This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[cooperation-wg] Prism

Previous message (by thread): [cooperation-wg] Prism
Next message (by thread): [cooperation-wg] Prism

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Patrik Fältström patrik at frobbit.se
Wed Jun 19 15:42:46 CEST 2013

On 18 jun 2013, at 22:05, Gordon Lennox <gordon.lennox.13 at gmail.com> wrote:

> On 17 Jun, 2013, at 21:28, Gordon Lennox <gordon.lennox.13 at gmail.com> wrote:
> 
>> On 17 Jun, 2013, at 20:16, Patrik Fältström <patrik at frobbit.se> wrote:
>> 
>>> I have helped COM and specifically IHRB with their piece of the work...
>> 
>> Patrik,
>> 
>> I know you have also been very  involved in helping with the Data Retention legislation.
>> 
>> With all the discussion around Prism it might be interesting if you could bring people up to date on where we are now on that.
>> 
>> Gordon
> 
> Sweden and the Data Retention Directive...
> 
> "The European Court of Justice in a decision dated 30 May ordered Sweden to pay a lump sum of €3 million euros for its delay in transposing the controversial 2006 EU data retention directive into national law in time.
> 
> ..."
> 
> http://www.ip-watch.org/2013/06/01/eu-anti-terror-data-retention-directive-meeting-resistance-in-eu-courts/

First of all, I think the money Sweden have to pay is worth it, given how (relatively) good the Swedish implementation is compared to for example Denmark ;-)

Joke aside, and while trying to ignore the fact I am from Sweden and think the Swedish implementation is quite correct, there have been I think two problems with the DRD.

1. Participation in various groups

The participation in various groups that discuss the directive have been the entities that do want such tools. Other groups (for example Article29) have strongly been against the directive. Because of this, COM have had a very hard time trying to find what the real consensus is. I have felt quite lonely in various expert groups that have reviewed the implementations that have existed.

2. Relationship with technology

The directive do talk about things like "messages". And give examples like SMS, email, MMS etc. And "web browsing" is something different, not included in the directive and in Sweden explicitly excluded. I even wrote a few papers for COM on the matter.

The problem was that the people that want DRD to cover as much as possible claimed also web based messaging (i.e. the HTTP transaction) did fall under the directive. My response has all the time been that we have to choose between: (a) requiring DPI so that only webmail http transactions are included or (b) treat webmail as any other http transaction, i.e. not be covered. In Sweden we did pick alternative (b) btw.

This discussion completely stalled because some "experts" did claim there is *no* difference from a technical perspective between web based access to messages and IMAP or POP based access.

We also had issues with various NAT implementations, or risk thereof (CGN anyone?). There was a discussion on whether the directive itself should be implemented, or the intention of the directive, and if the latter, if more should be covered than what the directive describes. Should (for example) *ALL* NAT devices in EU be required to log any port/address mapping?

Yes, some people did want that, and now go back to (1) above, and understand the discussion was quite difficult.

So, we do know that the directive did not really lead to the harmonization one wanted, and the question is what COM will do.

I know that a new expert group is to be created. See mail below. I have myself decided to no longer have time to work on this. Specifically given the enormous problems I had related to (2) above. It was impossible to win.

Begin forwarded message:

> From: <Christian.D'CUNHA at ec.europa.eu>
> Subject: Data Retention Expert Group
> Date: 19 april 2013 16:05:07 GMT+01:00
> To: <HOME-DATA-RETENTION at ec.europa.eu>
> 
> Dear all
>  
> With apologies for the group email, I thought you might find the attached documents of interest. 
>  
> The Commission has decided to set up a new expert group on data retention, following the expiry of the previous group which met from 2008-2012, and applications to be a member are invited and should be sent by 3 June 2013. 
>  
> Further details, including French and German versions of the Commission decision and call for applications, will be on our website early next week.  Please feel free to forward on to whoever you think might be interested.
>  
> Have a good weekend.
>  
> Christian
>  
>  
>  

   Patrik

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20130418 Data Retention Expert Group Decision EN.pdf
Type: application/pdf
Size: 65249 bytes
Desc: not available
URL: </ripe/mail/archives/cooperation-wg/attachments/20130619/c2861b43/attachment.pdf>
-------------- next part --------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: call EN.pdf
Type: application/pdf
Size: 426330 bytes
Desc: not available
URL: </ripe/mail/archives/cooperation-wg/attachments/20130619/c2861b43/attachment-0001.pdf>
-------------- next part --------------

Previous message (by thread): [cooperation-wg] Prism
Next message (by thread): [cooperation-wg] Prism

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ cooperation-wg Archives ]