For those of you that may not have been paying attention the EU directive on data retention comes into force today. This means that from today your ISP will be required by law (The Data Retention (EC Directive) Regulations 2009) to retain data regarding your use of “internet access, internet e-mail or internet telephony” for a year and make it available to the government on request. Technically the regulations use the wonderfully imprecise phrase:
(a) in specific cases, and
(b) in circumstances in which disclosure of the data is permitted or required by law.
so I think on request is probably a fair interpretation.
Ignoring the much simpler aspects regarding telephone calls where all telephone companies must record, who you called, when and for how long as well as in the case of mobile providers your location at the time. From the internet side of things they’ll be recording:
- your IP address
- Access time and duration of access (This to my mind shows up pre-broadband thinking, the longer your connection is online the less useful this data).
- Who you’ve sent email to and when
- Who you called via internet telephony (skype etc.) and how (Unless they snoop all your traffic which isn’t required I suspect this one applies to the internet telephony provider rather than your ISP
Of course this only applies to “public communications provider” run your own servers in conjunction with some friends and then you won’t be logged, use email providers outside of the EU and you won’t be logged (well not under this law at least). If you have a broadband connection log of as little as possible to reduce the utility of the logs and don’t use your ISP for email, as at the very least you can make it harder for them to join the dots. Also of course it’s worth noting that the original directive states
“This Directive relates only to data generated or processed as a consequence of a communication or a communication service”
so if you use services configured not to generate logs then nothing has to be kept.
Before we blame the EU however it’s worth remembering that it was our Government that asked them to create this rule see this Telegraph article for more background. Though the directive doesn’t contrary to that article seem to actually require that they record the websites you visit. The good news is that the ISPs and Telco’s shouldn’t put up their prices because of this, the bad news is that’s because the government our using our taxes to pay them to spy on us.
Further note despite what Anna Raccoon says and the Various comments (Same article posted to two locations), there doesn’t seem to be any requirement for usage of websites to be logged, it does seem to be “only” VOIP, email and connection to the internet that is to be logged. However if you fancy some spook baiting even though it’s probably not needed or useful then the Landed underclass has some good tips. Some Tory Lords at least are concerned about how this came into effect and where it’s going.
Will update this with further commentary as I stumble upon it, and will correct my interpretation of what is to be logged if I find an explanation of why my interpretation is wrong.
Update Further commentary:
A rather poor interpretation and udnerstanding of the directive from Himmelgarten cafe (hat tip: Charlotte Gore
Update 2
In response to the article from Himmelgarten cafe linked to above it occurred to me that it might be of interest to show people what the logs being retained typically show:
2009-04-06 17:46:02 Message-id <= sendinguser@address H=sending-hostname P=esmtp S=3115
2009-04-06 17:46:02 Message-id => <receiving-user@address> R=userforward T=address_file
2009-04-06 17:46:02 Message-id Completed
The interesting bits are the time stamps and the bits in blue, the bit in red is very trivial to forge. Also when he states that “No help is being offered on paying for the additional storage space.” that would appear to be at odds with what is stated in the directive, but for small email providers it isn’t a huge burden if you only consider the disk space and not back up facilities as each message only takes in the region of 0.5 kb to log.
