Wednesday, January 22, 2014

Meta Data Stored by EU Providers Unreliable

An investigation by the Dutch online news outlet NU.NL has concluded that meta data stored by telecom providers is unrealiable. Lawyers fear intelligence and law enforcement agencies will be misled

Cartoon by Bob Englehart, Hartford Courant (Source)

Telecom providers are obliged to store the delivery data of who is calling/texting/mailing who, but it's very simple to manipulate the address of the sender. There are various commercial services available - for example Spoofcard - that enables calls or text messages from a fake number. This information also ends up in the provider's data storage. Because of the regulation to store this meta data, the false information is also ending up with the intelligence and law enforcement agencies.

Retrieving the actual sender is a very complicated process. All seven Dutch providers showed consistently the same pattern. Theoretically the switch can be detected, but only with a lot of trouble. Only when the receiver's data is cross checked it transpires that the call hasn't been registered. This process is time consuming and in some cases if a call originated abroad, it was next to impossible.

Lawyers are very worried. Chances are real that innocent people may be convicted. If indeed any abuse has already occurred is hard to ascertain at this stage. Two providers, speaking in anonymity, admit manipulated data has been subpoenaed. Law enforcement has been known to complain about missing calls and messages.

Provider SX4ALL points out that the data was never intended for law enforcement purposes. It is primarily intended for technical and billing purposes. XS4ALL spokesman, Niels Heijbregts: "When establishing a connection evidently the number of the receiver is important, but it is technically irrelevant if the number of the caller is correct; it's also immaterial for billing purposes. Therefore this is not checked. When this system was put in place, the European Union considered that this information could be of use to law enforcement. But if you decide to use stuff for things it wasn't intended for, problems can be expected."

The regulation that data must be stored has been controversial in the EU from the start. Experts very much doubt the effectiveness and the practice has been declared unconstitutional in various countries. Since the revelations of NSA whistle blower Edward Snowden, it is clear that states massively rely on said data. In 1012 2,7 million subpoenas were issued.

Barack Obama has said on Friday he wants to store the data with third, independent parties.

(Source, Dutch)