Slashdot Mirror
EU Approves Data Retention
submanifold writes "The EU have ratified rules that will force ISP's and other telecommunication companies to retain data for two years. This data includes the time, date and locations of both mobile and landline calls (as well as whether or not they were answered) along with logs of internet activity and email.
Apparently the content itself would not be accessible, merely the data concerning it. However, despite being touted as an anti-terrorist measure, the record industry has already admitted interest in aquiring such data."
Heh, I guess buying stocks in storage related companies would be a good idea now :)
Dvorak on Doomtech
Retain for two, retain forever.
There had better be some incentives for housing that kind data. For a busy ISP, that would mean GBs and GBs of data. Where's it going to be stored and who's going to pay for it?
not in the "Hardware" section, dammit !
In Soviet Russia, our new overlords are belong to all your base.
I guess thats a good reason to start using encrypted proxies.
Free MacMini
...is to publish the surfing habits and email of their executives over the past two years. If they have things like Porn, Payola, and Prostitutes showing up in public view, and they might lobby for Privacy.
Seeing that many people have been harassed by the FBI and similar entitys just because they belong in a certain group (peace protestor, black, etc.), I really do not want the government to find out that I from time to time engage in peaceful marches agianst the man. As noted, the record industry wants to have a look at the data, and that is just another pen stroke to accomplish after the money has passed under the table.
Dvorak on Doomtech
My mail comes to me through SMTP directly. I am wondering how they will keep track of my incoming mail... The mail I send, however, goes through their SMTP proxy, which is a bit of a pain but necessary because most properly configured mail servers will reject anything incoming from a DSL IP.
;(
So how can they keep track of my gmail account? That is unless they log all the throughput of data coming in and out of my computer, of course. Now I see a legal and proper use of eDonkey: keep on downloading and uploading free software!!! That way they have LOADS of data to log.
With a bit of luck, the next DMCA will also make that illegal! What a relief for the ISPs.
Write boring code, not shiny code!
FTA: "At the end of the day ISPs are not law enforcement agencies so they should not have to pay for it all"
Am I caught by this? It sounds like I am. Am I now expected to keep mail logs for two years and be legally liable if I don't? If so, I am almost certainly out of the business. Just not worth the risk to me.
Cheers,
Ian
Now we should be able to round up all of the terrorists within a few minutes, and all will be well in the garden again. I am so lucky to be looked after by such wise leaders. Seriously, I bet you will be able to count the number of terrorists caught by this on the fingers of one foot.
Don't put off until tomorrow what you can leave until the day after.
Having every aspect of my life recorded just scares the hell out of me. We have countried collecting Internet and phone usage. Many cities are putting cameras up to monitor your travel. All your purchases made via credit card are recorded. At work, your company probably monitors your email. Even companies like Tivo monitor your tv viewing habits. What else is left?? Governments/corporations will know damn near everything about you and what you do. I say to hell with this... I'm buying an island in the Pacific and starting my own country.
http://religiousfreaks.com/In order for this to happen, you have to stop supporting them. Don't buy (or download) their products. Don't listen to their mass marketed drivel. Tell your friends, your family, and everyone else you think will listen that every time you support these companies, you are chipping away at your freedoms.
As long as the majority of us continute to pay the record industries money, they will simply continue in their quest to make sure that we all pay them more money. If we stand up for our rights, stop buying their products, and make sure that they realize that they are here to sell entertainment to us, and that we do not exist to buy entertainment from them, then that will be a start.
All this talk of "screw them" and "I hope they die off" and whatever else will do nothing to protect our rights, especially when governments are making it easier and easier for these corrupt and greedy companies to infringe on our privacy.
Green's Law of Debate: Anything is possible if you don't know what you're talking about.
Of course the music industry is interested in that data. But that doesn't mean they can just obtain it like that. As long as this is kept an anti-terrorist measure, they have no foot to stand on.
Keep in mind that data will be kept for UP TO two years; most will opt for the minimum of half a year instead.
European individuals can gain exemptions from having their data retentioned if they sign a waiver giving away all rights to their first-born to the audio-video retail industry.
Those without children may instead put their signature at the bottom of a blank terrorist confession sheet and mail it to their local secret service. This will also automatically enter them into a free prize draw with many chances to win free flights to a European location of the CIA's choice.
--I for one welcome our new data-retentive overlords
Either way, the customer is screwed.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Any arguments from telcos who complain about the volumes of data are only using it so that they are not liable if someone arse deletes it.
Under UK privacy laws you have to delete the data identifying the particular person after you're done with the connection and the billing thereof.
Almost all transaction data is anonymised by a one way hash. Say md5sum. All the keys are done this way. Hashing removes the particular identification, and satisfies this. Almost always this hash uses more space than the original data anyways.
telcos use the hashed equivalents to evaluate aggregate data.
The law could ask for a tap and require you to retain those records anyway. These new laws just put into legislation what was already happening, and creating an offence for not doing it properly.
[% slash_sig_val.text %]
Christian Engström, Former Member of the European Parliament 2009-2014 for The Pirate Party, Sweden
You may think it, um, counterintuitive.
But the _reason_ they want these is to maintain social/political power over people. An elite with privileged access to all that information can control society. In a free society, either everyone should have the communications metadata, or no-one: It's unbalanced information availability that would give the police power to become the classic Big Brother. I'm a lot safer if everyone knows I have a particular embarassing sexual inclination or whatever than if only a small, powerful subset knows.
See David Brin's book "The Transparent Society: Will Technology force use to choose between privacy and freedom?"
"logs with ports and IPs"
No ports, no IP's. The folks who came up with this don't think that far.
They think that:
- e-mail is just like phone
- spam does not exist
- ISP's only handle private traffic
- ISP's handle ALL traffic, and have full access to it
- Only EU citizens use ISPs in Europe
- Encryption does not exist
- No-one has his own mailserver
- No-one is going to try to make money by offering tunneling services to non-EU countries
- Terrorists are dumber than they are
It's not that they want every ISP to scan all packets. They're just thinking like lusers. They think internet is managable.
Their plan sucks. It doesn't work, it's leaking like a raincloud, it's unconstitutional for a lot of member states, and they bombard ISPs with costs, work and responsibilities they never asked for and they KNOW is bullcrap.
It's absurd.
According to their own Press Service: Deal on EU data retention law; more comprehensive version in German: Ja zur Vorratsdatenspeicherung bis zu zwei Jahren - Keine Speicherung der Kommunikationsinhalte. Incidentally, even the latter "limitation" (allegedly no storage of the contents of communications) is void in particular with respect to URLs - these being identifiers for the contents transmitted anyway.
Loopholes aplenty have already triggered plans e.g. in Poland to extend the storage even further, to a staggering 15 years (!), and remaining safeguards (if any) are not expected to last: The media industry wants access to that data, too (and a further directive is in the works, cf. the EU Legislative Observatory).
She finished her studies as a sound engineer and tomorrow she starts at a (non-music) job. She already said that she's going to blow her first salary on music CDs: replacing (as much as possible) copied CDs with originals.
Don't underestimate the priorities of people. Personally, I've been in CD shops and found music I'd like (non mainstream!) and I always check for the "Audio CD" logo. None of them had it anymore and all of them indicated some kind of DRM. I put them back, but I'm not passionate about music.
My sister *is* going to buy these kind of CDs, and I can be sure she'll need me to defeat the DRM and put it on her computer (she loves the fact that iTunes is able to share over network, and with multiple computers on the network she does).
I know this is anecdotical evidence, so you can file my ideas in the bit bucket if you want to.
The music industries are not going to go broke anytime soon because most people have other priorities than DRM in their lives. As long as there is a loss in revenues (or only a perceived loss) they will push DRM, more and more draconian DRM. To the point that you will have a live internet connection on your CD player to play a simple "Audio CD" (and probably linked to one single player) It's only at that point that people will revolt, but then it will be too late.
I don't see a way out as long as only people posting on slashdot know about DRM.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
It wasn't just that the data wasn't retained, the data was never even collected unless you requested it -- otherwise the only billing information that would be kept was a running counter.
Today, the supposedly-democratic countries want to use surveillance that would have given Gestapo and Stasi wet dreams; it's probably no coincidence that the prime ministers in the countries that have pushed the most (UK and Sweden) have been ones acting like power is a God-given right to them personally.
Or will my ISP simply be forced to snoop all the SMTP traffic I generate? And what if I start using TLS for SMTP connections?
Either:
1/ they'll block outgoing port 25, forcing you to smarthost through their server. Their server won't support TLS.
Or:
2/ they'll just turn a blind eye. The law doesn't compel end users to send data through ISPs' servers, and they can't be subpoenaed for data that they don't have.
-Stephen
Go to http://www.stoppaovervakningen.nu/ (stop the monitoring) and type in your name, after "Jag heter", a number of webpages that you have visited, telephone numbers after "telefonnummer" an optional comment in the big textbox and finally your e-mail address.
:)
When you click on the "Skicka"-button, the information will be sent to the Swedish minister of justice (the guy on the picture), so that he has access to the data immediatelly instead of having to look through the ISPs.
Now, the point with this protest is to make mr. Bodström realise how much data that is going to be stored. So, slashdot-people, you can do it.
"Civis Europaeus sum!"
I'm surprised no ones mentioned this already.
What if someone created a screensaver that continually accessed thousands of websites, IP addresses. Basically create as much junk data as possible to pollute their logs.
A similar technique was used to poison the databases of spammers who used web bots to harvest e-mail addresses.
You're looking at it from the wrong direction. What good can come from it is of little consequence. After all - if EVEYRONE were forced to wear $surveilancethingie, allowing $government to see where they are, who they talk to and about what, we wouldn't have much to fear from terrorists would we? After all - they talk, we know about it.
What you need to do instead is look at the opposite situation - what bad can come from it? Why stop at just the ones you talk to directly? Maybe you're talking through secrect codes on mailing lists, so we need to up the net to the ones you've talked to AND the ones that the ones you've talked to have talked to. Two degrees of seperation. Then we'll be getting somewhere. And we can then get a much clearer picture.
Of course, the terrorists know this, so they'll be very elaborate and set up systems with three degrees of seperation. Might even get brilliant and go to four.
Then what? Even with two degrees of seperation, just how many people do you think will come under suspicion (which of late seems to equate with guilty until proven innocent - but we won't give you that chance)? Me, I have maybe 50 people I talk to directly in any given month. Two degrees of seperation that's at LEAST 2,500 people suspected of whatever I am. Go to three, and it's 125,000.
You'll be throwing out nets so far, you'll drown in useless data. So now you have information you can't use AND you've incriminated 125,000 people because you suspect one guy. They're now on your watch list - just in case.
Me - I'd rather we said "fuck the best case scenario" and concentrate on the worst case scenario. And by that I don't mean me barely surviving being near $explosion. I mean me getting assraped by $government_agency for no aparent reason and no way of redeeming myself - after all, I wouldn't be on their list if I hadn't done something bad, would I?
It's like torture. Sure, the upside is "suppose we know for a fact, 100% irrefutable, that $person knows what we need to do to prevent $bad_thing" - do we torture him to get the information? That's not an interesting question - the interesting question is - "we are fairly confident that YOU (yes, you, Syberghost) know what we need to do to prevent $bad_thing. You refuse to tell us (because you are innocent), but we are even more confident that we can break your spirit and make you tell us what we want to know - how to stop $bad_thing from happening." Do we torture you?
THAT is the question you need to ask. Best case scenarios are like dreaming of getting blowjobs from beautiful women while being served great food prepared by the best chefs in the world - not very useful.
We do not live in the 21st century. We live in the 20 second century.
Then came World War Two. As the German Army overcame and occupied Allied countries, they immediately headed for the Post & Telecommunications (or Telegraph) offices. This was to sieze the call records maintained there. They then looked up call records for known Allied agents and sympathizers, Jews and other groups. They used these call records to discover who was talking to whom and went to investigate and/or arrest people who might also be agents/Jews/Etc., or collaborators. These people were then sent to prison, or worse.
After the war, Western European countries decided not to keep call records any longer and instead moved to a metered system. This prevented a reccurance of the bad situation they found themselves in while occupied.
Now these records have been reinstated, in a blatent case of not learning from earlier mistakes. It seems the phrase "Those who cannot learn from history are doomed to repeat it" has once again been demonstrated.