Just So We're Clear: More Data Isn't Better Data

from the it's-just-more-work dept

New data-retention policies went into effect in the UK this week, forcing ISPs to store details of all user emails and VoIP calls for a year, just in case law enforcement or the security services want to thumb through them. The government's intent is to mine the data to try and recognize patterns in relationships and contacts that will help them find terrorists and criminals. The idea that all of this data is being stored by ISPs makes privacy activists shudder, and their worry is not unfounded. But it's also important to understand that the idea, that by capturing all this data, the government can easily root out terrorists, is bunk. More data doesn't equal better data; it just makes it a hell of a lot more work to dig out useful information. It also raises the possibility of discovering false patterns that waste law enforcement's time and suck in innocent people. Recently, a guy in Wales found himself in the middle of an armed anti-terror raid on his home after somebody told police that they thought he might be a terrorist because he had soundproofing gear and wiring. He wasn't a terrorist, but rather a musician with a home recording studio. If police will go to such lengths based on unverified, anonymous tips, the thoughts of the conclusions they'll draw from having an entire country's email and VoIP records at their fingers should raise a few eyebrows.

Filed Under: data retention, europe

EU To Social Networks: Protect User Privacy... But Make Sure To Give Us Gov't Officials Private Data

from the back-and-forth dept

It really is amusing to see the ongoing tug-o-war among politicians who seem to be pushing for both more access to your private information while at the same time threatening internet companies for not keeping your private info private. For example, we just wrote about the UK government wanting more info on who your friends are on social networks... but at the same time, the EU is complaining that social networking sites don't do a good job keeping info private. Perhaps if governments stopped demanding so much access to the info it would be easier to keep it private.

Filed Under: data retention, europe, privacy, social networks

German Court Finds Data Retention To Be A Violation Of Privacy

from the retain-this dept

As the US is now pushing for stronger data retention laws to aid law enforcement, it looks like some parts of Europe (who have been on the data retention bandwagon for much longer) are starting to push back in the other direction. A German court has ruled that blanket data protection rules are a privacy violation for individuals (thanks Claes!):

The court is of the opinion that data retention violates the fundamental right to privacy. It is not necessary in a democratic society. The individual does not provoke the interference but can be intimidated by the risks of abuse and the feeling of being under surveillance [...] The directive [on data retention] does not respect the principle of proportionality guaranteed in Article 8 ECHR, which is why it is invalid.' "

Now is there any chance politicians in the US will recognize this... or will it take a massive privacy breach due to unnecessary data retention laws before politicians wake up to the privacy issue?

Filed Under: data retention, germany, privacy

Why Is The Government Asking Companies To Both Retain And Destroy Data?

from the something's-not-working dept

With Congress' latest attempt to force data retention on anyone who operates a network (including home users), some are realizing that other parts of the government have been equally adamant about getting these same folks to destroy the very same information for the sake of keeping people's data private. It does seem like we're on a crash course between privacy on the one hand, and the demands of law enforcement, the entertainment industry and a few others who want all data to be kept for as long as possible. A few years back, when stories of how the government was misusing data that it got access to were revealed, we had hoped that it would lead politicians to recognize the downsides of data retention. But, of course, that's not quite how Washington DC works.

Filed Under: data retention, laws, politicians, privacy

ISPs Fear SAFETY Act Outlaws Email; While RIAA Thrilled They Can Use Retained Log Files For Anti-Piracy

from the not-so-good dept

Last week, in talking about the misleadingly named Internet SAFETY Act, we focused on how it would most likely require home internet users to retain log files of everyone who connected to their network. Now, others are pointing out two equally annoying consequences (intended or not) of the bill's current wording. First off, ISPs are noting that, based on the current wording of the bill, providing email is effectively outlawed, as it says that anyone that "facilitates access to" child pornography can be fined and imprisoned. ISPs note that email is a commonly used tool to access child pornography. And, yes, while it's clearly not what is intended by the law, we've certainly seen prosecutors looking to bring someone down willing to use ridiculous interpretations of a law.

On top of that, people are noticing that this bill, if turned into a law, would also greatly help the RIAA and the MPAA who would gleefully use those log files to go after more file uploaders. In fact, the RIAA and MPAA have been huge supporters of stronger data retention rules for years. Of course, the longer you keep log files, the more likely it is that there will be massive privacy breaches, but it seems clear that the RIAA and MPAA aren't particularly concerned with privacy, if it means their dying business models can be propped up for another few weeks.

Filed Under: data retention, safety act, unintended consequences

Congress Wants WiFi Owners To Keep Log Files For 2 Years... For The Children

from the it's-always-for-the-children dept

Similar ideas have been proposed before, but new bills have been proposed in both the House and the Senate that require anyone offering internet connectivity to retain log files for two years. There's no good reason for this, of course. It's been shown that such data retention laws actually make it more difficult to track down the information you need while being expensive. But, of course, the politicians are claiming this is "to protect the children." Of course. They even have come up with a silly acronym so that the title of the bill (Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act) spells out "Internet SAFETY Act." Of course, that's a load of crap, because this bill has little to do with protecting children, and won't do much, if anything to actually protect children.

It will, however, be a huge nuisance for just about everyone. That's because the bill, as written, doesn't just apply to big ISPs, but to anyone providing internet access -- meaning all of you with your home routers fall under this law and will need to keep log files for two years or, you know, be accused of helping child predators. I can't wait until prosecutors are looking to charge someone with something -- and since they have no actual evidence on whatever it is they're looking for, they'll make use of such a law to prosecute. For the children. Of course.
Can someone pass a law that says that any politician who proposes a law "for the sake of the children" or "to protect the children" automatically gets thrown out of elected office? Protecting children is great -- but why is it that every law that is supposedly there to protect the children never actually has anything to do with protecting children?

Filed Under: data retention, protect the children, us, wifi

People Noticing That New UK Email Retention Laws Might Violate Privacy Rights

from the you-think? dept

There's been an ongoing push around the world by law enforcement to require ISPs retain certain types of data, in case it comes in handy later for criminal investigations. Of course, these demands come from the wishful thinking department. The cost associated with such data retention is tremendous, and all it does is create a huge mass of data -- often making it more difficult to find the useful information. In the UK, they've put in place new data retention laws that will require ISPs to retain records on every email sent or received in the UK for a year. It's not the contents of the email -- but just the data on that email. That, alone, though, seems like a pretty big violation of privacy, and people are starting to point that out.

The problem is this fanciful wish by law enforcement types, that actually is quite similar to the ideas among some marketing/advertising folks, that if they could just access all this data, life would be so easy. They're wrong, of course, but even if it were true, the reason we believe in privacy and rights of individuals is that it's an important part of a free society. Law enforcement isn't supposed to be easy in a free society. If the goal of society was to make law enforcement's life easy, we'd get rid of all privacy rights entirely. The excuse that this is somehow "necessary" for law enforcement to do their job is a lie. It may mean they have to investigate crimes in different ways, but no blanket removal of privacy is ever "necessary."

Filed Under: data retention, email, privacy, uk

UK Tells ISPs They Must Retain Data... Except If It Costs Money

from the mixed-messages dept

For years, Europe has been trying to push data retention rules, that require ISPs to hang onto data much longer than it's needed for any business purpose. Such data retention has plenty of problems, from the likelihood of abuse to the chance of inadvertent disclosure to the simple fact that sifting through more data often makes it more difficult to find the data you actually need. However, the biggest problem is the cost involved with data retention. It's rather costly to retain all that data for many ISPs, and for years ISPs (especially smaller ones) fought to make sure that any data retention laws also included provisions that would make the government pay for retaining the data. While some politicians in the UK have tried to shrug off the cost issue as not a big deal, it looks like it may leave a loophole that makes data retention in the UK basically meaningless.

The Register is reporting on a meeting the UK government held with various ISPs that left many of the ISPs baffled. Basically, they were told that they needed to start retaining data to stay in compliance with the law, but that since the UK government couldn't pay for it, many of the ISPs could get away without actually retaining the data. In other words, it sounded as if they said that, yes, you need to retain the data, but since we don't want to pay for it, maybe you shouldn't actually retain the data (wink, wink, nod, nod). So they end up giving lip service to the public about telling ISPs to retain data, but then since they won't fund it, it won't actually happen.

Filed Under: data retention, isps, money, uk

FBI Wants More Power To Monitor Internet Activity

from the because-they're-so-trustworthy dept

The FBI, which still can't even get its own computer network working properly, would rather just have more widespread access to spy on the computer network everyone else uses: the internet. Talking to Congress today, the FBI proposed a few different things, including the right to more widely spy on internet activity as well as legislation to force ISPs to retain log file data for an extended period of time. While the Congressional reps in attendance seemed to respond by saying "sure, sounds great" to both of these suggestion, both should actually be looked at much more closely.

More freedom to spy on internet usage potentially violates the 4th Amendment as well as federal wiretap laws. Given the evidence that the FBI has widely abused its ability to wiretap, this should be a major concern. As for data retention, problems with such an idea have been chronicled for years. It tends to put a tremendous expense on ISPs for no real reason -- and it tends to make it even harder to find the type of data authorities actually need to deal with criminal activities. If you're in the FBI, it's no surprise that you'd want both things in place, but that hardly means Congress should roll over and give them to the FBI.

Filed Under: congress, data retention, fbi, internet, monitoring, wiretap
Companies: congress, fbi

German Courts Limit Data Retention Law... A Little Bit

from the good-for-them dept

Data retention has been a contentious issue. Various government organizations have pushed for laws that mandate that ISPs keep log data for many months after it's no longer needed, just in case some sort of crime was committed, and officials need to snoop on internet usage. This is one of those ideas that politicians and police love, but which tends not to be such a good idea in practice. First, it often makes it more difficult to find useful data. Second, it's crazy expensive. Third, the data will undoubtedly be abused. Still, the EU moved forward with a data retention law a few years back -- though, it appears the German courts have been trying to adjust it to deal with some of the big privacy questions. In late 2006, a German court said that, if an individual requests it, an ISP should delete his or her log files. A new ruling from a German court finds that access to these log files should be limited so that investigators only get access in response to "serious crimes." Of course, that opens up questions about what qualifies as "serious" and also what investigators were using the log files for before? If the entire point of data retention laws was to deal with serious crimes, it's a bit disturbing that court now needs to reinforce that point.

Filed Under: data retention, germany, privacy, serious crimes