AOH :: PT-1269.HTM

Technical details and two replies on E.U. Parliament voting for "data retention"

Technical details and two replies on E.U. Parliament voting for "data retention"
Technical details and two replies on E.U. Parliament voting for "data retention"



Previous Politech message:
http://www.politechbot.com/2005/12/20/replies-to-eu/ 

-------- Original Message --------
Subject: Re: [Politech] Replies to E.U. Parliament voting to force "data 
retention" on telecom, Net firms [priv]
Date: Fri, 23 Dec 2005 19:07:14 +0100 (CET)
From: Paul Wouters  
To: Declan McCullagh  
CC: z at oii dot ox.ac.uk
References: <43A8D0F3.4030500@well.com> 

On Tue, 20 Dec 2005, Declan McCullagh wrote:

> -------- Original Message --------
> Subject: Re: [Politech] E.U. Parliament votes to force "data retention"  on
> telecom, Net firms [priv]
> Date: Wed, 14 Dec 2005 11:19:36 -0500
> From: Jonathan Zittrain 
> To: Declan McCullagh  
>
> [pls obfuscate email address to avoid spam bots]
>
> --
>
> Declan,
>
> I'm curious whether a US or other foreign market might arise for
> turnkey startup-to-shutdown VPN services on European PCs, allowing
> those inside Europe to render data retention moot in exchange for a
> slight slowdown in network performance

This has long ago started on the protocol level. FreeS/WAN's "opportunistic
encryption" is a protocol extension that allows the setup of VPN connections
between arbitrary hosts, using the DNS (and soon DNSSEC) as an out of bound
third party location for the public keys.
There is also an IETF effort going with somewhat similar goals, called BTNS.

Openswan (successor to FreeS/WAN) supports Opportunistic Encryption. You
can find more info in the BlackHat archives, I gave a few talks on this
topic.

> an overseas server) and the possibility of surveillance or retention
> in that third location.  One wonders if any of the member state
> implementations of the directive will seek to penalize the provision
> or use of such services under an "induce" or other standard.  ...JZ

ISP's cannot offer such services, since they are required to remove all
encryption they themselves add before relaying such data to the LEA's

OE works between endusers and servers, and is not done by the ISP itself,
but by the clients/servers.

Paul




-------- Original Message --------
Subject: Re: [Politech] Replies to E.U. Parliament voting to force "data 
retention" on telecom, Net firms [priv]
Date: Wed, 21 Dec 2005 14:40:19 +0100
From: Ralf Bendrath  
Reply-To: bendrath@zedat.fu-berlin.de 
To: Declan McCullagh  
References: <43A8D0F3.4030500@well.com> 

Declan, as there was a question to me in your collection of replies,
I attach the answer I had already sent to Richard privately.

Best, Ralf

 > -------- Original Message -------- Subject: RE: [Politech] E.U.
 > Parliament votes to force "data retention" on telecom, Net firms [priv]
 >  Date: Wed, 14 Dec 2005 11:58:31 -0500 From: Richard M. Smith
>  To:  CC: 
> 'Declan McCullagh' , 'Richard M. Smith' 
>  
 >
 > Hi Ralf,
 >
 > Do you have sense how long wireless carriers are typically keeping
 > around call data today without there being any kind of government
 > mandate?

Currently, they are only allowed to store it as long as needed for billing
purposes (that is the legislation in force now under the EU privacy
directives), which is normally not more than two to three months.

 > Also, with cellphones, location data is available even when a call is
 > not being made.  Will this location data also have to kept around
 > under the proposed law?

The text adopted in the EP says no - only when you make (or attept to
make) a call. But there will for sure be a mission creep and an extension
of the data to be retained, and a lot can be done on the national levels.




_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/ 
Moderated by Declan McCullagh (http://www.mccullagh.org/) 


Make REAL money with your website!

The entire AOH site is optimized to look best in Firefox® 2.0 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.