Communications data retention in an evolving Internet

Communications data retention in an evolving Internet
Dr Ian Brown
Oxford Internet Institute
University of Oxford

Outline
How are communications data retention and access powers being used? Are they proportionate?
How are changing patterns of Internet usage and surveillance affecting data retention?
How should data retention requirements be updated to meet law enforcement needs and protect privacy?

Comms data requests/m people
Data: European Commission review of Data Retention Directive; IMF World Economic Outlook

Proportionality of retaining data
“The decision to retain communication data for the purpose of combating serious crime is an unprecedented one with a historical dimension. It encroaches into the daily life of every citizen and may endanger the fundamental values and freedoms all European citizens enjoy and cherish.” –Article 29 WP Opinion 3/2006
“[70%] of all data are use within 0-3 months … and [85%] within 0-6 months” (EC review)

Recent court decisions
Bulgarian Supreme Administrative Court blocked remote Ministry of Interior access to data and security service access without a court order (11 Dec 2008)
“the obligation to retain the data … as an exception or a derogation from the principle of personal data protection … empties, through its nature, length and application domain, the content of this principle” –Romanian Constitutional Court, 8 Oct 2009
“Given the rapid advance of current technology it is of great importance to define the legitimate legal limits of modern surveillance techniques used by governments… without sufficient legal safeguards the potential for abuse and unwarranted invasion of privacy is obvious” –Irish High Court, 5 May 2010

Changing usage patterns
Google percentage of traffic
Reach of Member Communities

Dragnet surveillance
Hepting v. AT&T and Jewel v. NSA plaintiffs alleged Narus DPI equipment installed in San Francisco, Seattle, San Jose, Los Angeles and San Diego, and NSA given access to Daytona 300+ terabyte database of comms data
UK Intercept Modernisation Programme and GCHQ “Mastering the Internet” contract

Efficacy of data mining
~5000 Americans surveilled over 4 years; led to <10 warrants per year
“[T]here is not a consensus within the relevant scientific community nor on the committee regarding whether any behavioral surveillance … techniques are ready for use at all in the counterterrorist context" –US National Research Council (2008) p.4

Ways forward
Update Data Retention Directive:
Retain only subscriber data?
Set 6 months as retention period?
Impose BVFG conditions?
Repeal entirely?
Implement Cybercrime Convention:
Art. 16(1) “Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data”

Communications data retention in an evolving Internet

by Ian Brown on Jun 12, 2010

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 2

Statistics

Communications data retention in an evolving Internet — Presentation Transcript