[LINK] More problems experience with data retention laws

Tue Sep 11 22:11:32 AEST 2012

Lessons learnt in data retention law

Liam Tung
Published: September 11, 2012 - 10:30AM

Efforts to implement Europe's data retention directive in Sweden 
point to Australian operators needing clarification from the 
government to avoid a similar nightmare.

Attorney-General Nicola Roxon's 
<http://www.smh.com.au/technology/technology-news/roxon-edges-towards-keeping-online-data-for-two-years-20120903-25amz.html?rand=1347323323480>renewed 
interest in an 
<http://www.smh.com.au/technology/technology-news/canberra-defends-data-retention-plan-20120712-21yys.html?rand=1347323248200>Australian 
version of Europe's data retention laws will likely result in a hefty 
bill for Australian telecoms operators.

Under Europe's 2006 Data Retention Directive, telcos need to store 
the who, where, when and how, but not the content or ''what'' of 
fixed-line, mobile and internet communications, in a manner that can 
be later used by police as evidence.

Sweden is one of the last European nations to transpose the directive 
into local law. Facing a $50,522 a day fine imposed by the European 
Commission, the Swedish government in March rushed through laws that 
required operators to retain data for six months.

Its mistake was not consulting the industry, said Nils Weidstam, a 
public policy expert for the Swedish firm IT&Telekomforetagen.

''Suddenly [the government] understood we'll get a fine, so we 
actually [had] to accelerate. They didn't consider the position of 
the operators at all,'' Mr Weidstam told IT Pro.

The government's attitude, he said, was ''You knew what was coming, 
why weren't you prepared?''. He and others say it is not that simple.

Sweden gave operators two months to comply but Telia, the operator, 
will likely need up to two years to implement these systems, Weidstam said.

Additionally, the telecoms industry has grown out of shared 
infrastructure. ''Today, it's a mixed infrastructure where different 
[parties] host and share different parts of the communication. This 
makes it almost impossible to know what we are supposed to do,'' Jon 
Karlung, the chief executive of ISP Bahnhof, said.

To help smaller operators reduce the cost of meeting their 
obligations, Sweden's Stadsnatsforeningen och Stadsnat (SSNF) is 
negotiating a hosted third-party storage service for 150 network operators.

Members provide point-to-point interconnection services to ISPs, but 
there are other players, said Mikael Ek, the managing director of SSNF.

''In a modern broadband system there are so many actors, so you need 
to set up who is responsible for which part otherwise [the] data will 
be tripled or quadrupled in different organisations.''

The Australian government similarly does not appear to grasp the 
complexity of storing data in a manner suitable for evidence, said 
Mark Newton, a network engineer from a large Australian ISP.

"There seems to be a view within government that retaining data can 
be accomplished by simply telling telcos to stop deleting it," said Newton.

''There needs to be an auditable chain of evidence, security 
requirements to mitigate the risk of tampering, high reliability 
requirements so that evidence doesn't simply disappear due to 
hardware failure, requirements for staff to have security clearances 
to process law-enforcement access requests; expensive storage in 
expensive data centres with expensive backup strategies maintained by 
expensive staff.''
<http://twitter.com/#%21/itpro_au>
   <http://twitter.com/#%21/itpro_au>Follow IT Pro on Twitter

This story was found at: 
http://www.theage.com.au/it-pro/business-it/lessons-learnt-in-data-retention-law-20120910-25oap.html 

Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com

Our truest response to the irrationality of the world is to paint or 
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

_ __________________ _