Slashdot Mirror
EU Approves Data Retention
submanifold writes "The EU have ratified rules that will force ISP's and other telecommunication companies to retain data for two years. This data includes the time, date and locations of both mobile and landline calls (as well as whether or not they were answered) along with logs of internet activity and email.
Apparently the content itself would not be accessible, merely the data concerning it. However, despite being touted as an anti-terrorist measure, the record industry has already admitted interest in aquiring such data."
ok, is that lord of the ring-ish? One thought, to fuck them all!
/. so little gain they shall have, our rantings and ravings to keep.
Data retention is no solution and as we all know, a terrorist is not on
This data retention will not bear much fruit in the war on tourism, it will merely halp an evil music industry make more enemies.
Make a diffrence and stop watching holywood garbage and quite listening to wacko jacko. The alternative movie and music circuit is far more creative and rewarding.
-if at first you don't succeed, stay the heck away from paragliding.
My mail comes to me through SMTP directly. I am wondering how they will keep track of my incoming mail... The mail I send, however, goes through their SMTP proxy, which is a bit of a pain but necessary because most properly configured mail servers will reject anything incoming from a DSL IP.
;(
So how can they keep track of my gmail account? That is unless they log all the throughput of data coming in and out of my computer, of course. Now I see a legal and proper use of eDonkey: keep on downloading and uploading free software!!! That way they have LOADS of data to log.
With a bit of luck, the next DMCA will also make that illegal! What a relief for the ISPs.
Write boring code, not shiny code!
Am I caught by this? It sounds like I am. Am I now expected to keep mail logs for two years and be legally liable if I don't? If so, I am almost certainly out of the business. Just not worth the risk to me.
Cheers,
Ian
Having every aspect of my life recorded just scares the hell out of me. We have countried collecting Internet and phone usage. Many cities are putting cameras up to monitor your travel. All your purchases made via credit card are recorded. At work, your company probably monitors your email. Even companies like Tivo monitor your tv viewing habits. What else is left?? Governments/corporations will know damn near everything about you and what you do. I say to hell with this... I'm buying an island in the Pacific and starting my own country.
http://religiousfreaks.com/Just as in the UK, the Government will probably be paying for it.
And as the government's expenses have just risen, and it's workload increased, there will:
a) Be a tax hike to cover the cost that is given to the ISPs to retain the data.
b) Be a tax hike to cover the salaries of the extra bureaucrats required to fill in the paperwork to support the new directive.
c) Be a tax hike to cover the cost of the consultants to work out a way of actually sifting the signal from the noise (or pay for extra M.O.D. staff to do the work).
Part of that tax hike may be applied to the ISPs, so they'll end up paying more, so to recoup costs, they'll have to raise prices.
All of which comes back to bite the basic guy in the street right in the ass.
Lots of cost, no appreciable gain.
One day, the governments will learn that just because you can do something doesn't mean you should. They'll end up with so much noise, they just can't pick out the signal.
But it's pretty clear they will eventually get it.
First off, some politicans already hinted that they think of the requests as reasonable.
Second, the new law is deliberately worded in a way that will make it inevitable that this data will be used in regards to more and more crimes.
While it was indeed touted as a law against terrorists, it only states that the data will be accessible to combat "serious crimes". Of course what exactly such a "serious crime" might be is wide open to interpretation.
Finally, I can really begin to say how discusted I am by this development.
that would mean GBs and GBs of data
I should have said TBs and TBs of data.
You mean YBs and YBs of data.
(http://en.wikipedia.org/wiki/Byte)
He who knows best knows how little he knows. - Thomas Jefferson
I run my own mail server. Will I be asked to log my own email usage? Or will my ISP simply be forced to snoop all the SMTP traffic I generate? And what if I start using TLS for SMTP connections? I really wonder (and dread) how this is going to be enforced.
I thought you guys in the US had it bad, but it looks like the EU is the current record holder in totalitarian tendencies.
Error: password can't contain reverse spelling of ancient Chinese emperor
The UK opposes a lot of the good proposals of the EU (for instance, having completely free markets with respect to alcohol in Europe, so I would be able to order a crate of beer direct from Germany or a case of wine direct from Italy), and push through crap like this. And then the Brits all whine about the EU.
Any arguments from telcos who complain about the volumes of data are only using it so that they are not liable if someone arse deletes it.
Under UK privacy laws you have to delete the data identifying the particular person after you're done with the connection and the billing thereof.
Almost all transaction data is anonymised by a one way hash. Say md5sum. All the keys are done this way. Hashing removes the particular identification, and satisfies this. Almost always this hash uses more space than the original data anyways.
telcos use the hashed equivalents to evaluate aggregate data.
The law could ask for a tap and require you to retain those records anyway. These new laws just put into legislation what was already happening, and creating an offence for not doing it properly.
[% slash_sig_val.text %]
Finally a new market for all of those "limited lifespan" drives IBM made a few years ago.
"ServStor" 36 GB drive! Guaranteed to die within 10 months!
Seriously though, how is the law going to deal with the inevitable but accidental data loss of that stuff? Criminal charges for obstructing justice just for being unlucky enough to choose equipment that turns out to be flakey?
It seems like there are so many zombie computers, tunneling methods, insecure wireless access points, public terminals, cypto methods in a sea of trillions of packets of data/connections and ports that would render these logs useless for all but the most technophobe/idiot terrorist (which I'm guessing there are other more effective ways to nab this "low hanging fruit")
Anyone more familiar with the system know how it will help the "good guys" nab the "bad guys"? Seems like there would be a higher degree of success hanging out in a hay field and search for a needle.
Counter-terrorism vs. privacy invasion? I doubt any government cares whether or not you're browsing porn all night. Seems to me they're increasing their workload too, but only if they're actively sifting. Seems to me they should just have a system of flags set up. Like they most likely already do.
Expect your high-speed and dial up rates to hike up if this goes through. Of course then there's the bells. They already keep a pretty decent record of your calling logs, so that wouldn't be that big of a deal.
This sig isn't original enough, it's time to come up with something witty...
She finished her studies as a sound engineer and tomorrow she starts at a (non-music) job. She already said that she's going to blow her first salary on music CDs: replacing (as much as possible) copied CDs with originals.
Don't underestimate the priorities of people. Personally, I've been in CD shops and found music I'd like (non mainstream!) and I always check for the "Audio CD" logo. None of them had it anymore and all of them indicated some kind of DRM. I put them back, but I'm not passionate about music.
My sister *is* going to buy these kind of CDs, and I can be sure she'll need me to defeat the DRM and put it on her computer (she loves the fact that iTunes is able to share over network, and with multiple computers on the network she does).
I know this is anecdotical evidence, so you can file my ideas in the bit bucket if you want to.
The music industries are not going to go broke anytime soon because most people have other priorities than DRM in their lives. As long as there is a loss in revenues (or only a perceived loss) they will push DRM, more and more draconian DRM. To the point that you will have a live internet connection on your CD player to play a simple "Audio CD" (and probably linked to one single player) It's only at that point that people will revolt, but then it will be too late.
I don't see a way out as long as only people posting on slashdot know about DRM.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Interesting. I have 32 IP addresses assigned to the one box, and this has all been handled through my limited company so I suppose you could argue that it's a public offering. The boxes run apache instances but also Postfix, so there is a public mail server out there.
I think from your description that I'm outside of the framework, but can't exactly put my finger on why. Does what I've said come under the 'no routing' bit? Or is having the multiple IP addreesses (all on the same subnet of course) classed as diong routing?
Cheers,
Ian
Use anonymous remailers.
I'm in two minds about those things. On the one hand, anonymity is very, very good; on the other hand, one of my users was getting harrassed by some jerk, and when I blocked his incoming emails, he took to using anonymous remailers instead. I ended up blocking the remailers he was using by blocking any address matching "mixmaster@*".
So, as a user, I love freely available anonymity; but as a sysadmin, I demand that people be accountable for what they want to say if they want to send mail to my users.
-Stephen
"Control can never be a means to any practical end... It can never be a means to anything but more control..."
"And the meaning of words; when they cease to function; when will it start worrying you?"
Actually, you have a right to get access to all the info a private company has stored on you. Write them a snail mail and they'll have to send you everything. As others have pointed out, only headers and phone records would be stored, but it would be a nice act of civil disobedience to DDoS them via snail mail. If thousands of customers want records kept in a huge pile of plain text logs somewhere, it'll bog the average ISP down pretty well.
I have a very good broadband connection because of the work I do, but I am a BIG believer in sharing.... I piggyback a lot of open WAPS when I am out and about, and to return the karma, I share mine. I have a separate, public WAP, firewalled off of my home network by a linux box and Novel BorderManager. Any unrecognized MAC address is fed a DHCP config that will send all port 80 requests to my CGI that asks them to agree to my terms (i,e, no illegal stuff, under age porn, copyright violations, etc., and warns them that my usage is a higher priority, and they will be throttled when I am using the b/w) and when they agree, it adds their MAC addy to the table that allows them to get through the router. I even have the router congifured so they can do BT is they know how to follow the instructions on my consent page.
Since I've had this setup (almost 2 years)I've only banned 1 MAC because he was just a leach, 24 hours a day.
I don't keep logs more than a few days... so now I have to keep 2 years of logs? Not bloody likely. I don't even know who the users are.... just their MAC address (which of course can be spoofed).
Go to http://www.stoppaovervakningen.nu/ (stop the monitoring) and type in your name, after "Jag heter", a number of webpages that you have visited, telephone numbers after "telefonnummer" an optional comment in the big textbox and finally your e-mail address.
:)
When you click on the "Skicka"-button, the information will be sent to the Swedish minister of justice (the guy on the picture), so that he has access to the data immediatelly instead of having to look through the ISPs.
Now, the point with this protest is to make mr. Bodström realise how much data that is going to be stored. So, slashdot-people, you can do it.
"Civis Europaeus sum!"
I'm surprised no ones mentioned this already.
What if someone created a screensaver that continually accessed thousands of websites, IP addresses. Basically create as much junk data as possible to pollute their logs.
A similar technique was used to poison the databases of spammers who used web bots to harvest e-mail addresses.
You're looking at it from the wrong direction. What good can come from it is of little consequence. After all - if EVEYRONE were forced to wear $surveilancethingie, allowing $government to see where they are, who they talk to and about what, we wouldn't have much to fear from terrorists would we? After all - they talk, we know about it.
What you need to do instead is look at the opposite situation - what bad can come from it? Why stop at just the ones you talk to directly? Maybe you're talking through secrect codes on mailing lists, so we need to up the net to the ones you've talked to AND the ones that the ones you've talked to have talked to. Two degrees of seperation. Then we'll be getting somewhere. And we can then get a much clearer picture.
Of course, the terrorists know this, so they'll be very elaborate and set up systems with three degrees of seperation. Might even get brilliant and go to four.
Then what? Even with two degrees of seperation, just how many people do you think will come under suspicion (which of late seems to equate with guilty until proven innocent - but we won't give you that chance)? Me, I have maybe 50 people I talk to directly in any given month. Two degrees of seperation that's at LEAST 2,500 people suspected of whatever I am. Go to three, and it's 125,000.
You'll be throwing out nets so far, you'll drown in useless data. So now you have information you can't use AND you've incriminated 125,000 people because you suspect one guy. They're now on your watch list - just in case.
Me - I'd rather we said "fuck the best case scenario" and concentrate on the worst case scenario. And by that I don't mean me barely surviving being near $explosion. I mean me getting assraped by $government_agency for no aparent reason and no way of redeeming myself - after all, I wouldn't be on their list if I hadn't done something bad, would I?
It's like torture. Sure, the upside is "suppose we know for a fact, 100% irrefutable, that $person knows what we need to do to prevent $bad_thing" - do we torture him to get the information? That's not an interesting question - the interesting question is - "we are fairly confident that YOU (yes, you, Syberghost) know what we need to do to prevent $bad_thing. You refuse to tell us (because you are innocent), but we are even more confident that we can break your spirit and make you tell us what we want to know - how to stop $bad_thing from happening." Do we torture you?
THAT is the question you need to ask. Best case scenarios are like dreaming of getting blowjobs from beautiful women while being served great food prepared by the best chefs in the world - not very useful.
We do not live in the 21st century. We live in the 20 second century.
Then came World War Two. As the German Army overcame and occupied Allied countries, they immediately headed for the Post & Telecommunications (or Telegraph) offices. This was to sieze the call records maintained there. They then looked up call records for known Allied agents and sympathizers, Jews and other groups. They used these call records to discover who was talking to whom and went to investigate and/or arrest people who might also be agents/Jews/Etc., or collaborators. These people were then sent to prison, or worse.
After the war, Western European countries decided not to keep call records any longer and instead moved to a metered system. This prevented a reccurance of the bad situation they found themselves in while occupied.
Now these records have been reinstated, in a blatent case of not learning from earlier mistakes. It seems the phrase "Those who cannot learn from history are doomed to repeat it" has once again been demonstrated.
"I guess thats a good reason to start using encrypted proxies."
Or to make 50 connections per second to random addresses
"store that, fuckers!"
Make it popular enough, then we can send BT offline as they realise they'll need 500TB/day of storage.