Re: Retention of NAT translations and Connections

["Kalal, Robert (Bob)" <kalal.1 () OSU EDU>]

On Jan 6, 2012, at 1:52 PM, John Ladwig wrote:

That said, US-DoJ keeps asking for 2 years,  and I believe a couple of the EU nations have 2 year retention mandates 
for ISPs, at least.

An EU directive from 2006 requires all member states to enact laws ensuring that communications providers retain fixed 
telephony, mobile telephony, Internet access, Internet email and Internet telephony data for a period of between 6 
months and 2 years. After some delay, all but a few EU member states have implemented the directive in varying manners 
through legislation. Though several states have declined (with help from their courts) on a constitutional basis. A 
generally positive 2011 EU 
report<http://ec.europa.eu/commission_2010-2014/malmstrom/archive/20110418_data_retention_evaluation_en.pdf> reviewing 
the impact of the legislation said that the retention requirement was valuable for law enforcement and public safety 
but noted that providers still raise issues of cost and privacy groups continue to resist. In response to the report 
the European Data Protection Supervisor issued a critical 
opinion<http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2011/11-05-30_Evaluation_Report_DRD_EN.pdf>
 raising issues of fundamental privacy rights, the real need for the data, and data protection. At this point the 
European Commission is reviewing the directive and legislation.  A few years ago at a meeting of interested parties in 
Washington, DOJ staff asked folks to support 2 years retention to give them the same tools as their EU counterparts. 
Large ISPs seemed willing to go along as long as their costs were covered.

Cheers,

Bob Kalal