Business internet Regs

EU goes bananas – food safety tech to be used to catch paedophiles and sex offenders?

I had to stare at this for a bit to understand it. In a Written Declaration the European Parliament has called on the Member States to coordinate a European early warning system involving their public authorities, based on the existing system for food safety, as a means of tackling paedophilia and sex offending.

They are also talking about applying the Data Retention Directive (Directive 2006/24/EC) to search engines.

Business security

Ex MI5 chief echoes concern over civil liberties

Dame Stella Rimington is in the news today attacking the government’s postition regarding data  retention.  This is in tune with comments previously made on this blog.

I sympathise with the need to guard against terrorism but you do get the feeling that we are moving backwards. When I was growing up we were hit with propaganda about the communist enemy.  A police state where people were frequently spied upon just in case they had views that were contrary to official policy.  Increased levels of surveillance in order to catch terrorists is undoubtedly going to impact on many innocent lives. If we are not careful we will end up mimicking the police states that we were cricisising not so long ago.

Business internet security

Transposition of Directive 2006/24/EC

We do live in a marvellous world don’t we? If anyone was to ask you what the title of this post was all about you’d almost certainly give them a blank stare.

This is all about what is better known as “The Data Retention Act” which was stipulated by the EC some time ago. This Act has been implemented to assist in the fight against terrorism. Every Communications Provider has to keep logs of phone calls made and received.

I don’t mind this. We do it anyway otherwise we wouldn’t be able to bill our customers and I certainly will help fight the good fight if I can do so (safely).

The first phase was rolled out in 2007 for fixed and mobile telephony. The Internet community was given a further 18 months to implement the same measures for VoIP and emails. The VoIP service provider community is also OK with this for the same reasons given above.

When it comes to emails it is a slightly different story. ISPs have had no reason to keep records of emails sent and received. The service is flat rate (or free) and does not therefore require the information for billing purposes. So implementing the directive is likely to cost money for an ISP.

This Act is now in its consultation phase which is causing some consternation and confusion in the ISP industry. The Regulations state that costs associated with this ‘may’ be recoverable. No guarantees. A recent briefing by the Home Office also stated that because of these costs they were currently looking at a scenario whereby only the ‘big 6’ ISPs would have to keep the data and that smaller ISPs would only be asked to do so based on “intelligence led approach”. Ie you have to keep the information if they suspect one of your customers of being a terrorist.

The suggestion here is that if you are a small ISP you are more likely to have a terrorist as a customer than a big ISP. The baddies will know that they are less likely to be monitored.

This approach also presents other problems. The ISP having to do the monitoring is at a competitive disadvantage to the one not having to do so because of the additional overhead involved.

What’s more the technical logic is somewhat flawed in respect of email data retention and a savvy terrorist is  easily going to bypass the system. Web based email networks normally allow you to save a draft of an email for sending later. It just takes two terrorists to know the log on details of a google mail account. One writes the email and saves it as  draft. The second then logs in to the gmail account and reads the draft.

The Act is scheduled to become law on 15th March 2009 and it seems that there is a lot of work to be done before it can be sensibly implemented. Timico is playing a leading role here with its involvement in the ISP Association and you can be sure that readersof this blog will be updated on progress.