Business internet security

German court declares against data retention act

The Data Retention Act, which is about Big Brother getting out of control, is being rolled out across the European Union.  I’ve posted about it on a number of occasions, including here and here

The story has taken an interesting turn with a German court pronouncing it invalid.   Specifically:

“The court is of the opinion that data retention violates the fundamental right to privacy. It is not necessary in a democratic society. The individual does not provoke the interference but can be intimidated by the risks of abuse and the feeling of being under surveillance […] The directive [on data retention] does not respect the principle of proportionality guaranteed in Article 8 ECHR, which is why it is invalid.”

It seems to me this is going to hot up a little in the UK.

The link to the whole article is on the vorratsdatenspeicherung website 🙂

My thanks to James Blessing for this link.

Business internet voip

Data Retention Act Absurdity

The Data Retention Act, as you will know from previous posts requires Communications Providers, when requested, to store information concerning voice calls, emails and potentially Instant Messages sent and received by its customers.

I learned yesterday that this will not apply to IM services of companies such as Facebook that are defined as “information society services”.  This does tend to make the whole Act an absurdity in my book.  Also what happens when Google launches VoIP in the UK? Is Google an information society service?

It would be interesting to understand how the reg will apply to P2P services such as Skype?  I’m sure I must have been told sometime.

Business internet

Data Retention Act Published Today

The much heralded Data Retention regulations were published today. The Act is due to become law on 6th April and has caused consternation amongst privacy rights activists and initially amongst the Communication Provider Community.

The specifics are

4 —(1) It is the duty of a public communications provider to retain the communications data specified in the following provisions of the Schedule to these Regulations—
(a) Part 1 (fixed network telephony);
(b) Part 2 (mobile telephony);
(c) Part 3 (internet access, internet email or internet telephony).

Part 3 was the bit causing the fuss – the storage of email and web browsing habits.  The CP community has somewhat calmed down since because further down in the spiel it says:

10-(1) These Regulations do not apply to a public communications provider unless the provider is given a notice in writing by the Secretary of State in accordance with this regulation.

The Government had previously said that it would only make the largest CPs comply and here they have essentially put it in writing. 


11. —(1) The Secretary of State may reimburse any expenses incurred by a public communications provider in complying with the provisions of these Regulations.

So all in all, the privacy issues aside, it seems to have been a storm in a teacup for an industry that was worried about all the additional overhead that would be incurred in complying with the Act.

The full text can be seen here.

Business internet live on the BBC

For anyone interested in listening in I am appearing on BBC Radio Lincolnshire at 18.30 hours today (Greenwich Mean Time). I am talking about the Data Retention Act which hit the BBC headlines on Friday and which has now been the subject of a couple of posts here and here.

This is not my first appearance on Radio Lincolnshire. However the last one was so long ago I think it was before CDs were invented and I was still playing with the Sinclair Spectrum Computer.

You can catch it on the internet on the BBC’s website at  I’m on “Drive Time with William Wright”. I’d be interested in any constructive feedback.

Business internet security

Data Retention Act On The BBC News

I woke up this morning to an article on BBC Radio 4 concerning the forthcoming Data Retention Act (see previous post on this). The article was then carried several times on BBC Radio Lincolnshire, my local station – I’m sure it would have been repeated in all the regions.

The BBC’s slant concerned human rights and seemed to have been triggered by Human rights organisation “Liberty”. What has been happening since my post on the subject is that the tone of the Government’s conversation has moved on towards looking for a centralised database containing records of many different types of communications and not just email and telephony. This might include SMS, IM etc.

Nothing is set in stone here but I have concerns on two fronts. Firstly the technical cost and impracticality of implementing such a database would be huge and criminals would always be able to find ways around appearing on the records. Secondly is very much the human rights angle. 2008 saw a number of high profile examples of the loss personal data of millions of people because of stolen laptops and lost memory sticks.

I want to help the authorities catch criminals and haven’t really been too concerned in the past about their keeping my own personal records on file because I am a good boy. However in the light of last year’s data losses and because it is fundamentally not possible to totally trust the government (which is one of the reasons that democracies have elections) I have changed my tune.

If you want to read the BBC article online you can find it here.

Business internet Regs

Data Protection

The European Court of Human Rights today ruled that South Yorkshire Police should not have retained the DNA of two men who had been convicted of no offence. Check the BBC report here.

This is an interesting one because in March 09 the Data Retention Act comes into play whereby ISPs will be required to store email habits of their customers. For “DNA” in this respect read “Data”… Is the European Court of Human rights going to rule on the Data Retention Act downstream?

I have a meeting with the Home Office at Timico in January so it will be interesting to report back on this issue.