Europol wants your data
By Matt Whipp
Posted on 19 Jun 2002 at 18:00
We ain't seen everything yet.
You may be forgiven for thinking the EU's Directive on Telecommunications Privacy gave member state governments enough powers to force communications companies to keep data they may want to look at later, but now Europol has drafted a document that would force companies to do this, whether governments agreed or not.
The document came to light thanks to civil liberties groups such as the Electronic Privacy Information Centre and Statewatch. You can download the document as a PDF from the Statewatch Web site.
The document, titled Expert Meeting on Cyber Crime: Data Retention, is dated 11 April and comes from a closed session, chaired by Europol, for a discussion on data retention by law enforcement experts.
The session focusses on minimum and optional data to be retained by ISPs and telecommunications companies. Companies must (under this draft agenda) retain user IDs, passwords, IP addresses, dates and times of connection, bytes sent and received and caller line identification for connections to Network Access Systems, and may also keep credit card numbers and bank account details.
Web server information to be retained includes the types of operation performed (e.g. GET commands) and operation paths. Companies hosting Web sites for other parties 'should retain details of the users who inserts [sic] these Web pages'. Data from Usenet and IRC must also be retained along with data from FTP, SMTP and POP3 transactions, although the contents of such activity is not required.
Telcos have to retain data on date, time, number (including numbers called on conference calls) and type of calls, along with billing addresses and information on the caller and subscriber, and of course bank account details.
Mobile network operators will need to retain all this along with geographical data and handset data. Sophisticated calls such as SMS messages, WAP surfing and GPRS and UMTS connections will also be logged.
While most of us would agree that efforts should be made to ease the fight against crime, retaining this type of data indefinitely means extra work for these companies to store it. Isn't there a concern that without an EU-wide standard for the security of storing this data, which can include personal and bank account details, there's a huge risk of unauthorised access to it?
Leave your comments below.
We were unable to get a response from representatives at the EU at the time of writing.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
