Wednesday, October 24, 2007

Update: Using "evil" dataretention for emergency (e911 and 112) services good

At RIPE 55 a presentation was given by Alexander Mayrhofer on internet based emergency calls. One of the main problems they need to deal with is to get location data with IP-adresses. In the traditional telephone world we faked knowing where the caller of 112/911 emergency was, by equating it with the address in the telephone book. For years this was kind of sufficient, except when calling from an outside branch office, than you would notice the firemen arriving at the head office :-) Mobile made the world more difficult, but that is solvable by an antenna register and equipping phones with GPS. VoIP in its nomadic form is a different beast all together. The presentation is quite clear on all the complications.

This problem of tying IP adresses to locations is also faced by law enforcement when hunting down terrorists, child pornographers, serious crime and cyber criminals (the four horseman of the apocalypse). To aid law enforcement in this quest, the EU has written a data retention directive that requires telecommunications networks, to retain who was given what IP-address and at what location. The exact specifics vary between countries and interpretations of the directive. So lets bring these two together, give emergency services access to the up to date data retention databases and presto one of the problems (partially) solved. For ISP's it saves building two systems. For law enforcement it saves accessing two system and gets as an extra bonus that an ISP will be more willing to improve the quality of the database.

Update October 29th, 2007: Continuous improvement picked up on this article. He thinks that getting the information right for e911 will help the data retention people and not the other way round. I do think it is the other way round mostly. Getting data retention right will help in those occasions when someone calls a e911/112 emergency number. With data retention the government wants to know when and where you used your mobile/VoIP. They will need to get this right anyways. A special subsection is 112, so getting access to the special subsection sounds more logical IMHO than the other way round


Koos van den Hout said...

First of all: I see dataretention as something very evil as it creates a database of historic personal behaviour that can (and therefore will) be abused. With that in mind, adding a new category of users who can access the collected data adds a new potential for abuse, and searching for a way to use this for "good" use by emergency services sounds like searching for a way to find a good aspect to something that is (to me) a bad idea in the first place. I also wonder how big the real problem is: how many emergency calls do need location data from other sources than the person on the phone.

Anonymous said...

1) It's the infocalypse;
2) Datarentention will have it's own rules on who can access the data under what rules. Dataretention with 'direct access to data' looks very similar to 'tapping' and those two are very very different (at least they should be)