EU Data-Retention Laws Stricter Than Many People Realized

An anonymous reader writes with a snippet from the Telegraph: "A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months."

Broken summary

[Norsefire]

The summary is completely broken which should be easier to notice than dupes? Anyway, it is supposed to say (from the Firehost article those to lazy to click):

"A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months. Police and the security services will be able to access the information to combat crime and terrorism. Hundreds of public bodies and quangos, including local councils, will also be able to access the data to investigate flytipping and other less serious crimes. It was previously thought that only the large companies would be required to take part, covering 95 per cent of Britain's internet usage, but a Home Office spokesman has confirmed it will be applied "across the board" to even the smallest company."

Perhaps this is the story you were after.

[palegray.net]

Internet records to be stored for a year [telegraph.co.uk].

Thanks, I'll be here all week.

Re:Broken summary

[palegray.net]

Once again, for those who didn't get the top-level reply: I think this is the story Slashdot is attempting to post [telegraph.co.uk].

Re:yay!

[Anthony_Cargile]

For those of you whom read the parent after slashdot fixed the problem, this is the original, unmodified summary:

"A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain a href="http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105

Yeah, they forgot a few basic HTML tokens.

Re:40,000 TB of stored emails over 12 months.

[Halo1]

Data retention is optional in mainland Europe

No, it's required in the entire EU by the directive. However, the directive does not lay down many limits, but mainly imposes some minima.

As a result, law enforcement agencies in many countries have been having constant wet dreams ever since and are pushing with all their might to extend the national implementations (massively) beyond those minima. While even those minima would already have made the STASI green with envy...

BBC News link

[azzy]

http://news.bbc.co.uk/1/hi/technology/7985339.stm [bbc.co.uk]

TFD

[areYouAHypnotist]

The text of the directive is available (External links in http://en.wikipedia.org/wiki/Directive_2006/24/EC [wikipedia.org]) for everyone to draw his own conclusions. For the most part I find it pretty reasonable. ISPs and telcos probably already store this type of information for their own purposes. It also limits the detention period (at least six months, less than two years).

Re:This bit intrigues me

[Anonymous Coward]

For those not getting the British jokes:

• Flytipping [wikipedia.org] is a British term for illegally dumping waste somewhere other than an authorised landfill
• Quango [wikipedia.org] is an acronym for QUAsi Non-Governmental Organisation

Re:We need this kind of laws in the UK

[clickclickdrone]

Yep. I know someone who had the police go around his house and ask his wife 'does your husband have any unusual hobbies?' then added 'we've had reports of him photographing children'. It turns out he was taking photos of buses (he's a public transport nut - buses, trains etc). One bus had school kids on so someone had decided he was a pedo and called the police with his details, car numberplate etc.

Re:40,000 TB of stored emails over 12 months.

[Halo1]

When the EU directive was implemented in Germany, guess what changed for my ISP? Absolutely nothing, because they recorded everything the law requested already.

Previously such data all was protected by the privacy directive and its implementations, which meant that it had to be destroyed as soon as it was no longer necessary (e.g., to deal with spamming complaints or for billing purposes), and could not be made available to anyone except under very strict conditions (like having a court order or so).

With the directive/laws coming into effect, law enforcement agencies (and others) are pushing to turn all of this data into massive pools in which they can go on fishing expeditions, or at the very least they want to be able to trawl through it in the context of any "investigation" (no matter what about -- nevermind that the directive was of course pushed through with sob stories about kidnapped children and terrorists). This is no different in Germany [edri.org].

Of course, subsequently that idiocy got challenged [edri.org] and largely curtailed [edri.org] by the German Constitutional Court.

People being all up in arms about it and acting all concerned, doesn't change the fact, that the EU directive doesn't actually accomplish much beyond legislating the present state into continuation.

Whatever makes you feel complacent in doing nothing and in anonymously wining about those who do (and who try to make sure that you can continue doing so)...

Re:What about me ?

[Anonymous Coward]

Set up TLS for your mail server and don't worry about it. Better yet, bill the home office for storage costs. If I'm contacted over this, I'll be demanding reimbursement just like the major ISPs. Here's a template...

• 1 Computer Server running syslog and a HTTP proxy
• 1 UPS
• 1 Year storage for the above
• 1 Year electricity to power the above
• 1 System install and configuration
• 1 Year systems administration
• 1 Pointless Stupidity Suppliment (to be donated to privacy groups of my choosing)
   
  • I control what's logged. If I were a criminal I'd bypass the logging to conduct any nefarious activities.
  • No requirement or practical possibility of logging http and smtp connections where that activity is conducted over SSH using a remote endpoint outside your jurisdiction.

  These points render this entire excercise a useless waste, both of my time and of taxpayers money!

Re:40,000 TB of stored emails over 12 months.

[Shakrai]

Surveillance, once implemented, has never in history been cut without social upheaval.

Time for social upheaval then.... oh wait, American Idol is on, can we do it after?

Re:Broken summary

[jabithew]

Oh, and before I get flamed, or modded to karma hell, I AM A EUROPEAN. There are many great things to say about Europe over America, but anyone who thinks Europe is crime-free needs to take a stroll in some of the less salubrious districts of any of our fair capitals.

Re:Deep packet inspection?

[Hal_Porter]

I'd be very surprised if the NSA/MI5 etc didn't have some way to get access to data from Google, Yahoo and so on.

In Madrid the terrorists apparently knew that if they all shared on webmail address and saved the emails in draft then the intelligence services would not be able to read them

http://m.digg.com/tech_news/Madrid_Train_Bombers_Used_E-mail_Trick_to_Avoid_Gov_t_Detection?offset=60 [digg.com]

Now, I don't remember the program, but I'm sure the London bombers who were caught tried this and it didn't work. That implies to me that the NSA at least has a way to read webmail. MI5 could ask them, or it could force webmail providers to allow the webmail equivalent of wiretaps and keyword searches if they want to operate in the UK. Given that Google and Yahoo collaborate with the Chinese government it's reasonable to assume they would collaborate with Western ones too.