Upload
eric-cain
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
21st April 2007 37th CEPIS Spring Council - Prague
Presentation Title Here30pt Arial
Data retention
Draft statement for CEPIS By CEPIS LSI
24th November 2007 CEPIS Execom + Council
AGENDA
CEPIS LSIMotivation and Background:
Importance of the topicWhy a statement now?
The statementBackgroundIntroductionConcernsRecommendations
24th November 2007 CEPIS Execom + Council
CEPIS LSI
CEPIS Special Interest Network "Legal & Security Issues" Working field:
IT security aspects Legal issues (connected with IT security)
Goals: Rising IT security awareness Discussion of IT security issues (technical and non-technical viewpoint)
CEPIS Execom + Council
CEPIS LSI
Chair: Prof. Kai Rannenberg (GI, Germany) Secretary: Marko Hölbl (SSI, Slovenia) Members:
IT security experts Lawyers Other interested parties
24th November 2007 CEPIS Execom + Council
CEPIS LSI Development of statements:
Background and motivation Concerns Recommendations
Past and recently adopted statements: Governmental restrictions on encryption products put security at risk, 1996 E-commerce, 1999 Data retention has serious consequences, 2004 Authentication approaches for online banking, 2007
24th November 2007 CEPIS Execom + Council
CEPIS LSI
Statements in progress: Data Retention, 2008 Virtual World and social networking, 2008
MOTIVATION AND BACKGROUND – IMPORTANCE OF THE TOPIC
CEPIS has already taken position on the issue of data retention in its discussion paper dated 01.01.2004:
Some crucial issues needed to be taken into account when the EU regulated the issue of retention of traffic and location data
New issues have aroused since the adoption of the Directive
24th November 2007 CEPIS Execom + Council
MOTIVATION AND BACKGROUND – WHY THE STATEMENT NOW?
The final text of the data retention Directive wasadopted on the 15th of March 2006.
Article 14 of the Directive: “the Commission shall submit to the European
Parliament and the Council an evaluation of the application of this Directive and its impact on economic operators and consumers”
Deadline 15th September 2010
CEPIS Execom + Council
THE STATEMENT
Statement overview:1. Background2. Introduction3. Concerns4. Recommendations
24th November 2007 CEPIS Execom + Council
INTRODUCTION
24th November 2007 CEPIS Execom + Council
Several concerns regarding the Directive:1. Definition of serious crime2. Definition of “providers of publicly available
electronic communications services or of public communications networks”
3. Categories of data to be retained
CONCERNS
24th November 2007 CEPIS Execom + Council
CEPIS LSI SIN concerns:1. The time period of the retention of the data2. The way data has to be stored and secured3. Concerns regarding mutual cooperation between
service providers and the authorities4. Issue of reimbursement of the costs incurred by
the providers5. Different deadlines for implementation
RECOMMENDATIONS
24th November 2007 CEPIS Execom + Council
1. Definition of “serious crime” missing 2. Definition what data has to be retained missing3. Caution about how much communication content can
be revealed by traffic and location data4. Consideration of adopting a shorter retention period
than 2 years5. Secure data storage and data transfer6. Support of the ETSI initiative to standardise the
handover interface7. Reimbursement of the costs to the providers (by EU
Member States)8. The European Commission is urged to complete a
timely evaluation of the Directive