View Full Version : Massive Data Retention is No Solution!

Wednesday, September 14th, 2005, 04:37 AM
Came across this website, does not look good...

The European ministers of Justice and the European Commission want to keep all telephone and internet traffic data of all 450 million Europeans. If you are concerned about this plan, please sign the petition.

What's wrong with data retention? The proposal to retain traffic data will reveal who has been calling and e-mailing whom, what websites people have visited and even where they were with their mobile phones. Telephone companies and internet services providers would be ordered to store all traffic data of their customers. Police and intelligence agencies in Europe would be granted access the traffic data. Various, competing proposals in Brussels mention retention periods from 6 months up to four years.

Data retention is an invasive tool that interferes with the private lives of all 450 million people in the European Union. Data retention is a policy that expands powers of surveillance in an unprecedented manner. It simultaneously revokes many of the safeguards in European human rights instruments, such as the Data Protection Directives and the European Convention on Human Rights.

Data retention means that governments may interfere with your private life and private communications regardless if you are suspected of a crime or not.

Data retention is not a solution to terrorism and crime!

In July 2005 the European Parliament adopted a report by Parliament member Alexander Alvaro on the mandatory data retention plan. The report concludes that the proposal is disproportionate. The report also questions the necessity, effectiveness and high costs for industry and telecommunication users.

No research has been conducted anywhere in Europe that supports the need and necessity of creating such a large-scale database containing such sensitive data for the purpose of fighting crime and terrorism.

The attacks on London are an attack on human rights. The protection of those human rights matters most when governments and societies face times of crisis. The worst possible response would be to jeopardise those carefully wrought rights by a panic-inspired response. A mass surveillance response to terror would result in a resounding success for the perpetrators of these attacks: a fundamental undermining of our most fundamental values.

What can you do to stop this plan?

If you are concerned about the European plans for data retention, please sign the petition and alert as many people as you can to support this campaign.
The signatures will be sent to the European Commission and the European Parliament.

www.dataretentionisnosolution.com (http://www.dataretentionisnosolution.com/index.php?lang=eng)

Friday, October 7th, 2005, 10:43 AM
Ten tips to circumvent data retention

This text is a slightly modified translation of this article (http://forums.skadi.net/redirector.php?url=http%3A%2F%2Fwebwerel d.nl%2Farticles%2F36970).
In the aftermath of the London bombings efforts are expedited to introduce an European directive for data retention. The measure is heavily disputed and easy to circumvent, which makes it ineffective as well. This is the result of a series of tests carried out by Webwereld.

If it is up to the European Ministers of Justice Internet Providers should be forced to store all online behavior of 450 million European Citizens. The step would ease up the research into child pornography and terrorism. In an ideal situation it could also be useful in preventing a terrorist attack.

Internet Providers oppose the plans and point out that the costs they have to make are massive. Privacy watchdogs like Bits of Freedom (http://www.bof.nl (http://forums.skadi.net/redirector.php?url=http%3A%2F%2Fwww.bof. nl)) doubt if the measure will be effective at all. Webwereld investigated and discovered that criminals can easily circumvent the data rention.

Ten expamples:
WLAN. With the increase of wireless networks it shouldn't be too hard to find an unsecured WLAN in a rural area that grants you free Internet access. This makes it hard to link the online traffic to a certain individual. Since it is easy to change the unique address of the WLAN Card using software it's simple to prevent authorities to link two sessions even if you're using one wireless base station. When connecting to paid networks it is possible to buy an access card anonymously as long as you don't use a credit card to settle the bill.

Prepaid GSM (Pay as you go). Another way of surfing the web is by using a mobile phone, that actually can serve you with high speed Internet. As soon as your located in a public place and switch on your phone at that location it is virtually impossible to connect that session to you as an individual (as long as you don't start calling your family and friends or have your regular phone on at the same time). If stores like supermarket chain Albert Hein that sometimes require a customer card will deliver you the phone on a new loyalty card that can be obtained anonymously. Of course you do need a new phone, since every device has a unique identifying code (IMEI).

Chatting outside Europe. For those that want to chat anonymously can do so through encrypted sessions on servers that are outside the EU. The information stored will tell nothing more than that a person is visiting a certain websites. Many games offer the possibility to chat with other gamers. It is common knowledge that Chinese political activists use the games to communicate.

Your own web server. For less than one hundred euro's per month you can have you own web server located at an ISP-location. After setting it up you're basically free to offer virtually any service you'd like to and ly imagination is an limitation in the possibilities you offer. By making crypted tunnels to the server it is hard to discover which protocols are used. If the government ever demands access to your logfiles they warn you that the information on your server is interesting for them and he can learn about the way the government conducts an investigation.

Modem. If you connect a modem to your computer meant to visit an bulletin board in a foreign country – let's say Brazil – you cannot claim there is an Internet-connection. So the data retention for phone calls applies which only states John was calling the following phonenumber. What this communication is about and who is in touch with whom is hard to discover (especially if the other end of the machine is connected to the Internet. If the government decides to tap the 'call' encryption and old protocols will obfuscate the information significantly slowing down investigation.

Closed service (membership only). If you run a server, you can operate it as a closed service, open only for certain people. Because not everybody can obtain access, legally it is not a public telecommunication service. Thus you are not obliged to retain any logfiles.

Anonymous proxies. By channeling your internet traffic through anonymous proxies and remailers outside of Europe, law enforcement can only trace a stream of traffic from your computer to a proxy. If you make sure your traffic is encrypted, it is impossible to find out what kind of traffic you have generated. Of course, not all anonymous proxies should be trusted automatically. Nothing keeps law enforcement from setting up its own corrupted proxies or convincing operators of these proxies to voluntarily hand-over data about certain users suspected from serious crimes. But an example of a highly reputed service for anonymous websurfing is JAP, designed by the regional data protection authority of Schlesswig Hollstein and the university of Dresden.

Tor. With the help of the Tor network, which acts as proxy, internet requests are routed along many different computers. Each request is sent along another route and none of the participating computers in between are aware of the origin or the final destination of the request. It is almost impossible to trace these requests through the entire chain. This way, the logfile of retained data from the access provider of the user does not suffice to determine what activities the user has employed on the Internet, be it websurfing, or chatting, or FTP-ing. The TOR software is open source and available for many platforms. It increases online privacy to a great level, but does slow down communications considerably.

Freenet. Freenet takes a further step into promoting online privacy. This open source project does not only protect the recipient of the data, but the data itself as well. Data are not stored on a single server, but distributed over many servers on the Internet. This way, none of the participating servers has any meaningful logfiles for analysis and content can never be taken down by a single participater.

Encrypted tunnel. Through an encrypted tunnel (for example a VPN or an SSH-connection), you can connect to a server on the other side of the world. From that server, the internettraffic can be forwarded anonymously to its destination (an anonymous proxy). By hiding the data inside of another protocol and encrypting it once more, even in case of live interception it would be almost impossible to retrieve the actual content.
This is a non-exhaustive list of examples. It clearly shows data retention is a very ineffective approach, certainly for criminals with the energy to prevent the logging of their internet tracks. Only regular internet users, using regular internet access will be caught by their traffic data. The consequence is that a lot of money and manhours of secret services and law enforcement will be wasted on the wrong kind of investigation. Security expert Bruce Sneier once told: "You can only spend a dollar once. Who spends his money the wrong way, doesn't increase security but reduces it.”
Quelle: De Winter 03-09-05 (http://forums.skadi.net/redirector.php?url=http%3A%2F%2Fdewinter .com%2Fmodules.php%3Fname%3DNews%26file% 3Darticle%26sid%3D202)

Welcome in the brave, new World! :thumbdown