Weekly Edition
Return to the Press page
| |||||||||||||
EU Council passes directive on data retention (Heise)
Heise reports that the European Union data retention directive has passed its last hurdle. "At their meeting in Brussels on Tuesday, the Ministers of Justice and Home Secretaries of the EU have paved the way for the retention of telephone and Internet data without grounds for suspicion. Without any further discussion, they approved a directive already passed last December with votes from the main people's parties in the EU Parliament. This directive makes it mandatory for telecommunications providers to retain data from the last six to 24 months for some 450 million EU citizens."
(Log in to post comments)
EU Council passes directive on data retention (Heise) Posted Feb 22, 2006 17:53 UTC (Wed) by kornak (guest, #17589) [Link] Holy crap! I know disk space is cheap these days, but, are there enough diskson the market to cover these retention requirements?
EU Council passes directive on data retention (Heise) Posted Feb 22, 2006 18:07 UTC (Wed) by mbend (guest, #36065) [Link] So, what are the requirements for e.g., an ISP ? Log what ? Full packet dump ? Layer-3 headers only ? Application session data only ? Does anyone know ?
EU Council passes directive on data retention (Heise) Posted Feb 22, 2006 18:35 UTC (Wed) by Ross (subscriber, #4065) [Link] Hmm... isn't any type of logging like that subject to DoS? Are they breaking the law if they are forced to discard data due to finite storage requirements?
EU Council passes directive on data retention (Heise) Posted Feb 22, 2006 19:51 UTC (Wed) by thomask (guest, #17985) [Link] As anyone who has seen a UK fridge-mountain will testify, the EU doesn't really seem to care about the practical enforcability or economic impact of their laws. Instead of fridge mountains, we'll be seeing collossal server-monoliths towering over London to store all our prank calls and "I'm on the train... I'll be home in two minutes..." and "oooh ooooooh that's it...." etc etc :p
Fridge mountain? Posted Feb 22, 2006 22:13 UTC (Wed) by clugstj (subscriber, #4020) [Link] For those of us outside the EU, what is a fridge mountain?
Google! Posted Feb 22, 2006 22:34 UTC (Wed) by felixfix (subscriber, #242) [Link] Comes up with good refs. One of them says EU directives have caused so many fridges to be thrown out that the pile is 40 feet high and a quarter mile long.
Disinformation Posted Feb 23, 2006 3:09 UTC (Thu) by xoddam (subscriber, #2322) [Link] EU directives have not caused fridges to be thrown out, this iscompletely misleading. What they have caused is intact storage of old fridges which would have been thrown out in any case, where before they would have been crushed and put into landfill or used for scrap metal. The point is that older fridges contain chlorofluorocarbons and it's no longer legal to crush them, the CFC gases may not be released into the atmosphere. The level of factual accuracy in the press is disappointing. Articles claim that the CFCs are in the 'insulating lining' of the fridges, for example. Perhaps trivial quantities are, in some fridges, but the refrigerators' working fluid is the problem at hand. One article says disingenuously that the fridges might otherwise have been exported for repair and resale in developing countries. Yes, that does happen on a small scale, but EU regulation hasn't stopped it, just ruled that CFCs may only be exported to countries which have equivalent environmental controls (else waste could simply be disposed of in the old way in low-wage countries). Some of the fridge heaps were the targets of arson, making a mockery of environmental concerns. But sufficient facilities are now available to dispose of CFCs properly and the mountains are disappearing. The same problem doesn't seem to be happening outside the UK -- other EU countries managed to provide for destruction of CFCs before the regulation came into effect, but many British local authorities and firms didn't bother until fridge mountains became an embarrassment.
The mountains of fridges filled with floppy disks... Posted Feb 23, 2006 6:26 UTC (Thu) by eru (subscriber, #2753) [Link] As anyone who has seen a UK fridge-mountain will testify, the EU doesn't really seem to care about the practical enforcability or economic impact of their laws.Funny thing, in Finland we have to obey the same EU directive but have no fridge mountains. Maybe the real problem in Britain is a local failure to implement sane recycling? But I agree the data retention thing is atrocious, and an intentionally incompetent implementation of that directive would be welcome. Maybe store the data on 5 1/4" floppies, and store them in the said dumped fridges...
The mountains of fridges filled with floppy disks... Posted Feb 23, 2006 7:58 UTC (Thu) by job (guest, #670) [Link] I have no idea what they're talking about either, I'm in Sweden. I haven't seen a CFC fridge at all for well over ten years. Haven't they been illegal or something?
The mountains of fridges filled with floppy disks... Posted Feb 24, 2006 8:27 UTC (Fri) by Wol (guest, #4433) [Link] Do you mean you haven't seen one FOR SALE?
As was explained, the problem is that *old* fridges contain CFCs. THOSE are the ones being dumped. As an example, a couple of years ago my family dumped about 3 old fridges and freezers (we moved, found two old ones in our new house, and our old one failed at the same time).
And as a result of merging two households, we now still possess several fridges and freezers, the oldest of which is still working fine despite being 22 years old. There are PLENTY of CFC-filled fridges and freezers out there, still working fine, and slowly spilling into the disposal system.
Cheers,
The mountain of fridges Posted Feb 27, 2006 7:47 UTC (Mon) by xoddam (subscriber, #2322) [Link] > There are PLENTY of CFC-filled fridges and freezers out there, still> working fine, and slowly spilling into the disposal system. Actually the scary thing is not so much that the facilities weren't ready in time to dispose of CFC fridges cleanly, as that a country the size of Britain can throw out such a mountain in the space of two years. Do people really not bother to *fix* things any more?
The mountain of fridges Posted Feb 27, 2006 9:03 UTC (Mon) by Wol (guest, #4433) [Link] Is it WORTH fixing things?
It costs upwards of £50 for an engineer to visit your house. The item is maybe 15 years old, and would cost £100 to replace. Dunno about you, but I wouldn't bother repairing an old piece of kit when the repair cost is easily half the cost of replacing it.
(I do repair computers, but that's because (a) I enjoy it, (b) my time doesn't cost money, and (c) I end up with a new computer :-)
Cheers,
EU Council passes directive on data retention (Heise) Posted Feb 22, 2006 20:11 UTC (Wed) by dmantione (guest, #4640) [Link] From what I know: A log when a connection starts and when it ends, andthe source and destination. It is still an awfull lot of data, not only to store it, but also network-wise there is a problem, because you now need a "smart" network that understands what it routes, which is against TCP/IP design principles.
EU Council passes directive on data retention (Heise) Posted Feb 22, 2006 21:15 UTC (Wed) by man_ls (subscriber, #15091) [Link] I'd say that it is expensive and useless. Let's say (for the sake of argument) that my machine opens one connection per second; it might sound exaggerated, but if I'm running a bittorrent client 24/7 I'm probably short of the actual number. 1 connection per second is 86400 per day: that's 2.5 million per month. Multiply this by 10 million subscribers in Spain alone and you get 25 trillion connections each month. You say that for each connection you have to store, say start and end dates (in Unix format) that's 4 bytes each, and the same for source and destination IP addresses -- 16 bytes total.So for a large provider you get 400 terabytes a month. At 80 for a 200 cheap GB hard drive, that is 160,000 not counting redundancy, backups, and storage for 2000 cheap hard drives! There must be a category of mass storage which is more convenient, like tape used to be, and maybe even cheaper. Granted, it's only 0.02 per subscriber, but still. The processing power to manipulate and the bandwidth to route all this information is what bothers me. 10 million clients at 1 connection (16 bytes) / second is a stream of 160 MB / s; unless you store it at multiple points. Now each node must be "smart" as you point out, and track connections, manage log files, etc. I don't know for high-end equipment; the domestic routers I've seen are really bad at this, and spend all of their memory in a snap. So probably it's a forced upgrade too. I don't have any experience in any of this carrier-grade stuff, and those that have it might disagree, but I'd say: pay the fines. From what I've heard, internet providers in Spain have a hard time storing dynamic IP information (relating IP addresses with subscribers), so good luck with this monstrosity.
Perhaps this is the point... Posted Feb 23, 2006 1:21 UTC (Thu) by robertm (subscriber, #20200) [Link] If the average ISP cannot afford the storage space for legally-mandated logging of user traffic when those users use p2p applications they'll come down much harder than they have been on users who do so. Good for "content producers" who want to prevent illegal file-sharing and who don't want competition from grass-roots sources. But that's probably suspecting malice when incompetance is sufficient to explain the situation.
EU Council passes directive on data retention (Heise) Posted Feb 23, 2006 8:13 UTC (Thu) by job (guest, #670) [Link] I think your calculations are a bit off since you hardly have 10M people using Bittorrent 24/7 in Spain alone. That would make it close to impossible to sell broadband connections there. The data capacity cost would be the first problem.
But of course I agree with you in principle. It will all be very expensive and probably not give any benefits at all. I also see a very practical problem in determining who is the service provider and affected by this law.
P2P traffic Posted Feb 25, 2006 12:10 UTC (Sat) by man_ls (subscriber, #15091) [Link] Maybe not BitTorrent, but if you aggregate all P2P networks I think I'm short of the actual rate. It is very difficult to find statistics about P2P usage, in Spain or elsewhere. The reasons must be political: if telecomms published that 1/3 of their traffic was on the eDonkey network and another 1/3 on BitTorrent, traditional distributors would be very annoyed and legislators would tend to agree with them; right now they are trying to "tax" DSL connections in Spain, from which telecomms are profiting big time.A couple of years ago I tried to find information online; after searching actively for a couple of days the best source I found was some estimations from a company that sold some sophisticated traffic shapers. They had analysed their traffic and found that about 1/2 of the total traffic was P2P. I think this figure would now fall short, but maybe it's not clever to say it aloud. Let's just say that a few million hypothetical eMule clients have the potential to generate a lot of connections per second.
EU Council passes directive on data retention (Heise) Posted Feb 22, 2006 22:29 UTC (Wed) by Richard_J_Neill (subscriber, #23093) [Link] What we need is an application to DoS the logging servers. Is there any way to generate large amounts of logfile data while using a small amount of bandwidth, and making it difficult to distinguish between them? for example, could my machine open and close lots of random connections to random machines in order to work around this law?
EU Council passes directive on data retention (Heise) Posted Feb 23, 2006 7:52 UTC (Thu) by man_ls (subscriber, #15091) [Link] Yes, you can, but why bother? Just fire up your favorite P2P client and keep it running; preferably use it for something useful, such as distributing music or software. If you are concerned about legality then you can distribute Creative Commons music and Linux distros e.g. via BitTorrent.
Stuffing the data collectors Posted Feb 23, 2006 9:03 UTC (Thu) by eru (subscriber, #2753) [Link] If you are concerned about legality then you can distribute Creative Commons music and Linux distros e.g. via BitTorrent.In fact, for this form of protest to have the desired effect, it has to be clean legal content. Otherwise the powers-that-be simply ban BitTorrent and similar systems in Europe as pirate tools that need not be accommodated.
Stuffing the data collectors Posted Feb 23, 2006 10:31 UTC (Thu) by man_ls (subscriber, #15091) [Link] Keeping it nice and legal has not deterred others in the past from badmouthing BitTorrent. But you are right that advocating the sharing of (not necessarily illegal but) dubious files is not a good idea.
EU Council passes directive on data retention (Heise) Posted Feb 23, 2006 7:53 UTC (Thu) by HenrikH (guest, #31152) [Link] A SYN attack should be sufficient since that should trigger the loggservers to start logging. And since a SYN-packet is so small it can be sent in vast amounts without draining the bandwidth (hence the effectiveness of SYN attacks).
Also it seams like the regulation mandates that smtp From: and To: should be logged so everyone in the EU should imediately set up SSL encryption at their mailservers, of course if everyone would do this then there would soon be a bill criminilizing SSL...
EU Council passes directive on data retention (Heise) Posted Feb 23, 2006 17:53 UTC (Thu) by tjh (guest, #36087) [Link] "of course if everyone would do this then there would soon be a bill criminilizing SSL..." I've been lead to believe that "encryption" was illegal (or required a government license at least) in France. Wouldn't that mean that SSL is already illegal (at least to use as you say) in France? Admittedly, I'm very weak on both EU and French law, that's why I ask.;-)
EU Council passes directive on data retention (Heise) Posted Feb 24, 2006 9:30 UTC (Fri) by HenrikH (guest, #31152) [Link] To the best of my knowledge the legislation in France is that you have to hand over any encryption keys if asked to do so by the police (or if it has to be ordered by a court perhaps?). Our majority-owner is French and they use VPN connections to connect all their clients to their data-services so SSL per say is not illegal in France.
EU Council passes directive on data retention (Heise) Posted Feb 24, 2006 8:30 UTC (Fri) by Wol (guest, #4433) [Link] ISPs can only log "From" and "To" for mail that goes via their mailservers.
If you run a mailserver and deliver direct, then for the ISP to intercept it is an illegal wiretap. Come to think of it, the combination of this law and the wiretap stuff may force ISPs to shut down any forced intercept of port 25 ... which is a bummer for stopping spam :-(
Cheers,
EU Council passes directive on data retention (Heise) Posted Feb 24, 2006 9:32 UTC (Fri) by HenrikH (guest, #31152) [Link] Are you 100% sure that ISPs scanning port 25 traffic for From: and To: headers would be labeled as an illegal wiretap? The normal laws that regulate physical telco wires is not always automatically extended to the "virtual" world of ip.
|
|||||||||||||