Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Moves Forward with Data Retention

Posted by samzenpus on from the find-out-what-you-said-last-week dept.

KokoBonobo writes " euobserver.com reports on controversial proposals to require EU service operators to retain data about telephone calls and e-mails as part of an overall fight against crime and terrorism. The retained data would not only consist of logs, but of entire conversations and contents of the e-mails and SMS messages. This document from the European Commission's Information Society goes into further detail."

24 of 325 comments (clear)

  1. Tools by Apathetic1 · · Score: 4, Insightful

    Well, if anything is going to drive people to personal encryption, this type of brain-damaged legislation will be it.

    --

    My username does not make me Apathetic. It's irony, get it?

    1. Re:Tools by casuist99 · · Score: 4, Insightful

      Judging by your username (Apathetic), I would think you'd realize the one fundamental fact about the public (in general): We're apathetic about things we SHOULD care about.

      We can shout at people that the government can read our email and chat logs, but very few people will make the move to encryption. People are apathetic and lazy - unless encrypted email and chat is enabled BY DEFAULT in the next version of email and chat programs, people won't do it.

    2. Re:Tools by Apathetic1 · · Score: 3, Informative

      I've showed half a dozen people how easy it was to use GPG with the Thunderbird Enigmail extension and they've never looked back. Many people are ignorant of the alternatives rather than simply being lazy.

      --

      My username does not make me Apathetic. It's irony, get it?

    3. Re:Tools by krymsin01 · · Score: 3, Informative
      Actually, I only think the ones doing any encryption will be the ones that the government/police would actually be interested in tracking.
      What about the companies that encrypt their data so that their competitors don't get the edge on them? Or online bank transactions?
      --
      stuff
    4. Re:Tools by Library+Spoff · · Score: 3, Interesting

      so how do i go about encrypting my sms messages?

      --
      Acid House saves Souls
  2. Rules are made to be broken... VOIP loophole? by buro9 · · Score: 4, Insightful

    It seems that with the rapid pace of new technology and the slow pace of legislation, that this will be largely ineffective.

    Already it's easy to see how existing technologies could be used to effortlessly circumvent the proposals.

    "Telephone calls", does this cover Skype? Does it cover VOIP in general which is just data passing over the network and could always be wrappered, encrypted, or routed via several points (to ensure no single intermediary could capture the whole conversation).

    It's great that our politicians can find ever increasing ways to enforce a climate of fear whilst wasting the monies that could help alleviate problems fced by the citizens that they represent.

    Damn! Now I've posted what do I do with these mod points!?

    1. Re:Rules are made to be broken... VOIP loophole? by nayigeta · · Score: 3, Insightful

      Yucks! Click submit instead of preview. *yawn*

      Anyway, my key point to the quote is - circumvention is an act of having something to hide. And if one has something to hide, chances are, whatever one is hiding is likely to be more valuable information.

      You see, there are people that lives thinking they have nothing to hide, so they do not see any need to circumvent. And these are the group of people that will be unfortunate target of this legislation if they unwittedly performed petty criminal act.

      So, the tricky thing is.. while such legislation is targeted at big crimelords and terrorists, it is more likely that the data will instead be used against those who commit petty crimes. I am not saying that these petty criminals don't deserve it though.

      I rather have my privacy respected, than encrypted.

      --
      Sunset over the lake, cool mist over the bridge; A leave upon the ripples, the snow reflects its glow.
  3. I Farted!!!!! by Anonymous Coward · · Score: 3, Funny

    HAHA

    Now you have to retain this comment in this thread in order to combat terrorism or something.

  4. So much for European data privacy by IO+ERROR · · Score: 3, Insightful
    From the article:

    This decision, which passed quickly through Council, was prompted by the recent case of the serial killer Michel Fourniret who was able to carry out his crimes for years by exploiting the poor communication between French and Belgian authorities.

    Now I know the Belgians can speak French. If they can't communicate properly, this data retention law isn't going to help at all. What would help is for the various member states to get their act together and start working together more closely on international crimes.

    --
    How am I supposed to fit a pithy, relevant quote into 120 characters?
  5. Even Encryption won't help in the UK by amigoro · · Score: 4, Informative
    Since 1998, the police have the right to demand your encryption keys. Here's an old article about that.

    Moderate this comment
    Negative: Offtopic Flamebait Troll Redundant
    Positive: Insightful Interesting Informative Funny

    --


    Nothing to see here
    1. Re:Even Encryption won't help in the UK by julesh · · Score: 3, Informative

      Yeah, and according to the law, unless you can _prove_ you've forgotten it when there's _reasonable evidence to suggest_ that you know it, you're still going to go to prison.

    2. Re:Even Encryption won't help in the UK by julesh · · Score: 4, Informative

      All it takes is one high court case, observed by our sensationalistic media, and that law will be consigned to the gutter.

      The law includes secrecy provisions. Anyone charged under it will have their hearing in a closed session, and are strictly prohibited (penalty of 5 years imprisonment) from informing anyone other than their lawyer, so media coverage seems unlikely.

      (4) A person who makes a disclosure to any other person of anything that he is required by a section 49 notice to keep secret shall be guilty of an offence and liable-

      (a) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine, or to both;

      (b) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum, or to both.

  6. my own direct experience on this topic by tuxette · · Score: 5, Insightful
    I participated in an open hearing (in Norwegian only, sorry) on this very topic last year in Oslo. Participants included representatives from telecom companies, top IT companies, government agencies, interest groups, etc. While there was sympathy for the need to fight terrorism, nobody was in favor of long-term storage of traffic data. The reasons varied, all from privacy concerns to costs to contractual expectations. Nobody was able to see how this long-term data storage would be useful for fighting terrorism. Yes, they understood the alleged theories, but were able to slam these theories with real world examples.

    The one representative who was supposed to speak in favor of it never showed up (remember Inger Marie Sunde?), nor did she send a replacement. Now what kind of message does that send? It gives the impression of "the majority doesn't care for long-term storage of traffic data, but we don't care what the majority thinks. We're going to impose our way on you whether you like it or not."

    --
    People say I'm crazy, I got diamonds on the soles of my shoes...
  7. I find it all quite amusing really.... by B747SP · · Score: 4, Insightful
    IIRC, this isn't the first time someone senior and clueless got it in their heads that it would be a great idea to just store everything that ever passes across a given network. They tend to go really quiet right after someone sits them down in a quiet room and spells out a few of the 'practical' details of what they think they're going to do...

    "You mean we're gonna need how much disk space exactly?". "We're gonna have to invade which small nation just to get enough physical space to store all this stuff?".

    Worry not, it will blow over soon enough :-)

    --
    I find your ideas intriguing and I wish to subscribe to your newsletter.
  8. Re:Encrypt your data/files by jargonCCNA · · Score: 4, Informative

    I think you missed the point. Encryption of your local files is a moot point if the data being transmitted is what's being retained.

    That's not to say that encrypting your files isn't a good idea, just irrelevant in this case. Use of PGP/GPG for email, however.. in this case, is a bloody well fantastic idea. If everyone you communicate with has a key pair, you just have to remember to encrypt (and, if you aren't completely braindead, sign) everything you send and you'll have one less things to worry about. Keeping your web traffic under wraps might be a little more difficult.

    I just need to find a cheapass CA (or track down the requisite software to do it myself) and I'd be happy as a clam. Of course, the challenge would be convincing everyone I know to start using it, as well. Although, at least that way I could make a certificate for my own servers so that, when I eventually do get my own server up and running, I can keep all traffic using https.

    --
    Matthew G P Coe
    http://mgpcoe.blogspot.com/
  9. Re:This is new.... by Anonymous Coward · · Score: 3, Insightful

    Hrmf. WTF are you even talking about? Something like this tried in the USA would result in a ton of out-of-work Congress folks. The EU, on the other hand, has already proven that it will vote however it wants, regardless of how the actual people in the member countries feel about things (the patent issue). That's what you get for being represented in the EU by appointees. That's also what you get for believing in the compete-with-the-US propaganda that got you the EU in the first place.

    Instead of storing all that data, the EU should just ask the CIA for the data nicely. :P

  10. Re:Tools - But Even Then... by ControlFreal · · Score: 4, Informative

    In The Netherlands (and also the UK), a person can be forced to assist the authorities to decrypt information (i.e. supplying them with the key). If you refuse to cooperate, you could face a hefty fine, or be put in prison (depending on whether the police, or the intelligence services give the order).

    The only alternative seems to be anonymous multi-hop networks that use onion routing; in those cases, you cannot cooperate (when it's not your own communication), since you don't have the key. And on top: purely from network traffic, eavesdroppers cannot determine whether a given packet is yours or (more likely) someone elses. These networks exist, but are still in their infancy; they don't support a full /. crowd yet. So I won't mention the name here; if you're savvy enough, you'll find its name on Google (maybe) or Freenet (certainly).

    The whole terrorism witchhunt has seen 1984 approach rapidly. This must be fought. If it happens anyway, at least I can sleep with a clear conscience, since I fought in the war...

    --
    Support a Europe-related section on Slashdot!
  11. A few numbers by Spad · · Score: 4, Interesting

    For the sake of argument, ignoring phone records, etc and just focusing on the internet.

    There are over 100 million broadband users in the EU - plus countless milllions of dialup users - but we'll ignore the dialuppers too for the moment.

    Now I download about 300Gb/year and upload about half that. So we'll say about 400Gb/year of traffic. Now I know that they only have to log the traffic and not store everything I download/upload (although that would make for a more amusing example) so let's make it 1/10th of that actually required to log all my data (40Gb).

    That's 3.7 Exabytes of data per year for all the broadband users in the EU alone. Assuming they haven't changed the proposal too much since I last read it, they required storage of data for 7 years, that's ~26 Exabytes of storage required to hold all this stuff.

    How the hell do you find anything of use in 26 exabytes of data?

    1. Re:A few numbers by cybertears · · Score: 3, Funny

      google desktop search, obviously.

  12. A Subject by Anonymous Coward · · Score: 4, Insightful

    95% of the terrorism I read about lately are the paranoid laws by the (uber)governments of the world on it's own citizens.

  13. Re:Nobody cares... by Phil+Karn · · Score: 3, Interesting
    It's now easier than ever before to routinely encrypt the bulk of your own IP traffic. These steps can make passive eavesdropping of your broadband connection a lot less interesting:

    Select the SSL/TLS options on your SMTP, IMAP and POP sessions to your mailserver. Mozilla/Thunderbird has full support for SSL/TLS, and I think most other modern email clients do as well.

    If your mailservers don't support SSL/TLS, ask the admins to enable it. If they refuse, switch to ISPs that do. (Speakeasy supports SSL/TLS for IMAP and SMTP.)

    Run your own personal SMTP server and enable the STARTTLS option. Most SMTP senders -- even many spammers! -- will automatically invoke the STARTTLS option if the server advertises it. This finally turns spam into something useful -- a constant background stream of encrypted fill traffic from all over the planet. What better way to thwart traffic analysis?

    Configure your own webservers to support https. Make it available for all your webpages, not just the "sensitive" ones.

    Use SSH for all remote login/file transfer between machines on which you have accounts.

    Web surf over a SSH tunnel into a shared proxy cache with logging turned off.

    Set up IPSEC in opportunistic mode.

    If you have a flat-rate broadband connection, run background scripts to ship big random files to your friends with various P2P applications. Set up a traffic-shaping router and configure it to give low priority to P2P traffic so it won't bother your foreground activities.

    Sure, it would be a lot better if you could convince everybody you exchange email with to encrypt everything on an end-to-end basis with S/MIME or GPG/PGP, but this stuff is quite doable and it's a lot better than just giving up on your privacy and security.

  14. Re:EU 1984? by killbill! · · Score: 4, Insightful
    The EU is about as democratic as the former Soviet Union. The European Parliament is almost powerless, and the national governments are almost powerless against new European legislation.

    I have a newsflash for you. You are a victim of the old trick that has been repeatedly used by national politicians to pass necessary, but painful reforms: "the EU made me do it". What they don't tell you is that they made the EU make them do it.

    The so-called "democratic deficit" in the EU is a myth. The EU executive is currently shared between the European Commission and the European Council.
    The Council is made of all of the elected national heads of government, or the appropriate ministers (depending on the issue).
    As for the Commission, it is appointed by the heads of government, which is hardly less democratic than, for instance, the (directly elected) French President appointing a Prime Minister from the majority party in the Parliament. Moreover, just as a national government, the European Commission has to be approved by the Parliament. Remember how Mr Santer was forced to resign, or how Mr Barroso was forced to remove contested Commissioners because he'd have failed the confidence vote otherwise?

    If you remember the EU software patent debacle, the non-democratic decision (i.e. not giving a flying f#ck about the EU Parliament) was made by the European Council, i.e. the government of the member states that the EU citizens themselves elected!

    It is high time the disinformation stopped. While I would welcome a major increase in the Parliament's powers, the EU executive is definitely held accountable. The current situation is not a "democratic deficit", but rather excessive powers in the hand of national heads of state.

    By the way, I'd trust the Commission much more than my own national government... Give me a Prodi over a Chirac or a Berlusconi any day.
  15. Re:Tools - But Even Then... by jonwil · · Score: 3, Insightful

    The right way to treat encryption is the same way they treat safes and lockboxes.

    If the police are searching your house (with a warrant) and they find a safe, there are rules about when they can and cant force you to open that safe.

    The same rules should apply to any ecrypted information they find.
    For example, if they have an encrypted email or file, the same rules should apply as apply to them finding a safe in your house.

    As for this new data retention crap, are the cops going to pay for the huge servers and disks required to hold all this information? And the people to keep everything going?

  16. Re:Tools - But Even Then... by kraut · · Score: 4, Insightful

    Yes, in the UK, under the RIP act, you can be sentenced to moderate jail time for not giving up your key. This is supposed to stop terrorists, child molesters and drug smugglers from using encryption.

    Of course, any drug-smuggling terrorists with a penchant for child-molesting will immediately surrender the keys to incriminating information. Why would he take up to three years vacation at her Majesty's pleasure for encryption, when he could easily get 18-25 or even life for his real offences?

    It's because of well thought out, useful laws like this that crime is virtually unheard of on our sunny islands! Thank you New Labour!

    --
    no taxation without representation!