From: Owen DeLong <owen@delong.com> Date: Tue, 10 May 2011 12:02:33 -0700
On May 10, 2011, at 11:49 AM, Michael Holstein wrote:
In the EU you have Directive 2006/24/EC:
But I'm not, and neither are most of the ISPs in the linked document.
Regards,
Michael Holstein Information Security Administrator Cleveland State University
In the US, I believe that CALEA requires you to have those records for 7 years.
Owen, Afraid not. As of this time there are no data retention requirements in CALEA. There is a proposal to add data retention to CALEA this year, but I can't even find anything indicating the legislation has been introduced. According to an article in the NY Times last fall, the FBI will be asking for several new tools in CALEA that include data retention requirements, requiring P2P software to allow intercept and requiring that providers dong encryption (e.g. Blackberry) to provide the ability for the government to decrypt the data. I don't know that legislation has actually been introduced, though. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751