Data Retention

1
Data Retention

• Kurt Alavaara
• Swedish National Police Board

2
Why is Communications Data needed?

• Communications between criminals are conducted
  via electronic communication services.
• Communications data provides fast, secure and
  accurate evidence of the activities of suspects,
  the corroboration of witnesses and victims alike.
• Communications data is often the only source of
  information which assist Law Enforcement Agencies
  to conclude with successful investigations rather
  than failure.
• Criminals seek to encrypt their communication but
  even though content is encrypted, the link
  between those persons will still be the
  communications data.
• The communications data can be seen as
  electronic fingerprints.

3
Why is Communications Data needed?

• Communications data is essential for the
• investigation of serious crime.
• The value of such data can not be overstated, it
  can be the difference between life and death-
  guilt or innocence.
• Lack of access to communications data will lead
  to more unsolved serious crimes and more cases
  where the public authorities could not protect
  people from harm.

4
What type of Communications Data is needed in
investigations?

• Where it is necessary and proportionate for legal
  purpose is it the data that
• assist Law Enforcement to trace and identify the
• (a) source of a communication
• (b) destination of a communication
• (c) date, time and duration of a communication
• (d) type of communication
• (e) users communication equipment or what
  purports to be their equipment
• (f) location of mobile communication equipment
• The EU DRD does not require the content of the
• communication be retained.

5
EU-Data Retention Directive (EU-DRD)

• The EU-DRD aims to ensure that the communications
  data are available for the purpose of the
  investigation, detection and prosecution of
  serious crime.

6
EU-DRD, developments

• The decision in the EU has resulted in
  development of an ETSI-standard for handover
  interface for retained communications data.
• The Industry has developed technical solutions
  for retention of communications data.
• Retention solutions must provide security to
  address privacy and data protection concerns.
• Retained communications data can be stored
  encrypted and only accessed in response to a
• legal requirement to disclose.

7
Future aspects

• From a Law Enforcement perspective it is
  important that development of new techniques and
  technologies for electronic communication is
  taken into account by the EU-DRD, EU Privacy
  Directive and other policy developments.
• In the future, there should be industry
  standards in place which take account of the data
  mentioned in the EU-DRD.
• It is of great importance for Law Enforcement
  agencies, when overlooking the migration from
  classic circuit switched- to packet switched
  technology, that the EU-DRD can meet this
  migration and safeguard that applicable data is
  retained.
• To meet the future technologies, such as new
  IP-services and Cloud Computing, there is a need
  for close co-operation between the public
  authorities and the industry. The EU-DRD Group of
  Experts has a vital role to play in this context
  as an example to member states.

8
Global issues?

• There is an ongoing trend that the data is
  processed and stored in the cloud. This new
  trend called Cloud Computing is causing new
  challenges for Law Enforcement Agencies.
• Some of these new challenges can be
• In what jurisdiction is the data kept?
• For how long period is the data stored?
• How is the data secured and protected from
  unlawful access if it is stored outside your own
  jurisdiction?

9
The Gap?

• The EU-DRD is limited to cover just some of the
  electronic communication services, for example
  services like chat and FTP is not covered.
• As a representative for Law Enforcement Agencies
  I am concerned that these services, not covered
  by the EU-DRD, are going to be used by criminals
  and terrorists to avoid that communications data
  is accessible for public authorities.

10
Conclusions

• Communications data is absolutely crucial for the
  purpose of investigation, detection and
  prosecution of serious crimes and terrorist
  threats.
• The EU-DRD has been a starting point for
  development of technical solutions
• for retention of communications data.
• The development of new technical solutions can
  also lead to a secure storage, based on
  encryption, which can balance the privacy and
  data protection concerns.
• A close co-operation between public authorities
  and the industry is needed
• to meet the future challenges.
• The lack of access to communications data from
  services which are not covered by the EU-DRD can
  be a serious threat against investigation,
  detection and prosecution of serious crimes and
  terrorist threats.
• The efficiency of investigation, detection and
  prosecution of serious crimes and terrorist
  threats is dependent of the methods and tools Law
  Enforcement Agencies can use. The future is not
  only a question of privacy it is also a matter of
  public safety and security.
• The safety and security of the citizens in our
  societies is in the hands of the politicians in
  the European Union.