Hello, I have read the "DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC" (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF) and have a few questions.
I want to focus on the way that the implementation occurs. I realise that everyone is talking about the proposed Communications Data Bill and DPI but I first wished to look at what the current situation is rather than what will hopefully not happen. One: Let's say that I visit www.yahoo.com. Then I visit mail.yahoo.com. Then dating.yahoo.com. What information is retained? Is it yahoo.com or the subdomain (e.g. mail) and the domain (yahoo.com)? What if I visit www.yahoo.com/name_of_page.html. Am I right that only www.yahoo.com or yahoo.com is recorded? Two: What about the retention of e-mail metadata (from, to, subject, time, IP address)? If I go to mail.yahoo.com and send or receive an e-mail then I bypass POP, IMAP, and SMTP as I am using HTTP(S). How can e-mail metadata be retained if one is not using a client like Thunderbird or Outlook? It appears to me that e-mail metadata retention can be defeated by using webmail. Third: How do ISPs record the metadata? For example, if I visit www.yahoo.com I would assume that, since this request goes via my ISP, that they record it. I don't suppose retention is done via DNS requests since, in many cases, one can use a third-party DNS provider e.g. Google. Fourth: How does the retention process work with non-ISPs? For example, universities provide Internet access but they are not commercial ISPs although individuals are identified with a username and password. The British Library provides free internet access. So does Starbucks. I can understand that coffee shops - even those that are part of massive chains like Starbucks - are clearly not ISPs, but what about university networks (to take one example). If data retention only applies to ISPs then it strikes me that there are numerous ways to avoid it whether deliberately (going to Cafe Nero to browse the web) or as part of one's normal work day (using university network where you work or study). Thanks. -- Please support ORG's work - join and help fund our future: https://www.openrightsgroup.org/join To unsubscribe, send a blank email to [email protected] or use https://lists.openrightsgroup.org/listinfo/org-discuss
