Transcript Slide 1
Data retention Presentation Title Draft statement for CEPIS Here By CEPIS LSI 30pt Arial 21st April 2007 37th CEPIS Spring Council - Prague AGENDA CEPIS LSI Motivation and Background: Importance of the topic Why a statement now? The statement Background Introduction Concerns Recommendations 24th November 2007 CEPIS Execom + Council CEPIS LSI CEPIS Special Interest Network "Legal & Security Issues" Working field: IT security aspects Legal issues (connected with IT security) Goals: Rising IT security awareness Discussion of IT security issues (technical and non-technical viewpoint) 24th November 2007 CEPIS Execom + Council CEPIS LSI Chair: Prof. Kai Rannenberg (GI, Germany) Secretary: Marko Hölbl (SSI, Slovenia) Members: IT security experts Lawyers Other interested parties CEPIS Execom + Council CEPIS LSI Development of statements: Background and motivation Concerns Recommendations Past and recently adopted statements: Governmental restrictions on encryption products put security at risk, 1996 E-commerce, 1999 Data retention has serious consequences, 2004 Authentication approaches for online banking, 2007 24th November 2007 CEPIS Execom + Council CEPIS LSI Statements in progress: Data Retention, 2008 Virtual World and social networking, 2008 24th November 2007 CEPIS Execom + Council MOTIVATION AND BACKGROUND – IMPORTANCE OF THE TOPIC CEPIS has already taken position on the issue of data retention in its discussion paper dated 01.01.2004: Some crucial issues needed to be taken into account when the EU regulated the issue of retention of traffic and location data New issues have aroused since the adoption of the Directive 24th November 2007 CEPIS Execom + Council MOTIVATION AND BACKGROUND – WHY THE STATEMENT NOW? The final text of the data retention Directive was adopted on the 15th of March 2006. Article 14 of the Directive: “the Commission shall submit to the European Parliament and the Council an evaluation of the application of this Directive and its impact on economic operators and consumers” Deadline 15th September 2010 CEPIS Execom + Council THE STATEMENT Statement overview: 1. Background 2. Introduction 3. Concerns 4. Recommendations 24th November 2007 CEPIS Execom + Council INTRODUCTION Several concerns regarding the Directive: 1. Definition of serious crime 2. Definition of “providers of publicly available electronic communications services or of public communications networks” 3. Categories of data to be retained 24th November 2007 CEPIS Execom + Council CONCERNS CEPIS LSI SIN concerns: 1. The time period of the retention of the data 2. The way data has to be stored and secured 3. Concerns regarding mutual cooperation between service providers and the authorities 4. Issue of reimbursement of the costs incurred by the providers 5. Different deadlines for implementation 24th November 2007 CEPIS Execom + Council RECOMMENDATIONS 1. 2. 3. 4. 5. 6. 7. 8. Definition of “serious crime” missing Definition what data has to be retained missing Caution about how much communication content can be revealed by traffic and location data Consideration of adopting a shorter retention period than 2 years Secure data storage and data transfer Support of the ETSI initiative to standardise the handover interface Reimbursement of the costs to the providers (by EU Member States) The European Commission is urged to complete a timely evaluation of the Directive 24th November 2007 CEPIS Execom + Council