Data Retention Services with Soft Privacy Impacts: Concept and Implementation

Michael Schafferer, Markus Gruber, Christian Schanes, Thomas Grechenig
DB

Abstract

Data retention is a controversial instrument of governments and their agencies with the background of fighting terrorism and crime. In 2006 the European Union (EU) passed the directive 2006/24/EC, which is about the retention of data generated or processed in connection with the provision of publicly available electronic communications services, or of public communications networks. Based on the Austrian approach, this paper shows how it is possible for governments to implement a data retention system supporting authorities while taking into account a best possible protection of their citizens’ personal data and privacy. The authors implemented a proof-of-concept using a centrally managed service to exchange necessary retention data between corresponding authorities and provider. The concept is based on strong cryptographic algorithms ensuring end-to-end encryption while enabling central monitoring and administration. Therefore it is in conformity with the directive, as well as Austrian law, and enforces a core aspect to guarantee citizens privacy.

Type
Conference paper
Publication
Talk: 5th IEEE International Conference on Software Engineering and Service Science (ICSESS 2014), Beijing, China; 06-27-2014 - 06-29-2014; in: “Proceedings of the International Conference on Software Engineering and Service Science”, IEEE, Curran Associates, Inc. (2014), ISBN: 9781479932801; 178 - 181
Christian Schanes
Projektass. Dipl.-Ing. Dr.techn.
Thomas Grechenig
Thomas Grechenig
Ao.Univ.Prof. Dipl.-Ing. Dr.techn.