Data retention question
Caspar Bowden (lists)
lists at casparbowden.net
Fri Jul 25 14:15:48 BST 2014
On 07/25/14 15:00, Andrew Cormack wrote:
>> -----Original Message-----
>> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
>> bounces at chiark.greenend.org.uk] On Behalf Of Caspar Bowden (lists)
>> Sent: 25 July 2014 11:30
>> To: UK Cryptography Policy Discussion Group
>> Subject: Re: Data retention question
>>
>> On 07/25/14 11:46, Andrew Cormack wrote:
>>> James
>>> On the question of what might be lost, a long time ago LINX consulted
>> Elizabeth France (yes, *that* long ago) and concluded that "necessary
>> for security" probably covered retention of all logs for roughly six
>> months.
>>
>> And obviously DP Registrar then, as ICO now, renowned as leading
>> authority on Internet technology and punctilious assessment of the
>> "strict necessity" (CJEU words) of infringements to private life
>> arising
>> therefrom.
>>
>> {/heavy_sarcasm}
>>
>> Caspar
> The shorter time you keep logs for, the less chance of determining either the cause or impact of breaches of privacy such as Target. I wish companies holding personal data were better at detecting incidents, but DBIR et al suggest it's not happening.
Nobody forced customers to use Target, but most users have no choice in
JANET-type provider. Running a comms service (public or private) entails
obligations of comms data minimization against which
security/availability of the service are factors to be weighed against
(not trumping) privacy.
The public still doesn't realize that little stitch-ups legitimating
retention like this go way back to France's era, under the deluded
collective premise that a public benefit was being served, rather than
damn-nearly-fatal erosion of a fundamental right.
CB
More information about the ukcrypto
mailing list