5 June 2002. Thanks to Anonymous and D.

See Statewatch on EU data retention legislation: http://www.statewatch.org/


http://195.62.53.42/pressreleases/press_release.php?func=detail&par=1705

31/05/2002 | PRIVACY/EU: CONFIDENTIAL EUROPOL DOCUMENT ON DATA RETENTION: NATIONAL LAW ENFORCEMENT EXPERTS ARE WORKING A WISH LIST OF CITIZENS' COMMUNICATIONS DATA TO BE RETAINED IN THE EU

After the European Parliament vote of yesterday on data retention, and after rumors of a EU legal instrument on harmonised data retention measures, a confidential Europol document confirms EU activities on the issue. The document reveals that national law enforcement experts are working in the framework of Europol to draft a wish list of citizens' communications data to be retained in the EU. This document contains the agenda of the April Europol meeting of national experts, and one of the issues that was discussed was the directive on privacy in electronic communcations, that after the EP vote will contain an explicit authorisation for Member States to adopt legislative measures of data retention. It contains also a list of communications data, and an invitation to Member States to provide comments.

You can find the Europol confidential document on the
http://www.radicalparty.org/europol/europol.pdf webpage. [HTML version below.]

Declaration by Marco Cappato, Radical MEP of the Lista Bonino, and Ottavio Marzocchi, of the Transnational Radical Party Board:

"This document appears to fit in a more general EU strategy to develop Europeanwide data retention and surveillance measures. A first step has been the success of the Council pressures on the Commission and the EP to insert in the EU directive on privacy in electronic communications provisions authorising data retention at the national level. A second step is the development of national laws and European harmonised Third Pillar measures on data retention. It is extremely worrying that on those issues secrecy and silence are kept by EU governments and by the Council, while a proper public debate should take place, since those measures infringe the fundamental humanright to privacy and civil liberties in general. We shall keep on being vigilant on this issue, since the damage to democracy could be extremely serious. We will table in the next days a question to the Commission and to the Council on this document and on the issue of data retention."


Source: http://servizi.radicalparty.org/europol/europol.pdf

[11 pages.]

Expert meeting on cyber crime: Data retention

Date Start: 11 April 2002 h. 10:00 End: 11 April 2002 h. 17:00
Place Europol Building, Raamweg 47, The Hague
Chair Europol (to be decided)


[DRAFT] AGENDA

Closed session: discussion amongst experts from Law Enforcement

No. Subject Document reference
1 Welcom and introduction  
2 Adoption of the agenda 5121-20020411 Agr1
3 High Tech Crime Centre at Europol - Brief presentation of outcome of HENU meeting 12-13 April 202

Experts to comment

2565-50r3 - Project Initiation Document
3 Data retention:
  • Presentation regarding outcome of the questionnaire (Nicola Dileone - Europol)
  • Proposal for common European Union law enforcement viewpoint on data retention

Experts to comment and agree to proposal when appropriate

5121-20020411 - Summary Questionnaire
4 Creating a common and standard template for asking information to ISP/Telephone companies

Experts to comment and agree to proposal when appropriate

Template to be provided
5 List of contact points -- including both Member States and Industry

Experts to agree when appropriate

2570-40rev3


[Footer all following pages: Questionnaire after replies Rev1.doc         10 April 2002]

EUROPOL

The Hague, 28 December 2001
File no 5121-20020411LR-Questionnaire

List of minimum and optional data to be retained by Service Providers and Telcos

Data that must be retained by Internet Service Providers

1. Network Access Systems

  (NAS) Access logs specific to authentication and authorization servers such as TACACS+ (Terminal Access Controller Access Control System) or RADIUS (Remote Authentication Dial in User Service) used to control access to IP routers or network access servers Member State Comments
A

Minimum

List

Date and time of connection of client to server

User-id and password

Assigned IP address NAS Network attached storage IP address

Number of bytes transmitted and received

Call Line Identification (CLI)

 
B

Optional
List

User's credit card number / bank account for the subscription payment  

2. Email servers

  SMTP (Simple Mail Transfer Protocol) Member States comments:
Minimum

List

Date and time of connection of client to server

IP address of sending computer

Message ID (msgid)

Sender (login@domain)

Receiver (login@domain)

Status indicator

 
  POP (Post Office protocol) log or IMAP (Internet Message Access Protocol) log Member States comments:
Minimum

List

Date and time of connection of client to server

IP address of client connected to server

User-id

In some cases identifying information of email retrieved

 

3. File upload and download servers

  FTP (File Transfer Protocol) log Member States comments:
A

Minimum

List

Date and time of connection of client to server

IP source address

User-id and password

Path and filename of data object uploaded or downloaded

 
B

Optional

List

   

4. Web servers

  HTTP (HyperText Transfer Protocol) log Member States comments:
A

Minimum

List

Date and time of connection of client to server

IP source address

Operation (i.e. GET command)

Path of operation (to retrieve html page or image file)

Those companies which are offering their servers to accommodate web pages should retain details of the users who inserts these web pages (date, time, IP, User ID, etc.)

 
B

Optional

List

"Last visited page"

Response codes

 

5. Usenet

NNTP (Network News Trasnfer Protocol) log Member States comments:
Minimum

List

Date and time of connection of client to server

Protocol process ID (nnrpd[NNN...N])

Hostname (DNS name of assigned dynamic IP address)

Basic client activity (no content)

Posted message ID

 

6. Internet Relay Chat

  IRC Log Member States comments:
A

Minimum

List

Date and time of connection of client to server

Duration of session

Nickname used during IRC connection

Hostname and/or IP address

 
B

General

Optional

List

Copy of the contract

Bank account / credit card for the payment

 

7. Data that must be retained by telephone companies for fixed numbers' users:

  Member States comments:
A

Minimum

List

Called number even if the call was not successful

Calling number even if the call was not successful

Date and time of the start and the end of the communication

Type of communication (incoming, outgoing, link through, conference)

In case of conference calls or call to link through services, all intermediate numbers

Information both on the subscriber and on the user (name, date of birth, address)

Address where the bill is sent

Both dates (starting and ending) from when the subscription has been signed and dismissed

Type of connection the user has (normal, ISDN, ADSL, etc., and whether it is for in-out calls or for incoming only)

The forwarded called number

The time span of the call

Bank account number/other means of payment

 
B

Optional

List

Copy of the contract

For a better investigative purpose Telcos should be able to know the nature of the telecommunication: voice/modem/fax etc.

 

8. Data that must be retained by telephone companies for mobile / satellite numbers' users:

    Member States comments:
A

Minimum

List

Called number even if the call was not successful

Calling number even if the call was not successful

Date and time of the start and the end of the communication

Type of communication (incoming, outgoing, link through, conference)

For conference calls or call to link through services, all intermediate numbers

Information both on the subscriber and on the user (name, date of birth, address)

IMSI and IMEI numbers

Address where the bill is sent

Both dates (starting and ending) from when the subscription has been signed and dismissed

The identification of the end user device

The identification and geographical location of the cells that were used to link the end users (caller, called user) to the telecommunication network

Geographical llocation (coordinates) of the mobile satellite ground station

Type of communication (incoming, outgoing, link through, conference) [duplicate item]

GPRS service

For conference calls or call to link through services, all intermediate numbers [duplicate item]

The forwarded called number

The time span of the call

Bank account number/other means of payment

As GPRS and UMTS work on Internet base, thus all the data above mentioned (as IP address) should be preserved

 
B

Optional

List

Copy of the contract

For a better investigative purpose Telcos should be able to know the nature of the telecommunication: voice/modem/fax etc.

 

9. Numbers format:

  All telephone numbers (for both ISP and telephone companies) should be composed by: Member States comments:
  Country number

Area number

Subscribers number

All information in ASCII code with tab separators and carriage return

As some services allow users to connect to a foreigner IPS through the use of a national toll free number, thus the structure of this number is required

10. Time synchronisation:

  Telecommunication operators, internet access providers and internet service providers have to synchronise their servers with a time server of their countries with the specification of GMT Member States comments:


Transcription and HTML by Cryptome.