By John Leyden for The
Register.
This story has been reproduced with permission.
The controversial measures, enacted to aid the fight against
terrorism, would compel telecom firms to keep customer email logs,
details of internet usage and phone call records for up to two
years.
The content of messages isn't covered by the directive, which is
designed to harmonise European laws. EU member states have until
September 2007 to apply the directive into national laws.
Opposition to the measures has thus far centered on privacy
concerns. Critics argue that existing voluntary data retention
provisions are sufficient.
But cost, and who pays, is also a factor. The directive doesn't
oblige member states to reimburse telecom companies for additional
costs incurred in servicing law enforcement requests, a factor
highlighted by market analysts Frost & Sullivan in a recent
report on the impact of the directive on the telecoms sector.
Service providers and operators need to adapt their systems by
the time various national governments implement the European
provisions on data retention as law. For example, call detail
record (CDR) systems will need to be revamped to cope with the
increase in communication and traffic data to be stored and
managed. Importantly service providers not previously obligated to
retain data will now be governed by the EU Directive stipulations,
Frost & Sullivan notes.
"Implementing solutions compliant with the EU Directive on Data
Retention will result in an onerous burden on communications
service providers and operators," said Frost & Sullivan senior
industry analyst Fernando Elizalde. "The provisions of the EU
Directive will apply not just to mobile and fixed telephony, but
also to Internet telephony, e-mail services and messaging
services."
Service providers will be obliged to respond to lawful requests
from law enforcement agencies "without undue delay", however the
legislation fails to clarify what this might mean in practice.
"The EU Directive introduces the idea of 'without undue delay'
as a criterion to measure service providers' responsiveness to
requests from law enforcement agencies. However, it is not clear
how long the delay can be- interpretations of this criterion vary
from minutes to a few hours," Elizalde added.
Marie-Charlotte Patterson, vice president of corporate marketing
at records compliance management firm AXS-One, said the need to
keep records of millions of private emails or phone calls is hardly
a new concept. Although the directive goes much further than
keeping records purely for billing purposes, careful planning
should help carriers to make the project as painless as possible.
There might even be the possibility of using the data to market new
services to customers, she added.
"Telecommunication companies need to approach the new
legislation in the right manner to ensure that the project meets
the new regulatory directives, but also provides some potential
value-add to both the customer and carrier. Key to this is,
understanding that accurate and timely access of historical records
and the ability to securely destroy records at the end of their
retention period are as important as retention. So only considering
the retention and storage aspects of the requirements are not
sufficient," she said.
© The Register
2007
