[http://www.europarl.eu.int/news/expert/infopress_page/019-3536-348-12-50-902 -20051206IPR03225-14-12-2005-2005--false/default_en.htm] Deal on EU data retention law The European Parliament adopted today by 378 votes in favour, 197 against and 30 abstentions a directive on data retention in first reading. The final text negotiated beforehand with the Council aims to facilitate judicial co-operation in criminal matters by approximating Member States' legislation on the retention of data processed by telecommunications companies. The directive covers traffic and location data generated by telephony, SMS and internet, but not the content of the information communicated. The new EU law will help national authorities to track down possible criminals and terrorists by granting them access to a list of all telephone calls, SMS or Internet connections made by suspects during the previous few months. The amendments finally adopted were a compromise between the PES and EPP groups with the Council and differed in some key points to the draft directive adopted initially by the Civil Liberties Committee. The GUE, Greens and UEN groups and some members from the ALDE group voted against the directive in the final vote. Alexander Nuno ALVARO (ALDE, DE) was unhappy with the result of the compromise adopted and withdrew his name as rapporteur. Limited access to data In the final text adopted, Parliament is proposing a number of amendments to the Commission text to restrict the use of retained data and ensure that the future law fully respects the privacy of the telephone and internet users. On the aim of the directive, MEPs agree with the need to retain data for the detection, investigation and prosecution of crime, but only for ?specified forms? of serious criminal offences (terrorism and organised crime), and not for the mere ?prevention? of all kinds of crime. MEPs feel that the concept of prevention is too vague and could lead to abuse of the system from national authorities. The directive will provide for data to be retained by the telecommunications companies for a minimum of six months and a maximum of 24. MEPs also added a provision for ?effective, proportionate and dissuasive? penal sanctions for companies who fail to store the data or misuse the retained information. Only the competent authorities determined by Member States should have access to the retained data from phone or internet providers. Furthermore, each national government will designate an independent authority responsible for monitoring the use of the data. MEPs also establish that access to retained data should be limited to specific purpose and on a case by case basis (push system): each time, the authorities would need to request to the telecom company that the data related to a concrete suspect, instead of having granted access to the whole database. As for the type of data to be retained, MEPs finally supported the registration of location data on calls, SMS and internet use, including unsuccessful calls. This point was controversial due to the fact that telecom companies do not currently register lost calls for billing purposes and so to do this using new technologies would be expensive. Spanish MEPs strongly supported the Council position to include the retention of unsuccessful calls, since the terrorist attacks in Madrid were prosecuted thanks to the investigation of specific lost calls from mobile phones. Who foots the bill? Finally, MEPs decided to delete the paragraph in which it was mandatory for Member States to reimburse telecom companies for all additional costs of retention, storage and transmission of data. In the draft directive adopted by the Civil Liberties Committee, MEPs had initially called for the full reimbursement of costs. ------------------------------------------------------- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 stefan.kelm@secorvo.de, http://www.secorvo.de/ ------------------------------------------------------- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]