EU ISPs Forced to Snoop On You

[The_root_of_all_evil]

EU ISPs Forced to Snoop On You

As of today, a new directive (PDF) [http://eur-lex.europa.eu/LexUriServ/site/en/oj/2006/l_105/l_10520060413en00540063.pdf] is forcing European ISPs to keep details of user e-mails, website visits and 'net phone calls.

In the wake of the London bombings of 2005, a new directive has been drawn up that requires European ISPs to keep track of users' web movements, although not the content, for up to 12 months. The directive itself has already come under major fire from many ISPs and even some European countries though.

Jim Killock, the executive director of the Open Rights Group [http://www.openrightsgroup.org/], criticized what he called a "crazy directive" with pertinent information on how it was passed. The EU passed it by "saying it was a commercial matter and not a police matter", he explained. "Because of that they got it through on a simple vote, rather than needing unanimity, which is required for policing matters."

Many ISPs have complained about the massive amounts of data storage needed to cope and the knock-on cost to the customers, but the UK government has already agreed to pay for some of the data storage costs.

Sweden has chosen to ignore the directive, while Germany is still dealing with a court case challenging its legal precedent.

The fear of terrorist threats may have ignited the directive's origins, but criminal action across the web is fueling it.

"Communications data is the where and when of the communication and plays a vital part in a wide range of criminal investigations and prevention of terrorist attacks, as well as contributing to public safety more generally," said the Home Office. "Without communications data resolving crimes such as the Rhys Jones murder [http://en.wikipedia.org/wiki/Rhys_Milford_Jones] would be very difficult if not impossible. Access to communications data is governed by the Regulation of Investigatory Powers Act 2000 (RIPA) which ensures that effective safeguards are in place and that the data can only be accessed when it is necessary and proportionate to do so."

It's strange that no-one knows what part of the Rhys Jones murder revolved around anything other than the murderer's mum burning a sim card, but I guess that's just "proportionate."

Source: BBC Tech [http://news.bbc.co.uk/1/hi/technology/7985339.stm]

Permalink

 

[munx13]

Why are people upset about this? I mean who wouldn't like someone spying on them for a year?

/end of sarcasm

 

[Doug]

Oh for frigs sake, why the hell did my country agree to this. Sweden ignored it, why don't we?! Hell, we've had as much or more terrorism over the last 20 years than any country in Europe, and we never needed this ridiculously over the top level of 1984 snooping.

 

[The_root_of_all_evil]

Oh for frigs sake, why the hell did my country agree to this. Sweden ignored it, why don't we?! Hell, we've had as much or more terrorism over the last 20 years than any country in Europe, and we never needed this ridiculously over the top level of 1984 snooping.

We're the ones paying for it...

 

[Doug]

Oh for frigs sake, why the hell did my country agree to this. Sweden ignored it, why don't we?! Hell, we've had as much or more terrorism over the last 20 years than any country in Europe, and we never needed this ridiculously over the top level of 1984 snooping.

We're the ones paying for it...

That just makes it worse! We'll be paying for people to spy on ourselves!

 

[InProgress]

You could have at least made fun of those who were recording and listening to your phone calls by asking if you should speak louder so it's clearer on the tape, or telling them you know they're there. This is just bad with no comedic value whatsoever.

 

[KDR_11k]

The linked PDF seems to only require email sender and receipent, internet telephony sender and receipent and general internet connection data (about when you were connected to your ISP, not what you did there, stuff like your IP and the time for the connection) for internet stuff. From what I can see there's no need to track what websites you visit or anything like that. I'm pretty sure any email provider will keep sender logs, any VoIP provider will keep call logs and any ISP will keep connection logs, whether they're forced to or not since that kind of data is necessary to track abuse or errors.

 

[edgeofblade]

The world is going to a fascist hell in a hand basket. Preventative law takes away too many of our freedoms. Punishment should be the deterrent, but it's getting watered down by going after citizens who have done nothing wrong except break a law. We know what "wrong" is, and we know it doesn't always coincide with what's against the law.

 

[TheBluesader]

Way to go, EU. Now any budding fascist/communist/crazy personal cult dictator who ever rides the tide of public discontent to the heights of power knows that tracking his enemies personal correspondences has gotten that much easier.

Oh wait. That will never happen again in Europe. Because we have the EU now. And nothing that's been in power for 16 years will ever fade in popularity as soon as the continental economy dips.

I don't know why everyone is so worried. This was decreed by the government. And they said they were just doing it to protect the children. And they're the government - why would they lie?

(Serious note: The Swedes are ignoring it. Gotta love the confederacy. [http://en.wikipedia.org/wiki/Pennamite_Wars])

 

[beddo]

Wow, I didn't actually think they were going ahead with this after all of the data mismanagement by the UK authorities.

Well, there's never been a better time to use Tor, if anything, just to show them how pointless and ineffective their surveillance is.

The linked PDF seems to only require email sender and receipent, internet telephony sender and receipent and general internet connection data (about when you were connected to your ISP, not what you did there, stuff like your IP and the time for the connection) for internet stuff. From what I can see there's no need to track what websites you visit or anything like that. I'm pretty sure any email provider will keep sender logs, any VoIP provider will keep call logs and any ISP will keep connection logs, whether they're forced to or not since that kind of data is necessary to track abuse or errors.

Yea well the terrorism laws were meant to be used against terrorists, not 84 year old politicians for heckling Jack Straw.

The fact is they have opened the floodgates, who says that in a years time they wont change their minds and also require that data. After all, from an investigator's point of view what's the point in having the address of a letter if you don't know what was written?

If you honestly believe they wont keep those details, if not now then in the future then, well, more fool you. Enjoy your sleepwalk into 1984, I wonder if you'll start complaining when they decide that GPS implants and constant monitoring of your person comes into force.

 

[beddo]

The world is going to a fascist hell in a hand basket. Preventative law takes away too many of our freedoms. Punishment should be the deterrent, but it's getting watered down by going after citizens who have done nothing wrong except break a law. We know what "wrong" is, and we know it doesn't always coincide with what's against the law.

The law is designed to prevent harm but it's just completely lost that ideal. More lives would be saved with stricter regulation on car safety, speed limits, gun laws and many other areas.

This is just unbelievably disproportionate especially when deaths from terrorism pale in comparison to alcohol poisoning, car collisions etc. Clearly the tools they have now are enough to keep terror related deaths exceptionally low, even in comparison to drug deaths.

Yes you would be able to reduce crime by having a camera in every person's house but it's not an invasion we are willing to take. This is another thing I'm going to have to complain to my MP about.

 

[KDR_11k]

Yea well the terrorism laws were meant to be used against terrorists, not 84 year old politicians for heckling Jack Straw.

The fact is they have opened the floodgates, who says that in a years time they wont change their minds and also require that data. After all, from an investigator's point of view what's the point in having the address of a letter if you don't know what was written?

If you honestly believe they wont keep those details, if not now then in the future then, well, more fool you. Enjoy your sleepwalk into 1984, I wonder if you'll start complaining when they decide that GPS implants and constant monitoring of your person comes into force.

That's a slippery slope fallacy. You're just throwing a chain of events in there without any arguments to show why these events follow each other. For one thing the data CANNOT be stored. Even tracking all the TCP/IP connections a user initiates is impossible. The amount of data generated is simply too large to store. Want an example? Microsoft releases the Halo Wars demo at 1.2 GB. One million Europeans download it. One million times 1.2 gigabytes nets you 1.2 petabytes (in SI/harddrive vendor scale) within a few days. For a single file, zero illegal usage. The data for connections is estimated at a similar scale. This is simply not practical. Even if you say storage can grow, data expands to fill all available storage, if you have more storage you'll also see more bandwidth and larger files.

 

[The_root_of_all_evil]

Want an example? Microsoft releases the Halo Wars demo at 1.2 GB. One million Europeans download it. One million times 1.2 gigabytes nets you 1.2 petabytes (in SI/harddrive vendor scale) within a few days. For a single file, zero illegal usage. The data for connections is estimated at a similar scale. This is simply not practical. Even if you say storage can grow, data expands to fill all available storage, if you have more storage you'll also see more bandwidth and larger files.

You see why I'm so scared that the UK say they're going to be paying for it?

 

[beddo]

Yea well the terrorism laws were meant to be used against terrorists, not 84 year old politicians for heckling Jack Straw.

The fact is they have opened the floodgates, who says that in a years time they wont change their minds and also require that data. After all, from an investigator's point of view what's the point in having the address of a letter if you don't know what was written?

If you honestly believe they wont keep those details, if not now then in the future then, well, more fool you. Enjoy your sleepwalk into 1984, I wonder if you'll start complaining when they decide that GPS implants and constant monitoring of your person comes into force.

That's a slippery slope fallacy. You're just throwing a chain of events in there without any arguments to show why these events follow each other.

-The authorities used to only be able to hold terror suspects for 48 hours, this has gone up to 28 days.

-The Government made it illegal to protest in and around Westminster.

-The Government has drawn up numerous bills to make inquiries private and held in secret.

-The Government has introduced compulsory biometric identification for foreign nationals

-The Government want to introduce ID cards that hold over 50 different pieces of identifiable data including blood type, finger prints and iris scans.

-The Government holds data of DNA of millions of UK citizens even those who were not charged with any offence.

-The Government introduced anti-terror laws that have been used tens of thousands of times in what were known to be non-terror related incidents.

-The Government planned for terms to be introduced where users public transport would automatically authorise searches without purpose.

-The majority of data holding bodies in the UK almost certainly break data protection laws, this was found by a recent investigation.

I think that's enough president to conclude that the UK Government will happily break the law and create new ones to impose restrictions on civil rights. Not only can they do it but they WILL do it, unless they are voted out but even then, it will only be a delay in the systematic creation of the surveillance state.

For one thing the data CANNOT be stored. Even tracking all the TCP/IP connections a user initiates is impossible. The amount of data generated is simply too large to store. Want an example? Microsoft releases the Halo Wars demo at 1.2 GB. One million Europeans download it. One million times 1.2 gigabytes nets you 1.2 petabytes (in SI/harddrive vendor scale) within a few days. For a single file, zero illegal usage. The data for connections is estimated at a similar scale. This is simply not practical.

The data can be stored, it just needs to be done in an intelligent way. This is why these systems are designed by experts. They will evaluate the Microsoft site and flag it as okay, just registering your visit to it.

However, they can target their surveillance looking at forums and things to observe what I am doing now, run the text through a quick search and determine if I say anything they don't like.

It's emails which are a bigger problem, the data is easy to store because emails are tiny but can easily contain personal information.

Even if you say storage can grow, data expands to fill all available storage, if you have more storage you'll also see more bandwidth and larger files.

Storage isn't that expensive, we are talking about the Government who spent £12.5bn trying to get a system with everyone's medical records for easy access, they messed it up but imagine how much data they can buy you and look how willing they are to put money into it.


Think about your online accounts though, Government agencies are going to be able to see all of your correspondence with family and friends, map out who your friends are with social sites, see all the embarrassing medical conditions you might look up.

Think about it from a commercial point of view, it's a nightmare, the number of secrets that could be stolen. After all, there a few safe-guards against corrupt civil servants unlike private ISPs who can and will be fined and/or prosecuted, even be shut down.

The real question for me is why? Why do they want all of this information, what will they do with it?

 

[mokes310]

I just read that on the BBC and was thinking about starting a post regarding it. Damn you Root, DAMN YOU ALL TO HELL!

j/k, good find and an interesting read!

 

[SenseOfTumour]

EU ISPs Forced to Snoop On You


In the wake of the London bombings of 2005, a new directive has been drawn up that requires European ISPs to keep track of users' web movements, although not the content, for up to 12 months. The directive itself has already come under major fire from many ISPs and even some European countries though.



"Communications data is the where and when of the communication and plays a vital part in a wide range of criminal investigations and prevention of terrorist attacks, as well as contributing to public safety more generally," said the Home Office. "Without communications data resolving crimes such as the Rhys Jones murder [http://en.wikipedia.org/wiki/Rhys_Milford_Jones] would be very difficult if not impossible. Access to communications data is governed by the Regulation of Investigatory Powers Act 2000 (RIPA) which ensures that effective safeguards are in place and that the data can only be accessed when it is necessary and proportionate to do so."

It's strange that no-one knows what part of the Rhys Jones murder revolved around anything other than the murderer's mum burning a sim card, but I guess that's just "proportionate."

Source: BBC Tech [http://news.bbc.co.uk/1/hi/technology/7985339.stm]

Permalink

See, this part bugs me almost as much as the loss of privacy, the way they're saying, if we can stop internet piracy and freedom of speech online, then no child will ever get murdered by mental fuckwits. There's just no link whatsoever.

It's like Burger King saying 'If we'd all eaten Whoppers instead of Big Macs, 9/11 could have been averted' It's blatantly ridiculous, but the sad fact is, we have too many idiots who believe anything if its printed in a headline font. Note I'm not saying in any way 9/11 is equatable to one murder, just using a well known and emotive disaster to make my point clear.

IF they're going to store every e-mail sent, perhaps we should all store a 100mb text file and include it in every single email we send. See how long it takes them to realise the storage costs there.

Also, whata about the 'sexy young teens' spam that's sent out in its billions, if I recieve one, am I instantly on a register for life? Remember, anything you view online is downloaded to your pc, therefore the law authorities can claim you are then 'producing' that item, no-one is a viewer anymore, we're all manufacturing everything we see in the eyes of the law.

How are they going to deal with 50 million reports that people received suspicious 'teen sex' emails in the first day of this new system? I hate to use child abuse to further my argument, but hell, they seem to rely on it, so why not. I also mean legal teen porn spam, but they can't know that until they investigate it surely?

To me, it's yet another case of our Prime Minister's advisers reading the days newspaper headlines and saying 'Boss, make a law about this and it'll look like we care and we're doing something!' That way of thinking just will get us nowhere but trouble. You may as well let the Daily Mail run the country. Just think, enforced Diana worship every Sunday and we'll replace fox hunting with immigrant hunting.

 

[The_root_of_all_evil]

I just read that on the BBC and was thinking about starting a post regarding it. Damn you Root, DAMN YOU ALL TO HELL!

j/k, good find and an interesting read!

I'm like a ninja

 

[KDR_11k]

I think that's enough president to conclude that the UK Government will happily break the law and create new ones to impose restrictions on civil rights. Not only can they do it but they WILL do it, unless they are voted out but even then, it will only be a delay in the systematic creation of the surveillance state.

But this is about the EU, not the UK. Has the EU shown a similar behaviour or is that confined to the UK? Looks to me like the UK is more likely to do shit like that than the rest of the EU and the UK doesn't need EU directives to do that shit either (did the EU have anything to do with the surveillance cameras?). The data the EU requires to be stored is just data you'd expect these companies to store for their own use anyway (and hell, courts can subpoena that data in the US without any retention laws so the ISPs definitely keep it). Yeah, I did hear about the UK wanting insane requirements but again that's limited to the UK.

Also of note is article 5.2, "No data revealing the content of the communication may be retained pursuant to this directive."

 

[The_root_of_all_evil]

I think that's enough president to conclude that the UK Government will happily break the law and create new ones to impose restrictions on civil rights. Not only can they do it but they WILL do it, unless they are voted out but even then, it will only be a delay in the systematic creation of the surveillance state.

But this is about the EU, not the UK. Has the EU shown a similar behaviour or is that confined to the UK? Looks to me like the UK is more likely to do shit like that than the rest of the EU and the UK doesn't need EU directives to do that shit either (did the EU have anything to do with the surveillance cameras?). The data the EU requires to be stored is just data you'd expect these companies to store for their own use anyway (and hell, courts can subpoena that data in the US without any retention laws so the ISPs definitely keep it). Yeah, I did hear about the UK wanting insane requirements but again that's limited to the UK.

Also of note is article 5.2, "No data revealing the content of the communication may be retained pursuant to this directive."

Of course, there's also the DPA which allows you to commandeer and force the company to destroy any records of you unless you're part of a criminal investigation. It'd be interesting to see those two against each other.

 

[mokes310]

I just read that on the BBC and was thinking about starting a post regarding it. Damn you Root, DAMN YOU ALL TO HELL!

j/k, good find and an interesting read!

I'm like a ninja

You're not just a ninja, you're a super-turbo-ninja with cheat codes enabled!