29
between a rock and a hard placeMaximilian Schubert 21.08.2012, EFA 2012 - Alpbach

20120822 schubert alpbach_final

Embed Size (px)

DESCRIPTION

Presentation held by ISPA secretary general M. Schubert at European Forum Alpbach 2012

Citation preview

Page 1: 20120822 schubert alpbach_final

„between a rock and a hard place“ Maximilian Schubert 21.08.2012, EFA 2012 - Alpbach

Page 2: 20120822 schubert alpbach_final

About ISPA

Implementation Data Retention Directive

Official Requests for Information by LEA

Outlook & Future Challenges

Overview

Page 3: 20120822 schubert alpbach_final

About ISPA

• Founded 1997

• Approximately 200 members from the fields of access, hosting, content, services etc.

– 75 % purely Austrian companies

– 25 % are part of international organizations

– Two thirds of members have up to 25 employees

– 50% more than € 1 Mio. annual turnover

– Customer structure 60% mainly business customers 10% mainly private customers 30% both

Page 4: 20120822 schubert alpbach_final

„ISPA is the Austrian association of Internet Service Providers, representing approximately 200 ISPs. ISPA is the major voice of the Austrian Internet industry. Our goal is to shape the economic and legal framework supporting optimal growth of the Internet and Internet services. We regard the use of the Internet as an important cultural skill and acknowledge the resulting socio-political responsibilities.”

ISPA’s mission statement

Page 5: 20120822 schubert alpbach_final

Stopline.at - an International Success Story -

ISPA founded Stopline.at, the Austrian internet hotline for

• Child Pornography

– § 207 a StGB (Austrian Penalty Act)

• National Socialist (‘Nazi’) Offences

– VerbotsG, Abzeichengesetz

Reports are handled anonymously, no feedback is provided.

“Deletion instead of blocking & filtering”

Page 6: 20120822 schubert alpbach_final

Stopline - workflow

Page 7: 20120822 schubert alpbach_final

Number of illegal content found remains relatively stable

0

1000

2000

3000

4000

5000

6000

1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011

Potentially illegal reports Incoming reports

Page 8: 20120822 schubert alpbach_final

Some numbers

More than 21.000 reports since 1998; continuous increase, most likely due to increased awareness.

● Approx. 16% of all reports refer to obviously illegal content

● Approx. 95% of valid reports refer to child pornography

● Approx. 5% of valid reports refer to national socialist offences

In 2011 in only one case illegal content was found to be hosted by an Austrian ISP.

Page 9: 20120822 schubert alpbach_final

About ISPA

Implementation Data Retention Directive

Official Requests for Information by LEA

Outlook & Future Challenges

Overview

Page 10: 20120822 schubert alpbach_final

Timeframe for the implementation

t

30th of March 2012 Enactment of decree for reimbursement of costs

2009 2010 2011 2012 2006 2007 2008

Nov 2009 Draft of revised

Telecommunications Act (TKG)

2006 Enactment of DR-Directive

2007 Failure of the 1st implementation

Feb 2009 Assignment of a

Human Rights Institute

July 2010 ECJ: Infringement

of EU law

May 2011 Enactment of national acts

Dec 2011 Publication of

first tech. spec.

1st April 2012 commencement of retention duty

late March 2012 planned go-live of the

data exchange interface (“Durchlaufstelle”; DLS)

Page 11: 20120822 schubert alpbach_final

Data Retention in Austria - Factsheet

• Retention of traffic data, no content data (Access-IP, mobile communication, Email)

• Retention for a maximum period of six month

• Access to retained data only for criminal offences

• Exceptions for small ISPs and certain technologies (approx. EUR 300.000 yearly turnover, public ISPs, NAT/PAT)

• Data remains with the IPS, exchange interface (DLS) and use of CSV-Files to prevent data mining

• No “ex ante” safeguards for lawyers, doctors, etc.

Page 12: 20120822 schubert alpbach_final

ISPA actively participated in the implementation

ISPA helped to scope an interface (DLS) which facilitates the secure and transparent exchange of information (CSV-File), while providing a high level of security and transparency.

DLS could provide information on the total number of requests for information!

Page 13: 20120822 schubert alpbach_final

Data Retention in Austria - Summary -

The Good • Legal definition of “dynamic”-IP-Adr

• High degree of security through DLS

The Bad • Very incoherent legal framework & numerous delays

The Ugly • No requirements for judicial decree & no minimum

sentence required for most important cases (e.g. IP-Adr.)

• Incomplete statistics

Page 14: 20120822 schubert alpbach_final

About ISPA

Implementation Data Retention Directive

Official Requests for Information by LEA

Outlook & Future Challenges

Overview

Page 15: 20120822 schubert alpbach_final

Cooperation with LEA: continuous improvement

• Numerous and lengthy legal disputes concerning “dynamic IP-addresses” within last couple of years.

• Reference by the Austrian Supreme Court (OGH) to the European Court of Justice on this matter

• Clarification through adaption of the Austrian

Telecommunications Act §92 Par 3 Z 16 TKG

ISPA position paper and sample answers provide guidance for ISPs and LEAs.

Page 16: 20120822 schubert alpbach_final

ISPA supports members and LEAs

• formal requirements (e.g. request in writing)

• substantial requirements (within 48hrs, continuing danger)

Page 17: 20120822 schubert alpbach_final

Requests for information under Austrian Law – legal environment

• Requests for information can be based on different legal grounds

- Telecommunications Act 2003 (TKG)

- Security Police Act (SPG)

- Criminal Procedure Act (StPO)

- eCommerce Act (eCommG)

- Federal Act Against Unfair Competition (UWG)

Page 18: 20120822 schubert alpbach_final

About ISPA

Implementation Data Retention Directive

Official Requests for Information by LEA

Outlook & Future Challenges

Overview

Page 19: 20120822 schubert alpbach_final

Future challenges for ISPs - Intermediary Liability -

Directive 2000/31/EC 'Directive on electronic commerce'

Article 14

Hosting

1. Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:

(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or

(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

Page 20: 20120822 schubert alpbach_final

Future challenges for ISPs - ACTA et al -

Anti-Counterfeiting Trade Agreement - ACTA [3.12.2011]

Art 27

ENFORCEMENT IN THE DIGITAL ENVIRONMENT

2. Further to paragraph 1, each Party’s enforcement procedures shall apply to infringement of copyright or related rights over digital networks, which may include the unlawful use of means of widespread distribution for infringing purposes. These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity, including electronic commerce, and, consistent with that Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.1

1For instance, without prejudice to a Party’s law, adopting or maintaining a

regime providing for limitations on the liability of, or on the remedies available

against, online service providers while preserving the legitimate interests of right

holder.

Page 21: 20120822 schubert alpbach_final

Future challenges for ISPs - Net Neutrality -

Net Neutrality

vs.

Network Management

Page 22: 20120822 schubert alpbach_final

Future challenges for ISPs - Net Neutrality -

Net Neutrality

vs.

Network Management

Page 23: 20120822 schubert alpbach_final

Future challenges for ISPs - Privacy -

Page 24: 20120822 schubert alpbach_final

● Continuous improvement of awareness about the safe use of the Internet (e.g. Stopline.at, saferinternet.at)

● Efforts to reduce legal uncertainty as to the liability of ISPs for illegal conduct by their customers

● Contribution to the discussion on copyright and its enforcement

Future challenges for ISPs

Page 25: 20120822 schubert alpbach_final

Contact details:

Email: [email protected]

Phone: +43 1 409 55 76

Web: www.ispa.at

Page 26: 20120822 schubert alpbach_final

BACKUP

BACK UP

Page 27: 20120822 schubert alpbach_final

BACKUP

NAT/PAT

Page 28: 20120822 schubert alpbach_final

internal IP: 10.xxx.xx3

internal IP: 10.xxx.xx2

internal IP: 10.xxx.xx1

Explanation: NAT/PAT

Öffentliche POOLADRESSEN

IP_a_194.xxx.xxx.xxa IP_b_194.xxx.xxx.xxb IP_c_194.xxx.xxx.xxc IP_xy_194.xxx.xxx.xxd

NAT

10.xxx.xx7 10.xxx.xx1 10.xxx.xx2 10.xxx.xx3 10.xxx.xx4

Ports Port_a Port_b Port_c Port_xy

PAT

Internal IP: 10.xxx.xx5

internal IP: 10.xxx.xx1

Public IP 194.xxx.xxx.xxb Port a

Public IP 194.xxx.xxx.xxb Port b

Public IP 194.xxx.xxx.xxb Port c

IP-Adr. identical

Ports differ

Page 29: 20120822 schubert alpbach_final

internal IP: 10.xxx.xx3

internal IP: 10.xxx.xx2

internal IP: 10.xxx.xx1

Explanation: NAT/PAT

Öffentliche POOLADRESSEN

IP_a_194.xxx.xxx.xxa IP_b_194.xxx.xxx.xxb IP_c_194.xxx.xxx.xxc IP_xy_194.xxx.xxx.xxd

NAT

10.xxx.xx7 10.xxx.xx1 10.xxx.xx2 10.xxx.xx3 10.xxx.xx4

Ports Port_a Port_b Port_c Port_xy

PAT

Internal IP: 10.xxx.xx5

internal IP: 10.xxx.xx1

Public IP 194.xxx.xxx.xxb Port a

Public IP 194.xxx.xxx.xxb Port b

Public IP 194.xxx.xxx.xxb Port c

IP-Adr. identical

Ports differ

Even after the implementation of the data retention Directive in Austria ISPs are not under the obligation to store NAT (internal IP addresses) and PAT (Port) information, as such information also had not been stored before the implementation.

Requests must not be answered by the ISP, if the information provided would identify a “larger number” of subscribers (“größere Anzahl” von TeilnehmerInnen).