- Everything I’ve read seems to be pointed at major ISPs and telcos as though they are only people who process internet communications. However very large numbers of much smaller oragnizations, right down to individuals, run email servers. Will they also have to retain records for 6-12 months? How about organisations that provide free, rented or charged internet access such as Hotels, Business office space such as Regus, Internet cafes, Wifi Access hotspots and so on.

- Then there’s the very large numbers of wide open WiFi networks (the infamous “Linksys Community Network”!). The ends aren’t secure. So if we follow the line of reasoning that data retention is required we have to secure the ends as well. This leads to completely unacceptable requirements on end users. The same line of reasoning can be applied to Internet cafes and leads directly to the sort of issues thrown up by repressive regimes that require internet cafes to be “licensed”.

- There are numerous internet applications that are by their nature P2P. Some of these (such as Skype) are encrypted. Some anonymise the end points. How does getting ISPs to retain data hope to cover these applications?

Time to resurrect the decentralisation meme again.

Does it? I can’t find it on the EAW document: http://europa.eu.int/scadplus/leg/en/lvb/l33167.htm

And anyway, doesn’t that mean the “Pirates of the Carribean” sort of piracy? The warrant can only be granted for offences carry a minimum 1 year jail term. Copyright Infringement doesn’t carry that minimum sentence - IPRED2 or not. The only ones I can see there which might fly is fraud or “participation in a criminal organisation” - which I’m guessing means the Mafia, or the like. I think the content providers would struggle to get anywhere with this.

Looking at the changes voted on by LIBE, it seems to spike the guns of the CMBA, since it limits the scope of offences allowable for retained data access, as well as strictly limiting the agencies allowed to request access.

wiki.dataretentionisnosolution.com

1. PURPOSES The data should only be retained for specific purposes of fighting terrorism and organised crime, rather than with regard to any other undetermined “serious crime”. This limited purpose should be also referred to in the title of the proposed Directive.
2. RECIPIENTS The Directive should provide that the data be only available to specifically designated law enforcement authorities where necessary for the investigation, detection, prosecution and/or prevention of terrorism. A list of such designated law enforcement authorities should be publicly available.
3. DATA MINING Prevention of terrorism should not include large-scale data-mining based on the information referred to in the Directive in respect of the travel and communication patterns of people unsuspected by the law enforcement authorities. Access must be restricted to those data that are necessary in the context of specific investigation.

and 17 more good points. Lets pass this to the Eu.