Snooping on you all

Thursday 06 January 2005, 21:44:34
All Countries
Written by Net 4 Nowt

The London Internet Exchange (LINX) has started the New Year by
issuing a warning that European plans to force ISPs to collect traffic
data will add to costs for Internet users.

"It would be nothing less than a hidden tax on Internet users who
will be obliged to pay for the costs of government snooping," said
Malcolm Hutty, regulation officer with LINX.

The European Council of Ministers is currently considering
legislation which would force ISPs to collect and retain a wide variety
of data about the traffic which they handle. It is intended that this
data would be made available to law enforcement and intelligence
agencies.

Malcolm Hutty said: "At present, ISPs in the UK are required only
to store information that they already collect for their own
administration and billing purposes - not to collect data specifically
for the government.

"The proposals from the European Council of Ministers, as we
understand them, mean that the EU will tell ISPs what data to collect
and store as well as defining how long it must be kept."

The council's own statement says that the draft Framework Decision
on data retention "implies in principle that providers of publicly
available electronic communications services or networks must retain
specified data allowing for establishing the source, routing,
destination, time, date and duration of communications and the location
of the telecommunications devices used."

Mr Hutty said: "The EU is investigating ways of enforcing this
level of data retention even where ISPs have no use for the
information. For example, an ISP providing a 'permanently on' broadband
connection generally has no interest in knowing specifically when the
line was in use and for what purpose. The EU is seemingly going to make
ISPs collect and store that data.

"The cost implications are huge. As we do not know what data we
might be collecting, it is impossible to estimate what the costs will
actually be. The sky is the limit.

"At the end of the day, the only source of money to finance this
will be Internet users. ISPs will have to put up charges in order to
finance data collection and retention for the government."

The European Council of Ministers does say that, in considering new
rules, "particular consideration should be given to the proportionality
of the measure in relation to costs, privacy (data protection) and
efficiency." However, LINX is concerned that since the cost will fall
on ISPs - and ultimately on Internet users - the council will not give
much weight to this issue.

Mr Hutty said: "The EU is still consulting on these proposals and
we will be strongly putting forward the industry's viewpoint that they
could represent a huge financial burden to be carried by Internet
users."



six-toes

On 7 Jan 2005 13:12:30 -0800, "six-toes" <(E-Mail Removed)>
wrote:

>The council's own statement says that the draft Framework Decision
>on data retention "implies in principle that providers of publicly
>available electronic communications services or networks must retain
>specified data allowing for establishing the source, routing,
>destination, time, date and duration of communications and the location
>of the telecommunications devices used."

I don't see how the ISP could discover the location of the
telecommunications devices being used. It would know only the address
of its customer and the *probable* location of the end-pont of any
physical connection that it had supplied. It certainly could not be
expected to know the location of the communications device at the
other end of an IP connection.

If the customer has attached the end-point to an extended network,
leased line or wireless router, the ISP would not even have knowlege
where the local-side communications devices using its connection was
physically located.

I see the move as quite sinister. Having a huge database of
communications in electronic format opens the way for a "profiling"
program to trawl through the database looking for "patterns". Visit
the "wrong" type of web site once too often, and you might find
yourself arrested as a suspected terrorist, and held for years without
trial.

--
Cynic

"six-toes" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Thursday 06 January 2005, 21:44:34
> All Countries
> Written by Net 4 Nowt
>
> The London Internet Exchange (LINX) has started the New Year by
> issuing a warning that European plans to force ISPs to collect traffic
> data will add to costs for Internet users.
>
> "It would be nothing less than a hidden tax on Internet users who
> will be obliged to pay for the costs of government snooping," said
> Malcolm Hutty, regulation officer with LINX.
>
> The European Council of Ministers is currently considering
> legislation which would force ISPs to collect and retain a wide variety
> of data about the traffic which they handle. It is intended that this
> data would be made available to law enforcement and intelligence
> agencies.
>
> Malcolm Hutty said: "At present, ISPs in the UK are required only
> to store information that they already collect for their own
> administration and billing purposes - not to collect data specifically
> for the government.
>
> "The proposals from the European Council of Ministers, as we
> understand them, mean that the EU will tell ISPs what data to collect
> and store as well as defining how long it must be kept."
>
> The council's own statement says that the draft Framework Decision
> on data retention "implies in principle that providers of publicly
> available electronic communications services or networks must retain
> specified data allowing for establishing the source, routing,
> destination, time, date and duration of communications and the location
> of the telecommunications devices used."
>
> Mr Hutty said: "The EU is investigating ways of enforcing this
> level of data retention even where ISPs have no use for the
> information. For example, an ISP providing a 'permanently on' broadband
> connection generally has no interest in knowing specifically when the
> line was in use and for what purpose. The EU is seemingly going to make
> ISPs collect and store that data.
>
> "The cost implications are huge. As we do not know what data we
> might be collecting, it is impossible to estimate what the costs will
> actually be. The sky is the limit.
>
> "At the end of the day, the only source of money to finance this
> will be Internet users. ISPs will have to put up charges in order to
> finance data collection and retention for the government."
>
> The European Council of Ministers does say that, in considering new
> rules, "particular consideration should be given to the proportionality
> of the measure in relation to costs, privacy (data protection) and
> efficiency." However, LINX is concerned that since the cost will fall
> on ISPs - and ultimately on Internet users - the council will not give
> much weight to this issue.
>
> Mr Hutty said: "The EU is still consulting on these proposals and
> we will be strongly putting forward the industry's viewpoint that they
> could represent a huge financial burden to be carried by Internet
> users."
>



The financial burden carried by internet users?
What exactly is wrong with that?

Government has no money of its own. It raises money through various means,
all ultimately from people.
Charging internet users or charging the general taxpayer for something that
has nothing to do with them, either way people will be charged.
Perhaps you don't want an extra £5 a month (or whatever) on your internet
bill but won't mind paying an extra £5 a month in taxes?

As to whether the info should be collected, thats a seperate issue than who
pays for it.

Martin <><

On Fri, 07 Jan 2005 22:49:20 GMT, "Martin Davies"
<(E-Mail Removed)> wrote:


>> Mr Hutty said: "The EU is still consulting on these proposals and
>> we will be strongly putting forward the industry's viewpoint that they
>> could represent a huge financial burden to be carried by Internet
>> users."

>The financial burden carried by internet users?
>What exactly is wrong with that?

It is wrong because Internet users will be required to pay for
something that I suspect the vast majority do not (yet) want.

>Government has no money of its own. It raises money through various means,
>all ultimately from people.

And so should spend it on things that *the people* want, not things
that government ministers want in order to increase their power &
control.

OTOH I expect that the government will be able to persude enough
sheeple that the measures are vitally necessary in order to stop
terrorism or somesuch hyped-up evil in the World to get the majority
to want it.

--
Cynic

"Cynic" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Fri, 07 Jan 2005 22:49:20 GMT, "Martin Davies"
> <(E-Mail Removed)> wrote:
>
>
> >> Mr Hutty said: "The EU is still consulting on these proposals and
> >> we will be strongly putting forward the industry's viewpoint that they
> >> could represent a huge financial burden to be carried by Internet
> >> users."
>
> >The financial burden carried by internet users?
> >What exactly is wrong with that?
>
> It is wrong because Internet users will be required to pay for
> something that I suspect the vast majority do not (yet) want.
>
> >Government has no money of its own. It raises money through various
means,
> >all ultimately from people.
>
> And so should spend it on things that *the people* want, not things
> that government ministers want in order to increase their power &
> control.
>
> OTOH I expect that the government will be able to persude enough
> sheeple that the measures are vitally necessary in order to stop
> terrorism or somesuch hyped-up evil in the World to get the majority
> to want it.
>
> --
> Cynic
>

We, as internet users, are far better placed to pay for something relating
to us than passing the bill onto the entire taxpayer base, which includes
those not on the internet.
I'm not keen on the idea of government having a say in what information is
collected, though I do recognise that it will cost and someone will have to
pay for it.

Though based on how at least one agency of the DWP operates, the EU
government will end up collecting masses of information that is of no
relevance, cannot be reconciled with actual use and cannot be accurately
used to search for useful info.

Martin <><

On Fri, 07 Jan 2005 23:48:12 GMT, "Martin Davies"
<(E-Mail Removed)> wrote:


>We, as internet users, are far better placed to pay for something relating
>to us than passing the bill onto the entire taxpayer base, which includes
>those not on the internet.
>I'm not keen on the idea of government having a say in what information is
>collected, though I do recognise that it will cost and someone will have to
>pay for it.

You miss the point that you make next:

>Though based on how at least one agency of the DWP operates, the EU
>government will end up collecting masses of information that is of no
>relevance, cannot be reconciled with actual use and cannot be accurately
>used to search for useful info.

Exactly. The issue is the fact that it is *not necessary* to gather
such information in the first place, so the cost is not justifiable.
Debate over who should pay such costs are therefore moot. The cost
should not be incurred in the first place.

Same thing applies to the cost of a mandatory ID card.
--
Cynic

In uk.legal six-toes <(E-Mail Removed)> wrote:
> The London Internet Exchange (LINX) has started the New Year by
> issuing a warning that European plans to force ISPs to collect traffic
> data will add to costs for Internet users.

[...]

> "The proposals from the European Council of Ministers, as we
> understand them, mean that the EU will tell ISPs what data to collect
> and store as well as defining how long it must be kept."

> The council's own statement says that the draft Framework Decision
> on data retention "implies in principle that providers of publicly
> available electronic communications services or networks must retain
> specified data allowing for establishing the source, routing,
> destination, time, date and duration of communications and the location
> of the telecommunications devices used."

This information is pretty much collected already, even if later
discarded.

Not that it justifies the proposals.

> Mr Hutty said: "The EU is investigating ways of enforcing this
> level of data retention even where ISPs have no use for the
> information. For example, an ISP providing a 'permanently on' broadband
> connection generally has no interest in knowing specifically when the
> line was in use and for what purpose. The EU is seemingly going to make
> ISPs collect and store that data.

Well, it is possible that an ISP operating a broadband connection
can have legitimate interests for collecting such data. One such
being when charges are made for traffic flows. These charges need
to be based on raw data and although a final figure may be presented
to the customer, perhaps broken down into traffic based on different
rates, it is fairly important to keep copies of the raw data for
accounting purposes should the need arise and a bill is queried.
Although this does not mean that all data will be retained as
typically traffic to the ISP's mail and news servers may well be
discarded as being of no billing significance.

Axel


Axel

In uk.legal Cynic <(E-Mail Removed)> wrote:
> I don't see how the ISP could discover the location of the
> telecommunications devices being used. It would know only the address
> of its customer and the *probable* location of the end-pont of any
> physical connection that it had supplied. It certainly could not be
> expected to know the location of the communications device at the
> other end of an IP connection.

> If the customer has attached the end-point to an extended network,
> leased line or wireless router, the ISP would not even have knowlege
> where the local-side communications devices using its connection was
> physically located.

I suspect it could deal with something such as linking the customer's IP
number at the time of the connection to the customer premises for want
of a better word. In the case of a leased line of cable modem this would
be where the line enters the cutsomer premises (regardless of what lies
beyond that).

For a dial-up connection, probably just the number the call is being
made from, although as I have never dealt with dial-ups, I have no idea
if this information is automatically recorded.

Axel

On Tue, 11 Jan 2005 19:54:46 GMT, (E-Mail Removed) wrote:

>I suspect it could deal with something such as linking the customer's IP
>number at the time of the connection to the customer premises for want
>of a better word. In the case of a leased line of cable modem this would
>be where the line enters the cutsomer premises (regardless of what lies
>beyond that).

That would be of no help whatsoever in many situations. So the ISP
supplies a cable that enters a McDonalds outlet. McDonalds has a
free-access wireless router connected to the cable modem (my local
McDonald does this). How could the ISP identify that the end-point of
a particular communication through that cable originated from a laptop
inside a car that was inside a car parked amongst 20 other cars in its
car park?

The same is true of a commnication routed via a VPN or similar. It
will be so easy to circumvent for anyone engaged in serious wrongdoing
that I cannot see the justification for the expense.

AFAIAA ISP's already keep logs that show where the physical connection
associated with an IP address is routed, including the CLI of dial-up
lines. This regulation appears to require the ISPs to go a step
further and somehow know the physical location of the end-point.

--
Cynic

In uk.legal Cynic <(E-Mail Removed)> wrote:
> On Tue, 11 Jan 2005 19:54:46 GMT, (E-Mail Removed) wrote:
>
>>I suspect it could deal with something such as linking the customer's IP
>>number at the time of the connection to the customer premises for want
>>of a better word. In the case of a leased line of cable modem this would
>>be where the line enters the cutsomer premises (regardless of what lies
>>beyond that).

> That would be of no help whatsoever in many situations. So the ISP
> supplies a cable that enters a McDonalds outlet. McDonalds has a
> free-access wireless router connected to the cable modem (my local
> McDonald does this). How could the ISP identify that the end-point of
> a particular communication through that cable originated from a laptop
> inside a car that was inside a car parked amongst 20 other cars in its
> car park?

Obviously it cannot. In fact to ascertain with certainly the physical
location of the origin of a message once past the end of a physical
cable line or telephone line is impossible.

> The same is true of a commnication routed via a VPN or similar. It
> will be so easy to circumvent for anyone engaged in serious wrongdoing
> that I cannot see the justification for the expense.

Since it is impossible for ISPs to determine the physical location of
the origin of a message, means that they will not have to spend anything
for this particular facet of data retention.

However the rest of the requirements are worrying enough in themselves,
regardless of whether there is any expense involved or not.

Axel