lambda 8.03
May 24 2002
UPDATE May 30

sommaire
- Privacy directive endorses data retention provision : 340 for, 150 against (out of 625 MEPs)
- Hors d'oeuvre: G8 cybercrime unit unveils list of IP data to be collected

 

UPDATE: lambda 8.04
June 7. - Europol Document: logs in custody - the complete list + 10 keys for blanket telecom surveillance

 

Short-circuits

Paris-based ISP Globenet's "No-log" = zero personal data logging

http://www.no-log.org/index2.php

 

UPDATE MAY 30
DATA RETENTION PROVISION APPROVED

" 15.1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1)(2)(3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national or State security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95/46/EC. To this end Member States may inter alia adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures included in this article shall be in accordance with the general principles of Community law including those referred to in Article 6 paragraphs 1 and 2 of the Treaty on European Union. "

 

COMMENTS:

Marco Cappato, Radical MEP of the Lista Bonino and EP rapporteur on the directive on privacy in electronic communications:

"With the vote of today, the directive on privacy in electronic communications can be correctly defined the directive of data retention and of iper-regulation of the Internet. The EP first reading position, as confirmed by the civil liberties committee in second reading, have been completely reversed in plenary, convincing me to withdraw my name from the report, as I announced in plenary after the vote. (...) On this issue, from now on Member states of the EU have an explicit authorisation in this EU directive to impose on telecom and Internet service providers the retention and storing of all citizens' communication datas, such as telephone and mobile calls, Internet surfing, emails, location datas.

Mme Ana Palacio - Spanish PPE, that worked hard to sponsor the Spanish Council Presidency requests in the EP, and to have the committee position she chairs completely reversed in plenary, furthermore being absent yesterday and today either during EP debates and votes - and Mme Paciotti - PSE shadow rapporteur, that did a remarkable U turn on data retention, passing from opposition to endorsement - took the political responsibility of driving their EPP and PSE colleagues for this vote. Belgium, Holland, Germany, the UK are working on data retention laws that could make possible the generalised, massive surveillance of the citizens, and efforts to co-ordinate and establish a Europewide regime of data retention are taking place in the Council and in Europol. (...)

Ilka Schroeder, MEP, shadow rapporteur of the United European Left Group , draftsperson of the Industry Committe:

"With today's vote the European Parliament supports the project of a surveillance union. (...) Data retention means: Communication data will no longer be intercepted exclusively at the time the communication takes place, but may be analysed years later retro-spectively. This bears the danger of the resorting to fundamental rights still in force today being sanctioned in the future. (...) Western democrats surpass the surveillance achievements of Eastern Germany_s former Staatssicherheitsdienst by far."

 

Open Letter to EP's President

Coalition Asks European Parliament to Vote Against Data Retention

In an open letter sent to all Members of the European Parliament, 40 civil liberties organizations from 15 countries strongly recommended that Members vote against general data retention of communications by law enforcement authorities. The vote, scheduled for May 29 in Brussels, is critical, as it constitutes the major step before the final adoption of the new EU Telecommunications Directive. It may have serious consequences on the manner in which data retention is currently regulated in the United States and other countries around the world. Individuals are also encouraged to endorse the letter, and may do so until May 28.maintienne son amendement interdisant toute surveillance "généralisée et exploratoire". (...)

http://stop1984.com/index2.php?lang=en&text=letter.txt

http://www.gilc.org/cox_en.html (English) http://www.gilc.org/cox_es.html (Spanish)

http://www.gilc.org/cox_fr.html (French) http://www.gilc.org/cox_de.html (German)

 

 

Data retention: the Euro Parliament trapped

 

Paris, 24 May 2002 (Lambda Bulletin, 8.01). -- The European Parliament will reach a crucial step towards data protection next week when a directive is about to be approved.

The Lambda learned this week that the two major political groups (PSE, social-democrats, and EPP, conservative) reached a settlement on May 24 to adopt a special measure aimed at blocking former MEPs moves to protect data privacy. The amendment was lodged by Spanish MEP Ana Palacio (Chair of the Liberties, Justice and Interior Affairs Committee), which has been approved by the PSE representative Helena Paccioti (Italy), skips a special provision adopted by the entire Parliament last November:

"These measures [traffic data retention] shall be entirely exceptional and based on a specific law which is comprehensible to the general public, and shall be authorised by the judicial or other competent authorities on a case-by-case basis. Under the European Convention on Human Rights and the EU Charter of Fundamental Rights and pursuant to rulings issued by the European Court of Human Rights, any form of widespread general or exploratory electronic surveillance is prohibited."

The new amendment erased the last sentence and adds:

"To this end Member States may inter alia provide for the retention of data for a limited period justified on the grounds laid down in this paragraph, in accordance with the general principles of Community law, in particular the European Convention on Human Rights and pursuant to rulings issued by the European Court of Human Rights."

This is the last compromise the Council of Governements of the European Union is keen to accept, according to MEPs interviews. Member States government officials were very clear: another bill ("decision-cadre") could legalize data retention if the Palacio amendement would be dropped on May 30th.

 

As the British NGO Statewatch reported on May 23:

"The chair of the Committee on Citizens' Freedoms and Rights (Ana Palacio, EPP, conservative group, Spain) lodged a new amendment for the plenary session discussion (29 May) and vote (30 May) in the European Parliament on the critical Article 15.1. in the proposal to amend the 1997 EU Directive on privacy in telecommunications

"The wording of the proposed amendment by Ana Palacio is virtually the same (two words have been transposed) as as the one she proposed on 18 April which is "acceptable" to the Council of the European Union (the 15 EU governments) because it accepts their demands that network and service providers retain traffic and location data and that law enforcement agencies (police, customs, immigration and internal security agencies) have access to it: European Parliament committee chair tries to reach a "deal" with the Council on the surveillance of communications

The EPP (and) PSE together form an outright majority, it would lead to the European Parliament backing the "war on terrorism" demands of the governments as against the freedom, privacy and democratic rights of citizens."

 

+ Text of amendments: (Word, pdf, html):

http://www.statewatch.org/news/2002/may/10epcavein.htm

 

 

Hors d'oeuvre
G8 cybercrime unit unveils list of IP logs to trace

UPDATE: lambda 8.04
Europol Document: logs in custody - the complete list + 10 keys for blanket telecom surveillance

On May 13-14, G8 Justice and Interior Ministers met in Mont-Tremblant, a little ski resort in Canada-Quebec "to discuss the protection of our society from international terrorism and crime".

First, G8 ministers endorsed "Recommendations for Tracing Networked Communications Across National Borders in Terrorist and Criminal Investigations".

"These recommendations will assist our police and national security agencies in rapidly locating and identifying criminals and terrorists who use international communication networks for illegal purposes."

G8 experts published another document, "Principles on the Availability of Data Essential to Protecting Public Safety", in which a complete list of what kind of IP networks data may be collected by ISPs prior to any investigations or legal order.

The document reads first:

"To investigate, so as to prevent or prosecute, crimes and terrorist activities, law enforcement authorities require lawful access to traffic data and subscriber information held by communications service providers. However, criminal and terrorist investigations are increasingly being hampered by a lack of available data and information.

"For this reason States should examine their policies concerning the availability of traffic data and subscriber information so that a balance is struck between the protection of privacy, industry's considerations and law enforcement's fulfillment of the public safety mandate. " ...

... Annex A :

The following is a list of log details related to some services that may be available to an Internet service provider. It should be noted that the content of these logs might be subject to relevant business, technical and legal conditions; not all of the following data elements will be available in all logs.

 

(1) Network Access Systems (NAS)

 

-access logs specific to authentication and authorization servers such as

TACAS+ or RADIUS (Remote Authentication Dial in User Service) used to

control access to IP routers or network access servers

-date and time of connection of client to server

-userid

-assigned IP address

-NAS IP address

-number of bytes transmitted and received

-caller Line Identification (CLI) .

 

(2) E-mail servers

 

-SMTP (Simple Mail Transfer Protocol) log date and time of connection of client to server

-IP address of sending computer

-ID Message (msgid)

-sender (login@domain)

-receiver (login@domain)

-status indicator

-POP (Post Office Protocol) log or IMAP (Internet Message Access Protocol) log

-date and time of connection of client to server

-IP address of client connected to server userid

-In some cases identifying information of E-mail retrieved

 

(3) File upload and download servers

 

-FTP (File Transfer Protocol) log

-date and time of connection of client to server

-IP source address

-userid

-path and filename of data object uploaded or downloaded

 

(4) Web servers

 

-HTTP (HyperText Transfer Protocol) log date and time of connection of client to server

-IP source address operation (i.e., GET command)

-path of the operation (to retrieve html page or image file)

-"last visited page"

-response codes

 

(5) Usenet

 

-NNTP (Network News Transfer Protocol) log

-date and time of connection of client to server

-protocol process ID (nnrpd[NNNN])

-hostname (DNS name of assigned dynamic IP address)

-basic client activity (no content)

-posted message ID

 

(6) Internet Relay Chat

 

-IRC log

-date and time of connection of client to server

-duration of session

-nickname used during IRC connection

-hostname and/or IP address

UPDATE: lambda 8.04
Europol Document: logs in custody - the complete list + 10 keys for blanket telecom surveillance
Points 7 to 10: telecom companies (fixes, mobile, satellite) retention requirements, including geolocation logs

G8 RESSOURCES

+ Public release after the May 13-14 meeting:

http://www.g8j-i.ca/english/chair.html

+ "Principles on the Availability of Data Essential to Protecting Public Safety"

http://www.g8j-i.ca/english/doc3.html

+ "Recommendations for Tracing Networked Communications "

http://www.g8j-i.ca/english/doc2.html


©left bulletin lambda
May 2002
Contact I home I abonnement