Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

Europol Describes Data Retention Desires 135

Posted by michael from the rummaging-through-the-trash dept.
freakyboff writes "Found this on cryptome.org - It's a confidential document from Europol, basically a wish list of all data that they would like people to keep. Many things that violate peoples privacy are in the minimum requirements, such as caller line identification and assigned IP for dial-up Internet access; e-mail and ftp server logs; and companies running web servers should keep information on what information users put on their servers." Statewatch is a good source for more information. I find it odd that Europe is moving from a position of protecting a great deal of data with fairly strong laws to requiring that telecommunications companies store data on their customers for as long as seven years so that law enforcement can go data-mining - skipping the intermediate step of making it optional.
This discussion has been archived. No new comments can be posted.

Europol Describes Data Retention Desires More

Europol Describes Data Retention Desires

Comments Filter:

  • Help save cryptome's poor server (Score:4, Informative)

    by sludgely ( 447712 ) on Wednesday June 05, 2002 @06:30PM (#3649246)
    Use a mirror:

    Thanks to A for mirror:

    http://www.lessgov.org/cryptome
    Thanks to SC for crypto software:

    http://mrstef.dns2go.com/crypto
    Thanks to AJ for mirrors:

    http://cryptome.sabotage.org
    ftp://ftp.zedz.net/pub/varia/Cryptome/cryptome.o rg /

    the whole shebang is available at:
    ftp://ftp.zedz.net/pub/varia/Cryptome/
    Thanks to mb for mirror:

    http://while1.org/~xm/cryptome.tgz
    Thanks to VP for mirror:

    http://munitions.vipul.net/documents/cryptome/
  • At a certain point, the gov't must take cost into consideration. So, I stole 15 blank licenses from the DMV The gov't spent 50 for my court paperwork and an additional 200 in probation costs. hmm.......should they have just fined me instead? or not bothered? they lost money, given that each blank is 89 cents to produce. In Britain, repairing graffeti has got to be cheaper then maintaining 7 camperas on a public bus. You get my point. THe ISPs will eventually rebel due to cost. Either that, or they will try and turn over monitoring and data storage to the government.

    • Re:Cost? (Score:3, Interesting)

      by bluGill ( 862 )

      In your case yes, but consider for a moment the cost of no security whatsoever on the blanks. Want a blank license, just walk in and take as many as you want, no tracking, no chance of getting punished. Not you do you take 15 (presume that you need them for something), but everyone else does too. Now it isn't 15 blanks, it is 2,000 at a total cost of 1784 dollars. Starting to get meaningfull already. (note, the number 2000 was pulled out of the air). Now multiply that out by a few years...

      Security and prevention always comes at a cost. Insurance companys can draw fancy curves and graphs to show where your cost for secuiry (including punishing offenders, and insurance) is the least compared to your potential losses. Perhaps it isn't worth the goverment's time to do anything about the theif of blanks, perhaps it is. (I don't know how to do that analysis) At some point though you have something that costs more then it looks like it should because you can't account for the losses spending that much prevents.

    • Re:Cost? (Score:2, Offtopic)

      by stubear ( 130454 )
      Oh, really persuasive argument there chief. Crime costs too much to prosecute so we shoudl just fine the criminal and send them on theri merry way. What happens when graffiti becomes more common? It raises the cost to clean up and while it might still be more expensive to prosecute ALL those involved, it increases taxes paid by the citizens because cleanup costs have increased.
      • a lot of people like good graffiti. maybe if those who practice it didn't have to look over thier shoulder they could make something you like (i doubt picasso had a friend watching for cops as he painted). and if it becomes more common that probably means people are getting practice and getting better.

        personally, i like graffiti. i have 4 murals in my apartment, painted by local kids. i gave them the whole day to work and they did a great job. most people think of tags when they think graffiti -- tags are the knee-jerk response to a society who won't let artists finish.

        • Re:Cost? (Score:1, Offtopic)

          by stubear ( 130454 )
          I have no problem with graffiti art. If graffiti artists were hired to paint a mural in a local community on a wall set aside for this artwork, I'm all for it. What I have a problem with is vandalism. Most graffiti is nothing more than this.

    • Re:Cost? (Score:1, Insightful)

      by Anonymous Coward
      DUDE!!! ISP's already KEEP this kind of information. I'm not surprised if there is a law that says they are required to keep these logs for a considerable amount of time. Most of these logs are kept for a month, and are either ditched or archived.

      ISP's already know what number you dialed into, what number you're calling from, date, time, IP, duration of the session.

      Even with this information, it is next to impossible to track someone down using this information. Even with a court order.

      I've heard of some ISP's that won't allow your call to complete unless you un-block your number.
  • So they want these records to be held on to for longer than they are now. Bad as that may be, wouldn't it be simpler to fight the request if the information didn't get logged in huge detail in the first place? Are all of those details really necessary?

  • A ruse (Score:3, Informative)

    by Jeffrey Baker ( 6191 ) on Wednesday June 05, 2002 @06:48PM (#3649338)
    This certainly seems like the US strong-arming the EU to pass these measures. After they get passed in the EU it is much easier to get them passed in the USA.

    George Bush, President of the USA, sent this demand -- among many others -- to the EU on October 16, 2001:

    Revise draft privacy directives that call for mandatory destruction to permit the retention of critical data for a reasonable period.
    • After they get passed in the EU it is much easier to get them passed in the USA.


      Huh? How about some evidence for this? Do you think that the Kyoto protocols are going to be mandated in the US because they've been accepted in Europe? Ditto for socialized medicine? Mandated shorter work weeks? The Euro?

  • Opening for a proxy service, maybe? (Score:3, Interesting)

    by meta-monkey ( 321000 ) on Wednesday June 05, 2002 @06:50PM (#3649347) Journal
    Well, I'm a syadmin at a University research lab, and when I want to do something the University may not like on the net (visit websites that may violate AUP or something) and I don't want those nosy upstream admins to notice, I pipe it through an IPSec tunnel I set up between my lab and my home network, since my DSL provider doesn't care what I do. So, I'll login remotely and run mozilla or something on my home comp and pipe the display back through the tunnel, so all anybody between my computer at the lab and my computer at home would see is a bunch of encrypted ESP packets flowing back and forth.

    I wonder if a company in a place where laws like this don't exist (is Sealand still around?) could set up a proxy service provider, so all your traffic (or at least any traffic you don't want somebody spying on, like email, some web traffic) would be routed securely through them, so your local ISP wouldn't have anything but encrypted packets to monitor. Then they wouldn't have anything of consequence to share when the cops come knocking. I'd pay for such a service, would you?
    • Check out www.primedius.com. They provide secure surfing/proxy service similar to what you described.
  • There probably is another, more secret, document floating around Europol. In this document, they ask for
    - Every EU citizen submitting a full report each month about all Internet activity they had that month;
    - Each of those reports to be compared against the actual internet usage, by a bunch of underpaid exploited 3rd world country workers
    - Any activity unaccounted-for punished by a slap in the face with a largeish wet fish.

    When this highly secret document makes it into a proposal for EU legislation, then I'll start to petition against the proposal. Gah... If i had to worry about every little paper that fell off some clerk's desk...
    • slap in the face with a largeish wet fish

      ***twiztidlojik slaps JaredOfEuropa around with a large trout!

      It's a large trout. Go bone up on your mIRC before you post something like that again =D

  • Just horrific.... (Score:2, Informative)

    by Anonymous Coward
    Data that must be retained by Internet Service Providers:

    1. Network Access Systems - Date and time of connection of client to server - User-id and password - Assigned IP address NAS Network attached storage IP address - Number of bytes transmitted and received - Call Line Identification (CLI) - User's credit card number / bank account for the subscription payment

    2. Email servers - Date and time of connection of client to server - IP address of sending computer
    - Message ID (msgid) - Sender (login@domain)
    - Receiver (login@domain) - In some cases identifying information of email retrieved

    3. File upload and download servers - Date and time of connection of client to server - P source address - User-id and password - Path and filename of data object uploaded or downloaded

    4. Web servers - Date and time of connection of client to server - IP source address - Operation (i.e. GET command) - Path of operation (to retrieve html page or image file) - Those companies which are offering their servers to accommodate web pages should retain details of the users who inserts these web pages (date, time, IP, User ID, etc.) - "Last visited page" - Response codes

    5. Usenet - Date and time of connection of client to server - Protocol process ID (nnrpd[NNN...N]) - Hostname (DNS name of assigned dynamic IP address)
    - Basic client activity (no content) - Posted message ID

    6. Internet Relay Chat - Date and time of connection of client to server - Duration of session - Nickname used during IRC connection - Hostname and/or IP address

    7. Data that must be retained by telephone companies for fixed numbers' users: - Called number even if the call was not successful - Calling number even if the call was not successful
    - Date and time of the start and the end of the communication - Type of communication (incoming, outgoing, link through, conference) - In case of conference calls or call to link through services, all intermediate numbers - Information both on the subscriber and on the user (name, date of birth, address) - Address where the bill is sent - Both dates (starting and ending) from when the subscription has been signed and dismissed - Type of connection the user has (normal, ISDN, ADSL, etc., and whether it is for in-out calls or for incoming only) - The forwarded called number - The time span of the call - Bank account number/other means of payment - For a better investigative purpose Telcos should be able to know the nature of the telecommunication: voice/modem/fax etc.

    8. Data that must be retained by telephone companies for mobile / satellite numbers' users:- Called number even if the call was not successful- Calling number even if the call was not successful - Date and time of the start and the end of the communication - Type of communication (incoming, outgoing, link through, conference) - For conference calls or call to link through services, all intermediate numbers - Information both on the subscriber and on the user (name, date of birth, address) - IMSI and IMEI numbers - Address where the bill is sent - Both dates (starting and ending) from when the subscription has been signed and dismissed - The identification of the end user device - The identification and geographical location of the cells that were used to link the end users (caller, called user) to the telecommunication network - Geographical llocation (coordinates) of the mobile satellite ground station - Type of communication (incoming, outgoing, link through, conference) [duplicate item] - GPRS service - For conference calls or call to link through services, all intermediate numbers [duplicate item] - The forwarded called number - The time span of the call - Bank account number/other means of payment - As GPRS and UMTS work on Internet base, thus all the data above mentioned (as IP address) should be preserved - For a better investigative purpose Telcos should be able to know the nature of the tgelecommunication: voice/modem/fax etc.
    • You just recapitulated the original document. Nice formatting :-)

      Actually, most neo-fascist European UberISPs already log all the data requested in items 1-5 as most of them use (transparent) proxies for http and ftp. I wonder why the "last page visited" is so important to them, maybe they're trying to piece sessions together where a user disconnects and then logs on to another ISP. I'm not so sure about 6. IRC whether they already monitor it, but it's good OPSEC to assume that they do. Incidentally, the UberISP I'm subscribing to, actively assisted a German Pay-TV company by redirecting http-requests for a website containing hacking information to the homepage of the national police.

      I know that my telephone Ubercompany is logging all the data they ask for and in addition to that "legitimate interests" can connect at any time without having to present a warrant to their switches to listen in to all my calls. Same thing goes for my mobile phone, and say did you know that the austrian police requested and received all cell phone subscriber information of people who were either participating or just for being in the vicinity of a demonstration?

      The best kind of OPSEC in telecommunication is and always has been keeping your mouth shut.
  • Every ISP I have ever worked with has kept logs of assigned IP for dialup, caller id (when available and not cost prohibitive), email and ftp server logs. These logs are referred to when following up complaints of abuse (mainly spammers). Even if an ISP were not interested in fielding abuse complaints, they would be insane not to keep this information in the face of subpeonas and requests for cooperation by law enforcement (and lately DMCA notices).

    Why is this a violation of privacy? While the information may be handled casually in many cases, it is not published publicly. Do users really think they have an expectation of privacy in this way? Do they really think they have a right to be untracable and unaccountable for their actions online?

    I know slashdotters seem to be always fighting a losing battle for privacy, but these logs seem to be common sense.

  • Seriously, what the hell are these governments up to? Seems to me you'd have to be pretty afraid of something to mandate surveilence on the scale of what's going on in Europe these days, and last time I checked the climate wasn't right for a revolution (not enough poverty!).

    So, what's going on in Europe?
    • "Seriously, what the hell are these governments up to? Seems to me you'd have to be pretty afraid of something to mandate surveilence on the scale of what's going on in Europe these days, and last time I checked the climate wasn't right for a revolution (not enough poverty!)."

      Terrorism?
    • Right now, in most EU countries, people tend to be far more worried by corporations than by governments. Because of socialist/social-democrat traditions, governments are the normal mode of action, the solution rather than the problem. Corporations have always been seen as greedy, corrupt and destructive. Quite the opposite of the USA where gvt is always bad and free market the only true truth yadayada. Seems to me it's changing a bit on both sides of the Big Pond, courtesy of Enron in the US and looming deficits for socialized health care and retirement in the EU.

      Yet, talking about revolutions, the EU people have a much shorter fuse than Americans. Normal, the government being the solution, when things go wrong, the government must change.

  • I'm sure to get flamed for this, but they aren't really asking for that much. Let's face it, most of this information is available with verbose logs on systems. A lost of it is stuff that ISPs in the US have to keep anyway, for legal reasons and just to help with tech support.

    These are actually very reasonable requests. I work for a large company that is sometimes asked to produce some of this kind of information. Most of this is kept in our basic logs. Again, this is partly for legal reasons, but also so taht we can effectively troubleshoot problems that customers may have.

  • These records will be gold mines for .... (Score:1, Insightful)

    by Anonymous Coward
    These types of records will be gold mines for all kinds of people... political opponents, blackmailers putting the squeeze on unfaithful spouses, spies following government employee activities, stalkers, etc.

    something tells me that when some bigshot gets tagged and embarrassed by what is divulged, there will be some additional restrictions placed on what/how data can be stored and accessed.

    • Nicely paranoid, but that doesn't add up. I haven't read the directive per se, but the common way to handle this kind of data in Europe is to only make them available to law enforcement that can present a court order for the info.

      So, yes, the fact that this much data gets logged is worrisome, and I'd need some iron-clad guarantees from my government to make sure abuse is curbed before I feel comfortable with it, but it is nowhere near as bad as you make it seem.

      I will make sure to watch how my government is going to implement these directives.

      Mart

  • WISH list (Score:3)

    by nick_davison ( 217681 ) on Wednesday June 05, 2002 @07:43PM (#3649561)
    I find it odd that Europe is moving from a position of protecting a great deal of data with fairly strong laws to [storing a great deal of information for law inforcement].

    Europol != Europe. Seriously, does Chicago PD equal the US government? It's a draft of a law enforcement agency's wish list - a starting point for one side of a debate, not anything that's passed in to law. Just because the MPAA have probably had a debate along the lines of "OK, what'd it be cool if we could force on users?" doesn't mean they get it - or even ask for it.

  • Okay, there are huge privacy concerns at stake. I know that. I'm just curious what good could come from it. If that's the type of thing that can stop another 9/11 from happening, then it's possible I'd reluctantly approve of something like that.

    Unfortunately, I don't see the immediate connection between logging ftp logs and stopping terrorism. If anything, I think the MPAA or the RIAA would have more to gain than the War on Terrorism.

    So my question is, can anybody think of benfitis to this type of surveillance? I'm not looking for justification, just silver linings here and there.

    Heck, I'd love to hunt down that guy who modded me down earlier. Heh.
  • Hey. We're all in this together!
    -b

  • Who would want to retain data? I always feel bloated when that happens.

  • Don't get your panties in a bunch, michael. (Score:5, Insightful)

    by Wakko Warner ( 324 ) on Wednesday June 05, 2002 @08:14PM (#3649673) Homepage Journal
    This is a wish list compiled by an investigative police agency. What did you think would be on their wish list? A Barbie Dream House?

    - A.P.
    • wow! I made your list of worst sigs for a sig I had for a couple weeks to see if people had any ideas of how one might audit Microsoft for GPL violations. I do and I was curious.

      What didn't you like about it? Too trollish? (not judging from the response) You think it's not realistic? Or what? I wish you would have posted a comment in my journal on the subject then! Something I could have thought about (I'm optimistic about your ability to post useful criticism). Immortalizing the sig on your list (or whomever's list it is) is aweful nice though.

      yeah, offtopic...

      and don't forget, I'm not asking for your opinion because it matters... I'm just curious.
  • I would have loved a static IP back when I had dial-up, sounds great to me. The other stuff is another story.
  • Dont get me wrong I'm in for your rights as much as mine.

    but turnabout is fair game I've taken so much shiz from canadians and europeans on how my government (USA) is so evil and corrupt and the antichrist and how does it feel euroslut or canadaslut now :P

    when will you think it's a good idea to get along and not bitch and make fun of the people you relied on 50 years ago for your very existance :P

    • when will you think it's a good idea to get along and not bitch and make fun of the people you relied on 50 years ago for your very existance


      Who brought the Soviet Union into it?

  • The really scary part is that afaik Europol is under no parliamentary control at all, they can do whatever they want and eavesdrop on each and everybuddy. Knowing that you somehow don't feel like being on the western side of the iron curtain.
  • Under '6. Internet Relay Chat' they state
    Copy of the contract Bank account / credit card for the payment
    Which I say is rather odd. The style is rather weird, I haven't seen many company reports in that style, it is too informal with no reasons behind the items. If this was a white paper, then I would expect more explaination and bulk.

    Don't believe everything you read kids!

  • Europe is one of those political unions that goes from fairly liberal democracy to fascist police state without an intervening period of civilization.

Slashdot Top Deals

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"

Close