Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Data-Retention Laws Stricter Than Many People Realized

Posted by timothy on from the you-mean-like-a-12-month-year? dept.

An anonymous reader writes with a snippet from the Telegraph: "A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months."

25 of 263 comments (clear)

  1. yay! by x2A · · Score: 4, Funny

    First po<a href="http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105

    --
    The revolution will not be televised... but it will have a page on Wikipedia
    1. Re:yay! by x2A · · Score: 4, Funny

      Why do you think I posted it here? I use slashdot for all my backups. Incidentally,

      fbff6c9000000000 0000000000000000
      0000000000000000 0000000000000000
      000000006958676e 00000f000000693b
      6f0054bc03000905 0d0b131018151e1b
      232028262e2a3330 37353c3a413e4543
      4a484f4d54515856 5d5b626067646b69
      706e75737a777f7d 84828a86908c9592
      9b98a19da7a3aca9 b2afb8b4bebac3c0
      c8c6cecbd3d1d8d6 dedbe3e0e7e5ecea
      f1eff6f3faf8fefc 00003c00414c454d
      2e333139042000c8 0000000000001400
      2440000700560000 6f0054bcbb02b7f9

      --
      The revolution will not be televised... but it will have a page on Wikipedia
  2. Broken summary by Norsefire · · Score: 4, Informative
    The summary is completely broken which should be easier to notice than dupes? Anyway, it is supposed to say (from the Firehost article those to lazy to click):

    "A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months. Police and the security services will be able to access the information to combat crime and terrorism. Hundreds of public bodies and quangos, including local councils, will also be able to access the data to investigate flytipping and other less serious crimes. It was previously thought that only the large companies would be required to take part, covering 95 per cent of Britain's internet usage, but a Home Office spokesman has confirmed it will be applied "across the board" to even the smallest company."

    1. Re:Broken summary by palegray.net · · Score: 4, Informative

      Once again, for those who didn't get the top-level reply: I think this is the story Slashdot is attempting to post.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    2. Re:Broken summary by Anonymous Coward · · Score: 5, Insightful

      The EU directive is not that strict, but the law in EU countries might be. An EU directive is not a law by itself, it is a directive to enact a law. The EU members can exceed the requirements of the directive, and if the UK has enacted a law which requires ISPs to store web URLs, then the UK has clearly "overaccomplished" (surprise surprise...)

    3. Re:Broken summary by Thanshin · · Score: 4, Funny

      this is the story Slashdot is attempting to post.

      For some reason, thinking about that sentence was deeply disturbing.

      Slashdot is attemting to post a story. It has reached self awareness.

      What's the story about? I can only think of two options:

      "Hello World! I am Slashdot."

      "Kiiiiil meee..."

    4. Re:Broken summary by SausageOfDoom · · Score: 5, Insightful

      No no, it's fine - "The UK government has agreed to reimburse ISPs for the cost of retaining the data."

      I run a small ISP for 5 users. I estimate that I will need 27 new servers to handle the data, and that it will take me 42 days to implement, at my standard rate of £1000/day plus expenses.

      It will be a big project, so I will need to employ all of my friends and every member of my family to consult on the work, for the full duration of the project, at their standard rate of £500/day.

      Where do I send the bill? I'll ask Jacqui Smith, I've heard she knows the address of the expenses department.

    5. Re:Broken summary by KDR_11k · · Score: 5, Insightful

      Yeah, from what I read the German implementation only requires ISPs to retain the connection data to their service, i.e. when someone was connected, what IP he had then, etc. Stuff you'd have thought they were retaining anyway. For phones the requirement is to retain a log of all phonecalls, again something I'd expect them to do for billing and traffic analysis alone already. What did get people up in arms was the idea to install malware to monitor computers but the guy who proposed that seems to be enamoured with the idea of rebuilding the Reich anyway.

      Of course I might have missed some later additions if they happened. Wish the Brits good luck with their web browsing logging and hope the citizenry will get some HTTP noise makers (connecting to random websites a lot) to make the logs truly useless.

      --
      Justice is the sheep getting arrested while an impartial judge declares the vote void.
    6. Re:Broken summary by SausageOfDoom · · Score: 4, Insightful

      Thank you for raising those points. And I can't be earning less than the people I'm paying, so I'd better up my daily rate too. £3000/day sounds reasonable.

      Might be worth building a data centre in the Caribbean too. For remote backups, to ensure data integrity. Just off the beach, facing the sea, to take full advantage of the sea breezes to reduce cooling costs. Will need to spend at least 6 months a year out there maintaining the systems, so may as well add a small apartment to the data centre, to save on hotel bills. 7 bedrooms should be enough for me and my consultants, who would need to rotate in on a 4-weekly basis.

      I should stand at the next election, I've clearly got the right attitude for government.

  3. Re:Perhaps this is the story you were after. by Anonymous Coward · · Score: 4, Funny

    Something is going badly wrong here. A story's posted without a link to TFA, and everyone replies with links to TFA, rather than, you know, comments? Given that nobody reads the article anyway, why would we need links to it? Someone mod this offtopic, please.

  4. That's not strict ... by krou · · Score: 4, Funny

    If all they have to retain is an a href link to an article on the Telegraph, I'd rather call that a victory for privacy campaigners everywhere.

    --
    'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
  5. This bit intrigues me by Chrisq · · Score: 4, Funny
    From the story:

    Hundreds of public bodies and quangos, including local councils, will also be able to access the data to investigate flytipping and other less serious crimes.

    So how many people will post on a website or email their friends to say "we just dumped the old sofa in someone's driveway"?

    1. Re:This bit intrigues me by krou · · Score: 4, Insightful

      That argument is a load of rubbish (excuse the pun).

      How this can possibly be used to investigate fly-tipping is beyond me: the contents of the emails aren't going to be stored, just header data such as sender, recipient, date, time, and IP addresses. What possible value can this have in identifying a fly-tipper?

      If anything, it will be used as a strategy of "guilt by association". If you were in contact with someone that gets picked up for benefit fraud, or some other crime, be prepared to get investigated.

      --
      'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
  6. Question by robably · · Score: 4, Interesting

    If I'm using Gmail for email (using SSL) and am in the UK, does this directive affect my email?

    Obviously my ISP won't be able to read the headers and Google is a US company, but is my data still stored in the UK and if so does it fall under the directive?

  7. Deep packet inspection? by Anonymous Coward · · Score: 4, Interesting

    Does anyone know how this is supposed to be implemented and how it relates to "arbitrary" data passing through the system? For example, email "headers" are supposed to be logged. One might imagine this being done by logging smtp, pop and imap transactions. But given that almost everyone I know uses webmail these days, and given that web traffic (presumably monitored using transparent proxy servers) is only supposed to have the URLs logged, not content, how does that stack up -- especially when you throw SSL into the mix? Are ISPs legally required (even if it's technologically unfeasable -- that's never stopped the law) to inspect HTTP transactions to see if it's webmail passing through, and log the recipients? Or is this just a humungous loophole for webmail hosted outside of the jurisdiction? Also: how does it affect non-UK citizens whose services are hosted by a geographically-distributed provider who might have nodes in the UK or at least the EU?

  8. Not about terrerists by houghi · · Score: 4, Insightful

    This is so obviously not about preventing terrorism or saving the children.

    All it is is to give the police an easy tool to bring proof to whomever they want. Also this cost will be higher your ISP bill, as they are the ones who must pay it. The provider XS4All used to have a counter on their pages on how much data they would need to retain and we are talking about enormous amounts of data.

    The excuse why this must be done is often that the police is able to get your phonecontacts from the telecom operator (after legal intervention).

    There however is a huge difference. The reason that the data of who you called is available is because of billing. Somebody must pay the call you made, including those to 800 numbers. So what they do is ask to see (part of) their bill.

    This is different in such that they not only enforce measurements to be taken by companies, they also make it almost so as if telecom operators would record each and every conversation.

    What they should do is, just as with telecom, ask for billing information and if they think there is more to it, listen in on the connection. Oh well, everybody is guilty untill proven innocent, no matter that the law tries to tell you otherwise. Well, unless you have a lot of money, then you are innocent.

    --
    Don't fight for your country, if your country does not fight for you.
  9. Re:40,000 TB of stored emails over 12 months. by Halo1 · · Score: 5, Insightful

    While the adoption of the data retention directive was a perfect example of backdoor decision making (to the extent that its rapporteur in the European Parliament had his name removed from it, because he did not want to be associated with the outcome), it's naive to think that without the EU this would never have happened.

    In fact, Ireland already had such laws before the directive was adopted, and has been fighting the directive before the European Court of Justice because they have to *weaken* their current implementation to comply with the directive (no, this does not demonstrate how great the directive is, only how repugnant the Irish data retention laws are).

    Belgium was also working on such legislation, but suspended that work when the directive was introduced, and is finishing it up now. Those are the two examples I know of, but I'm certain there are/were more.

    --
    Donate free food here
  10. Re:40,000 TB of stored emails over 12 months. by FourthAge · · Score: 4, Insightful

    Data retention is optional in mainland Europe but mandatory in Britain. The UK Government are using the EU to implement the laws they want, and then blaming those laws on Brussels. Our taxes, hard at work - when we're not paying for their second homes, we're paying for surveillance and the PR that sells the need for it to the main stream media. And through all this, they still have the brass balls to tell us that talk of a police state is daft. Where does it end? All you US'ians who have complained about Obama or Bush - consider how much worse it would be if you lived over here.

    --
    The tao of democracy: the government you can vote for is not the real government.
  11. We need this kind of laws in the UK by Aceticon · · Score: 5, Insightful

    The country is full of terrorists, child molesters and subversives and something has to be done about it.

    This being the UK, government needs to be able to track down and follow dangerous people that might endanger the social and political stability of the country, like: members and supporters of anti-war movements, ecologist movements, free-speech/privacy movements, Tories, Lib Dems, Scots, Welsh and Irish nationalist parties, teenagers ('cause of knife crime), investigative journalists, anybody that makes request under the Freedom of Information act, people that complain about the government, anybody that talks too loud in a 1 mile circle around Parliament, whistle-blowers of government wrongdoing and more.

    As usual our masters, being wiser than everybody else, have gotten their laws passed using the EU so that they can blame it on the European Union - a trick that always works with the unwashed masses around here.

    All hail the fascist-Labour party!

    [Having been born in a country under a fascist dictatorship and having been raised hearing my family's stories about it, it's impressive how things in the UK are slowly moving towards a modernized version my mental image of how it was - in the UK we now even have police adverts pretty much telling people to denounce their neighbors.]

    1. Re:We need this kind of laws in the UK by clickclickdrone · · Score: 4, Insightful

      You forgot photographers - they're dodgy too. Especially he ones that try to photograph policemen or any public buildings visible from the road. Evil they are I tell you, evil!

      --
      I want a list of atrocities done in your name - Recoil
  12. Re:40,000 TB of stored emails over 12 months. by Halo1 · · Score: 4, Informative

    Data retention is optional in mainland Europe

    No, it's required in the entire EU by the directive. However, the directive does not lay down many limits, but mainly imposes some minima.

    As a result, law enforcement agencies in many countries have been having constant wet dreams ever since and are pushing with all their might to extend the national implementations (massively) beyond those minima. While even those minima would already have made the STASI green with envy...

    --
    Donate free food here
  13. BBC News link by azzy · · Score: 4, Informative

    http://news.bbc.co.uk/1/hi/technology/7985339.stm

  14. Re:Perhaps this is the story you were after. by Norsefire · · Score: 5, Insightful

    Because a troll asked and a mindless sheep complied.

  15. Arms race by Fzz · · Score: 4, Insightful
    And so the arms race starts.
    • Offshore webmail hosting.
    • Offshore VPN hosting.
    • Tor
    • Ubiquitous https usage.
    • Opportunistic encryption built into TCP
    • Running a web spider to add noise to your traffic signature.
    • Anonymous remailers.

    Most of these have been tools for privacy freaks and people with something to hide. Running them is enough to raise suspicion. But these kind of data retension measures are much more likely to force such tools to become mainstream. This could backfire on law enforcement and security forces in ways they really don't want.

  16. Re:40,000 TB of stored emails over 12 months. by Shakrai · · Score: 4, Informative

    Surveillance, once implemented, has never in history been cut without social upheaval.

    Time for social upheaval then.... oh wait, American Idol is on, can we do it after?

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.