Germany Implements Sweeping Data Retention Policies

G'Quann writes "Starting next year, all communication providers in Germany will have to store all connection data for six months. This includes not only phone calls but also IP addresses and e-mail headers. There had been a lot of protest against the new law, but it was ignored by the government. Quoting: 'The content of the communications is not stored. The bill had been heavily criticized. Privacy [advocates] had organized demonstrations against the bill in all major German cities at the beginning of this week. In October there had already been a large demonstration with thousands of participants in Germany's capital Berlin. All opposition parties voted against the bill. Several members of the opposition and several hundred private protesters announced a constitutional complaint.'"

Same old shit

[unity100]

You vote some party into power, and they ignore you for 4 years and do whatever they please.

Re:Germany is officially off my list

[click2005]

The worst thing is that Germany was the best country in Privacy International's recent report.
http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-545223/ [privacyinternational.org]

The German Government is Pissed

[The Breeze]

They see the United States slowing turning to a Nazi-like state and they're determined to defend their intellectual property by returning to Nazism first.

Why is it so hard for some otherwise reasonable people to understand that in a society where everything and everyone is tracable, sooner or later those in power can spank down a few annoying people and everyone will get the idea that if they speak out, they could be next?

IP address tracking: means your ISP IP address

[adnonsense]

Just to be clear on one point: the IP address tracking mentioned in articles on this subject is the IP address allocated by your ISP, not the IP addresses you connect to. Which is bad enough, and on the basis of existing laws there was a ruling that ISPs aren't allowed to retain your IP connection history for privacy reasons.

Personally I've alway assumed IP addresses are inherently traceable, so in a practical sense this doesn't make any difference to me (except that no doubt I'll end up paying for the extra costs incurred by my ISP). It's the other stuff I find more worrying - and completely asinine at the same time, because anyone with anything to hide (including teh terrorists) will know how to work round them anyway.

Re:Fascism Anyone?

[Chabil Ha']

Truly. The real thesis of 1984 is not the constant supervision of the people, but the twisting of thought by language. The concept of Newspeak is quite interesting because it erodes people's perceptions of something that is intrinsically bad, but twists it to seem, if not completely opposite, but neutral to the communication at hand.

The constant vigilance of Big Brother was only to ensure that those who even hinted at seeing past Newspeak and the overall deception were properly dealt with.

It's time to write a nice little tool

[Opportunist]

One that just goes and creates random SYN packets, sending them to random IP addresses and ports and watching the logs go berserk in the process.

With enough people participating, one could even create a network of some sort, where successful syncs are shared and repeated by others, so actual commections (and thus log entries) are created at an elevated rate.

As my statistics prof always preached, the only thing that's worse than having too little data is to have poisoned data.

Re:Hm, I just wondered...

[Anonymous Coward]

UDP or TCP have nothing to do with this. Connections are not tracked and retained.

Actually, the authorities in Denmark are apparently requiring ISPs to retain, in addition to address allocation data, the header data (source and destination address, source and destination port number, transport protocol) of every 500th IP packet.

You may find this PowerPoint file [fu-berlin.de] an interesting read. It's from this presentation [events.ccc.de], which I higly recommend watching (MPEG-4 H.264 video file, 186 MiB) [chaosradio.ccc.de].

Re:At least they saw it coming

[Anonymous Coward]

As soon as SMTPS, IMAPS and possibly POP3S is used all this effort is just a waste of resources because the mail headers will also be encrypted. Same goes for HTTPS.

That doesn't help. The encryption is only used between the client and the server: what happens to your mail once it arrives at the mail server is out of your control. The server has decrypted the data when it received it; if it didn't, it couldn't read & write the headers. There is no reason the server couldn't dump a copy of your mail headers to a file for storage. It could also relay your mail onto another SMTP server using a non-encrypted channel.

The same goes for POP3S & IMAPS: the encryption only exists between the server and the client. You have no control over what the server does, and the mail may have reached the server via. a non-encrypted channel.

Using SSL can help prevent some man in the middle type attacks but when it's applied to an inherently store & forward protocol such as SMTP it's largely pointless.