EU Moves Forward with Data Retention 325
KokoBonobo writes "
euobserver.com reports on controversial proposals to require EU service operators to retain data about telephone calls and e-mails as part of an overall fight against crime and terrorism. The retained data would not only consist of logs, but of entire conversations and contents of the e-mails and SMS messages. This document from the European Commission's Information Society goes into further detail."
Tools (Score:5, Insightful)
Re:Tools (Score:5, Insightful)
We can shout at people that the government can read our email and chat logs, but very few people will make the move to encryption. People are apathetic and lazy - unless encrypted email and chat is enabled BY DEFAULT in the next version of email and chat programs, people won't do it.
Re:Tools (Score:4, Informative)
Re:Tools (Score:2)
If the tools were simpler to use and if a couple of law suits about how pe
Re:Tools (Score:2, Informative)
Re:Tools (Score:2, Interesting)
The majority of people don't care about this. All too often have I raised the question of whether society is getting too "big brother"'ish - most responses I get indicate that the average Joe is ready to give up personal freedom in order to feel just a little bit safer.
That's just the way people see it.
Re:Tools (Score:3, Insightful)
I have no problem giving up a little bit of personal freedom for a genuine increase in safety (e.g. drunk driving laws, fire regulations) but trading freedom for the illusion of safety provided by airport spot checks and the like just doesn't fly with me (so to speak).
Re:Tools (Score:3, Informative)
Re:Tools - But Even Then... (Score:5, Informative)
In The Netherlands (and also the UK), a person can be forced to assist the authorities to decrypt information (i.e. supplying them with the key). If you refuse to cooperate, you could face a hefty fine, or be put in prison (depending on whether the police, or the intelligence services give the order).
The only alternative seems to be anonymous multi-hop networks that use onion routing; in those cases, you cannot cooperate (when it's not your own communication), since you don't have the key. And on top: purely from network traffic, eavesdroppers cannot determine whether a given packet is yours or (more likely) someone elses. These networks exist, but are still in their infancy; they don't support a full /. crowd yet. So I won't mention the name here; if you're savvy enough, you'll find its name on Google (maybe) or Freenet (certainly).
The whole terrorism witchhunt has seen 1984 approach rapidly. This must be fought. If it happens anyway, at least I can sleep with a clear conscience, since I fought in the war...
Probable Cause? (Score:2)
Re:Probable Cause? (Score:2)
in the UK they wanted to give civil servants arbitrary access, that means the guy in the social security office could just tap your name in and browse your emails, sans warrant, sans anything, just if he felt like it
luckily it was quashed but not without quite an effort
Re:Probable Cause? (Score:2, Informative)
Also there's the fact that MI5 got their bulk monitoring thing introduced in an amendment a few months after RIPA passed, after dropping it because the bill was going to be defeated because of it...
Re:Tools - But Even Then... (Score:4, Insightful)
If the police are searching your house (with a warrant) and they find a safe, there are rules about when they can and cant force you to open that safe.
The same rules should apply to any ecrypted information they find.
For example, if they have an encrypted email or file, the same rules should apply as apply to them finding a safe in your house.
As for this new data retention crap, are the cops going to pay for the huge servers and disks required to hold all this information? And the people to keep everything going?
Re:Tools - But Even Then... (Score:5, Insightful)
Of course, any drug-smuggling terrorists with a penchant for child-molesting will immediately surrender the keys to incriminating information. Why would he take up to three years vacation at her Majesty's pleasure for encryption, when he could easily get 18-25 or even life for his real offences?
It's because of well thought out, useful laws like this that crime is virtually unheard of on our sunny islands! Thank you New Labour!
Re:Tools - But Even Then... (Score:3, Interesting)
What if you suddenly forget your passphrase? This can plausibly happen in extreme stress situations, such as being arrested, interrogated, and/or threatened to be put in prison.
Re:Tools - But Even Then... (Score:2)
Re:Tools - But Even Then... (Score:2)
Re:Tools - But Even Then... (Score:3, Insightful)
There is a witchhunt - basically a
Re:Tools - But Even Then... (Score:3, Insightful)
Re:Tools (Score:3, Interesting)
France and encryption (Score:2, Informative)
As in the United States, France has long classified encryption as a military or dual-use technology, and accordingly restricted its export. It received special treatment in a small flourish appended to the 20-page telecommunications law of December 29, 1990. Article 28 of this law required government permission for any use of encryption.
No immediate action was taken on what the French refer to as "the December 29 law," but six years later a more comprehensive bill was passed. This July 26, 19
Re:Sure. Great. (Score:2)
Jeroen
Rules are made to be broken... VOIP loophole? (Score:5, Insightful)
Already it's easy to see how existing technologies could be used to effortlessly circumvent the proposals.
"Telephone calls", does this cover Skype? Does it cover VOIP in general which is just data passing over the network and could always be wrappered, encrypted, or routed via several points (to ensure no single intermediary could capture the whole conversation).
It's great that our politicians can find ever increasing ways to enforce a climate of fear whilst wasting the monies that could help alleviate problems fced by the citizens that they represent.
Damn! Now I've posted what do I do with these mod points!?
Re:Rules are made to be broken... VOIP loophole? (Score:2, Insightful)
The tricky thing is.. while such legislation is targeted at big crimelords and terrorists, it is more likely that the data will instead be used against the civilians with petty crimes. I am not saying that the petty criminals don't deserve it though.
Re:Rules are made to be broken... VOIP loophole? (Score:3, Insightful)
Anyway, my key point to the quote is - circumvention is an act of having something to hide. And if one has something to hide, chances are, whatever one is hiding is likely to be more valuable information.
You see, there are people that lives thinking they have nothing to hide, so they do not see any need to circumvent. And these are the group of people that will be unfortunate target of this legislation if they unwittedly performed petty criminal act.
So, th
Re: (Score:2)
Re:Rules are made to be broken... VOIP loophole? (Score:2)
I Farted!!!!! (Score:3, Funny)
Now you have to retain this comment in this thread in order to combat terrorism or something.
So much for European data privacy (Score:4, Insightful)
Now I know the Belgians can speak French. If they can't communicate properly, this data retention law isn't going to help at all. What would help is for the various member states to get their act together and start working together more closely on international crimes.
Why don't they just use Echelon? (Score:2, Funny)
No need to duplicate!
Re:Why don't they just use Echelon? (Score:2)
The United Kingdom is a member of echelon with fill rights to the data gathered. Seeing as they're a member of the European Union, one'd think they'd be the ones being asked...
Even Encryption won't help in the UK (Score:4, Informative)
Moderate this comment
Negative: Offtopic [mithuro.com] Flamebait [mithuro.com] Troll [mithuro.com] Redundant [mithuro.com]
Positive: Insightful [mithuro.com] Interesting [mithuro.com] Informative [mithuro.com] Funny [mithuro.com]
Re:Even Encryption won't help in the UK (Score:2)
You can still "forget" that 35 letter password of yours.
Re:Even Encryption won't help in the UK (Score:4, Informative)
Re:Even Encryption won't help in the UK (Score:2)
It should be up to them to prove you havn't forgotten it.
Re:Even Encryption won't help in the UK (Score:3, Insightful)
Probable Cause (Score:2)
Re:Probable Cause (Score:2)
They're allowed to issue their own orders. There is no judicial oversight of the process. The requirement for evidence that you actually can comply with the order is that they show reasonable grounds to believe it, not that they prove it beyond reasonable
Re:Even Encryption won't help in the UK (Score:2)
as said, people forget passwords, etc.
All it takes is one high court case, observed by our sensationalistic media, and that law will be consigned to the gutter.
Re:Even Encryption won't help in the UK (Score:2)
Fortunately, although I live in the British Isles, I don't live in the UK - and the RIP act was never passed here.
Re:Even Encryption won't help in the UK (Score:5, Informative)
The law includes secrecy provisions. Anyone charged under it will have their hearing in a closed session, and are strictly prohibited (penalty of 5 years imprisonment) from informing anyone other than their lawyer, so media coverage seems unlikely.
(4) A person who makes a disclosure to any other person of anything that he is required by a section 49 notice to keep secret shall be guilty of an offence and liable-
(a) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine, or to both;
(b) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum, or to both.
Re:Even Encryption won't help in the UK (Score:2)
Re:Even Encryption won't help in the UK (Score:2)
my own direct experience on this topic (Score:5, Insightful)
The one representative who was supposed to speak in favor of it never showed up (remember Inger Marie Sunde?), nor did she send a replacement. Now what kind of message does that send? It gives the impression of "the majority doesn't care for long-term storage of traffic data, but we don't care what the majority thinks. We're going to impose our way on you whether you like it or not."
Re:my own direct experience on this topic (Score:2)
Re:my own direct experience on this topic (Score:2, Insightful)
You are not "the majority", nor are the majority of people on /. "The Majority" are shit scared of all sorts of things that governments and media have whipped up stories about. A lot of them aren't on the internet and couldn't care less about your rights, as long as they can still sit in front of the footba
I find it all quite amusing really.... (Score:5, Insightful)
"You mean we're gonna need how much disk space exactly?". "We're gonna have to invade which small nation just to get enough physical space to store all this stuff?".
Worry not, it will blow over soon enough :-)
Re:I find it all quite amusing really.... (Score:2)
It should all fit in Liechtenstein [liechtenstein.li]. If not there's Luxembourg [luxembourg.lu].
not that bad (Score:2)
Second, it states that data should be kept only as long as needed for billing and such, unless there is a specific request from the authorities to keep other data (and only data from the date of the request onwards). The text lists valid reasons for retention as investigations and prosecutions, so a lot hangs on the fairness of the legal process.
This is not necessarily a bad thing, the authorities should be allowed to look for evidence in a criminal case. However
you've missed something... (Score:2)
This is the way things are now. The proposal is to keep all traffic data for at least a year, if not longer. I've read in some places that they want to keep data for up to seven (!!) years!
See what small-print does... (Score:2, Informative)
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
Can't really argue with that, but in in the European Convention on Human Rights it becomes
Article 8:
1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and i
If you're not a terrorist, go ahead and encrypt... (Score:3, Informative)
Encourage the use of the OpenPGP standard by supplying others with your public key [wikipedia.org] and encouraging them to use it.
Using encryption does not often complicate traffic analysis, but it can keep them from reading your private communications. Be sure to remind people that email subject lines are not encrypted and should be condidered carefully. I often use something like
Subject: This space intentionally left ______________
Here's some boilerplate: [there's breakage on the 5th link - be sure to correct]
Do consider Thunderbird
http://www.mozilla.com/products/thunderbird/
http://www.mozilla.com/products/thunderbird/why/
for both yourself and your clients. It's really a wonderful product
and has spam handling built right in. Unlike Outlook(TM) it is open
about where it keeps your email (not hidden and difficult to export)
and is not so susceptible to worms and email nastiness such as scripts
that run without hindrance. Many a spyware app has been installed
further contributing to the spam problem due to people running just
that piece of software. Don't help the spammers. Reclaim your inbox.
It supports Enigmail: ( email envelopes you don't have to lick! )
http://enigmail.mozdev.org/
http://www.moztips.com/index.php?id=87
http://dudu.dyn.2-h.org/nist/gpg-enigmail-howto.p
I've attached my public key [ 0xYOUR_FINGERPRINT ]. I prefer to receive
secure mail. I've got nothing to hide, but I don't like using
postcards for all my USPS/post correspondence either. Regular email is
like using postcards on the internet. Any postal worker along the way
can take a look ( have a look at email "headers" sometime; every hop
you see is a place where your email is stored on a hard drive. )
Please use an envelope when communicating with me. It won't even cost
you a stamp. I value your privacy as much as I hope you value mine.
How to Get Encryption Going on Windows [wolfram.org]
There's no need to keep my public key a secret. Feel free to give
it away or put it on a telephone pole; write it in the sky if you'd
like. It's available on the web. The more people that have it the
better. Use it to seal your envelopes when sending me mail. I've got
the only other matching key (my private key, opposite the public key
I've given to you) that allows me to unlock the envelope. You can
even lock an envelope so that multiple people can unlock it on their
own, but nobody else can read what you've sent them.
You can also find keys for me here:
http://www.biglumber.com
Please try it out. Be glad to help you get started.
Re:If you're not a terrorist, go ahead and encrypt (Score:2)
So if you want to keep compatibility with friends using 'that other product' that doesn't have a PGP plugin, s/Mime might not be a bad idea. AFAIK it's as secure as SSL.
You need a signed certificate that can be obtained free of charge from Thawte:
http://www.thawte.com/email/index.html
X.
Free S/MIME certs (Score:2)
Free certs can be had at CAcert.org [cacert.org] as well. Not only will they give you a free email cert, they'll give you a SSL cert for your web site, sign your PGP/GPG keys with their signature and they even allow you to login to the site with a certificate (no password needed to update your info or log
Re:If you're not a terrorist, go ahead and encrypt (Score:2)
Just enclose them in a <URL:....> tag. It's quick. It's easy. It gives a working link without spurious spaces. Look at the example in "URLs" below the text box when you next post a Slashdot message.
It won't work (Score:2)
They might communicate by using say plain English mentioning good harvests or talking about recent events, yet the meaning could be that material was delivered or that "their latest mission" was successful or otherwise.
A terrorist's message could be..."Did you hear about thet flood that made people's lives in country X very miserable..."? The hi
It's all about the priorities... (Score:2)
Personally, I'd take the corporations any day over the U.S. Government. But what do I know? I'm just an American
Re:It's all about the priorities... (Score:3, Interesting)
Don't forget eBay's statement from last year: "If you are a law-enforcement officer, all you have to do is send us a fax with a request for informa
Tips on running a successful Freenet node (Score:2)
Info on FreeMail as well. Totally anonymous and encrypted mail system: http://slashdot.org/comments.pl?sid=127703&cid=106 81546 [slashdot.org]
It affects more than just the EU (Score:2)
Tell me, Mr. EU, (Score:3, Funny)
Re:Tell me, Mr. EU, (Score:2)
And that includes messages encrypted using codes like "Mission completed" means "I have sold my old Ford and bought a BMW instead".
Most laws are unenforceable. Its about 200 years since Dickens said "The Law is an Ass", and it definitely has NOT got better.
Re:Tell me, Mr. EU, (Score:2)
What's next? (Score:3, Insightful)
As well, history has repeatedly shown that it is just a very small step from storing personal information to abusing it to repress the masses. Maybe good intentions, but very dumb dumb people.
Those that are willing to trade freedom for security, will get none and deserve neither !
smells of 80's eastern europe (Score:2, Insightful)
It has been said a million times before.... (Score:2, Interesting)
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
Benjamin Franklin To the world governments:
Please Leave us ALONE. Your forms of protection, infringe on our freedoms, maybe there wouldn't be a terrorist issue if you weren't so controling. Maybe if you didn't try to impose your morals on the rest of the world, there would be no reason to "rise up against $nation".
Where, at what point, did things go wrong?
I
Government gets me thinking. (Score:2, Interesting)
As soon as they put obstacles in our way we must find ways around them.
Where has this data been used before? (Score:2)
I think most of this data has been used after the fact, when they have a starting point and want to find out who a person has been communicating with. I don't think this will make anyone safer, but it might be handy after th
Re:Where has this data been used before? (Score:2)
Nobody cares... (Score:3, Interesting)
Anyway, I've all but given up, except I digitally sign (s/mime) all my mails and I've a pgp key that I'll use when requested.
Now digitally signing my mails may not seem like much, but I don't know a single other person (Nerds/Geeks or not) that has a digital signature, so I can't encrypt (I've one work colleage with a pgp key). But sometimes somebody asks me what that strange symbol by my mail is about and I have an opening to talk a bit about security (I often add something about spam), but I still haven't managed to get a single other person to get a digital signature.
Not that I've anything sinister to mail about, but I just want to keep those NSA servers busy. Trying to break a 2048bit key, just to get to a message about soup.
Re:Nobody cares... (Score:4, Interesting)
Select the SSL/TLS options on your SMTP, IMAP and POP sessions to your mailserver. Mozilla/Thunderbird has full support for SSL/TLS, and I think most other modern email clients do as well.
If your mailservers don't support SSL/TLS, ask the admins to enable it. If they refuse, switch to ISPs that do. (Speakeasy supports SSL/TLS for IMAP and SMTP.)
Run your own personal SMTP server and enable the STARTTLS option. Most SMTP senders -- even many spammers! -- will automatically invoke the STARTTLS option if the server advertises it. This finally turns spam into something useful -- a constant background stream of encrypted fill traffic from all over the planet. What better way to thwart traffic analysis?
Configure your own webservers to support https. Make it available for all your webpages, not just the "sensitive" ones.
Use SSH for all remote login/file transfer between machines on which you have accounts.
Web surf over a SSH tunnel into a shared proxy cache with logging turned off.
Set up IPSEC in opportunistic mode.
If you have a flat-rate broadband connection, run background scripts to ship big random files to your friends with various P2P applications. Set up a traffic-shaping router and configure it to give low priority to P2P traffic so it won't bother your foreground activities.
Sure, it would be a lot better if you could convince everybody you exchange email with to encrypt everything on an end-to-end basis with S/MIME or GPG/PGP, but this stuff is quite doable and it's a lot better than just giving up on your privacy and security.
Re:Nobody cares... (Score:2)
Here's a scenario: I communicate via email a bit. Most of what I say isn't really sensitive, but I still wouldn't like the whole world to know about it. I know that in theory anyone can read my email, but I also know that no one cares about me; I'm lost in a sea of faceless unimportant people. De facto anonymous, if you will.
Good enough, but being somewhat politically conscious as a result of spending al
A few numbers (Score:5, Interesting)
There are over 100 million broadband users in the EU - plus countless milllions of dialup users - but we'll ignore the dialuppers too for the moment.
Now I download about 300Gb/year and upload about half that. So we'll say about 400Gb/year of traffic. Now I know that they only have to log the traffic and not store everything I download/upload (although that would make for a more amusing example) so let's make it 1/10th of that actually required to log all my data (40Gb).
That's 3.7 Exabytes of data per year for all the broadband users in the EU alone. Assuming they haven't changed the proposal too much since I last read it, they required storage of data for 7 years, that's ~26 Exabytes of storage required to hold all this stuff.
How the hell do you find anything of use in 26 exabytes of data?
Re:A few numbers (Score:2)
Re:A few numbers (Score:3, Funny)
Re:A few numbers (Score:3, Informative)
You need to keep traffic logs. That is not the 300GB/year that you download, but the list of files that you download. Assuming that the average file is larger than its name, this is substantially less data.
Re:A few numbers (Score:2)
Now I know that they only have to log the traffic and not store everything I download/upload (although that would make for a more amusing example) so let's make it 1/10th of that actually required to log all my data (40Gb).
Now even assuming that each user only generates 40Mb of data a year in logs - which is rubbish as my firewall logs alone are 200Mb+ a day - you're still looking at 26 Petabytes of data, which just as impractical to sift throug
will this be enough? (Score:3, Funny)
A Subject (Score:4, Insightful)
backup (Score:2, Funny)
Re:backup (Score:2)
Copyright? (Score:2, Funny)
What they haven't even thought about (Score:2)
Say Mr. Jones uses his Albania Online connection to send an e-mail to Mr. Smith. Mr. Jones' e-mail server, however, is located on Mbwawanga Island in Mbwamwere, and Mr. Smith's e-mail server resides in his living room.
If we assume that Albania Online is obligated to store all e-mail and voice traffic that even passes through its network for an extended period of time, we can also assume that after said period, there will, of course, be
Is anyone else tired of that Buzz word.. (Score:2, Insightful)
Broad danish implementation (Score:3, Interesting)
So if you run a block, you need to track, register and store everyone who makes a comment on you page.
If you run a BulletinBoard... same applies.
Run a chat or mailinglist? Ditto for you.
Do you run *any* kind of server (apache, irc, cvs, ftp, mailinglist etc.). You're not excused.
In short: every citizen is obliged to keep records of friends, family etc. whereabouts.
Welcome to Stasi-land!
Re:Encrypt your data/files (Score:5, Informative)
That's not to say that encrypting your files isn't a good idea, just irrelevant in this case. Use of PGP/GPG for email, however.. in this case, is a bloody well fantastic idea. If everyone you communicate with has a key pair, you just have to remember to encrypt (and, if you aren't completely braindead, sign) everything you send and you'll have one less things to worry about. Keeping your web traffic under wraps might be a little more difficult.
I just need to find a cheapass CA (or track down the requisite software to do it myself) and I'd be happy as a clam. Of course, the challenge would be convincing everyone I know to start using it, as well. Although, at least that way I could make a certificate for my own servers so that, when I eventually do get my own server up and running, I can keep all traffic using https.
Re:Encrypt your data/files (Score:2)
Transmitting emails using PGP is one way to keep your information private. Encrypting disks just adds to your privacy by making personal information private as well.
With all the litigation thats going on, including raids on Kazza & IndyMedia servers, keeping information private is a serious concern.
Re:Encrypt your data/files (Score:2)
Furthermore, regarding the raids on KaZaA and IndyMedia servers, the fact that the physical locations of these servers was made available could not possibly be the fault of the operators of the servers; it's that the ISPs were pressured/subpoenad (sp?) into revealing said information.
Re:Encrypt your data/files (Score:2)
Re:Encrypt your data/files (Score:2, Interesting)
I'd rather trust PGP than any government-recommended scheme any day. Take Clipper ; the inbuilt key escrow killed it from day one - even PHBs were not going to bend over for that one, given the record of gov.us in the matter of taking foreign trade secrets by surveillance and using them to benefit domestic companies.
Re:This is new.... (Score:3, Insightful)
Instead of st
Re:This is new.... (Score:2, Insightful)
Well now, there are quite a lot of other reasons for getting the EU - actually the main reason for starting this in the first place, is to prevent future wars.
European countries have been fighting each other for as long as anyone can recall - making the countries depend on each other for sales purposes is a stroke of genius; most wars are about money/power, but nobody as lobbying for war
Re:Or... (Score:2)
the Patriot Act
Re:EU 1984? (Score:2)
Re:EU 1984? (Score:3, Informative)
Re:EU 1984? (Score:3, Interesting)
Re:EU 1984? (Score:5, Insightful)
I have a newsflash for you. You are a victim of the old trick that has been repeatedly used by national politicians to pass necessary, but painful reforms: "the EU made me do it". What they don't tell you is that they made the EU make them do it.
The so-called "democratic deficit" in the EU is a myth. The EU executive is currently shared between the European Commission and the European Council.
The Council is made of all of the elected national heads of government, or the appropriate ministers (depending on the issue).
As for the Commission, it is appointed by the heads of government, which is hardly less democratic than, for instance, the (directly elected) French President appointing a Prime Minister from the majority party in the Parliament. Moreover, just as a national government, the European Commission has to be approved by the Parliament. Remember how Mr Santer was forced to resign, or how Mr Barroso was forced to remove contested Commissioners because he'd have failed the confidence vote otherwise?
If you remember the EU software patent debacle, the non-democratic decision (i.e. not giving a flying f#ck about the EU Parliament) was made by the European Council, i.e. the government of the member states that the EU citizens themselves elected!
It is high time the disinformation stopped. While I would welcome a major increase in the Parliament's powers, the EU executive is definitely held accountable. The current situation is not a "democratic deficit", but rather excessive powers in the hand of national heads of state.
By the way, I'd trust the Commission much more than my own national government... Give me a Prodi over a Chirac or a Berlusconi any day.
Re:EU 1984? (Score:2, Insightful)
Re:Storage for all those conversations (Score:2)
This is one of the main reasons why telecom companies are opposed to long-term storage of data. They're the ones who are going to have to foot the bill, as politicians would never raise taxes to pay for this. The burden of costs will end up on the consumer, which in the long run is bad for business, profits, etc.
Re:Wrong numbers (Score:2)
That's 200 Billion SMS messages, times 7 years. Even at only 1kb per message, that's 1.3 Petabytes just for SMS messages - and that's a conservative estimate.