EU Data-Retention Laws Stricter Than Many People Realized

An anonymous reader writes with a snippet from the Telegraph: "A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months."

Question

[robably]

If I'm using Gmail for email (using SSL) and am in the UK, does this directive affect my email?

Obviously my ISP won't be able to read the headers and Google is a US company, but is my data still stored in the UK and if so does it fall under the directive?

Deep packet inspection?

[Anonymous Coward]

Does anyone know how this is supposed to be implemented and how it relates to "arbitrary" data passing through the system? For example, email "headers" are supposed to be logged. One might imagine this being done by logging smtp, pop and imap transactions. But given that almost everyone I know uses webmail these days, and given that web traffic (presumably monitored using transparent proxy servers) is only supposed to have the URLs logged, not content, how does that stack up -- especially when you throw SSL into the mix? Are ISPs legally required (even if it's technologically unfeasable -- that's never stopped the law) to inspect HTTP transactions to see if it's webmail passing through, and log the recipients? Or is this just a humungous loophole for webmail hosted outside of the jurisdiction? Also: how does it affect non-UK citizens whose services are hosted by a geographically-distributed provider who might have nodes in the UK or at least the EU?

Re:Deep packet inspection?

[MichaelSmith]

Its a bit like filtering urls with child porn in Australia. If somebody sends CP to a gmail user in Australia will the blacklist include the URL for the image download forever? Will they blacklist gmail because it is used to distribute pornography?

Re:Truth in summary....Editors Stoned/Drunk....

[1u3hr]

I think this makes absolute proof that none of these "editors" actually exist. They're all scripts.

No, if you look at the submitted article, on the firehose link [slashdot.org], it's fine, correctly formatted, if a bit verbose. It took a human to fuck it up.

Re:Question

[wvmarle]

I would be more worried if you are an small business and are running your own simple web site and e-mail server for you and your three employees, and using the connection to connect your local LAN to the Internet.

Are you an ISP then? Do you have to keep records of all your e-mail traffic? Including actual messages and spam? What if law enforcement or who-ever comes to have a look for it? In what format are you supposed to give the information? Raw postfix log enough?

Re:STK: Strong buy!

[u38cg]

That's not a huge amount of data, relatively speaking. Google catalogues every touch ever made, and they don't even have much of an idea what to do with a lot of it.

Re:This bit intrigues me

[Anonymous Coward]

Also the location you were in when you made that phone call just after you commit said crime.

Also don't forget that if your cellphone is in location A at 12:30 and in location B at 12:35 (loggin of start and stop times and location for cell calls, at least that's part of the implementation in Sweden) and Google maps says that you can't travel that fast without breaking the law... then you better have your airfare receipt handy half a year later when the automatic speeding ticket come in the mail.

Re:Broken summary

[Anonymous Coward]

Yes! We need a Firefox addon that randomly visits sites in the background. I wouldn't mind the increased bandwidth use if I can help fucking with the damn EU. Oh and how typical it "requires" the large companies as well as the small ones, how fair, what majestic equality.

Re:Deep packet inspection?

[jimicus]

I imagine you'd monitor what happens on the backend rather than the HTTP traffic - which may well still be POP or IMAP.

Re:This bit intrigues me

[AHuxley]

And thats the next trick.
If you talk about what "phone data" can do in public, you end up dead.
Think back to Adamo Bove and Costas Tsalikidis.
damo Bove was the head of security at Telecom Italia and exposed the CIA (Abu Omar rendition in Italy traced after the
fact with mobiles), SISMI ( ~ the Italian CIA) and his own bosses.
He was found under a freeway overpass.
Costas Tsalikidis was a 38-year-old software engineer for Vodaphone in Greece.
He uncovered a highly sophisticated bug embedded in the mobile network. Spyware eavesdropped on the Greek Prime Minister
and other top officialsâ(TM) cell phone calls; it even monitored the car phone of Greeceâ(TM)s secret service chief.
His mother found him hanging outside of his apartment bathroom.