The Data Retention Directive, more formally "Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC" has caused a large amount of debate the past years.
It is argued that you would loose your privacy, that the directive will mean that all your data traffic and phone data is stored way too long, and that the directive is a huge threat to the society as we know it.
I disagree.
To begin with the end. The society as we know it has never been, and will never be. The society we live in is a society of constant change (some may call it evolving). New technology rises every single day. New threats arrive by the hour. And opportunists are readily available to exploit the technology and the threats to their own winning only.
The challenge in such a society is not a new directive which aims to make a standard rule of what information to collect, and how long to store it. The challenge is that we, the people, the society, do not have the fantasy, competence, time nor tools to avoid the threats and the bad-asses who exploits every opportunity.
Even the technology vendors themselves are not able to see all the challenges their new technology brings to the market. With each new product, comes a bundle of new possible exploits. And the exploits are only discovered later, when the product is well in place, and used.
In todays society, black-hat hackers (the wizards of computers, working for the dark side, you know, those who love Dart Vader), find and exploit those wholes in technology. They have great success. And the smartest of those black-hats know that the best thing is not to leave a trace when they do their job. So they will use any means they know to evade being caught on the system. They still need to use the lines to connect, though. And by storing the connection data, there is a potential (albeit small) to actually find some of those crooks after their criminal acts has been discovered.
What is more, when one trace has been discovered, the Directive ensures that trails are kept in other networks around Europe, which makes it easier to remodel the attack in the first place.
I also strongly believe that one shall not forget about Cyber war in this context. It is a real threat, it is a game played by all major nations, and it is one game that aims at intelligence collection and the mapping of potential targets, including finding their weak spots, testing their defenses and understanding their meaning as part of the infrastructure. The Directive may prove a valuable insight on how friend and foe analyses European networks, their content and their weak spots.
The storing of telco and ISP data is not something new. In Norway, we have a strong idea that these types of logs are private, and should only be stored by the ISP/Telco for a short period of time, and only to help the analysis to improve the network. Well, that and to give the available data to the police in case of an investigation.
On a side note - the data the police is getting today, is delivered as an Excel file. I hope I do not need to explain the security issues with relying your evidence on a non-traceable Excel file that anyone can tamper with?
In other countries, Telcos and ISPs may not have the same image of privacy as here in Norway. Perhaps they are storing the data, and do not delete it at all? What if every employee have access to that data? Or what if some black-hat hacker gets access to the logs? What will they discover?
They will find the following for most of us: we send and receive e-mails, most of it spam. We watch porn online. No news there. We interact in social networks. Where we happily share our own images, of half-dressed (or half-nude if you prefer), drunken sailors and maidens in awkward positions. And some of us even feel proud of sharing these, quite private moments.
Yes, we do this by our own free will. No, we have no warrant that this kind of data will be deleted some times in the future, if we so request. And no, we have no way of telling how this information may or may not used, for or against us in the future. Be it in life, or in court.
The Directive may actually turn out to be your friend at some point, as with it, you know that there is a track record of your actions - or at least meta-data from those actions - and you could request this data if you where in a squeeze, say in court. And use it to prove your innocence. For example to show that the images found on your computer never was downloaded by yourself, it had to be someone/something else that did it.
I believe it is time to wake up. We have long lost, and forgotten about what privacy is. We have accepted video surveillance to such a degree the past 30 years that you can hardly walk down the street and fart without “Big Brother” noticing. Adding to video cameras are automatic face/body recognition, movement detectors, heat/cold detectors, weapon/metal/bomb detectors. You light up like a cigarette in the dark walking down the street. And you have no idea who monitors you. Even though video surveillance is strongly regulated by laws in Europe, most private cameras are illegally used. And those controlled by the government, well, they are networked, and used to follow you home, so to speak.
Another example where logs are used to safeguard your history is that of credit card transactions. Using your credit card, as we use all the time in Norway, leaves a glowing trail that not only allows the government (and others who have access to the data) the possibility to track you down by the minute, and as done by the companies specializing in giving you 2% rebate on “everything you buy”, the data is great to build a complete profile of who you are, what you like, where you shop and how you spend your cash. And you accept that just because 1. you feel your money is safer, and 2. you gain some coins by rebates.
It is my sincere opinion that if the Directive 2006/24/EC had offered you a cheaper phone bill, or perhaps a new, cheap phone, you would not object to it at all. As a matter of fact, I believe that if such an offer would be added, you would jump on board and say: “Hell yea, I like this new directive! Who cares about the data anyway?”
It is also important to understand what is to be stored. It is not the full e-mail, only who sent it; who got it; the subject line; and at what time it was sent and received. So what?
The same goes for the internet access of yours. Only meta data is saved, not the content. Yes, they will see that you visit a porn site. But we all know that already. Besides, if your neighbor decides to use your wireless network to interact with terrorists, it would be a great help for you to have those logs available - as they may show what traffic origins from your computer, and what comes from the bad ass.
And the phone. Unless you call Al Qaida or other terrorists, who really cares? Your phone company already have a pretty clear view of who you are already, if you trust them, a capitalist organization with their own agenda, with that data, why don´t you trust your own government?
If it really matters that much to you, disconnect. Crawl back into the cave and live in the past. Others have done that before you, just look at the Amish. Don´t be such a hypocrite, we all love the technology and the possibilities it gives us. And the new technology need us to be responsible - as individuals, as societies and as governments. The technology itself opens doors, and it is our responsibility to guard those doors. Sometimes we do it ourself - by adapting our actions, other times we use technology - like firewalls; and other times we need regulations. These elements walks hand in hand. And they must adapt, adopt and evolve with the new technology. Simple as that.
So I welcome the Directive 2006/24/EC as one means of taking control over the technology and the potential challenges technology impose on us. At least I prefer that the capitalist organizations are regulated when it comes to their potential surveillance. And I prefer that the government, a government that I elect, and thus to some extent control, are the ones to control this data.
"Unless you call Al Qaida or