Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Moves Forward with Data Retention

Posted by samzenpus on from the find-out-what-you-said-last-week dept.

KokoBonobo writes " euobserver.com reports on controversial proposals to require EU service operators to retain data about telephone calls and e-mails as part of an overall fight against crime and terrorism. The retained data would not only consist of logs, but of entire conversations and contents of the e-mails and SMS messages. This document from the European Commission's Information Society goes into further detail."

15 of 325 comments (clear)

  1. Even Encryption won't help in the UK by amigoro · · Score: 4, Informative
    Since 1998, the police have the right to demand your encryption keys. Here's an old article about that.

    Moderate this comment
    Negative: Offtopic Flamebait Troll Redundant
    Positive: Insightful Interesting Informative Funny

    --


    Nothing to see here
    1. Re:Even Encryption won't help in the UK by julesh · · Score: 3, Informative

      Yeah, and according to the law, unless you can _prove_ you've forgotten it when there's _reasonable evidence to suggest_ that you know it, you're still going to go to prison.

    2. Re:Even Encryption won't help in the UK by julesh · · Score: 4, Informative

      All it takes is one high court case, observed by our sensationalistic media, and that law will be consigned to the gutter.

      The law includes secrecy provisions. Anyone charged under it will have their hearing in a closed session, and are strictly prohibited (penalty of 5 years imprisonment) from informing anyone other than their lawyer, so media coverage seems unlikely.

      (4) A person who makes a disclosure to any other person of anything that he is required by a section 49 notice to keep secret shall be guilty of an offence and liable-

      (a) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine, or to both;

      (b) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum, or to both.

  2. Re:Encrypt your data/files by jargonCCNA · · Score: 4, Informative

    I think you missed the point. Encryption of your local files is a moot point if the data being transmitted is what's being retained.

    That's not to say that encrypting your files isn't a good idea, just irrelevant in this case. Use of PGP/GPG for email, however.. in this case, is a bloody well fantastic idea. If everyone you communicate with has a key pair, you just have to remember to encrypt (and, if you aren't completely braindead, sign) everything you send and you'll have one less things to worry about. Keeping your web traffic under wraps might be a little more difficult.

    I just need to find a cheapass CA (or track down the requisite software to do it myself) and I'd be happy as a clam. Of course, the challenge would be convincing everyone I know to start using it, as well. Although, at least that way I could make a certificate for my own servers so that, when I eventually do get my own server up and running, I can keep all traffic using https.

    --
    Matthew G P Coe
    http://mgpcoe.blogspot.com/
  3. See what small-print does... by Ev0lution · · Score: 2, Informative
    Article 19 of the Universal Declaration of Human Rights:

    Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

    Can't really argue with that, but in in the European Convention on Human Rights it becomes

    Article 8:

    1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.

    2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.

    Just cry "crime and terrorism" and that small-print in 8(2) takes it away again...

  4. If you're not a terrorist, go ahead and encrypt... by QuietRiot · · Score: 2, Informative

    If you value your privacy (and that of others you communicate with - which can be more important than your own!) be sure to exercise your rights.

    Encourage the use of the OpenPGP standard by supplying others with your public key and encouraging them to use it.

    Using encryption does not often complicate traffic analysis, but it can keep them from reading your private communications. Be sure to remind people that email subject lines are not encrypted and should be condidered carefully. I often use something like

    Subject: This space intentionally left ______________

    Here's some boilerplate: [there's breakage on the 5th link - be sure to correct]

    :: E M A I L ::

    Do consider Thunderbird

    http://www.mozilla.com/products/thunderbird/
    http://www.mozilla.com/products/thunderbird/why/

    for both yourself and your clients. It's really a wonderful product
    and has spam handling built right in. Unlike Outlook(TM) it is open
    about where it keeps your email (not hidden and difficult to export)
    and is not so susceptible to worms and email nastiness such as scripts
    that run without hindrance. Many a spyware app has been installed
    further contributing to the spam problem due to people running just
    that piece of software. Don't help the spammers. Reclaim your inbox.

    It supports Enigmail: ( email envelopes you don't have to lick! )
    http://enigmail.mozdev.org/
    http://www.moztips.com/index.php?id=87
    http://dudu.dyn.2-h.org/nist/gpg-enigmail-howto.ph p

    I've attached my public key [ 0xYOUR_FINGERPRINT ]. I prefer to receive
    secure mail. I've got nothing to hide, but I don't like using
    postcards for all my USPS/post correspondence either. Regular email is
    like using postcards on the internet. Any postal worker along the way
    can take a look ( have a look at email "headers" sometime; every hop
    you see is a place where your email is stored on a hard drive. )
    Please use an envelope when communicating with me. It won't even cost
    you a stamp. I value your privacy as much as I hope you value mine.

    How to Get Encryption Going on Windows

    There's no need to keep my public key a secret. Feel free to give
    it away or put it on a telephone pole; write it in the sky if you'd
    like. It's available on the web. The more people that have it the
    better. Use it to seal your envelopes when sending me mail. I've got
    the only other matching key (my private key, opposite the public key
    I've given to you) that allows me to unlock the envelope. You can
    even lock an envelope so that multiple people can unlock it on their
    own, but nobody else can read what you've sent them.

    You can also find keys for me here:

    http://www.biglumber.com

    Please try it out. Be glad to help you get started.

  5. Re:Tools by Apathetic1 · · Score: 3, Informative

    I've showed half a dozen people how easy it was to use GPG with the Thunderbird Enigmail extension and they've never looked back. Many people are ignorant of the alternatives rather than simply being lazy.

    --

    My username does not make me Apathetic. It's irony, get it?

  6. Re:Tools - But Even Then... by ControlFreal · · Score: 4, Informative

    In The Netherlands (and also the UK), a person can be forced to assist the authorities to decrypt information (i.e. supplying them with the key). If you refuse to cooperate, you could face a hefty fine, or be put in prison (depending on whether the police, or the intelligence services give the order).

    The only alternative seems to be anonymous multi-hop networks that use onion routing; in those cases, you cannot cooperate (when it's not your own communication), since you don't have the key. And on top: purely from network traffic, eavesdroppers cannot determine whether a given packet is yours or (more likely) someone elses. These networks exist, but are still in their infancy; they don't support a full /. crowd yet. So I won't mention the name here; if you're savvy enough, you'll find its name on Google (maybe) or Freenet (certainly).

    The whole terrorism witchhunt has seen 1984 approach rapidly. This must be fought. If it happens anyway, at least I can sleep with a clear conscience, since I fought in the war...

    --
    Support a Europe-related section on Slashdot!
  7. Re:EU 1984? by mrjb · · Score: 2, Informative

    > It seems the EU is becoming less and less appealing... Yups, the EU is becoming more and more like the United States. They're really taking a good look and copying all the bad things.

    --
    Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
  8. Re:Tools by krymsin01 · · Score: 3, Informative
    Actually, I only think the ones doing any encryption will be the ones that the government/police would actually be interested in tracking.
    What about the companies that encrypt their data so that their competitors don't get the edge on them? Or online bank transactions?
    --
    stuff
  9. Re:A few numbers by pe1chl · · Score: 2, Informative

    You miss the fact that there is no requirement to keep the actual data.
    You need to keep traffic logs. That is not the 300GB/year that you download, but the list of files that you download. Assuming that the average file is larger than its name, this is substantially less data.

  10. France and encryption by Uukrul · · Score: 2, Informative

    Before 1999:
    As in the United States, France has long classified encryption as a military or dual-use technology, and accordingly restricted its export. It received special treatment in a small flourish appended to the 20-page telecommunications law of December 29, 1990. Article 28 of this law required government permission for any use of encryption.
    No immediate action was taken on what the French refer to as "the December 29 law," but six years later a more comprehensive bill was passed. This July 26, 1996 law specifies that users of secret keys must store them with organizations that will furnish them to government officials as needed for crime-fighting purposes, a plan commonly known as "trusted third parties" or (in the United States) as "key escrow," "key recovery," or "government access to keys."
    Original article

    At this moment France has changed his mind and has raised 40-bit level to 128 bits on civil encryption.

    --
    My city: Barcelona.
  11. Re:Probable Cause? by tolan-b · · Score: 2, Informative

    Only some of it was quashed wasn't it? IIRC pretty low level people, outside the police and intelligence agencies, investigating fairly minor crimes can still request the information.

    Also there's the fact that MI5 got their bulk monitoring thing introduced in an amendment a few months after RIPA passed, after dropping it because the bill was going to be defeated because of it...

  12. Re:Tools by NumbThumb · · Score: 2, Informative

    Have you tried the enigmal extension? It doesn't get much simplet than that. Setting it up is not completely seemless, but easy enough. Using it is just a matter of klicking the "encrypt" button.

    --
    I have discovered a truly remarkable sig which this 120 chars is too small to contain.
  13. Even worse in Germany by stiebing.ja · · Score: 2, Informative

    "We can shout at people that the government can read our email and chat logs, but very few people will make the move to encryption. People are apathetic and lazy - unless encrypted email and chat is enabled BY DEFAULT in the next version of email and chat programs, people won't do it."

    I can only agree with this. Living in Germany I followed the discussion about the data storage a bit.
    This includes the knowledge that every offerer of telecommunications in Germany has to provide the hardware to monitor and store communication details - like email or your mobiles SMS - from January 2005 on, and that on their on costs.

    As a result to this I describe the privacy problem in my signature of every email, including a link (http://home.arcor.de/ja.stiebing/gpg sorry - german only) to a page with further information (respectively links to information) about the german law and a brief usage of gpg. Although the people I communicate with all are aware of the dangers of the 'glassy human' (like they call it in Germany), NO ONE OF THEM has started to use encryption - well one friend of mine at least thought about doing it.

    You are absolutely right to claim that encryption has to be enabled by default - and it has to be available in every kind of communication program for the net. I hope that eg. Opera will have at least the possibility to include GPG in its upcoming version (perhaps allowing the users to point to an online GPG key?).

    Keep your data private - or would you also like everyone enquiring your underwear?

    btw, my GPG key:
    http://home.arcor.de/ja.stiebing/download/gpg-key

    --
    I lag