Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Moves Forward with Data Retention

Posted by samzenpus on from the find-out-what-you-said-last-week dept.

KokoBonobo writes " euobserver.com reports on controversial proposals to require EU service operators to retain data about telephone calls and e-mails as part of an overall fight against crime and terrorism. The retained data would not only consist of logs, but of entire conversations and contents of the e-mails and SMS messages. This document from the European Commission's Information Society goes into further detail."

3 of 325 comments (clear)

  1. A few numbers by Spad · · Score: 4, Interesting

    For the sake of argument, ignoring phone records, etc and just focusing on the internet.

    There are over 100 million broadband users in the EU - plus countless milllions of dialup users - but we'll ignore the dialuppers too for the moment.

    Now I download about 300Gb/year and upload about half that. So we'll say about 400Gb/year of traffic. Now I know that they only have to log the traffic and not store everything I download/upload (although that would make for a more amusing example) so let's make it 1/10th of that actually required to log all my data (40Gb).

    That's 3.7 Exabytes of data per year for all the broadband users in the EU alone. Assuming they haven't changed the proposal too much since I last read it, they required storage of data for 7 years, that's ~26 Exabytes of storage required to hold all this stuff.

    How the hell do you find anything of use in 26 exabytes of data?

  2. Re:Tools by Library+Spoff · · Score: 3, Interesting

    so how do i go about encrypting my sms messages?

    --
    Acid House saves Souls
  3. Re:Nobody cares... by Phil+Karn · · Score: 3, Interesting
    It's now easier than ever before to routinely encrypt the bulk of your own IP traffic. These steps can make passive eavesdropping of your broadband connection a lot less interesting:

    Select the SSL/TLS options on your SMTP, IMAP and POP sessions to your mailserver. Mozilla/Thunderbird has full support for SSL/TLS, and I think most other modern email clients do as well.

    If your mailservers don't support SSL/TLS, ask the admins to enable it. If they refuse, switch to ISPs that do. (Speakeasy supports SSL/TLS for IMAP and SMTP.)

    Run your own personal SMTP server and enable the STARTTLS option. Most SMTP senders -- even many spammers! -- will automatically invoke the STARTTLS option if the server advertises it. This finally turns spam into something useful -- a constant background stream of encrypted fill traffic from all over the planet. What better way to thwart traffic analysis?

    Configure your own webservers to support https. Make it available for all your webpages, not just the "sensitive" ones.

    Use SSH for all remote login/file transfer between machines on which you have accounts.

    Web surf over a SSH tunnel into a shared proxy cache with logging turned off.

    Set up IPSEC in opportunistic mode.

    If you have a flat-rate broadband connection, run background scripts to ship big random files to your friends with various P2P applications. Set up a traffic-shaping router and configure it to give low priority to P2P traffic so it won't bother your foreground activities.

    Sure, it would be a lot better if you could convince everybody you exchange email with to encrypt everything on an end-to-end basis with S/MIME or GPG/PGP, but this stuff is quite doable and it's a lot better than just giving up on your privacy and security.