Wednesday, April 15, 2009

Concerns rise over new data laws


British Internet and mobile phone users are under greater scrutiny after new laws were implemented last week. Under legislation passed by the European Parliament, Internet providers are obliged to store private data including details of web and email traffic as well as Internet phone calls for 12 months. The Data Retention Directive which was passed in 2006, but came into effect on April 6th, also requires mobile phone companies to keep records of where and when phone calls were made [BBC].
State may log phonecalls & email
The content of emails and phone calls will not be recorded, but the details of the communications, such as who was in touch with whom, when and for how long, will be stored. The EU legislation allows countries to choose a retention period of between six and 24 months. ISPs will be forced to retain data on what communications were made from which Internet protocol (IP) address or phone number, what the destination of that communication was, and its duration. In the case of mobile phone calls, the data to be retained will also include information on which cell within a network a call was made from. This will give authorities an indication of the user's location at the time of the call. Reports suggest that addresses of specific web pages do not need to be stored, only the dates and times of a user connecting to the Internet and disconnecting. Although some have described this as a serious erosion of human rights, it is unclear how useful such information would be to authorities. Many Internet users are permanently connected to the web via broadband connections. As such data would be limited [Open Rights Group].
Scheme 'unworkable'
Some small ISPs have said the act may prove unworkable, expensive and give little if any useful information. AAISP.net states on its website that Section 10(1) means that “we do not have to start logging data until we given a notice in writing. We have not been given such a notice.” The statement adds that even if required to comply the legislation was “full of holes.”

Even if, but not stated in the directive, IP addresses of accessed web pages were stored, it would be a mine field of data. And for several reasons it may not be specific to any one individual. A person connected to broadband may share that connection with up to 50 others in what is called a contention ratio. Additionally, wireless users may be susceptible to others piggybacking their Internet access.

Retention of data [Wikipedia] may however not apply to all ISPs since it first requires an order from the Secretary of State. Some ISPs say have yet to be contacted, which begs the question as to how useful this [legislation is to combating terrorism, its supposed and stated purpose.
It may also prove to be problematic especially for small businesses such as Internet cafes which would have to log more data [francisdavey].

Advertisers raise privacy concerns
This week there were fresh concerns raised over the use of Phorm which aims to monitor Internet users’ activity in order to target them with individually tailored advertising.
Ironically it is the European Commission which is raising the biggest concerns and suggested Britain is failing to protect its citizens from secret surveillance on the Internet. Legal action is being brought over the use of the controversial behavioural advertising services which were tested on BT's Internet customers without their consent [The Times / The Independent].
At least one website has already rejected the use of the advertising system. Online retailer Amazon has sent a request to Webwise, Phorm’s marketing name, expressing their wish to opt-out of the scheme [BBC].

However they are the only company to have made any public statement despite request by the Open Rights Group to others not to use the service. Microsoft, Google/Youtube, Facebook, AOL/Bebo, Yahoo, Amazon and Ebay have all been urged to opt-out of Phorm by the human rights group.

No comments: