In advance of the Swedish government implementing a law that would require all telecommunication providers to store customer data, WikiLeaks' ISP Bahnhof said it will anonymize all customer traffic by default.
Swedish
ISP Bahnhof will pass all customers through an anonymizing service by default
in response to a law that would require telecommunication providers to retain
customer data, the company's CEO said on
Swedish radio.
Sweden
is in the process of passing a law that implements the European Union's Data
Retention Directive, which requires fixed and mobile telephone companies and
Internet service providers to retain customer data to facilitate the "investigation,
detection, and prosecution of serious crimes." Bahnhof,
WikiLeaks'
ISP and host, said it will make the law "toothless" by
implementing a technical solution that will encrypt all customer traffic.
"We
plan to let our traffic go through a VPN service," Bahnhof's Jon Karlung
said in an
interview
with Sveriges Radio (transcript translated through
Google
Translate) on Jan. 26. With the encryption in place, it will be impossible
for Bahnhof to see or log what customers are doing.
The
European
Union's Data Retention Directive, currently under review in several member
states, requires telecommunication providers to retain traffic, location and
subscriber information for all customers for a minimum of six months. Germany
is one of the 20 member states that put the directive in place after it was
established in 2006. But a recent court decision has declared the law
unconstitutional. The European Commission filed a complaint against Sweden
and a number of other countries for not yet complying with the directive.
Sweden
appealed, but lost its case before the European Court of Justice last year. As
a result, the government has proposed legislation that will require Swedish
telephone and Internet providers to retain data for six months. The law picked
the shortest possible retention period allowed by the EU in order to "create
adequate protection for personal integrity," Justice Minister Beatrice Ask
said at the time.
Bahnhof
chose a technical solution that will allow its customers to continue surfing
anonymously, Karlung said. With the encryption in place, Bahnhof will have no
idea what its customers do online, what sites they are looking at or whom they
are talking to, Karlung said. The company will store all customer data up to
the point where the traffic is anonymized, and that information will be
available to the police, but it will be "irrelevant," Karlung said. "What
happens after that is not our responsibility and is outside Bahnhof," he
said.
As
for accusations that Bahnhof will become a safe haven for drug dealers,
stalkers and other criminal elements, Karlung said Bahnhof supports law
enforcement cracking down on Internet crime. Those efforts must be based on
individual cases "where there is suspicion" and not just looking at a
"general storage of all the people's communication," he said.
Ask
admitted to Sveriges Radio that the proposed law has loopholes because
technology changes rapidly. "It is impossible to cover every possible
alternative route," Ask said. "I always think it's bad when you slip
away important legal rules," she said in reference to Bahnhof.
This
isn't the first time Bahnhof circumvented Swedish law. Sweden
introduced the Intellectual Property Rights Enforcement Directive in 2009,
which gave rights holders the authority to request personal details of alleged
copyright infringers. Bahnhof promptly ceased logging customer activity
altogether, claiming there was no data available to hand over.
There
are on average 148,000 requests per year for the customer data in countries
that have implemented the directive, according to the European Commission.
United
States business interests appear to have
pressured Swedish officials to draft the law, according to a U.S. State
Department cable from March 2009 that was released by WikiLeaks, reported
Rick
Falkvinge on his InfoPolicy blog. The
Motion
Picture Association of America is an organization that relies on ISP data
to crack down on piracy. The Federal Bureau of Investigation has relied on such
logs as part of its probe of "
Operation
Payback" attacks perpetuated by the "Anonymous" group of
activist hackers protesting efforts to shut down WikiLeaks.
Anyone
really concerned about staying anonymous can use Internet cafes, anonymization
services, public telephones or unregistered mobile telephone cards.
According
to Sveriges Radio, several other Swedish ISPs are also researching technical
solutions to circumvent the upcoming law. Bahnhof is the only one that has
publicized its intentions at this time.
However,
Karlung says he is all for giving customers a choice. Customers can opt-in to
have Bahnhof save their traffic data for an additional $8 (SEK 50) a month, he
said.
Email
Print
