a climate of fear whilst wasting the monies that could help alleviate problems fced by the citizens that they represent.
Damn! Now I've posted what do I do with these mod points!?
HAHA
Now you have to retain this comment in this thread in order to combat terrorism or something.
Now I know the Belgians can speak French. If they can't communicate properly, this data retention law isn't going to help at all. What would help is for the various member states to get their act together and start working together more closely on international crimes.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Just ask friendly ol' uncle Sam for the Echelon logs?
No need to duplicate!
My pics.
Now's the time ti sign up with EMC and get your sales boots on! Think of the disk required to store all of that drivel!
Deja moo - The feeling you've heard all this bull before.
I like the name. :P
Pretty good, but not quite good enough? Sounds like a name that someone could get into if they really wanted to~ (the govt.)
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
The one representative who was supposed to speak in favor of it never showed up (remember Inger Marie Sunde?), nor did she send a replacement. Now what kind of message does that send? It gives the impression of "the majority doesn't care for long-term storage of traffic data, but we don't care what the majority thinks. We're going to impose our way on you whether you like it or not."
People say I'm crazy, I got diamonds on the soles of my shoes...
I hope that countries look at these trends before clamoring to join the EU for purely economic reasons.
University of Washington
Student
"You mean we're gonna need how much disk space exactly?". "We're gonna have to invade which small nation just to get enough physical space to store all this stuff?".
Worry not, it will blow over soon enough :-)
I find your ideas intriguing and I wish to subscribe to your newsletter.
A small working group will now look into the issues surrounding such legislation - mainly cost, which will depend on the data retained, and privacy questions.
the wheels of government turn slowly, oiled with molasses.
besides, strong encryption (already mentioned in its many forms) will always provide an alternative for secure communication of critical data. people forget privacy and secure coomunication are two different things.
I think you missed the point. Encryption of your local files is a moot point if the data being transmitted is what's being retained.
That's not to say that encrypting your files isn't a good idea, just irrelevant in this case. Use of PGP/GPG for email, however.. in this case, is a bloody well fantastic idea. If everyone you communicate with has a key pair, you just have to remember to encrypt (and, if you aren't completely braindead, sign) everything you send and you'll have one less things to worry about. Keeping your web traffic under wraps might be a little more difficult.
I just need to find a cheapass CA (or track down the requisite software to do it myself) and I'd be happy as a clam. Of course, the challenge would be convincing everyone I know to start using it, as well. Although, at least that way I could make a certificate for my own servers so that, when I eventually do get my own server up and running, I can keep all traffic using https.
Matthew G P Coe
http://mgpcoe.blogspot.com/
First, this is an invitation to discussion.
Second, it states that data should be kept only as long as needed for billing and such, unless there is a specific request from the authorities to keep other data (and only data from the date of the request onwards). The text lists valid reasons for retention as investigations and prosecutions, so a lot hangs on the fairness of the legal process.
This is not necessarily a bad thing, the authorities should be allowed to look for evidence in a criminal case. However, they should have to get a warrant to do it.
Encrypt if you are paranoid. Scratch that, always encrypt so it becomes commonplace before some moron calls for its criminalization.
Hrmf. WTF are you even talking about? Something like this tried in the USA would result in a ton of out-of-work Congress folks. The EU, on the other hand, has already proven that it will vote however it wants, regardless of how the actual people in the member countries feel about things (the patent issue). That's what you get for being represented in the EU by appointees. That's also what you get for believing in the compete-with-the-US propaganda that got you the EU in the first place.
:P
Instead of storing all that data, the EU should just ask the CIA for the data nicely.
The retained data would not only consist of logs, but of entire conversations and contents of the e-mails and SMS messages.
And...um...who is the party providing or paying for all the storage and backups-handling to retain all these conversations?
Does the include all the content and messages of spammers? Or, are we assuming terrorists are ethically opposed to using spam to distribute messages world-wide?
I thought the cost of bandwidth was supposed to keep going down, not up!
This is the way things are now. The proposal is to keep all traffic data for at least a year, if not longer. I've read in some places that they want to keep data for up to seven (!!) years!
People say I'm crazy, I got diamonds on the soles of my shoes...
Man, sometimes I simply love Norway.
Now we just need to vote our idiot PM (and his alleged ties to the Fellowship Foundation) and all his scary people straight out of office.
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
Can't really argue with that, but in in the European Convention on Human Rights it becomes
Article 8:
1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.
2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.
Just cry "crime and terrorism" and that small-print in 8(2) takes it away again...
If you value your privacy (and that of others you communicate with - which can be more important than your own!) be sure to exercise your rights.
:: E M A I L ::
h p
Encourage the use of the OpenPGP standard by supplying others with your public key and encouraging them to use it.
Using encryption does not often complicate traffic analysis, but it can keep them from reading your private communications. Be sure to remind people that email subject lines are not encrypted and should be condidered carefully. I often use something like
Subject: This space intentionally left ______________
Here's some boilerplate: [there's breakage on the 5th link - be sure to correct]
Do consider Thunderbird
http://www.mozilla.com/products/thunderbird/
http://www.mozilla.com/products/thunderbird/why/
for both yourself and your clients. It's really a wonderful product
and has spam handling built right in. Unlike Outlook(TM) it is open
about where it keeps your email (not hidden and difficult to export)
and is not so susceptible to worms and email nastiness such as scripts
that run without hindrance. Many a spyware app has been installed
further contributing to the spam problem due to people running just
that piece of software. Don't help the spammers. Reclaim your inbox.
It supports Enigmail: ( email envelopes you don't have to lick! )
http://enigmail.mozdev.org/
http://www.moztips.com/index.php?id=87
http://dudu.dyn.2-h.org/nist/gpg-enigmail-howto.p
I've attached my public key [ 0xYOUR_FINGERPRINT ]. I prefer to receive
secure mail. I've got nothing to hide, but I don't like using
postcards for all my USPS/post correspondence either. Regular email is
like using postcards on the internet. Any postal worker along the way
can take a look ( have a look at email "headers" sometime; every hop
you see is a place where your email is stored on a hard drive. )
Please use an envelope when communicating with me. It won't even cost
you a stamp. I value your privacy as much as I hope you value mine.
How to Get Encryption Going on Windows
There's no need to keep my public key a secret. Feel free to give
it away or put it on a telephone pole; write it in the sky if you'd
like. It's available on the web. The more people that have it the
better. Use it to seal your envelopes when sending me mail. I've got
the only other matching key (my private key, opposite the public key
I've given to you) that allows me to unlock the envelope. You can
even lock an envelope so that multiple people can unlock it on their
own, but nobody else can read what you've sent them.
You can also find keys for me here:
http://www.biglumber.com
Please try it out. Be glad to help you get started.
So... what about writing a P2P app over SMTP, just to clog down the bastards?
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
They might communicate by using say plain English mentioning good harvests or talking about recent events, yet the meaning could be that material was delivered or that "their latest mission" was successful or otherwise.
A terrorist's message could be..."Did you hear about thet flood that made people's lives in country X very miserable..."? The hidden message to this would be that "next month will be a crucial one."
They could even send out bogus messages so that the Europeans and the CIA can "waste time" on them. After all, it's known fact that the Americans have tens of thousands of text and audio they just do not know how to handle. They are simply overwhelmed! I know, and the CIA does, that much of this is just bogus!
Guys, this just won't work. The best way to fight terrorism is to be "FAIR" to the world or be seen to be fair. This way terrorists will find very few sympathizers.
Europe is so concerned about for-profit corporations keeping personal information, but not national governments. Isn't it ironic, the worst the corporations can do to you is annoy you at dinner time and be intrusive with their advertising. The worst the state can do in Europe is put you behind bars for life. Now, which is the lesser of the two evils to have keeping personal information about you?
Personally, I'd take the corporations any day over the U.S. Government. But what do I know? I'm just an American capitalist...
Click here or a puppy gets stomped!
If you're not a terrorist, find help on getting setup with Freenet here: http://slashdot.org/comments.pl?sid=127703&cid=106 69904
6 81546
Info on FreeMail as well. Totally anonymous and encrypted mail system: http://slashdot.org/comments.pl?sid=127703&cid=10
That is so cute. I can picture a nice little country peering at charts over a nice pair of granny glasses.
Seriously, get with it. The political leaders of countries wanting to join are all sold the to idea, who in those countries gets to say otherwise?
The case of the Ukraine is a great example.
The democratic movement there is about as convincing as the weapons of mass desctuction lies.
Each time I hear such proposals I think about how easy it would be to bomb it, at least in cases of smaller and medium-sized ISPs -- what if I start sending 100MB /dev/urandom dumps to my other remote mail accounts? With high enough bandwidth and persistent users I doubt anyone would be able to keep up with it. So what then? They'll limit amount of traffic we can generate just so we could be spied upon conveniently?
(yeah, and after two days of sending those dumps UBI (Union Bureau of Investigation?) will knock on your door ;-) )
Don't forget that Thunderbird suppports s/Mime encryption and signatures out of the box. So do Outlook (Express), Netscape & Mozilla.
So if you want to keep compatibility with friends using 'that other product' that doesn't have a PGP plugin, s/Mime might not be a bad idea. AFAIK it's as secure as SSL.
You need a signed certificate that can be obtained free of charge from Thawte:
http://www.thawte.com/email/index.html
X.
It affects anyone sending data over there as it would log the incoming stuff too. I hope that makes sense.
Mirror here
---
When all you have are lemons... -- Unknown stardate.
what good is data retention, when you are unable to decrypt it?
I don't mind if they log all my transmissions. Just make sure you transmit all of your data (that is worth keeping) once a day/week/month/whatever and when you loose your storage medium, ask your provider for the data. Instant free backup for everybody. How can this *not* be a good thing?
Something like this tried in the USA would result in a ton of out-of-work Congress folks.
:)
It would probably result in more lawsuits against corporate management.
One company I worked for had a mailing list for the Counter-Strike gamers that often became a bitch session between lower management and the workers. Whenever one of these lower management folks gave me a hard time, I always pull out an email that they written to the list and reminded them how HR would feel about the email. Upper management shut down the list when they realized that lower management painted itself into a corner that paralyzed them. Turns out HR didn't like those emails after all.
There's a lot of dirty laundry to be had in corporate emails. Especially if a company is require to hang on to it indefinitely.
It says 2004, but it's actually 20 years off.
The government will install a high resolution 24/7 webcam in your bedroom, feed all the footage over the internet and store it for ever? Just to make sure that nothing is said there that could be connected to criminal or terrosist activity. Anyway if your a good, well behaved, citizen you have nothing to worry about because you have nothing to hide, right? In my opinion we're all being held hostage by criminals and terrorist.
As well, history has repeatedly shown that it is just a very small step from storing personal information to abusing it to repress the masses. Maybe good intentions, but very dumb dumb people.
Those that are willing to trade freedom for security, will get none and deserve neither !
IANAL, but imagine a beowulf cluster of in Soviet Russia all your belong are base to us welcoming the new SCO overlords.
In The Netherlands (and also the UK), a person can be forced to assist the authorities to decrypt information (i.e. supplying them with the key). If you refuse to cooperate, you could face a hefty fine, or be put in prison (depending on whether the police, or the intelligence services give the order).
The only alternative seems to be anonymous multi-hop networks that use onion routing; in those cases, you cannot cooperate (when it's not your own communication), since you don't have the key. And on top: purely from network traffic, eavesdroppers cannot determine whether a given packet is yours or (more likely) someone elses. These networks exist, but are still in their infancy; they don't support a full /. crowd yet. So I won't mention the name here; if you're savvy enough, you'll find its name on Google (maybe) or Freenet (certainly).
The whole terrorism witchhunt has seen 1984 approach rapidly. This must be fought. If it happens anyway, at least I can sleep with a clear conscience, since I fought in the war...
Support a Europe-related section on Slashdot!
When I grew up, in the 70s and 80's, the eastern European countries were scorned for their obvious distrust in its own people, since copies were kept of phone conversations and letters. Still we're horrified by the vast archives of Stasi, Securitate and similar organisations. Yet, what we're about to introduce goes so much further. Is it only because it's so easy to do with electronic information that it feels OK to do so? I have a feeling that it would not be appreciated to suggest a legislation to make copies of all snail mail and store for use in fight against crime and terrorism. _ /Bjorn.
Very good indeed. I'd suggest trying OpenPGP on people (I like _distributed_ over _centralized_) and if they don't bite you can try to get them to use S/MIME. The no-extra-work factor will help in many cases indeed.
Free certs can be had at CAcert.org as well. Not only will they give you a free email cert, they'll give you a SSL cert for your web site, sign your PGP/GPG keys with their signature and they even allow you to login to the site with a certificate (no password needed to update your info or login to renew cert, etc.)
More resources?? - Reply with links please!
Is it not necessary to have probable cause and a warrant in order to demand that information be decrypted? Arbitrary e-mail monitoring seems intrusive and counter-productive since the problem such legislation seems to be trying to solve is lack of information, where one of the main issues facing police and intelligence agencies is the inability to sift through the massive quantities of information already available to find what's relevant.
My username does not make me Apathetic. It's irony, get it?
There's a lot of dirty laundry to be had in corporate emails. Especially if a company is require to hang on to it indefinitely.
Yeah. In between writing about bathing in a jizz hottub and whining about how he can't use software that thousands of people can work just fine, jwz wrote something about Netscape being in a similar situation with Microsoft.
If this does happen, that sort of contact will move outside of the workplace, as it really should be (although it's nice to have bountiful corporate resources available like that), but this article implies that ISPs and phone companies will have to start storing this information, and this is a worrisome thing. The people who suggest that this will lead to more wide spread encryption of emails are probably right, although they should be encrypting their emails already.
European countries have been fighting each other for as long as anyone can recall - making the countries depend on each other for sales purposes is a stroke of genius; most wars are about money/power, but nobody as lobbying for war agains a country which is a big customer of whatever product you might be selling.
-- A good compromise leaves everyone mad. --Calvin and Hobbes
Subscribe to a vast amount of newsgroups and send yourself millions of emails from your other email accounts...that would overload the servers...
and I am going to say it again!
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
Benjamin Franklin To the world governments:
Please Leave us ALONE. Your forms of protection, infringe on our freedoms, maybe there wouldn't be a terrorist issue if you weren't so controling. Maybe if you didn't try to impose your morals on the rest of the world, there would be no reason to "rise up against $nation".
Where, at what point, did things go wrong?
I really don't know, but as long as there are more than 2 beings in exsistance, one will try to dominate.
42 69 6C 6C 20 47 61 74 65 73 20 69 73 20 61 20 77 68 6F 72 65 21
I have to thank the people who are bringing out this legislation. This is exactly the type of thing that motivates me into learning new topics like encryption and so forth. I haven't thought much about encryting my communications or data up until right now.
As soon as they put obstacles in our way we must find ways around them.
I'm thinking about the past record of using telephone records and e-mail records have been usefull before. As far as all the encryption, I think the idea is to keep track of the TO: and FROM: lines, as well as maybe the subject lines, so only encrypt as far as your paranoia takes you.
I think most of this data has been used after the fact, when they have a starting point and want to find out who a person has been communicating with. I don't think this will make anyone safer, but it might be handy after the fact to help string up scape goats.
I feel sorry for you Brits. That law about having to assist police in accessing encrypted data sucks. Over here we have the 5th ammendment, something most people didn't know about till the OJ Simpson trial.
Bacardi + slashdot = negative karma.
From the article you posted it looks like the legislation is intended to give the police the right to decrypt communications they've already intercepted as part of an investigation. Can they do this without a warrant? If they can't, what's the problem?
My username does not make me Apathetic. It's irony, get it?
Do you have a link that supports your claims that this is the case in the Netherlands?
I try not to rant and rave about this, to my non-nerd friends, but sometimes I just can't help my self... but it seems nobody really cares. They will just mumble something like "but think about the children" and surrender their freedom. Damn.
Anyway, I've all but given up, except I digitally sign (s/mime) all my mails and I've a pgp key that I'll use when requested.
Now digitally signing my mails may not seem like much, but I don't know a single other person (Nerds/Geeks or not) that has a digital signature, so I can't encrypt (I've one work colleage with a pgp key). But sometimes somebody asks me what that strange symbol by my mail is about and I have an opening to talk a bit about security (I often add something about spam), but I still haven't managed to get a single other person to get a digital signature.
Not that I've anything sinister to mail about, but I just want to keep those NSA servers busy. Trying to break a 2048bit key, just to get to a message about soup.
TC - My Photos..
For the sake of argument, ignoring phone records, etc and just focusing on the internet.
There are over 100 million broadband users in the EU - plus countless milllions of dialup users - but we'll ignore the dialuppers too for the moment.
Now I download about 300Gb/year and upload about half that. So we'll say about 400Gb/year of traffic. Now I know that they only have to log the traffic and not store everything I download/upload (although that would make for a more amusing example) so let's make it 1/10th of that actually required to log all my data (40Gb).
That's 3.7 Exabytes of data per year for all the broadband users in the EU alone. Assuming they haven't changed the proposal too much since I last read it, they required storage of data for 7 years, that's ~26 Exabytes of storage required to hold all this stuff.
How the hell do you find anything of use in 26 exabytes of data?
stormfront = neonazis (just follow the link)......
Please nuke parent from orbit, it's the only way to be sure.
The US government were originally so afraid of PGP that they imprisoned its author for "trafficing arms". It's probably the most peer-reviewed encryption software in the world.
I'd rather trust PGP than any government-recommended scheme any day. Take Clipper ; the inbuilt key escrow killed it from day one - even PHBs were not going to bend over for that one, given the record of gov.us in the matter of taking foreign trade secrets by surveillance and using them to benefit domestic companies.
Everytime news like this comes out. Someone
has to say it, but the names are changing. You
poor [everyone]..?
will this be enough to boost seagate's stock price?
If they suspect someone of something then you start to gather intelligence on them, with the right safegauards - Authority from a Judge etc.
This is completely unnecessary, and an invasion of privacy.
95% of the terrorism I read about lately are the paranoid laws by the (uber)governments of the world on it's own citizens.
Being EU service operator myself I think I will choose to ignore this law. Period.
Not to mention the fact that when the secret police arrive and demand that you decrypt everything for them, you'll do it in a heartbeat. Anybody would. What's the alternative? It's not like they'll meekly leave if you refuse to comply.
Personal encryption is good only for preventing access by the nosy-but-powerless.
But when the secret police arrive and demand that you decrypt all your files for them, you'll do it in a heartbeat. Anybody would. What's the alternative? It's not like they'll meekly leave if you refuse to comply.
Personal encryption is good only for preventing access by the nosy-but-powerless.
How to avoid breakage on links on Slashdot:
Just enclose them in a <URL:....> tag. It's quick. It's easy. It gives a working link without spurious spaces. Look at the example in "URLs" below the text box when you next post a Slashdot message.
Oolite: Elite-like game. For Mac, Linux and Windows
finally, a real backup solution for my personal data
So the are talking about SMS messages, emails and phone data. calculating the entire badwidth usage is extreme, since they will not store everything. This makes it more feasible, and thus- a bigger reason to worry...
University of Washington
Student
Something like this tried in the USA would result in a ton of out-of-work Congress folks
What the fuck are YOU talking about?? Last time I checked none of you stupid americans got off your asses over DMCA, the iraqi fake war, halliburton, or the missin delivery truck in Florida back in 2000.
If I transmitt my copyrighted works over my ISP's network, do they have a right to keep that data on file if it just went through their server's cache? I know, it's a moot point. They'll be exceptions for this sort of thing and it doesn't have any practical meaning (aside from the occasional sys admin skimming data), but it's fun to annoy bueracrats with this kinda question :).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Presumably, it is possible to have an encryption algorithm such that :
encrypt(x,y,k1,k2) = z;
decrypt(z,k1) = x;
decrypt(z,k2) = y;
Then when the government asks you for the key, you can provide k2, and provide them with only the 'y' part of the conversation? This could be any old document. It is up to the government to prove that k1 even exists?
Just a thought...
Transmitting emails using PGP is one way to keep your information private. Encrypting disks just adds to your privacy by making personal information private as well.
With all the litigation thats going on, including raids on Kazza & IndyMedia servers, keeping information private is a serious concern.
What good is anal retention, when you are unable to decrypt it?
My Favourite Meme
Ahh yes, but your original message gave the impression that you were referring solely to the abilities of PGPDisk.
Furthermore, regarding the raids on KaZaA and IndyMedia servers, the fact that the physical locations of these servers was made available could not possibly be the fault of the operators of the servers; it's that the ISPs were pressured/subpoenad (sp?) into revealing said information.
Matthew G P Coe
http://mgpcoe.blogspot.com/
I have no idea if this is possible, but it's irrelevant, sadly. If I understand the Regulation of Investigatory Powers Act correctly, then no, it's encumbent on you to prove that k1 does not exist and (even if it did) that you don't have it.
I always thought it should be easy to get the RIP Act changed - find out who wouldn't vote it down, plant some encrypted child porn on their computers and arrest them for not giving up the key when the police come knocking. Unfortunately it would require someone with the will to change the RIP act in power to order the cops, but I like the poetic justice of the thought.
I
If they are happy sifting through mails with links to goatse and tubgirl then so be it. Anyone in the know uses encryption anyway...
I've noticed that everyone who is for abortion has already been born - Ronald Reagan
Before 1999:
As in the United States, France has long classified encryption as a military or dual-use technology, and accordingly restricted its export. It received special treatment in a small flourish appended to the 20-page telecommunications law of December 29, 1990. Article 28 of this law required government permission for any use of encryption.
No immediate action was taken on what the French refer to as "the December 29 law," but six years later a more comprehensive bill was passed. This July 26, 1996 law specifies that users of secret keys must store them with organizations that will furnish them to government officials as needed for crime-fighting purposes, a plan commonly known as "trusted third parties" or (in the United States) as "key escrow," "key recovery," or "government access to keys."
Original article
At this moment France has changed his mind and has raised 40-bit level to 128 bits on civil encryption.
My city: Barcelona.
That's doable, though a logistical nightmare. I have a book (though I didn't bring it with me to school.. interesting) that outlines a very basic method of doing it and it really all depended on perfectly wording the ciphertext (which appeared as cleartext) such that one decryption yielded a false cleartext and another yielded the genuine cleartext. After the Christmas break, I'll bring the book back with me, assuming I can find it, and outline it in a journal entry.
Matthew G P Coe
http://mgpcoe.blogspot.com/
But that would be madness. That basically means that the UK government could take *any* file on your PC and demand that you decrypt it (even if it is already in cleartext), requiring you prove that it isn't just some fancy encryption algorithm that made the ciphertext look like a Word document, or a system library!
Some particularly malicious government official could potentially generate a keys that translated explorer.exe into child porn and use it as "evidence" against you!
You don't need a CA, openssl will let you create a self signed cert. Look at it another way; who do your users trust more, verislime or you?
are rarely intended to accomplish anything. They are intended simply to create precedent for legislation of this nature such that when the real alteration in law comes along (or the real use becomes apparent), no one will notice.
Mod me up, mod me down, flame me, praise me -- whatever you do, you help prove I exist...
What they haven't even thought about is whose data gets stored by whom.
Say Mr. Jones uses his Albania Online connection to send an e-mail to Mr. Smith. Mr. Jones' e-mail server, however, is located on Mbwawanga Island in Mbwamwere, and Mr. Smith's e-mail server resides in his living room.
If we assume that Albania Online is obligated to store all e-mail and voice traffic that even passes through its network for an extended period of time, we can also assume that after said period, there will, of course, be no Albania Online.
I wonder how they're going to solve that?
I suppose I'd need to get OpenSSL then. As an extension of that, I do believe I'd also need to have a webserver on this (Windows) machine that doesn't suck donkey dong... which could be hard to do, I have never--ever--had luck getting Apache running on this thing. I don't know why.
Matthew G P Coe
http://mgpcoe.blogspot.com/
a self signed cert means nothing. it is really no more trustworthy than an unsigned cert. nobody with any concrn for security would trust it without verifying it with absolute certainty by some other means than the sig. And if you do that, you might as well have them sign it for you since they verified that it was valid.
The right way to treat encryption is the same way they treat safes and lockboxes.
If the police are searching your house (with a warrant) and they find a safe, there are rules about when they can and cant force you to open that safe.
The same rules should apply to any ecrypted information they find.
For example, if they have an encrypted email or file, the same rules should apply as apply to them finding a safe in your house.
As for this new data retention crap, are the cops going to pay for the huge servers and disks required to hold all this information? And the people to keep everything going?
Terrorism has lost all meaning to me now, it's unfortunate that such an awful thing has turned into nothing more then a Buzz word and an excuse for governments to spy on their own people. Everyday I hear about fighting terrorism, and people losing their privacy and rights, I feel like its getting closer and closer to 1984. If people weren't so misguidied in their fear of terrorism then the governments wouldn't have the excuses to enact these laws. Terror kills only a percentage of a percentage of what smoking does, or heart disease or AIDS. Why not take most of the money being spent on fighting terrorism and put it to use fight the REAL killers of the world population, because everyone knows, no matter how much money you through at it humans will still kill humans.
My 2 cent rant.
The Good Life
Something like this. http://www.mirrors.wiretapped.net/security/cryptog raphy/filesystems/rubberhose/rubberhose-README.txt
although the main site seems to have gone away.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
the Patriot Act
In The Netherlands (and also the UK), a person can be forced to assist the authorities to decrypt information (i.e. supplying them with the key). If you refuse to cooperate, you could face a hefty fine, or be put in prison (depending on whether the police, or the intelligence services give the order).
Heh, it still probably beats going to jail for whatever the police/intelligence services may have found on you harddrive.
^^
Yes, in the UK, under the RIP act, you can be sentenced to moderate jail time for not giving up your key. This is supposed to stop terrorists, child molesters and drug smugglers from using encryption.
Of course, any drug-smuggling terrorists with a penchant for child-molesting will immediately surrender the keys to incriminating information. Why would he take up to three years vacation at her Majesty's pleasure for encryption, when he could easily get 18-25 or even life for his real offences?
It's because of well thought out, useful laws like this that crime is virtually unheard of on our sunny islands! Thank you New Labour!
no taxation without representation!
Denmark is way ahead of the rest of the EU and is implementing a legislation that affect not just ISP... it affect anyone who provide some sort of "tele services"...
So if you run a block, you need to track, register and store everyone who makes a comment on you page.
If you run a BulletinBoard... same applies.
Run a chat or mailinglist? Ditto for you.
Do you run *any* kind of server (apache, irc, cvs, ftp, mailinglist etc.). You're not excused.
In short: every citizen is obliged to keep records of friends, family etc. whereabouts.
Welcome to Stasi-land!
Is IS madness, and yet it passed through our 'democratic' system quite easily.
No one in the UK gives a fuck about democracy, new laws just pass them by.
It is very stupid. However, it is something of a habit for the British to ignore laws that don't make sense. Whilst the RIP bill was passed in 2000, so far as I understand it, it has never actually been used.
Wow, I wonder how many HOURS the system will hold... And this is to fight terrorism? I doubt terrorists could do as much damage to a contry economy as this law thing even if they tried for a hundred years.
Which part of "and" don't you understand? He was referring to using both encrypted communications and partitions.
HAND.
What's really going to happen? They're going to come after me, there's going to be a lot of noise in the press about it, plus the big expensive court case paid for by taxpayer money, angry taxpayers teaming up on my side saying "what the fuck," friendly reminders of Soviet days, etc etc. It's a big LOSE situation for the government.
when you encrypt something with PGP you can just avoid self-encrypting it, ie. preventing yourself from decrypting it while still allowing the party you sent it to to decrypt it. (Not sure how this would interact with signing, though).
AFAIK there is no way to prove whether you did/didn't self-encrypted the message, effectively giving you plausible deniability.
HAND.
I think that what's going on is that countries join for the subsidies, and hope that they can ignore the daft regulations they have to sign to in return.
Yup. Probably wouldn't fly in open court, but if memory serves you aren't allowed to tell anyone that the government have requested the key, or else you get to spend twenty years in the clink. I left my tinfoil hat at home today, so I won't comment that this gives "Them" a nice mechanism to lock you up on an unfalsifiable pretext.
I
What if you suddenly forget your passphrase? This can plausibly happen in extreme stress situations, such as being arrested, interrogated, and/or threatened to be put in prison.
"The whole terrorism witchhunt has seen 1984 approach rapidly."
Straw, and not true. The difference is that terrorism is a very real thing, with very real asshats killing and torturing very real victims. Unlike witches, which did not exist.
Well on the plus side I can call my ISP and demand to see a list off all my web history and they can only charge me 10 quid still? Think im gona make a habbit of demanding all my data from everywhere, and if they keep CCTV for a year then they'll just have to go through the tapes looking for me..
This comment does not represent the views or opinions of the user.
Yes if you tell your employer that the government has requested the network passwords/keys etc. then you get sent to jail.
If you don't of course, you're likely to get the sack and may never work as an admin again (since who would want to employ an admin who has given away all the network keys).
Really sucks.
Terrorism has *always* existed. It's not any worse now than 10 years ago.... I used to have the odd afternoon off school due to bomb scares (99.9% of terrorism is the fear of it not the actual action. The closest I got was when the IRA decided to do a demolition job on the local city centre on a Saturday afternoon.. I was about half a mile away.. spent the afternoon quaffing beer on the exclusion perimiter and watching helicopters/police with guns surrounding the place).
There is a witchhunt - basically anyone who wants 'rights' risks being thrown in jail without and representation or right to a trial. This situation would never have been allowed a few years ago but under the 'terrorism' laws you can be arressted for anything they decide to dream up.
Heh. Big Blunkett is watching you! If you have nothing to hide, you have nothing to fear!
Oh, wait...
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The S/MIME on OE doesn't work - it just displays a blank page with an error message & you have to click to read the message.
This *really* confuses newbies - I tried it for a couple of weeks and gave up after getting loads of messages back from OE users complaining that they couldn't read my message.
As for this new data retention crap, are the cops going to pay for the huge servers and disks required to hold all this information? And the people to keep everything going?
No, your tax dollars will!
I agree with the rest of your post... At the very least, I should know what the gov't/police have and haven't read of my personal communications. (which I would if they needed a proper warrant to legally comel me to decrypt.)
Link goes to a somewhat indecent picture.
What he can't kill, he has sex on. Trent.
4 years is too short a time to say "never". Wait until the UK government lets some asshole with a plane "slip through" their defenses, and blow up a 200 year old building in central London. RIP will see new life, and everyone will accept it, because it's not "some ancient, obscure law", or something "passed in the heat of the moment", or some new legislation that would have to overcome the newly mobilized opposition.
--
make install -not war
I think democracy in its current form is severely flawed.
While we -- the people -- may in fact elect our representatives, we have no way of insuring that they will carry out our wishes, or that they will even follow their own ideaologies -- be it liberal, socialist, communist or racist. In fact, the people have no way at all of controlling democracy.
I think it's about time this changed, and that some sort of mandatory referendum is held for all important laws (0.01% more taxation on the paint used to dye your favourite sex toy with, is not important).
Of course, you couldn't expect all of the people to go and vote for every single law. But I think that with all this wonderful technology we have here at our feet we could at least set up some kind of permanent voting box where you could (if you wanted to, obviously) go to vote on your favourite current issues.
If a certain percentage of the populus goes to vote -- say 20% -- and has a majority -- 2/3 -- then that vote should be obeyed.
This would insure a few things:
a) Politicians would do their best to please the people not just in the few months running up to the election, but through their entire term.
b) Bad laws like this one get canned.
c) Democracy becomes more democratic. We do not live in the 1st century AD when 90% of the people was illiterate. Our society is, as a whole, quite smart, and I think at least most of us can decide what's good or bad for us.
Of course, there is a chance that less pleasant things -- such as a tax increase -- require a bit more effort. This is why certain kind of laws should be exempted from this system.
That *definitely* does not include any kind of laws which affect the fundamental freedoms of individuals.
The RIP bill has been used frequently and even by those who were not supposed to.
When the government sought to introduce RIP2 recently their investigation showed that ISPs were handing over information without court orders and that the law was being exercised by lowly council workers that were not intended to be provided access to users data.
The only problem I see here is that I will need much more disk space for mail archives and their backup copies. Guess who will pay for it...
"We can shout at people that the government can read our email and chat logs, but very few people will make the move to encryption. People are apathetic and lazy - unless encrypted email and chat is enabled BY DEFAULT in the next version of email and chat programs, people won't do it."
I can only agree with this. Living in Germany I followed the discussion about the data storage a bit.
This includes the knowledge that every offerer of telecommunications in Germany has to provide the hardware to monitor and store communication details - like email or your mobiles SMS - from January 2005 on, and that on their on costs.
As a result to this I describe the privacy problem in my signature of every email, including a link (http://home.arcor.de/ja.stiebing/gpg sorry - german only) to a page with further information (respectively links to information) about the german law and a brief usage of gpg. Although the people I communicate with all are aware of the dangers of the 'glassy human' (like they call it in Germany), NO ONE OF THEM has started to use encryption - well one friend of mine at least thought about doing it.
You are absolutely right to claim that encryption has to be enabled by default - and it has to be available in every kind of communication program for the net. I hope that eg. Opera will have at least the possibility to include GPG in its upcoming version (perhaps allowing the users to point to an online GPG key?).
Keep your data private - or would you also like everyone enquiring your underwear?
btw, my GPG key:
http://home.arcor.de/ja.stiebing/download/gpg-key
I lag
The ISPs can still refuse to go through with all of this and not pay the fee. And if the government complains, guess who gets their Internet connection cut off?
Is it not the same in the UK as the US? I believe you CANNOT be legally fired for complying with law enforcement.
>like this tried in the USA would result in a ton of out-of-work Congress folks.
Actually, you may be surprised how many Americans would support this if the media tells them to. People here tend to be very fickle on every issue. Besides fickleness, there's also the issue of people on the more extreme end of political philosophies who will believe this is a good idea. And as another response says, we are also mostly apathetic and no matter how much we complain to each other, we are likely to do nothing effective about it, much less try.
The problem with that idea is that once most of the populous does start encrypting everything, the government will just put a stop to it.
How? Easy. By making it a felony to use *any* encryption mechanism that isn't approved ( i.e., backdoored ) by the government.
Then it wont matter that the email was from your wife telling you to get milk on the way home...They don't even have to bother to 'break' it, the simple fact that its not readable by the authorities will be enough cause for jail time.
---- Booth was a patriot ----
If you forget your passphrase, and cannot prove you haven't got it, you get locked up until you remember it.
You don't get a trial. You don't get a lawyer. And in fact it's an offence to tell ANYONE you've been served with a request for the key.
Nice, huh?
But if you piss off your employer they can surely get you some other way, when the government isn't looking.
I'd think stunts like that are rare though, since again, if caught, it will bring nothing be headaches to the employer.
Of course. Following on from the mass departures that followed the DMCA, CDA, PATRIOT, the broadcast flag, and no doubt will happen again after PATRIOT2.
This as well as the recent controversy about software patents only show that the democratic processes in Europe are not working. The vast majority of people have been opposed to issues like data retention, snooping, software patents, etc. from the very beginning and have been writing their representatives by the hundreds of thousands. However, they seem to ingnore peoples' opinions and make decision against democratic principles. What a shame!
Be afraid. Be very afraid. The "Consultation Document on Data Retention" (the directive that will be used by the commission in establishing the rules) contains the requirement, "ensure that the data is only retained for a limited period of time." As we know from copyright law in the US, that currently means, "100 years plus automatic increases for the next 25 years then we'll decide how much further to extend it." And it has been argued by former congressman Sonny Bono that it really means, "forever minus a day."
Stop-Prism.org: Opt Out of Surveillance
Sure. Terrorism is real. But we are reacting in irrational ways. The ways we react do in fact only make the most sense if either we're ruled by incompetent asshats that are out of touch with reality, or the asshats that rule us have a different agenda they don't disclose.
Stop the brainwash
Was the "Oh, wait..." as you suddenly remembered that Blunkett resigned yesterday?
That's not the real problem. What if you never knew the key in the first place? You can't prove that you never knew it, and the authorities don't need to prove that you did know it.
Good idea, but you would have to actually not self-encrypt the message. Once you have provided your password to the authorities it can be checked . They won't simply take your word for it.
You can always generate a one time pad key that will convert any document into another of the same length. Just XOR all the bits of both documents together and that's your key. If you XOR the key with one of the 2 documents, you get the other document.
Exactly how would you be able to encrypt data like recipient address, sender address, date and time of the connection was made, what phone number you dialled, how long your call lasted, and how much you are supposed to pay for it? You can encrypt the contents of your e-mail message if you like, but if you want your ISP to actually deliver it, you at least have to provide them with the recipient address in plaintext. That's traffic data stored by your ISP, which is what this proposal is about.
Here on Slashdot, KokoBonobo claimed:
I see no support for this bold claim in either of the linked documents. They are appearantly talking about traffic data, not message contents. This data retention proposal was discussed on Slashdot months ago; we didn't find any evidence of planned bulk snooping back then either.There is some mention of certain "other" pieces of traffic data, not yet specified. What could that be? Perhaps whether the phone call was made using hidden Caller ID, and any technical service logs associated with the subscriber line... That's a lot of data; let's just throw in an MP3 of the entire call (whether voice or fax) as well for simplicity, right? :-)
Now, it's quite possible that your average politician will be unable to tell an SMTP message envelope from a user's manually written signature, and would thus happily vote for any proposal either way, but I suggest you quote the specific parts of the proposal that mandate bulk snooping before you label it "brain-damaged". Have you seen the proposal?
We need to send all our emails in the form of SPAM because noone in thier right mind would store spam for 7 years!
Hot Nude chicks!
We have to be seen to be believed!
Our chick spread thier pussies wide for you!
See if you only read the bold letters. it's says 'Hi what's up' of course, if you bold the letters it's pretty obvious, there are a lot of other things you can do that will remain in formatting that are less obvious...
https://www.gnu.org/philosophy/free-sw.html
Actually, in the US, your employment can be terminated for any reason (with the exception of discrimination) if you live in a "right to work" state.
Any man who afflicts the human race with ideas must be prepared to see them misunderstood. -- H. L. Mencken
Right to work state or not, I believe its still illegal to can someone for cooperating with law enforcement.
More generally, even in right to work states there is still such a thing as wrongful termination (which covers more then just discrimination). Please post links to laws saying something to the contrary.
Yes. I "suddenly remembered". :-)
(Please note the ironic comment about having nothing to fear if you have nothing to hide, and my new sig as of this morning, which is also related to the UK's anti-terrorism policies as advocated by DB.)
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I live in Switzerland, where, as a matter of course, most EU policies are implemented even though Switzerland is not part of the EU.
Already now it is law that logs of all communications must be kept by ISP's, telcos etc for around 6 months. This new law will make it legal for these fucking bastards to listen in on my private conversations without any problems and tape it as well.
There goes my privacy. There goes business secrets, and above all...
There goes my ISP's bill spiralling upwards because someone has to pay for the fucking storage.
So much for Europe being a bastion of liberal values. The Europeans are only liberal as long as they can take the piss out of the US.
Rememeber to check the "clear signing" option, regular opaque-signing can produce just the effect you describe in some recipients' mail clients.
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
I have sig display disabled because most of the time they just take up bandwidth and time, so I didn't notice it.
On the contrary, I think you'd be surprised by how little resistance a measure like this would pass through our current Congress.
This is the government where not a single congress person read the PATRIOT Act, but rather voted on it because of its name.
This is the government who attempted to create the Total Information Awareness agency.
This is a government who is using fear to control its citizens, and which is taking advantage of terrorism in order to pass legislation to empower itself against its own citizens.
There is a Spanish version of my post available at my blog: Conversaciones enlatadas.
Regards,
Pablo Martinez-Almeida
"The whole terrorism witchhunt has seen 1984 approach rapidly. This must be fought. If it happens anyway, at least I can sleep with a clear conscience, since I fought in the war..."
Couldn't agree more. I it really hurts loosing the free spirit that reigned on the past. We must bring it back.
I think IPv6 will give us back some of that freedom. I can't wait for the day an ISP here in Mexico uses IPv6 and I can put any kind of servers on my desktop, giving weird services that only I can think about to my friends.
This would have massive benefits to the right people. however it mis used it would be terrible for most people.
Seems to me that the authorities could just burn the data to optical media. There's no need for infinite hard drive storage. In that case the police wouldn't record everyone's data, but all the data of any "persons of interest".
To-do List: Receive telemarketing call during a tornado warning. Check.
I think I'll fire up a cron to encrypt them and send them to our off-site archives as email attachments (after all, I have to send that data anyway). If everyone would contribute a terabyte or so every day, they'd have lots of fun storing it. I'm glad I don't on their disk farm!
PGP, PGP, PGP!!!!
Oh when will the web email services have integrated PGP support????
This is an opportunity for companies like Microsoft, who have a disproportionately large share of certain markets, to do some good. If the Outlook (and Outlook Express) setup wizard included 2-3 dialogs for setting up a PGP key and a dummy's intro on how to use it, it would go a long way to making privacy invasions much more difficult.
Don't become a regular here, you will become retarded. -- Yoda the Retard
Look at it another way; who do your users trust more, verislime or you?
Or an alternative for Verislime which the GP is searching for in the first place?
WE DON'T NEED NO BLOG CONTROL.
Just posting to point out how much this would cost...
(Working off $300 per terabyte, and the numbers posted above.)
If 26 petabytes required gives a total cost to taxpayers of about $8 million - which is minimal considering what the EU parliament throws into the toilet every year subsidising prostitution and other such crap.
If 26 exabytes, then it'll cost closer to $8 Billion - which even the EU intelligentia will have trouble hiding/finding in their budget.
Of course don't forget that the amount of data being sent and received is rising almost geometrically year on year...
What you need are double messages with two encryption keys, that will either decrypt to the real message, or to a fake message. For details, see Practical Cryptography by Bruce Schneier.
Oh well, what the hell...
Looks like the bureaucrats have found a way to shut down the internet. Think of it! Every ISP who got into the business thinking it would be to help his fellow human will now become a cog in a vast SchutxStaffel with a new first duty. To his fearless leaders whoever they might be, say, next Tuesday!? Now all the ISPs will have to save EVERYTHING that goes over their network. So all those clickin fools out there that surf the world, well every web page no matter how many kbytes will have to be saved by the ISP. Not only saved, but classified and electronically filed for instand access by literally hundreds of police agencies, most of which will not speak the language of the page let alone the customer whose browsing is being spied on. This will be a nightmare! Every document going over the net through an ISP will have to be translated into over two dozen languages and all filed and cross indexed and databased. No ISP could stay in business and be able to do this. The only way to even try to cope is to: go out of business and drop your customers; refuse to cooperate with the various police that come calling and risk being put in jail for not being an informer and to out of business when your equipment is seized; cooperate and risk being damaged by your customers in personally meaningful ways...then go out of business anyway when your customers leave you in droves; go out of business anyway because it would take more money than GOD to buy thousands of gigabytes of hard drive space to store the activity online of just ONE business day not to mention the army of Nubian slaves it would take to translate and file and cross index all the flyin saucer secrets, Cindy Margolis pix, misclicked websites, ads for pecker growers and tit inflaters and other crass spam. ISPs would have to cut their customer base by raising prices thousands of percents and would have to charge by the byte for internet use. Most of the European interneters would disappear overnight and go back to telephone BBSes. Some of these might become wireless networks among laptoppers that agree to meet on hilltops or in the woods, etc. I can guarantee to all that the result would be a terrific increas in file sharing among people, who now woulr have to become social animals again.
ISPs would lose because their business model would be gone. Mass media vocal artists will see the return of outdoor concerts and the death of internet distribution. Their sales would take a dive because of the backlash and because since people would have to talk to each other again, the resulting soocial movement would revolutionalize politics in many nations. Record companies would see a steep dive in sales as all media was being shared in an unsinkable mosquito armada of small to medium impromptu meetings in thousands of private and unspied on sessions. The dive would be permenent, as peopls's interests would change away from mass fed crap to listening to their own friends play or perform. Europe is a huge small towm now. Step on a European from Talinn and another European from Lisboa will hear. Yes, EU Parliament, pass this crap and watch your careers to down the tube along with the wealth of the monopolies that bribed you. O Yeah, outlaw electronics! Hah! Even the communists could'nt fing all the old guns and uniforms that were stored in the basements of one little country, Croatia. Those guns came out soon enough when the time came to fight the Serbs. That stuff is a lot bigger and bulkier than a PDA with bluetooth connected to wifi and an Ipod. I once buried a hard drive over a wet winter in a field. Took it out the following year and it still worked....perfectly!!
The whole essence of onion-routing networks, is that you do not have the key for most of the communications you do. In fact, you do not even know the original source or final destination, or indeed anything at all about what you're transfering. (Except for what the next hop's IP address is)
Support a Europe-related section on Slashdot!
there are rules about when they can and cant force you to open that safe
AFAIK, they can't force you to open the safe, but (assuming they have a warrant) they can confiscate the safe and open it themselves. A similar thing should be done for encrypted messages; they can confiscate the message and decypt it themselves. (The fact that it could take billions or trillions of years to decrypt the message is (or should be) irrelevant.)
This Slashdot article on "Off-the-record messaging" should be very relevant to this. This is the homepage.