Law enforcement and data retention in the light of an
anonymisation services

J 2011

Law enforcement and data retention in the light of an anonymisation services

KÖPSELL, Stefan and Petr ŠVENDA

Basic information

Original name

Law enforcement and data retention in the light of an anonymisation services

Authors

KÖPSELL, Stefan (276 Germany) and Petr ŠVENDA (203 Czech Republic, guarantor, belonging to the institution)

Edition

Masaryk University Journal of Law and Technology, Brno, Masarykova univerzita, 2011, 1802-5951

Other information

Language

English

Type of outcome

Článek v odborném periodiku

Field of Study

10201 Computer sciences, information science, bioinformatics

Country of publisher

Czech Republic

Confidentiality degree

není předmětem státního či obchodního tajemství

References:

URL

RIV identification code

RIV/00216224:14330/11:00060091

Organization unit

Faculty of Informatics

Keywords in English

secure logging; anonymity service; data retention

Abstract

V originále

The recently introduced legislation on data retention to aid prosecuting cyber-related crime in Europe also affects the achievable security of systems for anonymous communication on the Internet. We have analysed the newly arising risks associated with the process of accessing and storage of the retained data and propose a secure logging system, which utilizes cryptographic smart cards, trusted timestamping servers and distributed storage. A practical implementation of the proposed scheme was performed for the AN.ON anonymity service, but the scheme can be used for other services affected by data retention legislation. We also discuss the practical experience from process of response to legal authorities’ requests both before and after the data retention directive was implemented. Moreover we give a general description of the legal obligations and the information about usefulness of the retained data is also provided. Derived from these obligations we give arguments reflecting challenges and obstacles for a secure and privacy respecting implementation of data retention.

Links

LA09016, research and development project

Name: Účast ČR v European Research Consortium for Informatics and Mathematics (ERCIM) (Acronym: ERCIM)

Investor: Ministry of Education, Youth and Sports of the CR, Czech Republic membership in the European Research Consortium for Informatics and Mathematics

Citovat

KÖPSELL, Stefan and Petr ŠVENDA. Law enforcement and data retention in the light of an anonymisation services. Masaryk University Journal of Law and Technology. Brno: Masarykova univerzita, 2011, 2/2011, Fall, p. 305-320. ISSN 1802-5951.

@article{984111,
   author = {Köpsell, Stefan and Švenda, Petr},
   article_location = {Brno},
   article_number = {Fall},
   keywords = {secure logging; anonymity service; data retention},
   language = {eng},
   issn = {1802-5951},
   journal = {Masaryk University Journal of Law and Technology},
   title = {Law enforcement and data retention in the light of an anonymisation services},
   url = {http://mujlt.law.muni.cz/storage/1327961485_sb_12-kopsell_svenda.pdf},
   volume = {2/2011},
   year = {2011}
}

TY  - JOUR
ID  - 984111
AU  - Köpsell, Stefan - Švenda, Petr
PY  - 2011
TI  - Law enforcement and data retention in the light of an anonymisation services
JF  - Masaryk University Journal of Law and Technology
VL  - 2/2011
IS  - Fall
SP  - 305-320
EP  - 305-320
PB  - Masarykova univerzita
SN  - 18025951
KW  - secure logging
KW  - anonymity service
KW  - data retention
UR  - http://mujlt.law.muni.cz/storage/1327961485_sb_12-kopsell_svenda.pdf
L2  - http://mujlt.law.muni.cz/storage/1327961485_sb_12-kopsell_svenda.pdf
N2  - The recently introduced legislation on data retention to aid prosecuting cyber-related crime in Europe also affects the achievable security of systems for anonymous communication on the Internet. We have analysed the newly arising risks associated with the process of accessing and storage of the retained data and propose a secure logging system, which utilizes cryptographic smart cards, trusted timestamping servers and distributed storage. A practical implementation of the proposed scheme was performed for the AN.ON anonymity service, but the scheme can be used for other services affected by data retention legislation. We also discuss the practical experience from process of response to legal authorities’ requests both before and after the data retention directive was implemented. Moreover we give a general description of the legal obligations and the information about usefulness of the retained data is also provided. Derived from these obligations we give arguments reflecting challenges and obstacles for a secure and privacy respecting implementation of data retention.
ER  -

KÖPSELL, Stefan and Petr ŠVENDA. Law enforcement and data retention in the light of an anonymisation services. \textit{Masaryk University Journal of Law and Technology}. Brno: Masarykova univerzita, 2011, 2/2011, Fall, p.~305-320. ISSN~1802-5951.

Detailed Information on Publication Record