EU telephony details available on demand - terrist threats
"The EU Data Retention Directive places serious data management and process burdens on telco service providers. "
Aurore Pettitt, Director, CACI(NYSE: CAI).
After the Madrid train bombings in 2004 the EU decided to get serious about joint action to fight terrorism and organized crime, and to erode the privacy of all their citizens even more.
One consequence is the EU Data Retention Directive which was passed on February 21st 2006 and becomes active in August 2007. The UK during its six-month presidency of the EU for the new legislation, arguing strongly for it, claiming it was necessary to help fight terrorism and organised crime.
"Agreement on retaining communications data places a vital tool against terrorism and serious crime in the hands of law enforcement agencies across Europe," said the then Home Secretary, grossly fat, rude, Charles Clarke.
The main consequence is that Internet service providers and fixed-line and mobile operators will now be forced to keep details of their customers' communications for up to two years.... including telephony, texting, email messaging, web traffic and custom applications (Intranets etc., ) .
At the telco's own cost these details must be stored and be available, including date, destination and duration of communications and providers must produce details of specific transactions as requested by authorized law enforcement organizations “without undue delay.”.
More details from lawyers Piper Rudnick Gray Cary, June 2006
Every such requirement is of course, a challenge and an opportunity ... an opportunity to make money. CACI " SMART solutions for intelligent marketing" ...
There is a solution Telco Compliance , featuring SenSage and EMC,
EMC, Intec and SenSage ????
EMC, (EMC Corporation (NYSE: EMC)) Intec (Intec Telecom Systems (LSE: ITL.L))and California based SenSage Inc. have developed a joint EU Data Retention solution that significantly reduces the cost of compliant data management for service providers. The combined technology completely supports the guidelines set out by the Directive and is able to cost-effectively manage and obtain results in minutes from over 100 billion Call Detail Records (CDR).
“The EU Data Retention directive increases the cost of doing business for Telco’s and ISP,” said Jim Pflaging, president and CEO of SenSage. “This joint solution offers the rapid response law enforcement needs in a highly secure system the public wants, at the lowest cost to the service provider.”
You can read more about this wonderful opportunity "EMC, Intec and SenSage Technology Able to Identify Evidence of Terrorist Activity in 100 Billion Call Detail Records "in a Press release from SenSage on 27th September 2006
You can find more about the Detailed test results and estimates of costs at http://www.sensage.com/eudrpoc (PDF Alert) "Integrating event data management and storage management to cost-effectively support regulatory compliance requirements of European telecommunications service providers"
Broadly not only do the providers have to retain the data they have to make it available within very narrowly defined parameters, not for the providers benefit but for the law enfrocement agencies (and of course at the providers cost) ..
Telcos must maintain CDR transaction recording systems that are:
1. Capable of recording all transaction information including successful and unsuccessful calls.
2. Segregated in a manner for compliant investigation rather than business use.
3. In accordance with data privacy mandates and preserve appropriate security and access controls.
This requires that all call and message transaction data be retained:
1. For a period not less than 6 months and not more than 2 years according to each member state
authority (which can extend the retention terms).
2. With reasonably assured and demonstrable data filtering, integrity and availability safeguards.
3. In a manner that supports immediate access to support the “without undue delay” condition.
This requires that event data analysis:
1. That yields answers which narrows and optimizes data analysis as much as possible.
2. That deliver results within the “without undue delay”
condition – implying a test of generally acceptable response times measured in minutes and hours.
The Telcos need to have a scaleable system that is ready now for ..
1. Increase call detail record volume.
2. Telephony and non-telephony integrated data analysis.
3. Mergers and acquisitions.
4. Differences in member state rules on customer data transport, access and retention.
5. Expansion of Directive requirements.... which you can rest assured will happen very quickly.
The solution that is offered can retain and analyze over 100 Billion call detail records (CDR) and produce answers to required query constructs within 15 minutes to 1 hour against a 2-year retention period.
The set up cost ? US$850K to US$2Mn.... and all this using "off the shelf " Dell™ Dual Core, Dual CPU PowerEdge™ 2950 servers containing the Intel® Xeon® 5160 “Woodcrest” processors and the 64-Bit version of RedHat® Enterprise Server 4.
So, from next year the many, many authorised law enforcement authorities throughout the EU can by law call up you Telco, and demand the details of every telephony event to / from your phone(s) for up to 2 years.... and get an answer in minutes or hours.... and the system they have, will almost certainly be able to meet any "Expansion of Directive requirements" ... content ...?
Now. Does that make you feel safer ?
Bet you didn't feel a thing either as the busy legislators imposed these burdens on industry and stole a bit more of your privacy ... see passenger data provisdion for the US.
POSTSCRIPT
Digital Rights Ireland, is taking a case both against the Irish Government and the European Directive on data retention.
The action will begin in the High Court in Ireland but will probably end up in the European Court of Justice, said the chairman of DRI, TJ McIntyre. The suit argues that the Irish law breaches that country's Constitution and that the EU Directive contravenes the European Convention on Human Rights.
"It's a challenge to both Irish law and the EU Directive," said McIntyre. "We're challenging the domestic law on national constitutional grounds and the EU Directive and we're hoping for a preliminary reference to Luxembourg to assess the validity of the Directive."
Don't hold your breath.
(NYSE: CAI)... CACI ? CACI ? now weren't they the folks who .. wait a minute aren't they being sued with Titan because their employees were torturing prisoners in Abu Ghraib ?
That's right there is a 64 page detailed list of thirty one counts of complaint against CACI and Titan of a whole host of common law torts (such as assault and battery), as well as violations of international human rights, and a RICO (Racketeer Influenced & Corrupt Organizations ACT) conspiracy.
That's right there is a 64 page complaint which contains detailed descriptions of the torture suffered by some of the other named plaintiffs. One Haj Ali was hung from a ceiling while made and shocked with electric pulses. Umer Abdul Mutalib was dragged until he went unconscious. Jasim al-Nidawi's private parts were attacked by dogs. Other detainees were stripped naked and put in a room with a naked female detainee who had a mesh bag on her face and was screaming. The complaint also alleges that one of the private contractors raped a fourteen year old girl, and provides evidence that there may have been a rape room set up in the prison.... but you've seen the pictures (but not the videos ..yet)
It is important to recognize that all of these events were carried out by employees of American companies who were not part of the military. Significant amount of the information upon which the complaint was based came from the military's own Fay and Taguba reports. Without those reports it is unlikely that the world would have known about the abuses committed by American private contractors.
Yeh! CACI ... sounds like the sort of people to be supplying software that deals with private data "In accordance with data privacy mandates and preserve appropriate security and access controls."
Yeh! CACI
3 comments:
Do try and be more diligent with your links, m'ludd.
Directive 2006/24/EC.
Apologies the link is inserted at the first use of the Directive.
May I assure you that the staff responsible will receive the most severe warning - perhaps this time she will take notice.
Please note ... My Lord is the correct title reserved for the Nobility, M'Lud is a term I think the court scribblers are more familiar with.
We are however grateful to you for your help.
thanks and apologies, My Lord.
Post a Comment