Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Government The Internet News Your Rights Online

EU Data-Retention Laws Stricter Than Many People Realized 263

An anonymous reader writes with a snippet from the Telegraph: "A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months."
This discussion has been archived. No new comments can be posted.

EU Data-Retention Laws Stricter Than Many People Realized

Comments Filter:
  • yay! (Score:4, Funny)

    by x2A ( 858210 ) on Monday April 06, 2009 @04:55AM (#27473255)
    First po<a href="http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105
  • Broken summary (Score:5, Informative)

    by Norsefire ( 1494323 ) * on Monday April 06, 2009 @04:56AM (#27473257) Journal
    The summary is completely broken which should be easier to notice than dupes? Anyway, it is supposed to say (from the Firehost article those to lazy to click):

    "A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months. Police and the security services will be able to access the information to combat crime and terrorism. Hundreds of public bodies and quangos, including local councils, will also be able to access the data to investigate flytipping and other less serious crimes. It was previously thought that only the large companies would be required to take part, covering 95 per cent of Britain's internet usage, but a Home Office spokesman has confirmed it will be applied "across the board" to even the smallest company."

    • Re:Broken summary (Score:5, Informative)

      Once again, for those who didn't get the top-level reply: I think this is the story Slashdot is attempting to post [telegraph.co.uk].
    • Re:Broken summary (Score:5, Insightful)

      by Anonymous Coward on Monday April 06, 2009 @05:24AM (#27473445)

      The EU directive is not that strict, but the law in EU countries might be. An EU directive is not a law by itself, it is a directive to enact a law. The EU members can exceed the requirements of the directive, and if the UK has enacted a law which requires ISPs to store web URLs, then the UK has clearly "overaccomplished" (surprise surprise...)

      • Re:Broken summary (Score:5, Insightful)

        by KDR_11k ( 778916 ) on Monday April 06, 2009 @06:49AM (#27473885)

        Yeah, from what I read the German implementation only requires ISPs to retain the connection data to their service, i.e. when someone was connected, what IP he had then, etc. Stuff you'd have thought they were retaining anyway. For phones the requirement is to retain a log of all phonecalls, again something I'd expect them to do for billing and traffic analysis alone already. What did get people up in arms was the idea to install malware to monitor computers but the guy who proposed that seems to be enamoured with the idea of rebuilding the Reich anyway.

        Of course I might have missed some later additions if they happened. Wish the Brits good luck with their web browsing logging and hope the citizenry will get some HTTP noise makers (connecting to random websites a lot) to make the logs truly useless.

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          when someone was connected, what IP he had then, etc. Stuff you'd have thought they were retaining anyway. For phones the requirement is to retain a log of all phonecalls

          One of the Colombian drug cartels used to collect this kind of information in order to catch informants. They were very successful with it for some time and people who called the officials (Colombian or US) tended to disappear. What if a drug gang or a mafia would get this information in Europe?

      • by pjt33 ( 739471 )

        The word "strict" isn't the most useful one here without qualification. I read the title as saying that the safeguards were stricter than people had assumed. IMO the title would be improved by s/Strict/Broad/.

      • Re: (Score:3, Insightful)

        by Cyclops ( 1852 )

        The EU directive is not that strict, but the law in EU countries might be. An EU directive is not a law by itself, it is a directive to enact a law. The EU members can exceed the requirements of the directive, and if the UK has enacted a law which requires ISPs to store web URLs, then the UK has clearly "overaccomplished" (surprise surprise...)

        The data retention directive specifically says they must retain elements that identify the origin and the destination.

        Please read it [europa.eu]. The level of fachism scares me.

        From what they demand to storing URLs, is merely a matter of semantics, and the danger of that being done was predicted long before the directive was approved.

        The Data Retention Directive is the equivalente to having a spy per citizen, noting down who he talks with, where and for how long.

        Would you accept this in real life? No. Why do you accept

    • I actually thought it was supposed to mean "retain information on links you visit, like this one"
    • Re:Broken summary (Score:4, Insightful)

      by digitalderbs ( 718388 ) on Monday April 06, 2009 @07:19AM (#27474017)
      We bother to read slashdot -- shouldn't the editors? Many (most?) of us take more care in posting comments than the editors do in reviewing summaries. Presumably, these are paid positions. Is it really that hard to find motivated and competent editors? College freshmen will do.
      • by mcrbids ( 148650 )

        I would have agreed w/you a year or two ago. OMG! Another dupe?!? WTF do these monkeys DO when they are busy 'working'?!?

        But then I saw the firehose andplayed with it for a while. It dramatically changed my mind, and explains why sites like digg often seem like broken records, with the same stuff getting front paged over and over every few days/weeks/months.

        Imagine seeing the same thing, over and over and over again, worded slightly different each time. Did you see that story before? Well, yes you did. It i

  • Internet records to be stored for a year [telegraph.co.uk].

    Thanks, I'll be here all week.
  • by krou ( 1027572 ) on Monday April 06, 2009 @05:12AM (#27473369)
    If all they have to retain is an a href link to an article on the Telegraph, I'd rather call that a victory for privacy campaigners everywhere.
    • I wish my clients would be satisfied with me retaining an anchor to their fileserver shares? Would make backing things up much easier if thats all they required when they requested 2 week data retention.

  • Watchon (Score:2, Insightful)

    by samatas ( 1067350 )
    All but Content, will be kept in a Teleco archive says... My foot I say... Who watches the watchers dear? Spam might proove usefull after all! Three witches watch three Swatch watches. Which witch watches which Swatch watch?
  • by MrMista_B ( 891430 ) on Monday April 06, 2009 @05:22AM (#27473431)

    You were here to see it.

  • by Anonymous Coward on Monday April 06, 2009 @05:23AM (#27473439)

    Thanks for your nation building projects, Eurolovers. Now you have gotten us the panopticon state, and it is never going away. Surveillance, once implemented, has never in history been cut without social upheaval.

    • by Halo1 ( 136547 ) on Monday April 06, 2009 @05:51AM (#27473605)

      While the adoption of the data retention directive was a perfect example of backdoor decision making (to the extent that its rapporteur in the European Parliament had his name removed from it, because he did not want to be associated with the outcome), it's naive to think that without the EU this would never have happened.

      In fact, Ireland already had such laws before the directive was adopted, and has been fighting the directive before the European Court of Justice because they have to *weaken* their current implementation to comply with the directive (no, this does not demonstrate how great the directive is, only how repugnant the Irish data retention laws are).

      Belgium was also working on such legislation, but suspended that work when the directive was introduced, and is finishing it up now. Those are the two examples I know of, but I'm certain there are/were more.

    • by FourthAge ( 1377519 ) on Monday April 06, 2009 @05:51AM (#27473613) Journal

      Data retention is optional in mainland Europe but mandatory in Britain [blogspot.com]. The UK Government are using the EU to implement the laws they want, and then blaming those laws on Brussels. Our taxes, hard at work - when we're not paying for their second homes, we're paying for surveillance and the PR that sells the need for it to the main stream media. And through all this, they still have the brass balls to tell us that talk of a police state is daft [guardian.co.uk]. Where does it end? All you US'ians who have complained about Obama or Bush - consider how much worse it would be if you lived over here.

      • by Halo1 ( 136547 ) on Monday April 06, 2009 @05:58AM (#27473653)

        Data retention is optional in mainland Europe

        No, it's required in the entire EU by the directive. However, the directive does not lay down many limits, but mainly imposes some minima.

        As a result, law enforcement agencies in many countries have been having constant wet dreams ever since and are pushing with all their might to extend the national implementations (massively) beyond those minima. While even those minima would already have made the STASI green with envy...

    • It's the brits that are always pushing Europe into their nightmare surveillance society. No other country in Europe has nowhere near as many CCTV cams, by several orders of magnitude.
      As far as I'm concerned, you can GTFO and keep your Thatcher (isn't that witch dead already?) and your Coalition of the Willing to Bend Over.

    • by Shakrai ( 717556 ) on Monday April 06, 2009 @08:39AM (#27474519) Journal

      Surveillance, once implemented, has never in history been cut without social upheaval.

      Time for social upheaval then.... oh wait, American Idol is on, can we do it after?

  • by Chrisq ( 894406 ) on Monday April 06, 2009 @05:25AM (#27473451)
    From the story [telegraph.co.uk]:

    Hundreds of public bodies and quangos, including local councils, will also be able to access the data to investigate flytipping and other less serious crimes.

    So how many people will post on a website or email their friends to say "we just dumped the old sofa in someone's driveway"?

    • by krou ( 1027572 ) on Monday April 06, 2009 @05:56AM (#27473635)

      That argument is a load of rubbish (excuse the pun).

      How this can possibly be used to investigate fly-tipping is beyond me: the contents of the emails aren't going to be stored, just header data such as sender, recipient, date, time, and IP addresses. What possible value can this have in identifying a fly-tipper?

      If anything, it will be used as a strategy of "guilt by association". If you were in contact with someone that gets picked up for benefit fraud, or some other crime, be prepared to get investigated.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      For those not getting the British jokes:

      • Flytipping [wikipedia.org] is a British term for illegally dumping waste somewhere other than an authorised landfill
      • Quango [wikipedia.org] is an acronym for QUAsi Non-Governmental Organisation
  • Question (Score:5, Interesting)

    by robably ( 1044462 ) on Monday April 06, 2009 @05:28AM (#27473477) Journal
    If I'm using Gmail for email (using SSL) and am in the UK, does this directive affect my email?

    Obviously my ISP won't be able to read the headers and Google is a US company, but is my data still stored in the UK and if so does it fall under the directive?
    • Re: (Score:3, Interesting)

      by wvmarle ( 1070040 )

      I would be more worried if you are an small business and are running your own simple web site and e-mail server for you and your three employees, and using the connection to connect your local LAN to the Internet.

      Are you an ISP then? Do you have to keep records of all your e-mail traffic? Including actual messages and spam? What if law enforcement or who-ever comes to have a look for it? In what format are you supposed to give the information? Raw postfix log enough?

  • by Anonymous Coward on Monday April 06, 2009 @05:34AM (#27473511)

    Does anyone know how this is supposed to be implemented and how it relates to "arbitrary" data passing through the system? For example, email "headers" are supposed to be logged. One might imagine this being done by logging smtp, pop and imap transactions. But given that almost everyone I know uses webmail these days, and given that web traffic (presumably monitored using transparent proxy servers) is only supposed to have the URLs logged, not content, how does that stack up -- especially when you throw SSL into the mix? Are ISPs legally required (even if it's technologically unfeasable -- that's never stopped the law) to inspect HTTP transactions to see if it's webmail passing through, and log the recipients? Or is this just a humungous loophole for webmail hosted outside of the jurisdiction? Also: how does it affect non-UK citizens whose services are hosted by a geographically-distributed provider who might have nodes in the UK or at least the EU?

    • Re: (Score:3, Interesting)

      Its a bit like filtering urls with child porn in Australia. If somebody sends CP to a gmail user in Australia will the blacklist include the URL for the image download forever? Will they blacklist gmail because it is used to distribute pornography?
    • Re: (Score:3, Interesting)

      by jimicus ( 737525 )

      I imagine you'd monitor what happens on the backend rather than the HTTP traffic - which may well still be POP or IMAP.

  • by houghi ( 78078 ) on Monday April 06, 2009 @05:38AM (#27473533)

    This is so obviously not about preventing terrorism or saving the children.

    All it is is to give the police an easy tool to bring proof to whomever they want. Also this cost will be higher your ISP bill, as they are the ones who must pay it. The provider XS4All used to have a counter on their pages on how much data they would need to retain and we are talking about enormous amounts of data.

    The excuse why this must be done is often that the police is able to get your phonecontacts from the telecom operator (after legal intervention).

    There however is a huge difference. The reason that the data of who you called is available is because of billing. Somebody must pay the call you made, including those to 800 numbers. So what they do is ask to see (part of) their bill.

    This is different in such that they not only enforce measurements to be taken by companies, they also make it almost so as if telecom operators would record each and every conversation.

    What they should do is, just as with telecom, ask for billing information and if they think there is more to it, listen in on the connection. Oh well, everybody is guilty untill proven innocent, no matter that the law tries to tell you otherwise. Well, unless you have a lot of money, then you are innocent.

  • To retain a href="http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105 ...?

    Oh, I get it. Haha. Nice late April Fool's joke, Slashdot!

  • by Aceticon ( 140883 ) on Monday April 06, 2009 @05:57AM (#27473639)

    The country is full of terrorists, child molesters and subversives and something has to be done about it.

    This being the UK, government needs to be able to track down and follow dangerous people that might endanger the social and political stability of the country, like: members and supporters of anti-war movements, ecologist movements, free-speech/privacy movements, Tories, Lib Dems, Scots, Welsh and Irish nationalist parties, teenagers ('cause of knife crime), investigative journalists, anybody that makes request under the Freedom of Information act, people that complain about the government, anybody that talks too loud in a 1 mile circle around Parliament, whistle-blowers of government wrongdoing and more.

    As usual our masters, being wiser than everybody else, have gotten their laws passed using the EU so that they can blame it on the European Union - a trick that always works with the unwashed masses around here.

    All hail the fascist-Labour party!

    [Having been born in a country under a fascist dictatorship and having been raised hearing my family's stories about it, it's impressive how things in the UK are slowly moving towards a modernized version my mental image of how it was - in the UK we now even have police adverts pretty much telling people to denounce their neighbors.]

    • by clickclickdrone ( 964164 ) on Monday April 06, 2009 @06:07AM (#27473693)
      You forgot photographers - they're dodgy too. Especially he ones that try to photograph policemen or any public buildings visible from the road. Evil they are I tell you, evil!
      • by jonwil ( 467024 )

        Its not just the UK that is fighting the "war on photographers".
        I was taking photographs of local buses here in Perth, Australia and got pinged by a security guard who initially claimed I was a peeping tom (because I was in a location where lots of people were walking past, never mind that taking photos of people walking down the street for private purposes is NOT illegal) and then after looking at the bus photos on my camera claimed that taking photos of buses was a violation of "anti-terror laws", took my

        • Re: (Score:3, Informative)

          Yep. I know someone who had the police go around his house and ask his wife 'does your husband have any unusual hobbies?' then added 'we've had reports of him photographing children'. It turns out he was taking photos of buses (he's a public transport nut - buses, trains etc). One bus had school kids on so someone had decided he was a pedo and called the police with his details, car numberplate etc.
          • by AHuxley ( 892839 )
            Lucky they did not take your computer and search for 'hobbies" as needed.
            Wonder if they are now on some low level list or have had their ISP use eyeballed.
  • If every Britain ran a high definition 24/7 Web cam then the ISPs/government would be struggling to keep all that data, and since porn is pretty much illegal now in Britain; the ISPs would likely be breaking the law in quite of few of these cases. It's always nice to know that the government, by necessity, would have an unofficial backup of my favourite download; the movie 2 Girls 1 Cup.

  • Did anyone of the legal bodies (is it me or does it sound like dead weight for some reason?) ever think of the amount of data this would create? And that somewhere, somehow, this data has to be stored?

    The average "browser connection" (i.e. opening a webpage) opens, considering all pictures, ads, links, redirects and other crap nobody wants or needs, about 10-20 connections. All of which have to be protocolled, filed, stored and archived. If you open a hundred pages per day we're at 2000 connections, and thu

    • Re: (Score:3, Interesting)

      by u38cg ( 607297 )
      That's not a huge amount of data, relatively speaking. Google catalogues every touch ever made, and they don't even have much of an idea what to do with a lot of it.
      • But:

        a) that's google, not a tiny local/specialist ISP already operating under tight margins

        b) you're out by a massive factor; google will only the URL you clicked; not the headers for your click, headers for every resource on the resulting page, and the headers for every page you open from there.

        For example, google 'slashdot', then click through to the front page. Google stores 1 piece of data for that click. Your ISP stores 35 (at time of writing).

  • Arms race (Score:5, Insightful)

    by Fzz ( 153115 ) on Monday April 06, 2009 @06:16AM (#27473725)
    And so the arms race starts.
    • Offshore webmail hosting.
    • Offshore VPN hosting.
    • Tor
    • Ubiquitous https usage.
    • Opportunistic encryption built into TCP
    • Running a web spider to add noise to your traffic signature.
    • Anonymous remailers.

    Most of these have been tools for privacy freaks and people with something to hide. Running them is enough to raise suspicion. But these kind of data retension measures are much more likely to force such tools to become mainstream. This could backfire on law enforcement and security forces in ways they really don't want.

    • Re: (Score:3, Insightful)

      by 4D6963 ( 933028 )
      Or more realistically : no one's gonna give a fuck, as usual, and that "directive" and anything similar won't turn into anything significant and will have at best a legislative life expectancy of a few years.
    • Re: (Score:3, Funny)

      by Throtex ( 708974 )

      In the US, maybe we'll start treating information the same way the IRS taxes money. Every quarter, you submit all of your own data, including off-shore data, for that quarter. Once a year, you file a report detailing all of your data. We'll call it a "voluntary" data reporting system.

  • I host a website, and run some mail, off my end of the DSL cable, yet I'm not an ISP - I do not route traffic, really, nor do I have any customers. Does this law apply to me too ? Or do I just have to assume that my ISP duly filters my traffic ?

  • TFD (Score:3, Informative)

    by areYouAHypnotist ( 1099681 ) on Monday April 06, 2009 @06:31AM (#27473819)
    The text of the directive is available (External links in http://en.wikipedia.org/wiki/Directive_2006/24/EC [wikipedia.org]) for everyone to draw his own conclusions. For the most part I find it pretty reasonable. ISPs and telcos probably already store this type of information for their own purposes. It also limits the detention period (at least six months, less than two years).
  • by AHuxley ( 892839 ) on Monday April 06, 2009 @07:05AM (#27473961) Journal
    Wow this is very invasive.
    "Hundreds of public bodies and quangos, including local councils, will also be able to access the data to investigate flytipping and other less serious crimes."
    quangos - non-governmental organization performing governmental functions.
    This could mean deputised cyber vigilante groups targeting anyone who visits a website, posts on a forum or has a link to someone of interest.
    Gathering data like this is fine for the security services. With MI5/6, Scotland Yard or some task force you *should* face a day in court.
    Even with MI5/6 rendition, a member of the house may ask after you and after a few years you get to face a real UK Embassy official.
    The problem with the UK system is 'anyone' interested can see your usage data and get a mob at your door.
    If you sell up, your guilty.
    If you stay you have a good lawyer.
  • by Norsefire ( 1494323 ) * on Monday April 06, 2009 @07:15AM (#27474013) Journal
    In fact, with that malformed summary I doubt it's even transitional.
  • This won't do any help in fighting terrorism. Instead, it will allow an easy route to blackmail people. Like, we will present some evidence about your infidelity to your wife if you don't cooperate with us.

    Yes, secret agencies were able to do that even before, but now, when such logging becomes mandatory, even telco technician will be able to get the history of your communications.

    FSF, EFL and other organizations should do everything to develop and promote technical solutions that would render this logging

  • by Yvan256 ( 722131 )

    Won't somebody think of the href="http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105

  • by Pecisk ( 688001 ) on Monday April 06, 2009 @08:36AM (#27474497)

    They will simply won't have slightest idea how to use these data usefully. It will be abused and finnally revoked.

    Unfortunately people in power NEVER learns. Because we let them to skip that.

  • by knarf ( 34928 ) on Monday April 06, 2009 @09:21AM (#27474921) Homepage

    ...is some way of sending email to random people to clog up their logging servers and make it difficult, if not impossible to separate the real content from the garbage. I hear there are some enterprising individuals who have been running a pharmaceutical mail order business based on that concept, maybe we can ask them for some advice?

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"