1.

UK TO PRESS FOR ANTI-TERROR DATA PLAN
By Sarah Laitner (Brussels) and Jimmy Burns (London)

Financial Times (UK)
September 6, 2005

http://news.ft.com/cms/s/42dfc62a-1ef7-11da-94d5-00000e2511c8.html

The U.K. will on Thursday seek to win support for proposed Europe-wide rules requiring phone and internet companies to keep client data for at least 12 months.

Charles Clarke, the U.K. home secretary, will call on the European Union's 25 member states to agree by mid-October on the plan, which he believes is vital for counter-terrorism work.

He will make his call at the meeting of justice ministers in Gateshead, northern England, amid industry claims that the measures could cost communications companies millions of euros each year and warnings by police that they could be swamped with information.

At present countries have widely differing rules on how long companies must store the data, ranging from a few months to four years.

Finland and Germany are among the member states known to have reservations about the rules -- including concerns about compensation for companies and the impact on data protection laws.

In a paper prepared for the meeting, the UK says such data are the "golden thread" running through terrorism investigations.

The U.K., France, Ireland, and Sweden proposed the minimum retention rules after telephone records proved effective in identifying some of the suspects in terrorist attacks in Madrid last year.

"I think we can make the case that our ability to retain data is a real and genuine plus in the war on organized crime and terrorism.

"We have done a lot of work on this and we also believe the issue of cost is not an issue," Mr. Clarke said this week. The push for the telecoms rules comes as the union's justice ministers gather for the first time since the week after terrorist attacks in the U.K., when they pledged more pan-European anti-terror co-operation.

While the data retention laws will be at the top of the EU ministerial meeting's agenda on Thursday, the U.K. may also use the occasion to float plans for a review of the counter-terrorism work done at EU level, according to European officials.

2.

EU CONSIDERS NEW DATA RETENTION LAWS
By Simon Taylor

IDG News Service
December 7, 2004

http://www.computerworld.com/securitytopics/security/story/0,10801,98100,00.html

European Union justice ministers are rethinking measures to force telecommunications companies and Internet service providers to retain data to use in the fight against crime and terrorism. ISPs are still warning that current plans could devastate the industry.

Late last week, EU justice and home affairs ministers debated plans to force electronic communications providers to retain information for up to three years. Under draft legislation proposed by the U.K., Ireland, Sweden and France in April, operators would have to keep for at least 12 months all data concerning the source, routing, destination, time, date, and duration of communications as well as the location of the telecom device used in a particular transmission.

The data to be stored would be that obtained by operators for billing and other commercial purposes. The move is part of the EU's drive to combat terrorism. Rules would apply to providers of fixed-line services, mobile phones, SMS operators and ISPs, including VoIP providers.

But both ISPs and telecommunications companies have insisted that the proposal is unworkable and would hit operators with enormous costs, massive security issues, and, in some cases, impossible technical difficulties in collecting and storing the data.

"Data retention is one of the most important issues ever faced by the Internet services industry," according to a position paper issued by the European ISP association EuroISPA in September. It warned that the implications of the proposed measures could be "devastating" for the industry.

At last week's meeting, ministers indicated they were prepared to consider another approach to the collection of data, since not all operators collected information in the same way. For example, some service providers apply a flat-rate system, where the relevant data is simply erased after communication has been terminated.

Instead, ministers considered a different approach where operators would be required to supply a common list of data. Richard Nash, EuroISPA secretary-general, said the fact that the ministers were examining an alternative approach showed that there was "some recognition of serious flaws in the original proposal."

But he argued that the fundamental problems remain. The proposal was "so far-reaching as to destroy the industry," he said. There is a perception among EU legislators that an ISP could "flick a button and the data will be on a disc, ready catalogued. But it's just not possible to do that," Nash said.

Ministers have referred the legislation back to experts and have set themselves a deadline of June 2005 to finalize new rules.