|
Where is My Data? Who collects it, who controls it, who searches it?
|
 Subscribe Feed (RSS)
Comments Feed
|
According to the UK telecoms regulator, Oftel, below are the current UK statistics for Internet usage:
More than 60% of British adults have used the Internet at some time in their lives
More than 50% of households are online.
9.3% of Internet subscribers have ADSL or cable broadband – this is up from 8.5% the year before.
The following laws in the UK Relate to data retention
Tags: data retention, ISP Data Retention
In December 2005 the European Parliament approved rules forcing telephone companies to retain call and internet records for use in anti-terror investigations. The law allows records to be kept for up to two year.
Police will have access to information about calls, text messages and internet data, but not the call content.
The UK, which pressed European member states to back the rules, said that data was the “golden thread” in terrorist investigations.
The parliament voted by 378 to 197 to approve the bill, which had already been agreed by the assembly’s two largest groups, the European People’s Party and the Socialists.
Tags: data retention
A survey by Wired Magazine was conducted in 2007 to find out about the privacy policies of the top ISPs. Out of the 8 largest ISPs asked the 10 question survey in the US only 4 responded: AOL, AT&T, Cox and Qwest. Comcast, EarthLink, Verizon and Time Warner didn’t respond to the survey at all.
IP Retention
Cox’s IP Log retention times is: six months.
AOL IP log retention time is: “limited period of time,”
AT&T IP log retention time si “within industry standards.”
URL Retention
The question of “how long are the URLs” retained was asked of the companies. The URLs contain a lot of detail about an individuals habits: What they read, buy, and like how often, and how much. w
AOL, AT&T and Cox all statd that they do not the URLs at all. Qwest avoided the question.
ISPs Opinion on Data Retention
Qwest said that the market should decide how long data is kept
Cox stated it was “studying the issue” of data retention
AOL stated it isis working with the industry and Congress.
A&T stated it is “ready to work with all parties.”
In the UK the data retention laws of ISPs are currently governed by the Retention of communications data under part 11: Anti-Terrorism, Crime & Security Act 2001
Tags: ISP Data Retention, ISP Logs, privacy
In December 2001, the Parliament approved the Anti-terrorism Crime and Security Act 2001. This law allows the Home Secretary to issue a code of practice for the voluntary “retention of communications data by communications providers” for the purpose of protecting national security or preventing or detecting crime that relates to national security. It only applies to data that is already being held by the Communication Service Providers (e.g ISP/telecomms) for business purposes. The Code of Practice was approved in December 2003. The goverment has since proposed modifying the ATCS and RIPA to make data retention mandatory and expanding its use to include serious crimes, not just terrorism offenses. A leaked submission by the police and intelligence services to the Home Office in 2000 proposed a seven-year data retention policy, however this has not been followed up and the current voluntary times remain.
Despite the goverment pushing data retention in the to stop the ever present threat of terrorsim, the reality is that the data will almost certanily be used for reasons other than prevention and detection of terrorism. An opinion commissioned by the Information Commissioner’s Office (ICO) found that the access to information retained under the act for non-national security purposes would violate human rights and would be unlawful. Despite this the goverment fully intended to allow a whole host of government agencies to access the data, from local police to the local council.
In June 2002, the Home Office stated that the list of government agencies allowed under RIPA to access communications data was being extended to over 1,000 different government departments including local authorities, health, environmental, trade departments and many other public authorities. The ICO stated that “I clearly cannot carry out meaningful oversight of so many bodies without assistance”, following this and the pubic outcry of so many people accessing so much information the then Home Secretary (David Blunkett) withdrew the order.
The code provides for the following retention time periods:
More detailed information on these retention times is available here.
Before the ATCS 2001 Act was created the government created RIPA, Regulation of Investigatory Powers Act, which covers a variety of aspects including encryption and interception of communications. Section 12 of RIPA makes it an obligation of CSP (Communication Service Providers) to maintain an ability to intercept traffic” and “content” of communications, which then allows the govermenment to monitor communications as and when needed, or the in the case of Echelon, all of the time.
An explanation of the terms “traffic” and “content” in relation to RIPA are available on other posts on this site.
RIPA is often in the news for its repeated misuse by councils, from covertly following families, to ensure they go to the right school, to setting up cameras and covert surveillance to monitor dog fouling.
Tags: data retention, ISP Data Retention, RIPA
Currently the home office has put in place a voluntary code of practice for ISP and telecommunication service providers relating to the retention of data this is comes under the “Retention of communications data under part 11: Anti-Terrorism, Crime & Security Act 2001“
The code provides for the following retention time periods:
The following data is required to be stored for the retention times mentioned above:
SMS, EMS and MMS: Calling number, IMEI - Called number, IMEI - Date and time of sending - Delivery receipt - if available - Location data when messages sent and received, in form of lat/long reference.
Email: Log-on (authentication user name, date and time of log-in/log-off, IP address logged-in from) - sent email (authentication user name, from/to/cc email addresses, date and time sent) - received email (authentication user name, from/to email addresses, date and time received)
ISP: Log-on (authentication user name, date and time of log-in/log-off, IP address assigned, Dial-up: CLI and number dialed, Always-on: ADSL end point/MAC address (If available)
Web Activity Logs: Proxy server logs (date/time, IP address used, URL’s visited, services)
The code is quite clear that information stored should on be “Communications Data” only and exclude content of communication.
The Web browsing information to be retained should only be to the extent that only the host machine or domain name is disclosed.
The example the Home Office gives is that if the URL visited was www.homeoffice.gov.uk/kbsearch?qt=ripa+traffic=data
then only the domain “www.homeoffice.gov.uk” is to be stored . The reason is that the:
“within a communication, data identifying www.homeoffice.gov.uk would be traffic data, whereas data identifying would be content and not subject to retention.”
Tags: data retention, ISP Data Retention, UK Law
Communications Data is defined by RIPA as any of the following:
(i) any traffic data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of any postal service or telecommunication system by means of which it is being or may be transmitted;
(ii) any information which includes none of the contents of a communication [apart
from any information falling within paragraph (i)] and is about the use made by any
person-
(1) of any telecommunications service; or
(2) in connection with the provision to or use by any person of any
telecommunications service, of any part of a telecommunication system;
(iii) any information not falling within paragraph (i) or (ii) that is held or obtained, in
relation to persons to whom he provides the service, by a person providing a
telecommunications service.
Tags: RIPA, telecommunications
Traffic data is defined by RIPA, in relation to any communication, meaning:
(i) any data identifying, or purporting to identify, any person, apparatus or location to or from which the communication is or may be transmitted.
(ii) any data identifying or selecting, or purporting to identify or select, apparatus through which, or by means of which, the communication is or may be transmitted.
(iii) any data comprising signals for the actuation of apparatus used for the purposes of a telecommunication system for effecting (in whole or in part) the transmission of any communication.
(iv) any data identifying the data or other data as data comprised in or attached to a
particular communication, but that expression includes data identifying a computer
file or computer program access to which is obtained, or which is run, by means of
the communication to the extent only that the file or program is identified by
reference to the apparatus in which it is stored.
Tags: ISP Data Retention, RIPA, telecommunications
Google is to cut the length of time it holds users’ personal search data.
The move comes in response to a data protection group that wrote to the firm questioning its privacy policies.
The European advisory body, called Article 29, said Google’s current data retention practices could be breaking European privacy laws.
The search giant has said it will now keep personally identifiable search data for 18 months rather than the previous period of 18 to 24 months.
http://news.bbc.co.uk/1/hi/technology/6745191.stm
Tags: ISP Data Retention
