Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Technology Your Rights Online

EU Moves Forward with Data Retention 325

Posted by samzenpus from the find-out-what-you-said-last-week dept.
KokoBonobo writes " euobserver.com reports on controversial proposals to require EU service operators to retain data about telephone calls and e-mails as part of an overall fight against crime and terrorism. The retained data would not only consist of logs, but of entire conversations and contents of the e-mails and SMS messages. This document from the European Commission's Information Society goes into further detail."
This discussion has been archived. No new comments can be posted.

EU Moves Forward with Data Retention More

EU Moves Forward with Data Retention

Comments Filter:

  • Tools (Score:5, Insightful)

    by Apathetic1 ( 631198 ) on Thursday December 16, 2004 @03:50AM (#11101763) Journal
    Well, if anything is going to drive people to personal encryption, this type of brain-damaged legislation will be it.

    • Re:Tools (Score:5, Insightful)

      by casuist99 ( 263701 ) on Thursday December 16, 2004 @04:03AM (#11101825) Homepage Journal
      Judging by your username (Apathetic), I would think you'd realize the one fundamental fact about the public (in general): We're apathetic about things we SHOULD care about.

      We can shout at people that the government can read our email and chat logs, but very few people will make the move to encryption. People are apathetic and lazy - unless encrypted email and chat is enabled BY DEFAULT in the next version of email and chat programs, people won't do it.

      • Re:Tools (Score:4, Informative)

        by Apathetic1 ( 631198 ) on Thursday December 16, 2004 @04:30AM (#11101931) Journal
        I've showed half a dozen people how easy it was to use GPG with the Thunderbird Enigmail extension and they've never looked back. Many people are ignorant of the alternatives rather than simply being lazy.
        • I think most people would agree that they would like to keep their conversations private, even if they talk about the weather. But most people will not go through complicated motions of setting up complicated security options. I for example, am guilty, I don't want Uncle Sam, or Papa Putin to read my emails, and I did generate public and private keys, I've tried using them, but I just don't bother anymore, it's too much of a hassle.
          If the tools were simpler to use and if a couple of law suits about how pe

          • Re:Tools (Score:2, Informative)

            by NumbThumb ( 468496 )
            Have you tried the enigmal extension? It doesn't get much simplet than that. Setting it up is not completely seemless, but easy enough. Using it is just a matter of klicking the "encrypt" button.

    • Re:Tools (Score:2, Interesting)

      by TheRealSync ( 701599 )
      Actually, I only think the ones doing any encryption will be the ones that the government/police would actually be interested in tracking.

      The majority of people don't care about this. All too often have I raised the question of whether society is getting too "big brother"'ish - most responses I get indicate that the average Joe is ready to give up personal freedom in order to feel just a little bit safer.
      That's just the way people see it.

      • Re:Tools (Score:3, Insightful)

        by Apathetic1 ( 631198 )
        If the only people using encryption are the people with something to hide I'm not seeing any advantage to a law like this. It's frightening to think that legislators might be that out of touch with reality.

        I have no problem giving up a little bit of personal freedom for a genuine increase in safety (e.g. drunk driving laws, fire regulations) but trading freedom for the illusion of safety provided by airport spot checks and the like just doesn't fly with me (so to speak).

      • Re:Tools (Score:3, Informative)

        by krymsin01 ( 700838 )
        Actually, I only think the ones doing any encryption will be the ones that the government/police would actually be interested in tracking.
        What about the companies that encrypt their data so that their competitors don't get the edge on them? Or online bank transactions?

    • Re:Tools - But Even Then... (Score:5, Informative)

      by ControlFreal ( 661231 ) * <niek AT bergboer DOT net> on Thursday December 16, 2004 @04:44AM (#11101986) Journal

      In The Netherlands (and also the UK), a person can be forced to assist the authorities to decrypt information (i.e. supplying them with the key). If you refuse to cooperate, you could face a hefty fine, or be put in prison (depending on whether the police, or the intelligence services give the order).

      The only alternative seems to be anonymous multi-hop networks that use onion routing; in those cases, you cannot cooperate (when it's not your own communication), since you don't have the key. And on top: purely from network traffic, eavesdroppers cannot determine whether a given packet is yours or (more likely) someone elses. These networks exist, but are still in their infancy; they don't support a full /. crowd yet. So I won't mention the name here; if you're savvy enough, you'll find its name on Google (maybe) or Freenet (certainly).

      The whole terrorism witchhunt has seen 1984 approach rapidly. This must be fought. If it happens anyway, at least I can sleep with a clear conscience, since I fought in the war...

      • Is it not necessary to have probable cause and a warrant in order to demand that information be decrypted? Arbitrary e-mail monitoring seems intrusive and counter-productive since the problem such legislation seems to be trying to solve is lack of information, where one of the main issues facing police and intelligence agencies is the inability to sift through the massive quantities of information already available to find what's relevant.

        • in the UK they wanted to give civil servants arbitrary access, that means the guy in the social security office could just tap your name in and browse your emails, sans warrant, sans anything, just if he felt like it

          luckily it was quashed but not without quite an effort

          • Re:Probable Cause? (Score:2, Informative)

            by tolan-b ( 230077 )
            Only some of it was quashed wasn't it? IIRC pretty low level people, outside the police and intelligence agencies, investigating fairly minor crimes can still request the information.

            Also there's the fact that MI5 got their bulk monitoring thing introduced in an amendment a few months after RIPA passed, after dropping it because the bill was going to be defeated because of it...

      • Re:Tools - But Even Then... (Score:4, Insightful)

        by jonwil ( 467024 ) on Thursday December 16, 2004 @06:59AM (#11102398)
        The right way to treat encryption is the same way they treat safes and lockboxes.

        If the police are searching your house (with a warrant) and they find a safe, there are rules about when they can and cant force you to open that safe.

        The same rules should apply to any ecrypted information they find.
        For example, if they have an encrypted email or file, the same rules should apply as apply to them finding a safe in your house.

        As for this new data retention crap, are the cops going to pay for the huge servers and disks required to hold all this information? And the people to keep everything going?

      • Re:Tools - But Even Then... (Score:5, Insightful)

        by kraut ( 2788 ) on Thursday December 16, 2004 @07:17AM (#11102460)
        Yes, in the UK, under the RIP act, you can be sentenced to moderate jail time for not giving up your key. This is supposed to stop terrorists, child molesters and drug smugglers from using encryption.

        Of course, any drug-smuggling terrorists with a penchant for child-molesting will immediately surrender the keys to incriminating information. Why would he take up to three years vacation at her Majesty's pleasure for encryption, when he could easily get 18-25 or even life for his real offences?

        It's because of well thought out, useful laws like this that crime is virtually unheard of on our sunny islands! Thank you New Labour!

      • In The Netherlands (and also the UK), a person can be forced to assist the authorities to decrypt information (i.e. supplying them with the key). If you refuse to cooperate, you could face a hefty fine, or be put in prison (depending on whether the police, or the intelligence services give the order).

        What if you suddenly forget your passphrase? This can plausibly happen in extreme stress situations, such as being arrested, interrogated, and/or threatened to be put in prison.

    • Re:Tools (Score:3, Interesting)

      by Library Spoff ( 582122 )
      so how do i go about encrypting my sms messages?

    • France and encryption (Score:2, Informative)

      by Uukrul ( 835197 )
      Before 1999:
      As in the United States, France has long classified encryption as a military or dual-use technology, and accordingly restricted its export. It received special treatment in a small flourish appended to the 20-page telecommunications law of December 29, 1990. Article 28 of this law required government permission for any use of encryption.
      No immediate action was taken on what the French refer to as "the December 29 law," but six years later a more comprehensive bill was passed. This July 26, 19

  • Rules are made to be broken... VOIP loophole? (Score:5, Insightful)

    by buro9 ( 633210 ) <david&buro9,com> on Thursday December 16, 2004 @03:52AM (#11101770) Homepage
    It seems that with the rapid pace of new technology and the slow pace of legislation, that this will be largely ineffective.

    Already it's easy to see how existing technologies could be used to effortlessly circumvent the proposals.

    "Telephone calls", does this cover Skype? Does it cover VOIP in general which is just data passing over the network and could always be wrappered, encrypted, or routed via several points (to ensure no single intermediary could capture the whole conversation).

    It's great that our politicians can find ever increasing ways to enforce a climate of fear whilst wasting the monies that could help alleviate problems fced by the citizens that they represent.

    Damn! Now I've posted what do I do with these mod points!?
    • Already it's easy to see how existing technologies could be used to effortlessly circumvent the proposals.

      The tricky thing is.. while such legislation is targeted at big crimelords and terrorists, it is more likely that the data will instead be used against the civilians with petty crimes. I am not saying that the petty criminals don't deserve it though.

      • Yucks! Click submit instead of preview. *yawn*

        Anyway, my key point to the quote is - circumvention is an act of having something to hide. And if one has something to hide, chances are, whatever one is hiding is likely to be more valuable information.

        You see, there are people that lives thinking they have nothing to hide, so they do not see any need to circumvent. And these are the group of people that will be unfortunate target of this legislation if they unwittedly performed petty criminal act.

        So, th
    • Comment removed based on user account deletion
    • The thing about voip to voip is the servers tend to hand over the routing to the internet in general, the packets go from the sender to the reciever and not via the "phone company". Only when terminating with a PSTN or vocal mail do the calls normally go to the phone service. The phone only gives status information to the "server". To intercept a voip call, you have to decide to tap it before its being made and the call will be routined to your service first. Of course this means you can tell by the packet

  • I Farted!!!!! (Score:3, Funny)

    by Anonymous Coward on Thursday December 16, 2004 @03:53AM (#11101780)
    HAHA

    Now you have to retain this comment in this thread in order to combat terrorism or something.

  • So much for European data privacy (Score:4, Insightful)

    by IO ERROR ( 128968 ) * <errorNO@SPAMioerror.us> on Thursday December 16, 2004 @03:53AM (#11101781) Homepage Journal
    From the article:

    This decision, which passed quickly through Council, was prompted by the recent case of the serial killer Michel Fourniret who was able to carry out his crimes for years by exploiting the poor communication between French and Belgian authorities.

    Now I know the Belgians can speak French. If they can't communicate properly, this data retention law isn't going to help at all. What would help is for the various member states to get their act together and start working together more closely on international crimes.

  • Just ask friendly ol' uncle Sam for the Echelon logs?

    No need to duplicate!

  • Even Encryption won't help in the UK (Score:4, Informative)

    by amigoro ( 761348 ) on Thursday December 16, 2004 @04:00AM (#11101809) Homepage Journal
    Since 1998, the police have the right to demand your encryption keys. Here's [telegraph.co.uk] an old article about that.

    Moderate this comment
    Negative: Offtopic [mithuro.com] Flamebait [mithuro.com] Troll [mithuro.com] Redundant [mithuro.com]
    Positive: Insightful [mithuro.com] Interesting [mithuro.com] Informative [mithuro.com] Funny [mithuro.com]

    • >Since 1998, the police have the right to demand your encryption keys

      You can still "forget" that 35 letter password of yours.
    • From the article you posted it looks like the legislation is intended to give the police the right to decrypt communications they've already intercepted as part of an investigation. Can they do this without a warrant? If they can't, what's the problem?
      • From the article you posted it looks like the legislation is intended to give the police the right to decrypt communications they've already intercepted as part of an investigation. Can they do this without a warrant? If they can't, what's the problem?

        They're allowed to issue their own orders. There is no judicial oversight of the process. The requirement for evidence that you actually can comply with the order is that they show reasonable grounds to believe it, not that they prove it beyond reasonable
    • This may be a "law", but in all practical terms, it will never work.

      as said, people forget passwords, etc.

      All it takes is one high court case, observed by our sensationalistic media, and that law will be consigned to the gutter.
      • That would be all well and good - but the RIP act makes forgetting a password a criminal offence. If you can't remember your passphrase, and your private key is demanded, you can be prosecuted for that instead.

        Fortunately, although I live in the British Isles, I don't live in the UK - and the RIP act was never passed here.

      • Re:Even Encryption won't help in the UK (Score:5, Informative)

        by julesh ( 229690 ) on Thursday December 16, 2004 @05:49AM (#11102193)
        All it takes is one high court case, observed by our sensationalistic media, and that law will be consigned to the gutter.

        The law includes secrecy provisions. Anyone charged under it will have their hearing in a closed session, and are strictly prohibited (penalty of 5 years imprisonment) from informing anyone other than their lawyer, so media coverage seems unlikely.

        (4) A person who makes a disclosure to any other person of anything that he is required by a section 49 notice to keep secret shall be guilty of an offence and liable-

        (a) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine, or to both;

        (b) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum, or to both.

  • my own direct experience on this topic (Score:5, Insightful)

    by tuxette ( 731067 ) * <(tuxette) (at) (gmail.com)> on Thursday December 16, 2004 @04:00AM (#11101812) Homepage Journal
    I participated in an open hearing [teknologiradet.no] (in Norwegian only, sorry) on this very topic last year in Oslo. Participants included representatives from telecom companies, top IT companies, government agencies, interest groups, etc. While there was sympathy for the need to fight terrorism, nobody was in favor of long-term storage of traffic data. The reasons varied, all from privacy concerns to costs to contractual expectations. Nobody was able to see how this long-term data storage would be useful for fighting terrorism. Yes, they understood the alleged theories, but were able to slam these theories with real world examples.

    The one representative who was supposed to speak in favor of it never showed up (remember Inger Marie Sunde?), nor did she send a replacement. Now what kind of message does that send? It gives the impression of "the majority doesn't care for long-term storage of traffic data, but we don't care what the majority thinks. We're going to impose our way on you whether you like it or not."

    • I participated in an open hearing (in Norwegian only, sorry) on this very topic last year in Oslo. Participants included representatives from telecom companies, top IT companies, government agencies, interest groups, etc. While there was sympathy for the need to fight terrorism, nobody was in favor of long-term storage of traffic data. The reasons varied, all from privacy concerns to costs to contractual expectations. Nobody was able to see how this long-term data storage would be useful for fighting terror
    • It gives the impression of "the majority doesn't care for long-term storage of traffic data, but we don't care what the majority thinks. We're going to impose our way on you whether you like it or not."

      You are not "the majority", nor are the majority of people on /. "The Majority" are shit scared of all sorts of things that governments and media have whipped up stories about. A lot of them aren't on the internet and couldn't care less about your rights, as long as they can still sit in front of the footba

  • I find it all quite amusing really.... (Score:5, Insightful)

    by B747SP ( 179471 ) <slashdot@selfabusedelephant.com> on Thursday December 16, 2004 @04:01AM (#11101816)
    IIRC, this isn't the first time someone senior and clueless got it in their heads that it would be a great idea to just store everything that ever passes across a given network. They tend to go really quiet right after someone sits them down in a quiet room and spells out a few of the 'practical' details of what they think they're going to do...

    "You mean we're gonna need how much disk space exactly?". "We're gonna have to invade which small nation just to get enough physical space to store all this stuff?".

    Worry not, it will blow over soon enough :-)

  • First, this is an invitation to discussion.

    Second, it states that data should be kept only as long as needed for billing and such, unless there is a specific request from the authorities to keep other data (and only data from the date of the request onwards). The text lists valid reasons for retention as investigations and prosecutions, so a lot hangs on the fairness of the legal process.

    This is not necessarily a bad thing, the authorities should be allowed to look for evidence in a criminal case. However
    • Second, it states that data should be kept only as long as needed for billing and such, unless there is a specific request from the authorities to keep other data (and only data from the date of the request onwards).

      This is the way things are now. The proposal is to keep all traffic data for at least a year, if not longer. I've read in some places that they want to keep data for up to seven (!!) years!

  • Article 19 of the Universal Declaration of Human Rights:

    Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

    Can't really argue with that, but in in the European Convention on Human Rights it becomes

    Article 8:

    1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and i

  • If you value your privacy (and that of others you communicate with - which can be more important than your own!) be sure to exercise your rights.

    Encourage the use of the OpenPGP standard by supplying others with your public key [wikipedia.org] and encouraging them to use it.

    Using encryption does not often complicate traffic analysis, but it can keep them from reading your private communications. Be sure to remind people that email subject lines are not encrypted and should be condidered carefully. I often use something like

    Subject: This space intentionally left ______________

    Here's some boilerplate: [there's breakage on the 5th link - be sure to correct]

    :: E M A I L ::

    Do consider Thunderbird

    http://www.mozilla.com/products/thunderbird/
    http://www.mozilla.com/products/thunderbird/why/

    for both yourself and your clients. It's really a wonderful product
    and has spam handling built right in. Unlike Outlook(TM) it is open
    about where it keeps your email (not hidden and difficult to export)
    and is not so susceptible to worms and email nastiness such as scripts
    that run without hindrance. Many a spyware app has been installed
    further contributing to the spam problem due to people running just
    that piece of software. Don't help the spammers. Reclaim your inbox.

    It supports Enigmail: ( email envelopes you don't have to lick! )
    http://enigmail.mozdev.org/
    http://www.moztips.com/index.php?id=87
    http://dudu.dyn.2-h.org/nist/gpg-enigmail-howto.ph p

    I've attached my public key [ 0xYOUR_FINGERPRINT ]. I prefer to receive
    secure mail. I've got nothing to hide, but I don't like using
    postcards for all my USPS/post correspondence either. Regular email is
    like using postcards on the internet. Any postal worker along the way
    can take a look ( have a look at email "headers" sometime; every hop
    you see is a place where your email is stored on a hard drive. )
    Please use an envelope when communicating with me. It won't even cost
    you a stamp. I value your privacy as much as I hope you value mine.

    How to Get Encryption Going on Windows [wolfram.org]

    There's no need to keep my public key a secret. Feel free to give
    it away or put it on a telephone pole; write it in the sky if you'd
    like. It's available on the web. The more people that have it the
    better. Use it to seal your envelopes when sending me mail. I've got
    the only other matching key (my private key, opposite the public key
    I've given to you) that allows me to unlock the envelope. You can
    even lock an envelope so that multiple people can unlock it on their
    own, but nobody else can read what you've sent them.

    You can also find keys for me here:

    http://www.biglumber.com

    Please try it out. Be glad to help you get started.
    • Don't forget that Thunderbird suppports s/Mime encryption and signatures out of the box. So do Outlook (Express), Netscape & Mozilla.

      So if you want to keep compatibility with friends using 'that other product' that doesn't have a PGP plugin, s/Mime might not be a bad idea. AFAIK it's as secure as SSL.

      You need a signed certificate that can be obtained free of charge from Thawte:

      http://www.thawte.com/email/index.html

      X.

      • Very good indeed. I'd suggest trying OpenPGP on people (I like _distributed_ over _centralized_) and if they don't bite you can try to get them to use S/MIME. The no-extra-work factor will help in many cases indeed.

        Free certs can be had at CAcert.org [cacert.org] as well. Not only will they give you a free email cert, they'll give you a SSL cert for your web site, sign your PGP/GPG keys with their signature and they even allow you to login to the site with a certificate (no password needed to update your info or log
    • How to avoid breakage on links on Slashdot:

      Just enclose them in a <URL:....> tag. It's quick. It's easy. It gives a working link without spurious spaces. Look at the example in "URLs" below the text box when you next post a Slashdot message.
  • My view is that this will not work! Consider this: Terrorists have been known to communicate using wierd and unconventional means. A case can be made this way: -

    They might communicate by using say plain English mentioning good harvests or talking about recent events, yet the meaning could be that material was delivered or that "their latest mission" was successful or otherwise.

    A terrorist's message could be..."Did you hear about thet flood that made people's lives in country X very miserable..."? The hi

  • Europe is so concerned about for-profit corporations keeping personal information, but not national governments. Isn't it ironic, the worst the corporations can do to you is annoy you at dinner time and be intrusive with their advertising. The worst the state can do in Europe is put you behind bars for life. Now, which is the lesser of the two evils to have keeping personal information about you?

    Personally, I'd take the corporations any day over the U.S. Government. But what do I know? I'm just an American
    • Practically, does it make a difference? Most (not all) companies will turn over whatever information they have about you to the government if they have even so much as a pen pointed in their direction. About the only time you'll see a company refuse a government request for a customer's data is if they feel it will somehow be financially beneficial to do so.

      Don't forget eBay's statement from last year: "If you are a law-enforcement officer, all you have to do is send us a fax with a request for informa
  • If you're not a terrorist, find help on getting setup with Freenet here: http://slashdot.org/comments.pl?sid=127703&cid=10 6 69904 [slashdot.org]

    Info on FreeMail as well. Totally anonymous and encrypted mail system: http://slashdot.org/comments.pl?sid=127703&cid=106 81546 [slashdot.org]
  • It affects anyone sending data over there as it would log the incoming stuff too. I hope that makes sense.

  • Tell me, Mr. EU, (Score:3, Funny)

    by Darren Winsper ( 136155 ) on Thursday December 16, 2004 @04:36AM (#11101953)
    what good is data retention, when you are unable to decrypt it?
    • I cant speak for the rest of the EU, but here in the UK, it is illegal to encrypt personal communications over radio links or the telephone, except using devices that the government can crak (and that needs a licnece so they know they can crack it).

      And that includes messages encrypted using codes like "Mission completed" means "I have sold my old Ford and bought a BMW instead".

      Most laws are unenforceable. Its about 200 years since Dickens said "The Law is an Ass", and it definitely has NOT got better.

  • What's next? (Score:3, Insightful)

    by littleRedFriend ( 456491 ) on Thursday December 16, 2004 @04:42AM (#11101980)
    The government will install a high resolution 24/7 webcam in your bedroom, feed all the footage over the internet and store it for ever? Just to make sure that nothing is said there that could be connected to criminal or terrosist activity. Anyway if your a good, well behaved, citizen you have nothing to worry about because you have nothing to hide, right? In my opinion we're all being held hostage by criminals and terrorist.

    As well, history has repeatedly shown that it is just a very small step from storing personal information to abusing it to repress the masses. Maybe good intentions, but very dumb dumb people.

    Those that are willing to trade freedom for security, will get none and deserve neither !
  • When I grew up, in the 70s and 80's, the eastern European countries were scorned for their obvious distrust in its own people, since copies were kept of phone conversations and letters. Still we're horrified by the vast archives of Stasi, Securitate and similar organisations. Yet, what we're about to introduce goes so much further. Is it only because it's so easy to do with electronic information that it feels OK to do so? I have a feeling that it would not be appreciated to suggest a legislation to make co
  • and I am going to say it again!

    They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.

    Benjamin Franklin To the world governments:

    Please Leave us ALONE. Your forms of protection, infringe on our freedoms, maybe there wouldn't be a terrorist issue if you weren't so controling. Maybe if you didn't try to impose your morals on the rest of the world, there would be no reason to "rise up against $nation".

    Where, at what point, did things go wrong?

    I
  • I have to thank the people who are bringing out this legislation. This is exactly the type of thing that motivates me into learning new topics like encryption and so forth. I haven't thought much about encryting my communications or data up until right now.
    As soon as they put obstacles in our way we must find ways around them.
  • I'm thinking about the past record of using telephone records and e-mail records have been usefull before. As far as all the encryption, I think the idea is to keep track of the TO: and FROM: lines, as well as maybe the subject lines, so only encrypt as far as your paranoia takes you.
    I think most of this data has been used after the fact, when they have a starting point and want to find out who a person has been communicating with. I don't think this will make anyone safer, but it might be handy after th

  • Nobody cares... (Score:3, Interesting)

    by tcdk ( 173945 ) on Thursday December 16, 2004 @05:10AM (#11102069) Homepage Journal
    I try not to rant and rave about this, to my non-nerd friends, but sometimes I just can't help my self... but it seems nobody really cares. They will just mumble something like "but think about the children" and surrender their freedom. Damn.

    Anyway, I've all but given up, except I digitally sign (s/mime) all my mails and I've a pgp key that I'll use when requested.

    Now digitally signing my mails may not seem like much, but I don't know a single other person (Nerds/Geeks or not) that has a digital signature, so I can't encrypt (I've one work colleage with a pgp key). But sometimes somebody asks me what that strange symbol by my mail is about and I have an opening to talk a bit about security (I often add something about spam), but I still haven't managed to get a single other person to get a digital signature.

    Not that I've anything sinister to mail about, but I just want to keep those NSA servers busy. Trying to break a 2048bit key, just to get to a message about soup.

    • Re:Nobody cares... (Score:4, Interesting)

      by Phil Karn ( 14620 ) <karn.ka9q@net> on Thursday December 16, 2004 @06:19AM (#11102288) Homepage
      It's now easier than ever before to routinely encrypt the bulk of your own IP traffic. These steps can make passive eavesdropping of your broadband connection a lot less interesting:

      Select the SSL/TLS options on your SMTP, IMAP and POP sessions to your mailserver. Mozilla/Thunderbird has full support for SSL/TLS, and I think most other modern email clients do as well.

      If your mailservers don't support SSL/TLS, ask the admins to enable it. If they refuse, switch to ISPs that do. (Speakeasy supports SSL/TLS for IMAP and SMTP.)

      Run your own personal SMTP server and enable the STARTTLS option. Most SMTP senders -- even many spammers! -- will automatically invoke the STARTTLS option if the server advertises it. This finally turns spam into something useful -- a constant background stream of encrypted fill traffic from all over the planet. What better way to thwart traffic analysis?

      Configure your own webservers to support https. Make it available for all your webpages, not just the "sensitive" ones.

      Use SSH for all remote login/file transfer between machines on which you have accounts.

      Web surf over a SSH tunnel into a shared proxy cache with logging turned off.

      Set up IPSEC in opportunistic mode.

      If you have a flat-rate broadband connection, run background scripts to ship big random files to your friends with various P2P applications. Set up a traffic-shaping router and configure it to give low priority to P2P traffic so it won't bother your foreground activities.

      Sure, it would be a lot better if you could convince everybody you exchange email with to encrypt everything on an end-to-end basis with S/MIME or GPG/PGP, but this stuff is quite doable and it's a lot better than just giving up on your privacy and security.

    • It's not that no one cares, it's that no one cares enough to make sense of the mess that is encryption.

      Here's a scenario: I communicate via email a bit. Most of what I say isn't really sensitive, but I still wouldn't like the whole world to know about it. I know that in theory anyone can read my email, but I also know that no one cares about me; I'm lost in a sea of faceless unimportant people. De facto anonymous, if you will.

      Good enough, but being somewhat politically conscious as a result of spending al

  • A few numbers (Score:5, Interesting)

    by Spad ( 470073 ) <slashdot.spad@co@uk> on Thursday December 16, 2004 @05:10AM (#11102070) Homepage
    For the sake of argument, ignoring phone records, etc and just focusing on the internet.

    There are over 100 million broadband users in the EU - plus countless milllions of dialup users - but we'll ignore the dialuppers too for the moment.

    Now I download about 300Gb/year and upload about half that. So we'll say about 400Gb/year of traffic. Now I know that they only have to log the traffic and not store everything I download/upload (although that would make for a more amusing example) so let's make it 1/10th of that actually required to log all my data (40Gb).

    That's 3.7 Exabytes of data per year for all the broadband users in the EU alone. Assuming they haven't changed the proposal too much since I last read it, they required storage of data for 7 years, that's ~26 Exabytes of storage required to hold all this stuff.

    How the hell do you find anything of use in 26 exabytes of data?
    • Simple, with several 10 exabyte indexes. After all, the size is more than cut in half, so it should be exponentially quicker.
    • google desktop search, obviously.

    • Re:A few numbers (Score:3, Informative)

      by pe1chl ( 90186 )
      You miss the fact that there is no requirement to keep the actual data.
      You need to keep traffic logs. That is not the 300GB/year that you download, but the list of files that you download. Assuming that the average file is larger than its name, this is substantially less data.
      • And you miss the half-paragraph that I devoted to this fact

        Now I know that they only have to log the traffic and not store everything I download/upload (although that would make for a more amusing example) so let's make it 1/10th of that actually required to log all my data (40Gb).

        Now even assuming that each user only generates 40Mb of data a year in logs - which is rubbish as my firewall logs alone are 200Mb+ a day - you're still looking at 26 Petabytes of data, which just as impractical to sift throug

  • will this be enough? (Score:3, Funny)

    by appleLaserWriter ( 91994 ) on Thursday December 16, 2004 @05:18AM (#11102093)
    will this be enough to boost seagate's stock price?

  • A Subject (Score:4, Insightful)

    by Anonymous Coward on Thursday December 16, 2004 @05:22AM (#11102108)
    95% of the terrorism I read about lately are the paranoid laws by the (uber)governments of the world on it's own citizens.

  • backup (Score:2, Funny)

    by Anonymous Coward
    finally, a real backup solution for my personal data
    • You laugh, but under the UK Data Protection Act an organisation that stores personal data on you must tell you what it is so you can check it. So in theory, you could use that to get your data back....

  • Copyright? (Score:2, Funny)

    by rsilvergun ( 571051 )
    If I transmitt my copyrighted works over my ISP's network, do they have a right to keep that data on file if it just went through their server's cache? I know, it's a moot point. They'll be exceptions for this sort of thing and it doesn't have any practical meaning (aside from the occasional sys admin skimming data), but it's fun to annoy bueracrats with this kinda question :).
  • What they haven't even thought about is whose data gets stored by whom.

    Say Mr. Jones uses his Albania Online connection to send an e-mail to Mr. Smith. Mr. Jones' e-mail server, however, is located on Mbwawanga Island in Mbwamwere, and Mr. Smith's e-mail server resides in his living room.

    If we assume that Albania Online is obligated to store all e-mail and voice traffic that even passes through its network for an extended period of time, we can also assume that after said period, there will, of course, be
  • Terrorism has lost all meaning to me now, it's unfortunate that such an awful thing has turned into nothing more then a Buzz word and an excuse for governments to spy on their own people. Everyday I hear about fighting terrorism, and people losing their privacy and rights, I feel like its getting closer and closer to 1984. If people weren't so misguidied in their fear of terrorism then the governments wouldn't have the excuses to enact these laws. Terror kills only a percentage of a percentage of what smoki

  • Broad danish implementation (Score:3, Interesting)

    by Mekanix ( 127309 ) on Thursday December 16, 2004 @07:38AM (#11102530)
    Denmark is way ahead of the rest of the EU and is implementing a legislation that affect not just ISP... it affect anyone who provide some sort of "tele services"...

    So if you run a block, you need to track, register and store everyone who makes a comment on you page.

    If you run a BulletinBoard... same applies.

    Run a chat or mailinglist? Ditto for you.

    Do you run *any* kind of server (apache, irc, cvs, ftp, mailinglist etc.). You're not excused.

    In short: every citizen is obliged to keep records of friends, family etc. whereabouts.

    Welcome to Stasi-land!

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close