Slashdot Mirror
EU Moves Forward with Data Retention
KokoBonobo writes "
euobserver.com reports on controversial proposals to require EU service operators to retain data about telephone calls and e-mails as part of an overall fight against crime and terrorism. The retained data would not only consist of logs, but of entire conversations and contents of the e-mails and SMS messages. This document from the European Commission's Information Society goes into further detail."
Well, if anything is going to drive people to personal encryption, this type of brain-damaged legislation will be it.
My username does not make me Apathetic. It's irony, get it?
It seems that with the rapid pace of new technology and the slow pace of legislation, that this will be largely ineffective.
Already it's easy to see how existing technologies could be used to effortlessly circumvent the proposals.
"Telephone calls", does this cover Skype? Does it cover VOIP in general which is just data passing over the network and could always be wrappered, encrypted, or routed via several points (to ensure no single intermediary could capture the whole conversation).
It's great that our politicians can find ever increasing ways to enforce a climate of fear whilst wasting the monies that could help alleviate problems fced by the citizens that they represent.
Damn! Now I've posted what do I do with these mod points!?
HAHA
Now you have to retain this comment in this thread in order to combat terrorism or something.
Now I know the Belgians can speak French. If they can't communicate properly, this data retention law isn't going to help at all. What would help is for the various member states to get their act together and start working together more closely on international crimes.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Just ask friendly ol' uncle Sam for the Echelon logs?
No need to duplicate!
My pics.
Moderate this comment
Negative: Offtopic Flamebait Troll Redundant
Positive: Insightful Interesting Informative Funny
Nothing to see here
The one representative who was supposed to speak in favor of it never showed up (remember Inger Marie Sunde?), nor did she send a replacement. Now what kind of message does that send? It gives the impression of "the majority doesn't care for long-term storage of traffic data, but we don't care what the majority thinks. We're going to impose our way on you whether you like it or not."
People say I'm crazy, I got diamonds on the soles of my shoes...
"You mean we're gonna need how much disk space exactly?". "We're gonna have to invade which small nation just to get enough physical space to store all this stuff?".
Worry not, it will blow over soon enough :-)
I find your ideas intriguing and I wish to subscribe to your newsletter.
I think you missed the point. Encryption of your local files is a moot point if the data being transmitted is what's being retained.
That's not to say that encrypting your files isn't a good idea, just irrelevant in this case. Use of PGP/GPG for email, however.. in this case, is a bloody well fantastic idea. If everyone you communicate with has a key pair, you just have to remember to encrypt (and, if you aren't completely braindead, sign) everything you send and you'll have one less things to worry about. Keeping your web traffic under wraps might be a little more difficult.
I just need to find a cheapass CA (or track down the requisite software to do it myself) and I'd be happy as a clam. Of course, the challenge would be convincing everyone I know to start using it, as well. Although, at least that way I could make a certificate for my own servers so that, when I eventually do get my own server up and running, I can keep all traffic using https.
Matthew G P Coe
http://mgpcoe.blogspot.com/
Hrmf. WTF are you even talking about? Something like this tried in the USA would result in a ton of out-of-work Congress folks. The EU, on the other hand, has already proven that it will vote however it wants, regardless of how the actual people in the member countries feel about things (the patent issue). That's what you get for being represented in the EU by appointees. That's also what you get for believing in the compete-with-the-US propaganda that got you the EU in the first place.
:P
Instead of storing all that data, the EU should just ask the CIA for the data nicely.
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
Can't really argue with that, but in in the European Convention on Human Rights it becomes
Article 8:
1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.
2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.
Just cry "crime and terrorism" and that small-print in 8(2) takes it away again...
If you value your privacy (and that of others you communicate with - which can be more important than your own!) be sure to exercise your rights.
:: E M A I L ::
h p
Encourage the use of the OpenPGP standard by supplying others with your public key and encouraging them to use it.
Using encryption does not often complicate traffic analysis, but it can keep them from reading your private communications. Be sure to remind people that email subject lines are not encrypted and should be condidered carefully. I often use something like
Subject: This space intentionally left ______________
Here's some boilerplate: [there's breakage on the 5th link - be sure to correct]
Do consider Thunderbird
http://www.mozilla.com/products/thunderbird/
http://www.mozilla.com/products/thunderbird/why/
for both yourself and your clients. It's really a wonderful product
and has spam handling built right in. Unlike Outlook(TM) it is open
about where it keeps your email (not hidden and difficult to export)
and is not so susceptible to worms and email nastiness such as scripts
that run without hindrance. Many a spyware app has been installed
further contributing to the spam problem due to people running just
that piece of software. Don't help the spammers. Reclaim your inbox.
It supports Enigmail: ( email envelopes you don't have to lick! )
http://enigmail.mozdev.org/
http://www.moztips.com/index.php?id=87
http://dudu.dyn.2-h.org/nist/gpg-enigmail-howto.p
I've attached my public key [ 0xYOUR_FINGERPRINT ]. I prefer to receive
secure mail. I've got nothing to hide, but I don't like using
postcards for all my USPS/post correspondence either. Regular email is
like using postcards on the internet. Any postal worker along the way
can take a look ( have a look at email "headers" sometime; every hop
you see is a place where your email is stored on a hard drive. )
Please use an envelope when communicating with me. It won't even cost
you a stamp. I value your privacy as much as I hope you value mine.
How to Get Encryption Going on Windows
There's no need to keep my public key a secret. Feel free to give
it away or put it on a telephone pole; write it in the sky if you'd
like. It's available on the web. The more people that have it the
better. Use it to seal your envelopes when sending me mail. I've got
the only other matching key (my private key, opposite the public key
I've given to you) that allows me to unlock the envelope. You can
even lock an envelope so that multiple people can unlock it on their
own, but nobody else can read what you've sent them.
You can also find keys for me here:
http://www.biglumber.com
Please try it out. Be glad to help you get started.
The EU is getting to be a huge economic power, and one of the appeals is having a common single market. The EU has the largest economy in the world right now, so not joining may hurt a country.
University of Washington
Student
what good is data retention, when you are unable to decrypt it?
The government will install a high resolution 24/7 webcam in your bedroom, feed all the footage over the internet and store it for ever? Just to make sure that nothing is said there that could be connected to criminal or terrosist activity. Anyway if your a good, well behaved, citizen you have nothing to worry about because you have nothing to hide, right? In my opinion we're all being held hostage by criminals and terrorist.
As well, history has repeatedly shown that it is just a very small step from storing personal information to abusing it to repress the masses. Maybe good intentions, but very dumb dumb people.
Those that are willing to trade freedom for security, will get none and deserve neither !
IANAL, but imagine a beowulf cluster of in Soviet Russia all your belong are base to us welcoming the new SCO overlords.
In The Netherlands (and also the UK), a person can be forced to assist the authorities to decrypt information (i.e. supplying them with the key). If you refuse to cooperate, you could face a hefty fine, or be put in prison (depending on whether the police, or the intelligence services give the order).
The only alternative seems to be anonymous multi-hop networks that use onion routing; in those cases, you cannot cooperate (when it's not your own communication), since you don't have the key. And on top: purely from network traffic, eavesdroppers cannot determine whether a given packet is yours or (more likely) someone elses. These networks exist, but are still in their infancy; they don't support a full /. crowd yet. So I won't mention the name here; if you're savvy enough, you'll find its name on Google (maybe) or Freenet (certainly).
The whole terrorism witchhunt has seen 1984 approach rapidly. This must be fought. If it happens anyway, at least I can sleep with a clear conscience, since I fought in the war...
Support a Europe-related section on Slashdot!
Practically, does it make a difference? Most (not all) companies will turn over whatever information they have about you to the government if they have even so much as a pen pointed in their direction. About the only time you'll see a company refuse a government request for a customer's data is if they feel it will somehow be financially beneficial to do so.
Don't forget eBay's statement from last year: "If you are a law-enforcement officer, all you have to do is send us a fax with a request for information, and ask about the person behind the seller's identity number, and we will provide you with his name, address, sales history and other details--all without having to produce a court order."
Please stand clear of the doors, por favor mantenganse alejado de las puertas
When I grew up, in the 70s and 80's, the eastern European countries were scorned for their obvious distrust in its own people, since copies were kept of phone conversations and letters. Still we're horrified by the vast archives of Stasi, Securitate and similar organisations. Yet, what we're about to introduce goes so much further. Is it only because it's so easy to do with electronic information that it feels OK to do so? I have a feeling that it would not be appreciated to suggest a legislation to make copies of all snail mail and store for use in fight against crime and terrorism. _ /Bjorn.
European countries have been fighting each other for as long as anyone can recall - making the countries depend on each other for sales purposes is a stroke of genius; most wars are about money/power, but nobody as lobbying for war agains a country which is a big customer of whatever product you might be selling.
-- A good compromise leaves everyone mad. --Calvin and Hobbes
and I am going to say it again!
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
Benjamin Franklin To the world governments:
Please Leave us ALONE. Your forms of protection, infringe on our freedoms, maybe there wouldn't be a terrorist issue if you weren't so controling. Maybe if you didn't try to impose your morals on the rest of the world, there would be no reason to "rise up against $nation".
Where, at what point, did things go wrong?
I really don't know, but as long as there are more than 2 beings in exsistance, one will try to dominate.
42 69 6C 6C 20 47 61 74 65 73 20 69 73 20 61 20 77 68 6F 72 65 21
I have to thank the people who are bringing out this legislation. This is exactly the type of thing that motivates me into learning new topics like encryption and so forth. I haven't thought much about encryting my communications or data up until right now.
As soon as they put obstacles in our way we must find ways around them.
I try not to rant and rave about this, to my non-nerd friends, but sometimes I just can't help my self... but it seems nobody really cares. They will just mumble something like "but think about the children" and surrender their freedom. Damn.
Anyway, I've all but given up, except I digitally sign (s/mime) all my mails and I've a pgp key that I'll use when requested.
Now digitally signing my mails may not seem like much, but I don't know a single other person (Nerds/Geeks or not) that has a digital signature, so I can't encrypt (I've one work colleage with a pgp key). But sometimes somebody asks me what that strange symbol by my mail is about and I have an opening to talk a bit about security (I often add something about spam), but I still haven't managed to get a single other person to get a digital signature.
Not that I've anything sinister to mail about, but I just want to keep those NSA servers busy. Trying to break a 2048bit key, just to get to a message about soup.
TC - My Photos..
For the sake of argument, ignoring phone records, etc and just focusing on the internet.
There are over 100 million broadband users in the EU - plus countless milllions of dialup users - but we'll ignore the dialuppers too for the moment.
Now I download about 300Gb/year and upload about half that. So we'll say about 400Gb/year of traffic. Now I know that they only have to log the traffic and not store everything I download/upload (although that would make for a more amusing example) so let's make it 1/10th of that actually required to log all my data (40Gb).
That's 3.7 Exabytes of data per year for all the broadband users in the EU alone. Assuming they haven't changed the proposal too much since I last read it, they required storage of data for 7 years, that's ~26 Exabytes of storage required to hold all this stuff.
How the hell do you find anything of use in 26 exabytes of data?
> It seems the EU is becoming less and less appealing... Yups, the EU is becoming more and more like the United States. They're really taking a good look and copying all the bad things.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
The US government were originally so afraid of PGP that they imprisoned its author for "trafficing arms". It's probably the most peer-reviewed encryption software in the world.
I'd rather trust PGP than any government-recommended scheme any day. Take Clipper ; the inbuilt key escrow killed it from day one - even PHBs were not going to bend over for that one, given the record of gov.us in the matter of taking foreign trade secrets by surveillance and using them to benefit domestic companies.
will this be enough to boost seagate's stock price?
95% of the terrorism I read about lately are the paranoid laws by the (uber)governments of the world on it's own citizens.
The EU is about as democratic as the former Soviet Union. The European Parliament is almost powerless, and the national governments are almost powerless against new European legislation. Those in the US who are thinking Europe's getting it right are sadly wrong.
Oolite: Elite-like game. For Mac, Linux and Windows
finally, a real backup solution for my personal data
Before 1999:
As in the United States, France has long classified encryption as a military or dual-use technology, and accordingly restricted its export. It received special treatment in a small flourish appended to the 20-page telecommunications law of December 29, 1990. Article 28 of this law required government permission for any use of encryption.
No immediate action was taken on what the French refer to as "the December 29 law," but six years later a more comprehensive bill was passed. This July 26, 1996 law specifies that users of secret keys must store them with organizations that will furnish them to government officials as needed for crime-fighting purposes, a plan commonly known as "trusted third parties" or (in the United States) as "key escrow," "key recovery," or "government access to keys."
Original article
At this moment France has changed his mind and has raised 40-bit level to 128 bits on civil encryption.
My city: Barcelona.
I have a newsflash for you. You are a victim of the old trick that has been repeatedly used by national politicians to pass necessary, but painful reforms: "the EU made me do it". What they don't tell you is that they made the EU make them do it.
The so-called "democratic deficit" in the EU is a myth. The EU executive is currently shared between the European Commission and the European Council.
The Council is made of all of the elected national heads of government, or the appropriate ministers (depending on the issue).
As for the Commission, it is appointed by the heads of government, which is hardly less democratic than, for instance, the (directly elected) French President appointing a Prime Minister from the majority party in the Parliament. Moreover, just as a national government, the European Commission has to be approved by the Parliament. Remember how Mr Santer was forced to resign, or how Mr Barroso was forced to remove contested Commissioners because he'd have failed the confidence vote otherwise?
If you remember the EU software patent debacle, the non-democratic decision (i.e. not giving a flying f#ck about the EU Parliament) was made by the European Council, i.e. the government of the member states that the EU citizens themselves elected!
It is high time the disinformation stopped. While I would welcome a major increase in the Parliament's powers, the EU executive is definitely held accountable. The current situation is not a "democratic deficit", but rather excessive powers in the hand of national heads of state.
By the way, I'd trust the Commission much more than my own national government... Give me a Prodi over a Chirac or a Berlusconi any day.
The right way to treat encryption is the same way they treat safes and lockboxes.
If the police are searching your house (with a warrant) and they find a safe, there are rules about when they can and cant force you to open that safe.
The same rules should apply to any ecrypted information they find.
For example, if they have an encrypted email or file, the same rules should apply as apply to them finding a safe in your house.
As for this new data retention crap, are the cops going to pay for the huge servers and disks required to hold all this information? And the people to keep everything going?
Terrorism has lost all meaning to me now, it's unfortunate that such an awful thing has turned into nothing more then a Buzz word and an excuse for governments to spy on their own people. Everyday I hear about fighting terrorism, and people losing their privacy and rights, I feel like its getting closer and closer to 1984. If people weren't so misguidied in their fear of terrorism then the governments wouldn't have the excuses to enact these laws. Terror kills only a percentage of a percentage of what smoking does, or heart disease or AIDS. Why not take most of the money being spent on fighting terrorism and put it to use fight the REAL killers of the world population, because everyone knows, no matter how much money you through at it humans will still kill humans.
My 2 cent rant.
The Good Life
Yes, in the UK, under the RIP act, you can be sentenced to moderate jail time for not giving up your key. This is supposed to stop terrorists, child molesters and drug smugglers from using encryption.
Of course, any drug-smuggling terrorists with a penchant for child-molesting will immediately surrender the keys to incriminating information. Why would he take up to three years vacation at her Majesty's pleasure for encryption, when he could easily get 18-25 or even life for his real offences?
It's because of well thought out, useful laws like this that crime is virtually unheard of on our sunny islands! Thank you New Labour!
no taxation without representation!
Denmark is way ahead of the rest of the EU and is implementing a legislation that affect not just ISP... it affect anyone who provide some sort of "tele services"...
So if you run a block, you need to track, register and store everyone who makes a comment on you page.
If you run a BulletinBoard... same applies.
Run a chat or mailinglist? Ditto for you.
Do you run *any* kind of server (apache, irc, cvs, ftp, mailinglist etc.). You're not excused.
In short: every citizen is obliged to keep records of friends, family etc. whereabouts.
Welcome to Stasi-land!
Only some of it was quashed wasn't it? IIRC pretty low level people, outside the police and intelligence agencies, investigating fairly minor crimes can still request the information.
Also there's the fact that MI5 got their bulk monitoring thing introduced in an amendment a few months after RIPA passed, after dropping it because the bill was going to be defeated because of it...
Yup. Probably wouldn't fly in open court, but if memory serves you aren't allowed to tell anyone that the government have requested the key, or else you get to spend twenty years in the clink. I left my tinfoil hat at home today, so I won't comment that this gives "Them" a nice mechanism to lock you up on an unfalsifiable pretext.
I
What if you suddenly forget your passphrase? This can plausibly happen in extreme stress situations, such as being arrested, interrogated, and/or threatened to be put in prison.
Terrorism has *always* existed. It's not any worse now than 10 years ago.... I used to have the odd afternoon off school due to bomb scares (99.9% of terrorism is the fear of it not the actual action. The closest I got was when the IRA decided to do a demolition job on the local city centre on a Saturday afternoon.. I was about half a mile away.. spent the afternoon quaffing beer on the exclusion perimiter and watching helicopters/police with guns surrounding the place).
There is a witchhunt - basically anyone who wants 'rights' risks being thrown in jail without and representation or right to a trial. This situation would never have been allowed a few years ago but under the 'terrorism' laws you can be arressted for anything they decide to dream up.
The RIP bill has been used frequently and even by those who were not supposed to.
When the government sought to introduce RIP2 recently their investigation showed that ISPs were handing over information without court orders and that the law was being exercised by lowly council workers that were not intended to be provided access to users data.
"We can shout at people that the government can read our email and chat logs, but very few people will make the move to encryption. People are apathetic and lazy - unless encrypted email and chat is enabled BY DEFAULT in the next version of email and chat programs, people won't do it."
I can only agree with this. Living in Germany I followed the discussion about the data storage a bit.
This includes the knowledge that every offerer of telecommunications in Germany has to provide the hardware to monitor and store communication details - like email or your mobiles SMS - from January 2005 on, and that on their on costs.
As a result to this I describe the privacy problem in my signature of every email, including a link (http://home.arcor.de/ja.stiebing/gpg sorry - german only) to a page with further information (respectively links to information) about the german law and a brief usage of gpg. Although the people I communicate with all are aware of the dangers of the 'glassy human' (like they call it in Germany), NO ONE OF THEM has started to use encryption - well one friend of mine at least thought about doing it.
You are absolutely right to claim that encryption has to be enabled by default - and it has to be available in every kind of communication program for the net. I hope that eg. Opera will have at least the possibility to include GPG in its upcoming version (perhaps allowing the users to point to an online GPG key?).
Keep your data private - or would you also like everyone enquiring your underwear?
btw, my GPG key:
http://home.arcor.de/ja.stiebing/download/gpg-key
I lag
Sure. Terrorism is real. But we are reacting in irrational ways. The ways we react do in fact only make the most sense if either we're ruled by incompetent asshats that are out of touch with reality, or the asshats that rule us have a different agenda they don't disclose.
Stop the brainwash