On 27.07.2009, at 14:29, Manuel Wenger wrote:
Hi everyone,
as the discussion about the new lawful interception proposal is going
on, an issue always comes up with people saying that saving real time
data of all customers takes up a lot of hard disk space.
Now, as far as I understand this proposal, only information about
logins and mailbox accesses has to be stored pro-actively. Real-time
data intercepted from the DSL connection is only to be sent to the ÜPF
in case of an interception order, in real-time, from that moment on
(and no historical information).
The technical document does not specify which information to be stored. That's the point. The law says "Verbindungs und Abrechungsdaten".
However what is connection data? connection to the mailserver? connection to website XYZ. This is all communication. So they could say every tcp connection from A to B is connection data. Of course storing all data is ridiculous and is for sure not happening but today they want email, tomorrow they want instant messaging, then they want skype etc. etc. It will go on and on.
So far we have never stored historical data because there was absolutely no need to. Thats where ISP's differ from Telco's because you dont need to know whom has sent whom an e-mail to collect the bill. Furthermore if you compare it to non electronic world, does the Post Office take a photocopy of every envelope they deliver ? no! eve though there every single envelope is being paid for. So why are we under stricter rules than the non electronic world? Because its technically possible. Thats the key. And just because its technically possible is not the right reason to ask for it.
This means that nothing changes from the present situation for what
the storage of historic data is concerned. This new proposal "only"
brings the following changes:
- new real-time interception of data transmitted through a broadband
connection (no historical storage)
- new interfaces to communicate with ÜPF
Is this correct?
The new interface basically brings the problem of authenticity. We can not control if this order is legal or not. It brings SEVERE costs.
Now, do you think it would be possible to talk to ÜPF in order to find
ad-hoc solutions in the rare cases these real-time interceptions
should become necessary? Otherwise it's definitely overkill. What
would be the best way to approach this?
This was the solution of the past as far as I have heard. I would have absolutely no problem if the police would show up with a judge's order to wiretap my customer XYZ with a laptop in their hand and active connecting to an ethernet. This would work very well for most ISP's I would imagine. But this administrative jumbo interface will basically kill 50% of the ISP's who have less than 10'000 customers as they can not afford it.
I think some lawyers wrote this proposal without having the slightest
idea of what they were doing, and I'm sure the techies working at ÜPF
are smart people who would be willing to negotiate a more efficient
implementation. What do you think?
ÜPF is the author. They are greedy for information. They want everything they can get. I don't think they will move. Their opinion will be "its the law" so do what we ask. The only thing is to move this a few levels up to the Bundesrat (namely Evelyne Widmer Schlumpf) and make it clear what kind of nonsense they produce.
The german Twittosphere (the guys who have invented "Zensursula") already has a word for it... "Ueberwachungsschlumpf" (Surveillance smurf).
Andreas Fink
Fink Consulting GmbH
Global Networks Schweiz AG
BebbiCell AG
IceCell ehf
---------------------------------------------------------------
Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
---------------------------------------------------------------
ICQ: 8239353 MSN: msn1@gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333