Swedish ISP Will Automatically Encrypt All Traffic To Protect Privacy Under New Data Retention Laws

from the how-it-all-works dept

When Sweden first put in place its IPRED law, which required ISPs to hand over identifying info on people accused of file sharing, one of the first ISPs to respond was Banhof, who immediately put in place a new policy to delete all log files. Now that Sweden is pushing forward with a data retention law that would require ISPs to keep log files, Banhof has taken things up a notch by encrypting all traffic on their network via a VPN. That means that even if it keeps logfiles, the information will be effectively useless. Honestly, I'm surprised that more ISPs haven't done something similar and pitched themselves as focused on protecting privacy. It's difficult to see how Swedish politicians can really respond to this. They can't exactly order ISPs not to encrypt traffic. Just think of the mess that would cause. So, as the US starts looking (again) at data retention laws, they might want to consider what's happening in Sweden.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data retention, encryption, sweden, vpn
Companies: banhof


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 28 Jan 2011 @ 2:21pm

    Papers please.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2011 @ 2:26pm

    I suspect it won't be long before this dodge gets outlawed as well.

    Honestly, if they are going to this extent to "protect" their clients, aren't they reaching the point of being active participants in the very activities the law seeks to stop?

    link to this | view in chronology ]

    • icon
      Dark Helmet (profile), 28 Jan 2011 @ 2:32pm

      Re:

      "Honestly, if they are going to this extent to "protect" their clients, aren't they reaching the point of being active participants in the very activities the law seeks to stop?"

      Nope, simply protecting users against unreasonable government requests. You know, the kind of things good corporate citizens SHOULD be doing.

      Next question?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Jan 2011 @ 2:37pm

        Re: Re:

        If you think they are truly unreasonable, you must be running a torrent search site for profit.

        link to this | view in chronology ]

        • icon
          thestevetorres (profile), 28 Jan 2011 @ 2:45pm

          Re: Re: Re:

          Since when has it not been unreasonable to search identifiable information of an innocent person?
          A cop would not be able to walk in to your house and search it, under the pretense of "if you have nothing to hide you shouldn't be worried."

          link to this | view in chronology ]

        • icon
          Dark Helmet (profile), 28 Jan 2011 @ 2:49pm

          Re: Re: Re:

          "If you think they are truly unreasonable, you must be running a torrent search site for profit."

          GASP! You GOT me! Oh well, the veil is off, might as well make the best of it.

          So come one, come all, down to Dark Helmet's torrent search site. You too can get all the torrenty goodness you need, all you have to do is click on www.darkhelmettorrentssitethatimadebecauseihadtoonceithoughtprivacyforprivatecitizensmightbeagoodide a.com

          Yes, that's the site, my friends. It's a grand place where you can get all the torrents your heart desires. But wait! We have a special focus for our search site. We focus on torrent searches in the following categories:

          1. Golf porn
          2. Movies about Chicago quaterbacks NOT named Jay Cutler
          3. Nina Paley's movies (shhhh! She's gonna be sooooooo pissed zomg lols)
          4. Videos that start off like those ones that have cute little squirrels doing human things w/their hands, but ends with such animals getting run over by semi trailers
          5. All footage of Bulls games during the Jordan era, with all white people edited out for the further enjoyment of basketball fans
          6. The collective works of Timothy Geigner (we know a guy....)

          So come on down, you're the next contestent on stupid claims easily mocked by Anonymous Cowards....

          link to this | view in chronology ]

        • icon
          Hephaestus (profile), 28 Jan 2011 @ 2:52pm

          Re: Re: Re:

          "If you think they are truly unreasonable, you must be running a torrent search site for profit."

          Okay, I really wish Mike would put a "Lame" button up. or "Weakest Rebutal" because that was the worst of the week.

          Its two totally seperate statements you are trying to combine. Neither has anything to do with the other. We need to send you off to shilling and trolling school.

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2011 @ 2:39pm

      Re:

      Nothing wrong with protecting their customer's privacy.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Jan 2011 @ 3:06pm

        Re: Re:

        There is plenty wrong if they are doing with intention of aiding them to break the law. This isn't a question of "privacy", it is a question of some sort of demented "right to pirate", or perhaps "right to child pr0n", or whatever it is.

        There is a point where it crosses the line from customer service to helping people evade the law. They crossed that line a ways back.

        link to this | view in chronology ]

        • icon
          AR (profile), 28 Jan 2011 @ 3:18pm

          Re: Re: Re:

          "There is a point where it crosses the line from customer service to helping people evade the law. They crossed that line a ways back."

          There is also a point where government crosses the line between governance and oppression. They are doing that now as we speak.

          link to this | view in chronology ]

          • identicon
            Not an electronic Rodent, 29 Jan 2011 @ 5:29am

            Re: Re: Re: Re:

            There is also a point where government crosses the line between governance and oppression. They are doing that now as we speak.
            Must be a bloody big line then because they've been at it a while. Think you better look behind you at the other 20 or 30 lines. I think you'll find the one you mention is actually about 6 or 7 back. In the UK for example I think we got there with "No, in fact you don't have the right not to incriminate yourself"

            link to this | view in chronology ]

            • icon
              AR (profile), 29 Jan 2011 @ 7:58am

              Re: Re: Re: Re: Re:

              But you guys should be used to that by now. They have always crossed the line(s). Heck, my ancestors had a problem with your government back in 1692 in Scotland. ;)

              link to this | view in chronology ]

        • icon
          thestevetorres (profile), 28 Jan 2011 @ 3:18pm

          Re: Re: Re:

          "There is plenty wrong if they are doing with intention of aiding them to break the law."

          Ok, if you want to make that argument, then it looks like there is something missing between paragraph 1 and paragraph 2... evidence of said intent.

          Perhaps it was accidently deleted in you rush to post such an informative post.

          link to this | view in chronology ]

        • identicon
          Androidhelpers.com - IOWA, 28 Jan 2011 @ 3:22pm

          Re: Re: Re:

          Lame. How about I get my cousin (FBI) to come search your house for no apparent reason, and view all of your logs, internet chats, and everything you've ever done. If not, you must be running a bit torrent site for profit.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 28 Jan 2011 @ 8:19pm

            Re: Re: Re: Re:

            Since he can't do it legally, what is your point? The ISPs should be required to retain the information for legal searches with a warrant. How f-ing hard is that to understand?

            link to this | view in chronology ]

            • icon
              Christopher (profile), 29 Jan 2011 @ 12:17am

              Re: Re: Re: Re: Re:

              Quite hard, because this is NOT asking them to 'retain all the information for legal searches with a warrant'. It is asking them to keep ALL THE INFORMATION OUT OF THE HOPES OF LEA's that they will find someone 'doing something wrong' or illegal (and by the way, they cannot definitively prove that one person or another is trading CP unless they find CP on the person's computer, coming from someone who was accused of trading CP at one time) in the future and can go back YEARS looking for other evidence of wrongdoings.

              That is totally against our system of justice as well as the statute of limitations on crimes.

              link to this | view in chronology ]

        • icon
          Mr. LemurBoy (profile), 28 Jan 2011 @ 3:31pm

          Re: Re: Re:

          Ok, I really can't tell. Is this guy being serious, or are we giving a troll his 3 square meals for the day?

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 28 Jan 2011 @ 3:41pm

          Re: Re: Re:

          Piracy and child pornography are the same thing.

          link to this | view in chronology ]

    • icon
      AR (profile), 28 Jan 2011 @ 2:52pm

      Re:

      I can see it now.

      "We (the Government) are going to ban privacy protection implemented by Internet Subscription Providers. This is being done because these ISP's and you, their users, are engaging in activities that we have deemed unlawful and harmful to the country, the economy, our corporate sponsors, the planet, the children, and puppies. Because of this we have decided that no one will have Internet privacy. That way you can be monitored at our discretion and prosecuted when we deem appropriate."

      Yea. that'll go over well.

      link to this | view in chronology ]

      • icon
        Christopher (profile), 29 Jan 2011 @ 12:19am

        Re: Re:

        In a pig's eye. Many people are getting more and more leery of the stereotyping of pedosexuals, drug users, etc. that the government has been doing for years now. It's getting to the point where if they pile anything else on, it's going to break the cord that is barely holding the slingshot in check, and the government is going to have the load of 500 ton rocks in the slingshot come shooting in their face at 200 MPH!

        link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 29 Jan 2011 @ 11:14pm

      Re:

      I suspect it won't be long before this dodge gets outlawed as well.


      Curious. How do you outlaw using a VPN?

      link to this | view in chronology ]

      • identicon
        Darryl, 30 Jan 2011 @ 1:24am

        Re: Re:

        A VPN a virtual PRIVATE network, you know the ones that do not have to use the internet at all, but sometimes they do.

        But they are PRIVATE, as soon as you stop outside that 'private network', you enter the PUBLIC network, ie THE INTERNET.

        And all the rules and laws that apply to the PUBLIC network, or the internet will apply to you.

        Sure, it will not apply to you if you are using the VPN and ONLY the VPN, but if you are using the VPN to access the public internet.. Then by definition it is NO LONGER A VPN.

        And if you leave your safe VPN and enter the internet, and you access an IP address that is considered illegal, then the law states that the ISP has to provide the IP address, name and ID of the person or user that accessed that public internet IP address..

        Im sure mike you know how a VPN works, don't you ???

        link to this | view in chronology ]

        • icon
          xenomancer (profile), 30 Jan 2011 @ 1:50am

          Re: Re: Re:

          "Im sure [...] you know how a VPN works, don't you ???"

          I'm not sure that you do, Darryl. And when has ANY IP address EVER been considered illegal let alone the simple act of connecting to it? Please, do answer in gruesome detail and provide as many sources as you can find. Wikipedia is allowed, but try cracking a law book or two while your at it. As for the VPN issue, the encryption lies in the idea of putting an encrypted black box process in the middle of all passing traffic connections from one side of the ISP to the other. All the logs would show is that the ISP's VPN connections are very popular. No capacity to connect traffic from one side of the ISP to the other would be possible.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 31 Jan 2011 @ 5:38am

            Re: Re: Re: Re:

            Danger, do not engage Daryl on technical issues. Previous efforts to point out his technical incompetence have resulted in the throwing of feces.

            link to this | view in chronology ]

            • icon
              xenomancer (profile), 31 Jan 2011 @ 2:23pm

              Re: Re: Re: Re: Re:

              Hmm, a reliable source of fecal kinetic energy... We should find a way to power a fly wheel generator with target painted paddles and patent it. Boy will GE's face be red!

              Thanks for the warning, I'll check back here in a month for the tough-talking-a-dead-person approach I'm half certain he will follow.

              link to this | view in chronology ]

  • icon
    Bin4ry.Ninj4 (profile), 28 Jan 2011 @ 3:25pm

    Banhof should be applauded for this. I can see other ISP's following suite as more governments try to pressure them into keeping logs and giving up their customers info. I'm interested in seeing if Banhof profits from this somehow. If I was a person interested in using their considerable computer skills to perform considerably illegal actions (whether or not the action is for profit or to make a statement), I would want an ISP who encrypts their inbound and outbound traffic or, at the very least their logs.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2011 @ 3:49pm

      Re:

      I, as a person of basically zero computer skills, want these guys to run my ISP and completely encrypt all my totally legit and paid for actions so I can profit completely legally and idealistically without fear of being falsely accused by anyone violating my private activity on the internet.

      link to this | view in chronology ]

    • identicon
      SJ, 28 Jan 2011 @ 11:19pm

      Re:

      Or you just setup your own vpn...

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2011 @ 4:07pm

    Banhof are VERY small, operated out of what could be anyone's basement. It's easy for them to do that with very little cost. A major ISP wouldn't consider it for a second due to the considerable work required and high fees for equipment.

    link to this | view in chronology ]

    • icon
      fogbugzd (profile), 28 Jan 2011 @ 4:29pm

      Re:

      The costs of data retention is very high. The US is talking about two-year retention, which would be insanely expensive. Encrypting would be a bit of an extra burden, but relatively small in comparison.

      Cost is the main reason ISP's cite when they oppose data retention laws. ISP's might look at this as a protest method. The government might back off if they realized that the logs were going to be useless to them except in extreme cases when they get the NSA involved.

      Let's face it, the MPAA is probably the one pushing the retention to make it easier to sift through the ISP logs and catch file sharers en mass. Even a puny 128 bit ISP encryption system would throw a giant monkey wrench into those plans.

      link to this | view in chronology ]

      • icon
        Eugene (profile), 28 Jan 2011 @ 4:47pm

        Re: Re:

        That's actually the beauty of encryption. It's easy, it's cheap, and (until someone invents a quantum computer) consistently effective.

        If anything, the slight bump in expenses in order to implement encryption would be felt *more* by a small provider like Banhof. For a large scale ISP, this would be like batting an eyelash.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 28 Jan 2011 @ 7:07pm

          Re: Re: Re:

          Not quite, because *all* your infrastructure has to be redesigned, new equipment integrated, and thousands of man hours.

          For "data retention" (the term is defined VERY loosely), you basically just archives your logs, which costs nothing if only a few more HDDs.

          link to this | view in chronology ]

          • icon
            freak (profile), 28 Jan 2011 @ 7:47pm

            Re: Re: Re: Re:

            . . . I'm not sure where you're getting that from?

            If I want to encrypt anything at all, anything, nearly instantaneously, I can do so with a ~150 line C program implemented one of Marsaglia's KISS RNGs with a run-time in the milliseconds per megabyte.


            I could also use some nasty asymmetric, easily broken, encryption, and laugh quietly to myself while a 1kb file takes 2 hours to decrypt, even with the key. Here you go, sirs, 200 GB of records. Here's the encryption keys and method. See you in, oh, 48,000 years for the follow-up requests?

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 31 Jan 2011 @ 11:04am

              Re: Re: Re: Re: Re:

              You're hilarious. How will you encrypt all your traffic? Using software? You'll have your routing equipment to support better encryption? I Wonder how many Junipers and Cisco's you'll brick in the process. Your infrastructure needs to support it. Not just end clients.

              As for your encryption gibberish, you should really read up on how easily it is to break almost any encryption with the proper tools and resources. Your KB file would take someone with resources less than a millisecond to decrypt. Your 200GB, a few hours tops.

              link to this | view in chronology ]

              • icon
                Eugene (profile), 31 Jan 2011 @ 4:33pm

                Re: Re: Re: Re: Re: Re:

                Hello, person from 1990! Welcome to twenty years in the future!

                link to this | view in chronology ]

              • icon
                nasch (profile), 2 Feb 2011 @ 7:22pm

                Re: Re: Re: Re: Re: Re:

                Care to put that to the test? I'll send you a very small file, and you decrypt it and tell me what it says.

                link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Jan 2011 @ 7:08pm

        Re: Re:

        And what makes you think they won't simply warrant you to decrypt the logs? If you fail to comply, you get the fine (or w/e consequences). Seriously, they thought about it.

        link to this | view in chronology ]

        • icon
          Christopher (profile), 29 Jan 2011 @ 12:22am

          Re: Re: Re:

          Actually, no, you don't. The government cannot tell you to decrypt something on your computer or on another person's computer, it is totally against the Fifth Amendment right to stay silent and not be called as a witness against yourself without your consent.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 29 Jan 2011 @ 1:53am

            Re: Re: Re: Re:

            That in the U.S. Sweden probably don't have those laws although from what I here they have stronger privacy laws.

            link to this | view in chronology ]

          • identicon
            Not an electronic Rodent, 29 Jan 2011 @ 5:41am

            Re: Re: Re: Re:

            Actually, no, you don't. The government cannot tell you to decrypt something on your computer or on another person's computer, it is totally against the Fifth Amendment right to stay silent and not be called as a witness against yourself without your consent.
            IN the UK as far as I know they can. If they ask for the decrypt key and you don't provide it you are guilty of obstructing. That applies by the way even if you've been hacked and the encrypted file is something someone else put there (ooo that's not open to abuse at all, I'm sure the police would NEVER consider putting something on the HDD of someone they don't like). Welcome friend citizen to Jailhouse UK, the government is your friend and here to help.

            link to this | view in chronology ]

        • identicon
          Anonymous Coward, 29 Jan 2011 @ 8:11am

          Re: Re: Re:

          Maybe the govt will ask you to decrypt, but with a warrant.
          When they already have a crook in mind, fair enough.
          But the expense of doing that repeatedly just for fishing expeditions is going to make more pressure for such searches to have a legit reason.

          link to this | view in chronology ]

    • icon
      J.J. (profile), 29 Jan 2011 @ 2:26am

      Re:

      uuuhhm, imma have to call you on "Banhof are VERY small, operated out of what could be anyone's basement."

      They have serverfarms in several cities, the one in Stockholm is housed in a cold war era nuclear bunker(http://www.bahnhof.net/).

      link to this | view in chronology ]

    • icon
      Tor (profile), 29 Jan 2011 @ 3:17am

      Re:

      So you mean that anyone's basement is a nuclear-safe bunker that looks like this? ;)

      link to this | view in chronology ]

  • identicon
    Anonymous, 28 Jan 2011 @ 4:16pm

    Antiprivacy slippery slope

    Ok, I really can't tell. Is this guy being serious, or are we giving a troll his 3 square meals for the day? No, I hate to admit it, but Tam is here logically consistent. Enforcement of copyright law would be impossible without legally mandatory data retention, and any ISP wilfully aiding and abetting the circumvention of such a government policy could arguably be considered an accessory to future crime. If the law for now doesn't explicitly ban such a circumvention, the only logical next step for the government is tightening the law. The problem with arguing that the ISP is justified in aiding its customers getting around the data retention is that the position presupposes that privacy entails a right to avoid having one's activities logged, but since the government has already concluded that data retention is good policy, it's understandable why the state would regard the ISP as suspect. Mandatory data retention is therefore meaningless without harsh restrictions on even the private use of encryption. If Bahnhoff is forced to abandon its anonymizing, the next step for the users is the adoption of strong encryption and decentralized darknets, and the government must necessarily restrict if not outright ban these technologies too, even at the development stage. Welcome to the police state.

    link to this | view in chronology ]

    • identicon
      nonanonymous, 28 Jan 2011 @ 5:16pm

      Re: Antiprivacy slippery slope

      No, I hate to admit it, but Tam is here logically consistent. Enforcement of copyright law would be impossible without legally mandatory data retention, and any ISP wilfully aiding and abetting the circumvention of such a government policy could arguably be considered an accessory to future crime.

      That is just glorious. By that logic, anyone not keeping track of who they sell ammo to (hello Dick's sporting goods!), arguable is considered to be an accessory to future gun crime. Can also quite reasonably apply that to hunting knives, bows, arrows, tomahawks and boomerangs. So the only "consistency" in TAM's argument is that his bs makes no sense in the real world.

      link to this | view in chronology ]

    • icon
      thestevetorres (profile), 28 Jan 2011 @ 5:18pm

      Re: Antiprivacy slippery slope

      So, what you are saying is, allow the government to monitor private information, otherwise the effect will be a police state. That would mean, that either we allow them to act like a police state, or they will outright become a police state.

      Huh?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2011 @ 6:14pm

      Re: Antiprivacy slippery slope

      I fell out laughing at 'future crime'.

      Future crime!

      *has hiccups from laughing*

      Good one.

      link to this | view in chronology ]

      • icon
        thestevetorres (profile), 28 Jan 2011 @ 7:06pm

        Re: Re: Antiprivacy slippery slope

        You know, i hadn't really even thought of that, but i think you're right, someone must have just finished watching "Minority Report".

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Jan 2011 @ 4:03am

      Re: Antiprivacy slippery slope

      Copyright is and was already impossible to enforce, the only enforcement possible was to go after companies and people doing it for money, did people go after others making tape copies? no, it was always impossible and will get even harder without public support, ISP's will not change that but will change privacy for millions and it also goes after the second amendment.

      Just like it is unreasonable to spy in every citizen of a cities to get one person, it is also unreasonable to collect data on everyone to go after someone before anything happens. We all know people get murdered do we give law enforcement the right to search every home because of it? Of course not is a violation of privacy and given the authorities propensity to abuse of their power is like granting an alcoholic access to booze without supervision.

      Do they want to get those one off's or just the repeating offenders?

      One off's are not problematic are they? the problem is repetition and that excludes the need for pass records because those individuals will get caught doing it again, authorities have the power record that activity legally, why do they need to spy on the rest of the population to get just a few persons? Even more interesting is why the police is involved in a civil mater at all.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Feb 2011 @ 2:18pm

        Re: Re: Antiprivacy slippery slope

        "We all know people get murdered do we give law enforcement the right to search every home because of it?"

        We do in America.

        link to this | view in chronology ]

    • icon
      btr1701 (profile), 31 Jan 2011 @ 3:30pm

      Re: Antiprivacy slippery slope

      > could arguably be considered an accessory to
      > future crime

      I can't speak for Sweden but in the U.S., we don't have liability for "future crimes". This isn't the Minority Report. Yet.

      link to this | view in chronology ]

  • identicon
    Anonymous, 28 Jan 2011 @ 6:05pm

    Slippery slope

    No, what I mean is that we must either choose between data retention and the police state, or no data retention and civil liberties.

    I don't want data retention even if the result is that a few criminals avoid justice.

    Internet freedom is more important than the enforcement of laws against victimless crimes.

    link to this | view in chronology ]

    • icon
      Christopher (profile), 29 Jan 2011 @ 12:25am

      Re: Slippery slope

      There is also the issue that a lot of the 'criminals' are only 'criminals' in the mind of the various copyright organizations.

      Regular people see pirating and see, not a criminal, but a copyright violator.... who is best punished using the CIVIL LEGAL SYSTEM, not the criminal one.

      link to this | view in chronology ]

  • identicon
    Anonymous, 28 Jan 2011 @ 6:24pm

    Gun analogy

    That is just glorious. By that logic, anyone not keeping track of who they sell ammo to (hello Dick's sporting goods!), arguable is considered to be an accessory to future gun crime.
    No, this analogy fails for the reason that there is as far I know no preexisting requirement that ammo dealers keep logs, but there are regulations mandating that legal gun use and possession must be associated with firearms with valid serial numbers.
    If an enterprise deliberately sells firearms with obscured serial numbers, or assists the buyers in making their registered firearms untraceable, I think that such a business is in serious trouble.
    I can't remember the exact federal statute, but knowingly reselling or giving away a firearm with an obscured serial number is a crime even if you aren't otherwise disallowed from owning a firearms. So even law abiding citizens with no felony conviction, or the other BS excuses for depriving people of their Second Amendment rights are breaking the law if they want to obscure the firearm serial number.
    So regulation of firearms is already premised on the Orwellian assumption that you don't have the right to hide your firearm posession from the government. A dealer traficking in firearms with obscured serial numbers would likely not be an accessory to a future crime, since the mere traficking in such is already independently illegal. By analogy, an ISP knowingly routing its trafick in such a way as to make legally required regulation impossible is either operating in a grey area, or must expect future adverse government regulation.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Jan 2011 @ 2:00am

      Re: Gun analogy

      Or you can expect the public to get more aware of what governments are doing and start complaining more and more and more to the point where their position will be threatened.

      See Egypt and Tunisia for references.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Jan 2011 @ 2:08am

      Re: Gun analogy

      Or they can do what others have done and sue the government for improper behavior.

      Verizon, or was Comcast?, just proved in the U.S. that they can do so.

      So all this BS fighting crime necessity can stop at the borders of the reasonable and not the ridiculous.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Jan 2011 @ 4:05am

      Re: Gun analogy

      Assuming of course that the intent of obscuring the communications of others is to protect criminals, which in this case it is not, it is to protect the privacy of their customers against an intrusive law.

      link to this | view in chronology ]

    • icon
      jilocasin (profile), 30 Jan 2011 @ 10:39am

      Re: _Bad_ Gun analogy

      Actually in some states you would be dead wrong. You wrote:

      "So regulation of firearms is already premised on the Orwellian assumption that you don't have the right to hide your firearm posession[sic] from the government."

      For example in Maine the government is _prohibited_, yes I wrote _prohibited_by_law_ from keeping track of the fact that a private citizen may or may not possess a firearm. It is legal for private citizens and gun shows to sell guns to each other. You are not supposed to posses a firearm if you are a mental patient or a convicted felon, but practically there is no way for them to find out unless you running around with a firearm and give them a reason to check on your history.

      Carrying a firearm openly is legal practically everywhere (there are a few places like government buildings where you can't). The closest thing to a record is when you apply for a concealed gun permit, then they would have a record that you have a permit to carry concealed, but even then the government doesn't know if or how many firearms you own.

      Not too long ago they passed a law requiring people subject to a restraining order to surrender their firearms to the police. It didn't pass, until it was changed so that you could surrender any firearms to a friend or neighbor. Even in this the government isn't allowed to know if or how many firearms you might posses.

      As you can see, it might be illegal to have a firearm with a missing or concealed serial number, but unless it is used in a crime there's no practical way for the government to know that. Also, since most people don't trade in serial numberless firearms, the fact the no one is required to register thei

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2011 @ 11:34pm

    As someone else has pointed out, if they encrypt it, can't they just decrypt it if demanded to (if they have the key)?

    I suppose they can use an asymmetric encryption algorithm to encrypt it with and delete the other key, but secure asymmetric encryption is processor costly.

    link to this | view in chronology ]

    • icon
      The eejit (profile), 29 Jan 2011 @ 1:30am

      Re:

      No, bacause in Sweden, you have the right not to incriminate yourself.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Jan 2011 @ 2:03am

      Re:

      Try Omemo, it creates a storage in your computer that is encrypted and it is to be used by others automatically, you can't decrypt that even if you wanted to, in return you get unlimited storage for your things that will be spread among other peers that won't be able to see it.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Jan 2011 @ 8:47am

        Re: Re:

        How is that relevant here?

        The data is stored on your drive to be decrypted by someone, so someone with the key that was used to encrypt it can decrypt it.

        Maybe a Swedish ISP can store data, encrypt it, and periodically delete the key after storing the data and come up with a new key to again store the data, encrypt it, and after a week or so delete it and come up with a new key. That might work, until new laws are passed that prohibit such practice.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2011 @ 12:37pm

    Guys... I think you are reading it wrong.
    They are not encrypting the logs... they are encrypting the TRAFFIC. What Banhof is effectively proposing is that if any logs are submitted, they would just show "your computer IP traffic to/from VPN IP" as opposed to "your computer IP traffic to/from "ethically questionable IP" "
    The logs would be useless.

    link to this | view in chronology ]

  • identicon
    Anonymous, 29 Jan 2011 @ 1:55pm

    Plausible deniability

    The data is stored on your drive to be decrypted by someone, so someone with the key that was used to encrypt it can decrypt it.

    Yes, but since the holder of the encrypted data doesn't know how to decrypt it, he can't comply even with a legally binding subpoena.

    Truecrypt includes an interesting plausible deniability feature making it possible to hide a smaller volume within a larger volume.
    If the government tells you to decrypt, you can decrypt the larger volume and deny the smaller hidden volume exists. The only way arouned encryption is banning it or making the mere use of it illegal.


    Maybe a Swedish ISP can store data, encrypt it, and periodically delete the key after storing the data and come up with a new key to again store the data, encrypt it, and after a week or so delete it and come up with a new key. That might work, until new laws are passed that prohibit such practice.

    Sure, and then the users switch to opensource encryption software. Criminals could set up their own private VPNs over 'the internet, and ISP logs would prove only that customer a and b had a connection to each other over port xxx. If enough people adopt strong end-to-end encryption, logging all traffick becomes rather useless. The EC directive only requires the retention of a narrow category of identifying information email, http, port number and Ip address but not the contents of the communication. The data retention directive is already controversial, and the commission might well suggest a shortening of the retention time.

    Sweden only passed the data retention law because it had to.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jan 2011 @ 8:35am

      Re: Plausible deniability

      Hidden folders and partitions can be detected so don't trust that to a good solution.

      link to this | view in chronology ]

  • identicon
    Anonymous, 29 Jan 2011 @ 2:28pm

    Re: Gun analogy

    No, unfortunately you are wrong.
    Obscuring the serial number is itself a crime without any nexus to the seller knowing that the firearm is going to be used in the commission of a crime.
    So a gun retailer caring about privacy of its customers commits a crime if he helps them make their firearms untraceable to the government.

    The untraceable firearms kill people is unfortunately very close to the untraceable internet use facilitates crime argument.

    Of course Tam is also against the Second Amendment and effective self-defense.

    link to this | view in chronology ]

    • identicon
      Darryl, 30 Jan 2011 @ 1:09am

      Re: Re: Gun analogy

      Except, you are wrong,,, ,because when the government asks the ISP WHO it was that used YOUR ISP to access that web site, that ISP has to tell the Government WHO IT WAS.

      And the law requires that ISP to log you're IP connections.

      That is what the data retention law is about, THEY HAVE TO RETAIN THAT DATA, in plain text, human readable form,

      So if you have an account with that ISP, that ISP will have to provide the IP you used at the time, your Name and your Address.

      No VPN is going to stop that from occuring.

      link to this | view in chronology ]

      • icon
        J.J. (profile), 30 Jan 2011 @ 6:58am

        Re: Re: Re: Gun analogy

        "That is what the data retention law is about, THEY HAVE TO RETAIN THAT DATA, in plain text, human readable form,
        So if you have an account with that ISP, that ISP will have to provide the IP you used at the time, your Name and your Address.
        No VPN is going to stop that from occuring."


        You seem like you don't fully grasp how a VPN works, think of it as surfing via a proxy server, all the logs from the ISP will show you connected to the VPN - not the target webpage/service/ftp/newsserver/tracker/whatever.

        So in plaintext, the ISP will hand over the logs, but the logs will be useless since they will only show you connected to the VPN.

        And before you even start, a VPN is a service, not an ISP, so the law does not apply to a VPN.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2011 @ 4:08pm

    The pirate box

    Most are failing to see this is just a VPN service the ISP is offering (by default). If you don't want it you have to pay a fee (8 EUR). Companies offering VPN services already exists but you have to shop for an ISP on your own. It was about time an ISP would offer VPN. The logs are not encrypted but useless nonetheless.

    Next? VPN is illegal. People have been saying this for months, if not years. But the industry shills are computer illiterates. By the time they notice, understand, buy the policitians (they're very good at it) and change the laws, a new technology will be in place and they will have to start all over again.

    Technology is and has always been one step ahead. Not even a police state will solve this problem. Ever.

    Has anyone seen the pirate box? No internet needed. Sharing is here to stay.

    link to this | view in chronology ]

  • identicon
    Darryl, 30 Jan 2011 @ 1:03am

    From the "yea, that'all work Dept.

    All they do is make the law saying the files have to be provided, in a plain text human readable form.

    If this mob handed them a bunch of encrypted files, they would not accept them as THE CORRECT files, and they would be fined accordingly.

    If you think that will fix them, you are as silly as they are !!!..

    link to this | view in chronology ]

    • icon
      J.J. (profile), 30 Jan 2011 @ 1:22am

      Re: From the "yea, that'all work Dept.

      The logs would not be encrypted to start with, but all the traffic IN the logs would be to the VPN instead of the destination website.
      They can fully comply with the law and hand over the useless logs.
      So yes, That will work.

      link to this | view in chronology ]

  • identicon
    Anonymous, 30 Jan 2011 @ 2:14am

    Ignorant fool

    And if you leave your safe VPN and enter the internet, and you access an IP address that is considered illegal, then the law states that the ISP has to provide the IP address, name and ID of the person or user that accessed that public internet IP address..

    Complete nonsense, an IP address itself is not proof of illegal activities in particular not if the IP address is a proxy or VPN server used by several users some of whom aren't engaged in illegal conduct. The ISP's responsibility only extends to identifying *who* connects to the IP address, but doesn't extend to the data exchanged between the customer and the VPN server. The data retention directive only obligates the member state to mandate retention of a narrow category of dentifying connection data and doesn't mandate decryption or packet inspection.

    link to this | view in chronology ]

  • icon
    mhenriday (profile), 30 Jan 2011 @ 3:28am

    Two caveats to this article,

    which otherwise sums up the situation pretty accurately : 1) the name of the ISP in question is Bahnhof 2) Contrary to what copyright collide (from which Mike took this information) reports, Bahnhof is not going to «automatically encrypt all traffic on their network via a VPN», but rather is going to charge customers an additional 40SEK - approximately 7USD, depending upon currency fluctuations - monthly for this service, dubbed «anonine» (http://bredband.bahnhof.se/tjanster/anonine). Like Mike, I hope more providers jump on the bandwagon !... Henri

    link to this | view in chronology ]

  • identicon
    Anonymous, 30 Jan 2011 @ 1:38pm

    Federal law

    Federal law preempts state law to the contrary. The federal statute provides: [i]t shall be unlawful for any person knowingly to transport, ship, or receive, in interstate or foreign commerce, any firearm which has had the importer's or manufacturer's serial number removed, obliterated, or altered or to possess or receive any firearm which has had the importer's or manufacturer's serial number removed, obliterated, or altered and has, at any time, been shipped or transported in interstate or foreign commerce. 18 U.S.C. § 922(k). The state laws protecting the privacy of gun owners are not pertinent to the issue of removing or defacing firearm serial numbers and federal law trumps state law even if the local legislature wanted to provide greater protection. Note the broad wording of the prohibition. The law doesn't require that the firearm has been used to conceal a crime, only that the possessor knows the serial number has been removed or defaced.

    link to this | view in chronology ]

    • icon
      MadderMak (profile), 30 Jan 2011 @ 7:12pm

      Re: Federal law

      *and has*, at any time, been shipped or transported in interstate or foreign commerce...

      So if it's made locally.... you can do whatever you like to the serial number as long as it never crosses a border. Or you never check the serial number and hence receive/ship it "un-knowingly".

      Not poking fun at you sir... just what looks to be a glaring hole in the law (and yes I am sure the other 42 cluses probably close it)

      link to this | view in chronology ]

    • icon
      btr1701 (profile), 31 Jan 2011 @ 3:38pm

      Re: Federal law

      > Federal law preempts state law to the contrary.

      Only in matters of federal jurisdiction. In all other matters, state law is supreme.

      link to this | view in chronology ]

  • identicon
    Mikkel Sørensen, 31 Jan 2011 @ 4:23am

    Commentary

    A great move by Banhof. This should definitely be followed by other ISPs. Whether or not they are violating any laws or attempting to disrupt legal action: this is a classic subject in political science, and I'm surprised so many fails to see the simplicity it it. Once legislation is made to benefit the people, the people will stop fighting the legislation ;)

    Naturally, we need to account for population intellect which I would think Sweden has more of than say those who voted in favour of a 'The President has a 'Stop teh Internet-button''. See how well that worked for the Egyptians. :D

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Feb 2011 @ 2:29pm

    So then they'll put in backdoor laws, or strong encryption prohibition laws, or laws stating that websites now have to give up IP data, or laws stating that ISPs can't enact any business policies that would nullify the capacity of intelligence services to link users to websites in any way.

    I know, there's a thousand loopholes in each argument, but this is how the Corporate State works - it will continue to fight and rape and subjugate until it either owns the World or we incinerate it and never allow it to rise again.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.