Data retention: a civil rights perspective. Sjoera Nas, TF-CSIRT seminar, Amsterdam, 24 January 2006

Similar documents
EDPS Newsletter NO 25 JULY 2010

EUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981

DEPARTMENT OF JUSTICE CANADA MINISTÈRE DE LA JUSTICE CANADA

European Data Protection Supervisor Transparency in the EU administration: Your right to access documents

Investigatory Powers Bill

TRANSPARENCY REPORTING FOR BEGINNERS: MEMO #1 *DRAFT* 2/26/14 A SURVEY OF

Inquiry into Comprehensive Revision of the Telecommunications (Interception and Access) Act 1979

Vienna Parliamentary Forum on Intelligence-Security. Giovanni Buttarelli

TELUS Transparency Report

14480/1/17 REV 1 MP/mj 1 DG D 2B LIMITE EN

Spring Conference of the European Data Protection Authorities, Cyprus May 2007 DECLARATION

Statement for the European Parliament, Temporary Committee on the ECHELON interception system, meeting of Thursday, 22 March, 2001, Brussels.

Privacy, personal information, law enforcement and lawful access

ECC Report 194. Extra-Territorial Use of E.164 Numbers. 17 April 2013

Counter-terrorism, De-Radicalisation and Foreign Fighters. Joint debate during the extraordinary meeting of the LIBE Committee. Giovanni Buttarelli

PROJECT SCOPE STATEMENT

Transnational Radical Party (TRP) FILLING THE "DEMOCRATIC DIGITAL DIVIDE"

Legal Issues in an International Context Study Abroad Program Course List /2019

CETA and GDPR - Will the Marriage Last? Chantal Bernier. Global Privacy and Cybersecurity Group

Learning Objectives. Prerequisites

Council of the European Union Brussels, 1 February 2017 (OR. en)

Assessing the necessity of measures that limit the fundamental right to the protection of personal data: A Toolkit

Privacy And? Surveillance

Privacy law overview. Engineering & Public Policy

A Democratic Framework to Interpret Open Internet Principles:

AmCham EU Proposed Amendments on the General Data Protection Regulation

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

International Civil Liberties Monitoring Group (ICLMG) Individual UPR Submission Canada, May 2013

ARTICLE 29 Data Protection Working Party

This letter is to provide you with our views on the minimum criteria for the impact assessment and subsequent legislative proposal.

Law BA Thesis Topics and Themes 2018

Report on the Findings by the EU Co-chairs of the. ad hoc EU-US Working Group on Data Protection. 27 November 2013

Report back for Saturday 8th March 2. Please note that timings are approximate only. Some items of business may occur earlier than indicated.

CRS Report for Congress

Meijers Committee standing committee of experts on international immigration, refugee and criminal law

Joint Committee on the Draft Investigatory Powers Bill Information Commissioner s submission

Douwe Korff Professor of International Law London Metropolitan University, London (UK)

Anna Ludwinek Eurofound (Dublin)

TekSavvy Solutions Inc.

Table of content What is data protection? Why was is necessary? Beginnings of Data Protection Development of International Data Protection Data Protec

Legal Issues in an International Context Study Abroad Course List 2018/2019

Rights of the Accused

Frequently Asked Questions about PNR data and the proposed EU-US agreement on US government access to PNR data from the EU

EXAM TTM2 Information security, advanced. Technical Tools/Aid: None Duration: (3 hours) Contact person: Svein Willassen, ph.

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION.

Seminar 4: Collecting evidence throughout the European Union II: The European Evidence Warrant and New Instruments in this Field

INVESTIGATORY POWERS BILL EXPLANATORY NOTES

HALFWAY BETWEEN PORTO AND MAASTRICHT. Excellencies, ladies and gentlemen,

Lobby and advocacy training Safeguarding Refugee Protection in Bulgaria

Maximising Forensic DNA U3lity: ETHICAL, SOCIAL AND LEGISLATIVE CHALLENGES

Liberty s briefing on Parts 3 and 4 of the Investigatory Powers Bill for Committee Stage in the House of Commons

Council of the European Union Brussels, 7 March 2017 (OR. en)

Police Record Check Reform Act (PRCRA) Bill 113. Presented to the Greater Sudbury Police Services Board November 21, 2018

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

Participation and private life

Report on the findings by the EU Co-chairs of the ad hoc EU-US Working Group on Data Protection

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

THE RUTHERFORD INSTITUTE

Injunctions against intermediaries: accountable but not liable? Munich,

William A. Tanenbaum Co-Head, Technology Transactions. LA / NY / SF / DC / arentfox.com

LA CONVENZIONE EUROPEA IL SEGRETARIATO. Bruxelles, 20 giugno 2002 (24.06) (OR. en) CONV 147/02. NOTA DI TRASMISSIONE Segretariato

1 GUY VERHOFSTADT. THE ANDREW MARR SHOW GUY VERHOFSTADT MEP Brexit Coordinator for the European Parliament

European Parliament Flash Eurobarometer FIRST RESULTS Focus on EE19 Lead Candidate Process and EP Media Recall

SCHNEIDER GROUP OOO POLICY OF THE COMPANY REGARDING TO THE PERSONAL DATA PROCESSING

C 276/8 Official Journal of the European Union

Greece and the Refugee Crisis: Lessons to Learn

With the current terrorist threat facing European Union Member States, including the UK

David Anderson QC Independent Reviewer of Terrorism Legislation Brick Court Chambers 7-8 Essex Street London WC2R 3LD

Identifying Drug Labs by Analysing Sewage Systems. Bart van der Sloot, Tilburg University, TILT

Biometric data in large IT borders, immigration and asylum databases - fundamental rights concerns

The Open Rights Group

1 June Introduction

Sexual Assault Survivors DNA Justice Act

Hong Kong General Chamber of Commerce Roundtable Luncheon 13 April 2016 Collection and Use of Biometric Data

EDPS Opinion 7/2018. on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents

EUROBAROMETER 72 PUBLIC OPINION IN THE EUROPEAN UNION

INFORMATION AS THE FOUNDATION FOR SOCIAL SOLIDARITY THE ROLE OF PARLIAMENTARY LIBRARIES AND RESEARCH SERVICES

Deutscher Bundestag. 1st Committee of Inquiry. in the 18th electoral term. Hearing of Experts. Surveillance Reform After Snowden.

Legal aspects of biometric data processing : current state of affairs. Dr. E. J. Kindt MIPRO 2015

Principles and Rules for Processing Personal Data

ABUSIVE BEHAVIOUR AND SEXUAL HARM (SCOTLAND) BILL

II. Statement of interest of the Applicants

Telecommunications Information Privacy Code 2003

Ireland North and South: Border Management Options

112, the single European emergency number: Frequently Asked Questions

ESRC SEMINAR SERIES: The Role of Civil Society in the Management of National Security in a Democracy

PubPol 423 Political Campaign Strategy & Tactics Winter Semester, 2018 (Election Year!)

Debating privacy and ICT

2008 GENERAL LOCAL ELECTION CANDIDATE S GUIDE THE CORPORATION OF THE CITY OF PENTICTON 171 MAIN STREET PENTICTON, B.C. V2A 5A9

EUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection

1 of 7 03/04/ :56

The forensic use of bioinformation: ethical issues

Public Consultation on the Smart Borders Package

CRS Report for Congress

Digital Economy Bill [HL]

WHY DO WE NEED A NATIONAL CONSULTATION?

NEWFOUNDLAND AND LABRADOR OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER

Asian Privacy Certification

Ninth Annual Report of the Article 29 Working Party on Data Protection

Solutions to the digital trade imbalance

Transcription:

Data retention: a civil rights perspective Sjoera Nas, TF-CSIRT seminar, Amsterdam, 24 January 2006

Agenda About Bits of Freedom / EDRI Obligations under the new EU directive How did we lose this war? Key implementation questions: -network layer vs service layer -central vs decentralised storage -responsability for data protection -security (access control)

Bits of Freedom / EDRI Founded in 2000 NGO, funded by private parties Themes: privacy, freedom of speech, spam, e-voting, copyright Co-founder EDRI - European Digital Rights 21 members in 14 European countries

Big Brother Awards presented this Saturday, 28 January in De Melkweg, Amsterdam

www.edri.org

The new EU directive Storage of traffic data for 6 to 24 months Telephony: fixed and mobile traffic data, including failed caller attempts, *ms and location data Internet: IP addresses, e-mail and VOIP traffic data No cost reimbursement No minimum access rules Must be turned into national law by July 2007

What did we do? Looking back at a 5 years civil rights struggle against data retention We started in 2001, when the G8 Ministers of Justice first mentioned the desirability of systematic data retention In the EU hardliners successfully entered a possibility for national data retention legislation in the 2002 e-privacy directive

Summer 2002: NL petition

September 2004: policy statement, June 2005 Open Letter to the EP

Summer 2005: EU petition

Autumn 2005: 2 flyers for EP

How did we lose this war? In spite of a joined coalition of telco s, ISPs and citizens, and after 2 almost unanimous rejections, on 14 December the EP voted 387 in favour, 204 against Europe now has data retention, undisputed high numbers of wiretapping, data freezing and dramatically low access barriers Such systematic and silent electronic surveillance of innocent citizens is unthinkable in the USA!

How did we lose this war? US: strong civil rights movement, tradition of resistance against government interference Europe: terrorism used as absolute excuse 1948 Universal declaration of Human Rights; all men are born free and equal Oblivion to historical lessons; governments may and will make serious mistakes

Clarke, UK minister of Home Affairs, to the European Parliament in Sept 05; "(there is a) need to balance important rights for individuals against the collective right for security. The view of my Government is that this balance is not right for the circumstances which we now face circumstances very different from those faced by the founding fathers of the European Convention on Human Rights - and that it needs to be closely examined in that context."

So what can we do? Open up an extra e-mail account with a non EU provider But don t invest too much time in geek circumvention talk Get involved with the legal and practical details of the upcoming national implementation Think about your own data privacy every step of the way, it is not about somebody else anymore

Key implementation questions network layer vs service layer central vs decentralised storage responsibility for data protection security (access control)

NL proposal for centralised storage Telecom providers already make their subscriber databases accessible through a central, double blind disclosure point (CIOT) NL 2004: 900.000 telephony subscriber requests by the police PLUS 300.000 requests by the secret services Government wants the same model for traffic data, suggested as cost-friendly solution Horrible from a civil rights perspective; possibility of large scale data-mining, no transparency, no access control = guilty untill proven innocent

Conclusions Security depends on respect for privacy As hardcore security staff, you are responsible to minimise and controll access to personal data Make an effort to bridge the mental gap, enlighten your colleagues

www.edri.org www.bof.nl this lecture: www.bof.nl/docs/csirt2006.pdf sjoera@bof.nl

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback