crime detection, logging and personal privacy
of the most important ways to catch network criminals (virus distributors,
mail bombers, ping bombers, crackers,, distributors of racial agitation,
etc.) is logging. By logging information on the traffic on the Internet,
it is possible, after the fact, to find out who sent the illegal information.
Technically, it is not possible to log everything, in
particular, routers cannot log all traffic passing them. Useful would
then be to be able to switch partial logging on temporarily when a suspected
crime is being committed. Since network crimes often take a few hours,
and since they are sometimes observed immediately, there is time to switch
on partical logging. And net criminals, like many other criminals, tend
to repeat similar crimes more than once. It is then possible, the second
time, to log what was done the previous time in order to catch the criminal.
It is therefore interesting if such logging is legal or
not. The Swedish
Data Inspection Board publishes an article on this in the latest issue
of their official newsletter "Direkt från Datainspektionen" No.
full text is available from them in Swedish.
is a translation to English of a passage from the paper in their newsletter:
year, the directors of data protection agencies in the European countries
and some of their employees meet to discuss issues of common interest.
the last day of the conference, the participants agreed on a common
declaration against unnecessary logging of information regarding Internet
traffic. In the statement, the directors of data protection express
their concern regarding requirements to request that ISPs should be
obliged to log information during a longer time, for example because
police might need the information in their investigations. The group
said that traffic data should only be logged if this is needed for the
ISP to perform, for example, invoicing. The data protection directors
call attention to the fact that long time storage of traffic data is
incompatible with article eight in the European convetion on human rights,
which guarantees the rights to protection of privacy.
Sweden, this is regulated by the telecommunications act, which specifies
that ISPs must erase traffic data as soon as the traffic stops. There
are certain exceptions, among others information needed for invoicing
can be saved until the invoice has been paid or time-barred. With permission
from the customer, the information can also be used in marketing.
usual, the data inspection board is vague. Phrases like "unnecessary"
and "for example" and "among others" indicate that they do not forbid
all logging, but rather wants power to control what kind of logging
is no discussion at all in the statement about computer crime and how
to combat computer crime. This is interesting, because the data inspection
board has instigated police investigations and prosecutions in several
cases where information was published on the Internet in ways they find
illegal. It would be interesting to know if they would forbid the logging
necessary to investigate crimes which they themselves have started.
Or is these exceptions covered by the terms "unnecessary". This is particularly
interesting, since the data inspection board has in previous statements
shown that they interpret the European data directive very widely, so
widely that it is, for example, not permitted to criticize people on
the Internet without permission from the criticized person. Does the
data inspection board mean that police are not allowed to investigate
crimes, which the board itself has requested investigation of?
statement by the data inspection board directors seem to indicate that
logging in order to investigate computer crimes would be illegal. Why
would this be more illegal than other police methods, for example searching
for fingerprints or DNA analysis? Searching for fingerprints and DNA
analysis can certainly be misused just as much as logging on the Internet.
And computer crime costs billions of dollars each year. Should really
police not be allowed to use logging in order to investigate such crimes?
Would it not be a better solution to specify in the law exactly which
kinds of criminal investigations are allowed to use such logging? In
the same way as there is legal control of who may perform wiretapping,
which is only allowed for investigation of certain crimes (according
to Swedish law).
Jacob Palme <firstname.lastname@example.org>
2nd July 2000