Obligation of data connection storage for German anonymizers (11/15/06 3:40 pm)
The draft for the reorganisation of telecommunications surveillance released by the German Federal Ministry of Justice demands the obligation for identification and the saving of connection data of anonymizer servers. According to the ministry, everyone who runs an anonymizer service and replaces the identification information by another is running a telecommunications service for the public and is subject to storage of connection data for 6 months.
Also, the draft wants email providers to the save data of their customers and to be able to clearly identify them. This could result in being required of providing an identification card when creating an email account with German email services.
In addition, the draft contains a backdoor for the obligation of logging of unsuccessful or unanswered calls as well as the ability of querying connection and location data in real time.
It concludes the serious interference with basic rights by the planned 6 month storage of connection data will not result in random surveillance and is outweighed by the public interest in the "guarantee of effective prosecution". Moreover, the costs caused by the overall storage of connection data is not expected to be significant and should not affect consumer prices.
Comment:
This draft is another proof that the connection data storage EU directive is just the first step of an increasing development of surveillance. In the future, someone's data probably will be stored for a longer period of time when registering or using any service.
However, saving the connection data especially by anonymizer services such as Tor (The Onion Router) might turn out to be useless due to the nature of its network architecture. While one server of the Tor server chain the traffic is flowing through knows the address of the previous and the next server, it does not know what initial address made the request for contacting a service or website and what other servers the request went through. Besides, only some servers in the chain might be German, resulting in being unable to track the entire data route and identify the sender of the request.