Andy Abramson writes about a concern that the EU has imposed new data retention rules that could have an immense impact on VoIP service providers. He suggests “Toss in a little port blocking, some packet shaping, add some IP address tracking and you have 1984 in 2006.”
I’m not sure that is fair. His concluding statement, “More importantly it shows that governments, telcos and likely the investment communities are all very interlaced” certainly doesn’t follow – at least not in my logical thought process.
What is the fuss about? The European Union is requiring that service providers retain “data necessary to trace and identify the source of a communication”. In the case of conventional or mobile telephony, that means having the calling number, name and address of the caller and called party and relevant cell sites or location information as well as equipment information such as the IMSI and IMEI. For email and internet telephony, IP address information will need to be retained.
Interestingly, “No data revealing the content of the communication may be retained pursuant to this Directive.” In other words, the EU directive does not ask to have the messages themselves retained, only the header type information. It is looking at the outside of the envelop only. Note that the clause says “pursuant to this Directive.” Presumably, another Directive, or an order by one of the National Regulatory Agencies, could require the retention of the content.
The latest EU directive is pretty clear in limiting how such data can be accessed:
It is essential that Member States adopt legislative measures to ensure that data retained under this Directive are provided to the competent national authorities only in accordance with national legislation in full respect of the fundamental rights of the persons concerned.
[recitals: paragraph 17]
In other words, it looks a lot like providing law enforcement officials with access to the same information they would have in a paper environment. Looking at the outside of the envelop. As I have suggested in other posts, the EU is removing a digital loophole in its application of law.
After 15 years of anarchistic rule (or lack thereof) in the internet world, isn’t it time for a little law and order?