[hackmeeting] retencion de datos: contenido emails tambien, en UK

merce merce en grn.es
Jue Jul 14 16:52:40 CEST 2005

ha salido esto en EDRI-gram, disculpas por el crossposting
si alguien lo ha recibido. Me parece interesante lo que
dice: "Despues de los ataques de Londres, la National High
Tech Crime Unit envio un email a la asociacion de ISPs de UK
y el London Internet Exchange pidiendo que voluntariamente
guarden los datos de trafico de Internet y telefonos y,
dice que como no era una orden amparada en leyes aprobadas
democraticamente, les dijeron que si no lo hacian
arriesgaban su reputacion.

cuando veas que depilan a tu vecina, vete con ojo que ya
estas en 1984 (era asi? ;)


> 3. UK ISPs voluntarily preserve internetdata
> ===========================================================
> Immediately after the London attacks on 7 July 2005, the National High
> Tech Crime Unit sent an e-mail to the UK provider association and to the
> London Internet Exchange asking for voluntary help in preserving traffic
> data of telephone and internet, but also the contents of e-mails,
> voice-mails and SMS. Some technicians outside of the UK responded in
> outrage at this request, comparing the request to asking the Postal
> Services to photocopy all post and pointed out the technical impossibility
> of storing tens of millions of e-mails a day.
> But the UK ISP world remained extremely silent. Now it turns out the
> preservation was voluntarily offered by UK ISPA and it also turns out this
> is not the first time UK ISPs have voluntarily preserved massive amounts
> of sensitive data on all their customers. After the New York attacks, on
> 14 September 2001 the UK ISPA already recommended giving in to a
> preservation request from the Crime Unit. As one anonymous UK ISP remarked
> in a technical conversation: "they took six months to get back to us,
> without even mentioning they wanted the data." After that, the ISP deleted
> the records, because of the massive amount of necessary hard-disk space.
> Telephony and internet providers were asked to store the content of email
> servers; email server logs; radius or other IP address to user resolution
> logs; pager, SMS and MMS Messages currently on the network's platform;
> content of voicemail platforms; call data records (includes mobile, fixed
> line, international gateways & VoIP) and subscriber records.
> The explanation offered was: "The investigation into this crime will take
> many months and it is likely that the significance of specific
> communications data and current stored content will not become immediately
> apparent and there is a real risk that important evidence could be lost."
> Now that the individual suiciders have been identified within a few days
> and general investigation is making rapid progress, hopefully the Crime
> Unit will quickly follow-up on the request and make sure these extremely
> sensitive data are not stored any longer than necessary for acceptable
> business purposes.
> Unconfirmed rumour has it that Belgian ISPs received a similar request
> from the UK Crime Unit. It is unlikely they will voluntarily co-operate.
> Storing the content of communications is in utter violation of EU privacy
> legislation. Only upon court order may an ISP preserve specified data from
> individual suspects, if the cybercrime treaty has been implemented. There
> is no legitimacy in any kind of voluntary preservation, also given the
> immense privacy and security risks of collecting such massive amounts of
> data.
> In the UK ISPs have been bullied into voluntary data retention measures,
> in spite of extremely critical comments from the Information Commissioner.
> In response to a government consultation in 2003 about the government
> proposal for voluntary retention he said only a statutory obligation would
> comply with data protection laws, but added "However, the Commissioner is
> yet to be convinced that there is a need for a communications service
> provider (CSP) to retain data routinely for the prevention of terrorism,
> for any longer than the data would be normally retained for its own
> business purposes."
> When the UK failed to pass a specific data retention law through the
> normal democratic procedures, it seems they managed to convince ISPs they
> would risk their reputation if they did not voluntarily collaborate with
> essentially unlawful retention measures. Their attempt to bully the
> Brussels institutions into legalising this national practice hopefully
> meets with louder public resistance.
> Net industry urged to co-operate following London bombings (11.07.2005)
> http://www.theregister.com/2005/07/11/ispa_preservation/
> Response Information Commissioner (June 2003)
> http://www.informationcommissioner.gov.uk/cms/DocumentUploads/voluntary%20retention%20of%20communications%20data%20consultation%20re….pdf
> Summary of other responses to the proposal for voluntary data retention
> (11.09.2003)
> http://www.homeoffice.gov.uk/docs2/vol_retention_comms_data.html

Más información sobre la lista de distribución HackMeeting