Technical details and two replies on E.U. Parliament voting for "data retention" [priv]

[Declan McCullagh <declan () well com>]

Previous Politech message:
http://www.politechbot.com/2005/12/20/replies-to-eu/

-------- Original Message --------
Subject: Re: [Politech] Replies to E.U. Parliament voting to force "data 
retention" on telecom, Net firms [priv]
Date: Fri, 23 Dec 2005 19:07:14 +0100 (CET)
From: Paul Wouters <paul () xelerance com>
To: Declan McCullagh <declan () well com>
CC: z at oii dot ox.ac.uk
References: <43A8D0F3.4030500 () well com>

On Tue, 20 Dec 2005, Declan McCullagh wrote:

> -------- Original Message --------
> Subject: Re: [Politech] E.U. Parliament votes to force "data retention"  on
> telecom, Net firms [priv]
> Date: Wed, 14 Dec 2005 11:19:36 -0500
> From: Jonathan Zittrain <z at oii dot ox.ac.uk>
> To: Declan McCullagh <declan () well com>
>
> [pls obfuscate email address to avoid spam bots]
>
> --
>
> Declan,
>
> I'm curious whether a US or other foreign market might arise for
> turnkey startup-to-shutdown VPN services on European PCs, allowing
> those inside Europe to render data retention moot in exchange for a
> slight slowdown in network performance

This has long ago started on the protocol level. FreeS/WAN's "opportunistic
encryption" is a protocol extension that allows the setup of VPN connections
between arbitrary hosts, using the DNS (and soon DNSSEC) as an out of bound
third party location for the public keys.
There is also an IETF effort going with somewhat similar goals, called BTNS.

Openswan (successor to FreeS/WAN) supports Opportunistic Encryption. You
can find more info in the BlackHat archives, I gave a few talks on this
topic.

> an overseas server) and the possibility of surveillance or retention
> in that third location.  One wonders if any of the member state
> implementations of the directive will seek to penalize the provision
> or use of such services under an "induce" or other standard.  ...JZ

ISP's cannot offer such services, since they are required to remove all
encryption they themselves add before relaying such data to the LEA's

OE works between endusers and servers, and is not done by the ISP itself,
but by the clients/servers.

Paul




-------- Original Message --------
Subject: Re: [Politech] Replies to E.U. Parliament voting to force "data 
retention" on telecom, Net firms [priv]
Date: Wed, 21 Dec 2005 14:40:19 +0100
From: Ralf Bendrath <bendrath () zedat fu-berlin de>
Reply-To: bendrath () zedat fu-berlin de
To: Declan McCullagh <declan () well com>
References: <43A8D0F3.4030500 () well com>

Declan, as there was a question to me in your collection of replies,
I attach the answer I had already sent to Richard privately.

Best, Ralf

> -------- Original Message -------- Subject: RE: [Politech] E.U.
> Parliament votes to force "data retention" on telecom, Net firms [priv]
>  Date: Wed, 14 Dec 2005 11:58:31 -0500 From: Richard M. Smith
> <rms () computerbytesman com> To: <bendrath () zedat fu-berlin de> CC:
> 'Declan McCullagh' <declan () well com>,        'Richard M. Smith'
> <rms () computerbytesman com>
>
> Hi Ralf,
>
> Do you have sense how long wireless carriers are typically keeping
> around call data today without there being any kind of government
> mandate?

Currently, they are only allowed to store it as long as needed for billing
purposes (that is the legislation in force now under the EU privacy
directives), which is normally not more than two to three months.

> Also, with cellphones, location data is available even when a call is
> not being made.  Will this location data also have to kept around
> under the proposed law?

The text adopted in the EP says no - only when you make (or attept to
make) a call. But there will for sure be a mission creep and an extension
of the data to be retained, and a lot can be done on the national levels.




_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)