Slashdot Mirror
EU Approves Data Retention
submanifold writes "The EU have ratified rules that will force ISP's and other telecommunication companies to retain data for two years. This data includes the time, date and locations of both mobile and landline calls (as well as whether or not they were answered) along with logs of internet activity and email.
Apparently the content itself would not be accessible, merely the data concerning it. However, despite being touted as an anti-terrorist measure, the record industry has already admitted interest in aquiring such data."
Heh, I guess buying stocks in storage related companies would be a good idea now :)
Dvorak on Doomtech
Retain for two, retain forever.
There had better be some incentives for housing that kind data. For a busy ISP, that would mean GBs and GBs of data. Where's it going to be stored and who's going to pay for it?
not in the "Hardware" section, dammit !
In Soviet Russia, our new overlords are belong to all your base.
I guess thats a good reason to start using encrypted proxies.
Free MacMini
...is to publish the surfing habits and email of their executives over the past two years. If they have things like Porn, Payola, and Prostitutes showing up in public view, and they might lobby for Privacy.
Seeing that many people have been harassed by the FBI and similar entitys just because they belong in a certain group (peace protestor, black, etc.), I really do not want the government to find out that I from time to time engage in peaceful marches agianst the man. As noted, the record industry wants to have a look at the data, and that is just another pen stroke to accomplish after the money has passed under the table.
Dvorak on Doomtech
My mail comes to me through SMTP directly. I am wondering how they will keep track of my incoming mail... The mail I send, however, goes through their SMTP proxy, which is a bit of a pain but necessary because most properly configured mail servers will reject anything incoming from a DSL IP.
;(
So how can they keep track of my gmail account? That is unless they log all the throughput of data coming in and out of my computer, of course. Now I see a legal and proper use of eDonkey: keep on downloading and uploading free software!!! That way they have LOADS of data to log.
With a bit of luck, the next DMCA will also make that illegal! What a relief for the ISPs.
Write boring code, not shiny code!
These are likely the same parties behind the push for UN control of ICANN's business.
If you think they're merely out for fair sharing, think again. I may hate the rights I've lost through Bush and Clinton's wars and social programs, but I see no real difference in Europe. In some ways I see fewer freedom and more tyranny.
Open WiFi access points make these rules useless.
FTA: "At the end of the day ISPs are not law enforcement agencies so they should not have to pay for it all"
Am I caught by this? It sounds like I am. Am I now expected to keep mail logs for two years and be legally liable if I don't? If so, I am almost certainly out of the business. Just not worth the risk to me.
Cheers,
Ian
Now we should be able to round up all of the terrorists within a few minutes, and all will be well in the garden again. I am so lucky to be looked after by such wise leaders. Seriously, I bet you will be able to count the number of terrorists caught by this on the fingers of one foot.
Don't put off until tomorrow what you can leave until the day after.
That's fine, and is their right.
It only becomes a problem when the authorities grant them access. They ask all they like, as long as they don't get it. If they do get it, then it's the authorities that should be blamed.
It's official. Most of you are morons.
Having every aspect of my life recorded just scares the hell out of me. We have countried collecting Internet and phone usage. Many cities are putting cameras up to monitor your travel. All your purchases made via credit card are recorded. At work, your company probably monitors your email. Even companies like Tivo monitor your tv viewing habits. What else is left?? Governments/corporations will know damn near everything about you and what you do. I say to hell with this... I'm buying an island in the Pacific and starting my own country.
http://religiousfreaks.com/In order for this to happen, you have to stop supporting them. Don't buy (or download) their products. Don't listen to their mass marketed drivel. Tell your friends, your family, and everyone else you think will listen that every time you support these companies, you are chipping away at your freedoms.
As long as the majority of us continute to pay the record industries money, they will simply continue in their quest to make sure that we all pay them more money. If we stand up for our rights, stop buying their products, and make sure that they realize that they are here to sell entertainment to us, and that we do not exist to buy entertainment from them, then that will be a start.
All this talk of "screw them" and "I hope they die off" and whatever else will do nothing to protect our rights, especially when governments are making it easier and easier for these corrupt and greedy companies to infringe on our privacy.
Green's Law of Debate: Anything is possible if you don't know what you're talking about.
Afaik, it's specifically logging info they want - this ip connects to that ip on such and such port, this dynamic ip is that user, this email header was sent to that address. I doubt they want the ISP to store every packet that comes through.
Yes, it will still be an expensive PITA, but probably no worse than running a Usenet service.
Of course the music industry is interested in that data. But that doesn't mean they can just obtain it like that. As long as this is kept an anti-terrorist measure, they have no foot to stand on.
Keep in mind that data will be kept for UP TO two years; most will opt for the minimum of half a year instead.
European individuals can gain exemptions from having their data retentioned if they sign a waiver giving away all rights to their first-born to the audio-video retail industry.
Those without children may instead put their signature at the bottom of a blank terrorist confession sheet and mail it to their local secret service. This will also automatically enter them into a free prize draw with many chances to win free flights to a European location of the CIA's choice.
--I for one welcome our new data-retentive overlords
Either way, the customer is screwed.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
I run my own mail server. Will I be asked to log my own email usage? Or will my ISP simply be forced to snoop all the SMTP traffic I generate? And what if I start using TLS for SMTP connections? I really wonder (and dread) how this is going to be enforced.
I thought you guys in the US had it bad, but it looks like the EU is the current record holder in totalitarian tendencies.
Error: password can't contain reverse spelling of ancient Chinese emperor
The UK opposes a lot of the good proposals of the EU (for instance, having completely free markets with respect to alcohol in Europe, so I would be able to order a crate of beer direct from Germany or a case of wine direct from Italy), and push through crap like this. And then the Brits all whine about the EU.
It seems nobody has said the obvious yet ...
Encrypt your private communications.
Use anonymous remailers.
If you actually get charged, they'll require you to give up your keys, but they won't be snooping at your E-mails behind your back.
pgp.com
gnupg.org
- Michael T. Babcock (Yes, I blog)
Let them blame it on piracy then. They can whine all they want to, but whining will buy them but so much. If they use piracy as an excuse to DRM stuff, then we don't buy the DRM products, and they go out of business. Companies who avoid DRM will survive and eventually they'll all get the hint.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
I'd have put this under YRO.
"terrorism" and "pedophilia" are the root passwords to the Constitution
Any arguments from telcos who complain about the volumes of data are only using it so that they are not liable if someone arse deletes it.
Under UK privacy laws you have to delete the data identifying the particular person after you're done with the connection and the billing thereof.
Almost all transaction data is anonymised by a one way hash. Say md5sum. All the keys are done this way. Hashing removes the particular identification, and satisfies this. Almost always this hash uses more space than the original data anyways.
telcos use the hashed equivalents to evaluate aggregate data.
The law could ask for a tap and require you to retain those records anyway. These new laws just put into legislation what was already happening, and creating an offence for not doing it properly.
[% slash_sig_val.text %]
Christian Engström, Former Member of the European Parliament 2009-2014 for The Pirate Party, Sweden
You may think it, um, counterintuitive.
But the _reason_ they want these is to maintain social/political power over people. An elite with privileged access to all that information can control society. In a free society, either everyone should have the communications metadata, or no-one: It's unbalanced information availability that would give the police power to become the classic Big Brother. I'm a lot safer if everyone knows I have a particular embarassing sexual inclination or whatever than if only a small, powerful subset knows.
See David Brin's book "The Transparent Society: Will Technology force use to choose between privacy and freedom?"
Finally a new market for all of those "limited lifespan" drives IBM made a few years ago.
"ServStor" 36 GB drive! Guaranteed to die within 10 months!
Seriously though, how is the law going to deal with the inevitable but accidental data loss of that stuff? Criminal charges for obstructing justice just for being unlucky enough to choose equipment that turns out to be flakey?
There is no way to stop this now. We're on our way to an Orwellian state.
This is the fundamental step. From here on, it's let's add this crime, let's give access to that organisation, let's extend it to this data, let's save it for 100 years instead.
And when there's a war, the occupier will have the ultimate oppressive weapon pre-installed.
And what are you people babbling about? What protocols will be included, ways to obfuscate yourself, the costs of storing this data? There's a bigger picture, people!
Say what you will about the US, atleast they don't have a back door for legislation that would never get by a national parliament. Make room, I'm hopping the pond.
It seems like there are so many zombie computers, tunneling methods, insecure wireless access points, public terminals, cypto methods in a sea of trillions of packets of data/connections and ports that would render these logs useless for all but the most technophobe/idiot terrorist (which I'm guessing there are other more effective ways to nab this "low hanging fruit")
Anyone more familiar with the system know how it will help the "good guys" nab the "bad guys"? Seems like there would be a higher degree of success hanging out in a hay field and search for a needle.
"logs with ports and IPs"
No ports, no IP's. The folks who came up with this don't think that far.
They think that:
- e-mail is just like phone
- spam does not exist
- ISP's only handle private traffic
- ISP's handle ALL traffic, and have full access to it
- Only EU citizens use ISPs in Europe
- Encryption does not exist
- No-one has his own mailserver
- No-one is going to try to make money by offering tunneling services to non-EU countries
- Terrorists are dumber than they are
It's not that they want every ISP to scan all packets. They're just thinking like lusers. They think internet is managable.
Their plan sucks. It doesn't work, it's leaking like a raincloud, it's unconstitutional for a lot of member states, and they bombard ISPs with costs, work and responsibilities they never asked for and they KNOW is bullcrap.
It's absurd.
Counter-terrorism vs. privacy invasion? I doubt any government cares whether or not you're browsing porn all night. Seems to me they're increasing their workload too, but only if they're actively sifting. Seems to me they should just have a system of flags set up. Like they most likely already do.
Expect your high-speed and dial up rates to hike up if this goes through. Of course then there's the bells. They already keep a pretty decent record of your calling logs, so that wouldn't be that big of a deal.
This sig isn't original enough, it's time to come up with something witty...
According to their own Press Service: Deal on EU data retention law; more comprehensive version in German: Ja zur Vorratsdatenspeicherung bis zu zwei Jahren - Keine Speicherung der Kommunikationsinhalte. Incidentally, even the latter "limitation" (allegedly no storage of the contents of communications) is void in particular with respect to URLs - these being identifiers for the contents transmitted anyway.
Loopholes aplenty have already triggered plans e.g. in Poland to extend the storage even further, to a staggering 15 years (!), and remaining safeguards (if any) are not expected to last: The media industry wants access to that data, too (and a further directive is in the works, cf. the EU Legislative Observatory).
She finished her studies as a sound engineer and tomorrow she starts at a (non-music) job. She already said that she's going to blow her first salary on music CDs: replacing (as much as possible) copied CDs with originals.
Don't underestimate the priorities of people. Personally, I've been in CD shops and found music I'd like (non mainstream!) and I always check for the "Audio CD" logo. None of them had it anymore and all of them indicated some kind of DRM. I put them back, but I'm not passionate about music.
My sister *is* going to buy these kind of CDs, and I can be sure she'll need me to defeat the DRM and put it on her computer (she loves the fact that iTunes is able to share over network, and with multiple computers on the network she does).
I know this is anecdotical evidence, so you can file my ideas in the bit bucket if you want to.
The music industries are not going to go broke anytime soon because most people have other priorities than DRM in their lives. As long as there is a loss in revenues (or only a perceived loss) they will push DRM, more and more draconian DRM. To the point that you will have a live internet connection on your CD player to play a simple "Audio CD" (and probably linked to one single player) It's only at that point that people will revolt, but then it will be too late.
I don't see a way out as long as only people posting on slashdot know about DRM.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Interesting. I have 32 IP addresses assigned to the one box, and this has all been handled through my limited company so I suppose you could argue that it's a public offering. The boxes run apache instances but also Postfix, so there is a public mail server out there.
I think from your description that I'm outside of the framework, but can't exactly put my finger on why. Does what I've said come under the 'no routing' bit? Or is having the multiple IP addreesses (all on the same subnet of course) classed as diong routing?
Cheers,
Ian
It wasn't just that the data wasn't retained, the data was never even collected unless you requested it -- otherwise the only billing information that would be kept was a running counter.
Today, the supposedly-democratic countries want to use surveillance that would have given Gestapo and Stasi wet dreams; it's probably no coincidence that the prime ministers in the countries that have pushed the most (UK and Sweden) have been ones acting like power is a God-given right to them personally.
Use anonymous remailers.
I'm in two minds about those things. On the one hand, anonymity is very, very good; on the other hand, one of my users was getting harrassed by some jerk, and when I blocked his incoming emails, he took to using anonymous remailers instead. I ended up blocking the remailers he was using by blocking any address matching "mixmaster@*".
So, as a user, I love freely available anonymity; but as a sysadmin, I demand that people be accountable for what they want to say if they want to send mail to my users.
-Stephen
"Control can never be a means to any practical end... It can never be a means to anything but more control..."
"And the meaning of words; when they cease to function; when will it start worrying you?"
Actually, you have a right to get access to all the info a private company has stored on you. Write them a snail mail and they'll have to send you everything. As others have pointed out, only headers and phone records would be stored, but it would be a nice act of civil disobedience to DDoS them via snail mail. If thousands of customers want records kept in a huge pile of plain text logs somewhere, it'll bog the average ISP down pretty well.
Ok, assume the following scenario:
We catch a terrorist. I'm not talking about somebody we just think might maybe be a terrorist, I mean we yank him out from behind the wheel of the van bomb in the basement of the skyscraper, or the other passengers monkey-stomp him unconscious as he tries to break into the cockpit of the airplane.
We search his home, and find a computer. On it, we find an email from Ayman Al-Zawahiri, saying "Abdullah will email you the instructions for where to pick up the anthrax." We don't find a copy of the email from Abdullah, and Thunderbird is configured to always prompt him for his Earthlink IMAP password. When we ask him for his password, he says "your mother sews socks that smell". After we type that in, we find out that it's not actually his password, it's just an insult.
Are you saying that you don't think it would be a good thing if we could go ask Earthlink for a list of everybody that's emailed him in the last two years, and cross-reference that with emails received by other known terrorists? Maybe go talk to anybody with the address "abdullah1987@hotmail.com" who emailed him?
If what people are objecting to is a feared misuse of this information, then oversight and legal protections are a better answer than throwing the smoking baby out with the bathwater.
If you honestly think it's not safe for a private company to have this information sitting where a court-granted search warrant could retrieve it, then you probably need to be lobbying to replace your local landfill and garbage trucks with curbside incineration service, too; but don't imply, as the submitter did, that it's not an anti-terrorism effort just because it could also be misused.
This is akin to deciding that a school isn't being honest when they say they're buying new computers for educational purposes just because some kid says he's going to install Quake on one of them.
I have a very good broadband connection because of the work I do, but I am a BIG believer in sharing.... I piggyback a lot of open WAPS when I am out and about, and to return the karma, I share mine. I have a separate, public WAP, firewalled off of my home network by a linux box and Novel BorderManager. Any unrecognized MAC address is fed a DHCP config that will send all port 80 requests to my CGI that asks them to agree to my terms (i,e, no illegal stuff, under age porn, copyright violations, etc., and warns them that my usage is a higher priority, and they will be throttled when I am using the b/w) and when they agree, it adds their MAC addy to the table that allows them to get through the router. I even have the router congifured so they can do BT is they know how to follow the instructions on my consent page.
Since I've had this setup (almost 2 years)I've only banned 1 MAC because he was just a leach, 24 hours a day.
I don't keep logs more than a few days... so now I have to keep 2 years of logs? Not bloody likely. I don't even know who the users are.... just their MAC address (which of course can be spoofed).
Go to http://www.stoppaovervakningen.nu/ (stop the monitoring) and type in your name, after "Jag heter", a number of webpages that you have visited, telephone numbers after "telefonnummer" an optional comment in the big textbox and finally your e-mail address.
:)
When you click on the "Skicka"-button, the information will be sent to the Swedish minister of justice (the guy on the picture), so that he has access to the data immediatelly instead of having to look through the ISPs.
Now, the point with this protest is to make mr. Bodström realise how much data that is going to be stored. So, slashdot-people, you can do it.
"Civis Europaeus sum!"
I'm surprised no ones mentioned this already.
What if someone created a screensaver that continually accessed thousands of websites, IP addresses. Basically create as much junk data as possible to pollute their logs.
A similar technique was used to poison the databases of spammers who used web bots to harvest e-mail addresses.
If this is the case, what if there was some sort of bot that would simply go around the Internet visiting random sites. If everybody had this installed, then the noise ratio would be too high for accurate data retention, right? After all, you don't pay for the usage of bandwidth generally, you pay per month. Just use all the bandwidth you can on useless stuff. In the end, it will push the amount of storage the ISP's have to use and their bandwidth usage through the roof.
Then came World War Two. As the German Army overcame and occupied Allied countries, they immediately headed for the Post & Telecommunications (or Telegraph) offices. This was to sieze the call records maintained there. They then looked up call records for known Allied agents and sympathizers, Jews and other groups. They used these call records to discover who was talking to whom and went to investigate and/or arrest people who might also be agents/Jews/Etc., or collaborators. These people were then sent to prison, or worse.
After the war, Western European countries decided not to keep call records any longer and instead moved to a metered system. This prevented a reccurance of the bad situation they found themselves in while occupied.
Now these records have been reinstated, in a blatent case of not learning from earlier mistakes. It seems the phrase "Those who cannot learn from history are doomed to repeat it" has once again been demonstrated.
You're lucky. I can't stand the kind of music that's on the radio. Internet radio works, though. Combine that with a ripping program (recording stuff off a broadcast is legal so I don't se a problem here) and you can get some passable music together.
Justice is the sheep getting arrested while an impartial judge declares the vote void.