[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: German data rentention law



On Sun, Oct 19, 2008 at 01:45:22PM +0200, Dominik Schaefer wrote:
> As already said, much more difficult is the part about anonymizing
> services, which brings us right to the still missing 'technical
> directive'.
> That will define the specifics: who is exempted (e.g. WLAN hotspots in
> hotels are said to be exempted, WLAN hotspots at airports not), what
> format has to be used for transmitting the data to law enforcement,
> what precision the timestamps must have, what 'immediate response' to
> a request from a law enforcement actually means, what availability the
> systems for data retrieval must have and so on...
> Most of that will be defined first by the European Telecommunications
> Standards Institute. Then the german agency, which has to supervise
> the implementation of the law, will adopt that directive. That is
> expected to happen in spring 2009.
> Curiously, the telecommunication service providers in germany
> now have to log stuff, but know nearly nothing about the technical
> implementation and that is even worse for small service providers or
> private persons.
> The conclusion is more or less: nobody knows for sure if Tor relays
> have to log or not. It seems, that some courts will have to decide that.

The data retention law seems to be partly an attempt to 
make private operators do the government's work of law enforcement.
However, suppose the technical implementation is something like requiring ISPs 
to allow wholesale teeing of the pipes as is now done at AT&T in the USA,
at government/taxpayer expense.
Then we will not know whether some or all of the data is logged.
Further, what prevents European (or Chinese etc) data spies from cooperating
with American data spies, enabling monitoring both ends of most connections?