In advance of the Swedish government implementing a law that would require all telecommunication providers to store customer data, WikiLeaks' ISP Bahnhof said it will anonymize all customer traffic by default.
ISP Bahnhof will pass all customers through an anonymizing service by default
in response to a law that would require telecommunication providers to retain
customer data, the company's CEO said on
is in the process of passing a law that implements the European Union's Data
Retention Directive, which requires fixed and mobile telephone companies and
Internet service providers to retain customer data to facilitate the "investigation,
detection, and prosecution of serious crimes." Bahnhof, WikiLeaks'
ISP and host
, said it will make the law "toothless" by
implementing a technical solution that will encrypt all customer traffic.
plan to let our traffic go through a VPN service," Bahnhof's Jon Karlung
said in an interview
with Sveriges Radio
(transcript translated through Google
) on Jan. 26. With the encryption in place, it will be impossible
for Bahnhof to see or log what customers are doing.
Union's Data Retention Directive
, currently under review in several member
states, requires telecommunication providers to retain traffic, location and
subscriber information for all customers for a minimum of six months. Germany
is one of the 20 member states that put the directive in place after it was
established in 2006. But a recent court decision has declared the law
unconstitutional. The European Commission filed a complaint against Sweden
and a number of other countries for not yet complying with the directive.
appealed, but lost its case before the European Court of Justice last year. As
a result, the government has proposed legislation that will require Swedish
telephone and Internet providers to retain data for six months. The law picked
the shortest possible retention period allowed by the EU in order to "create
adequate protection for personal integrity," Justice Minister Beatrice Ask
said at the time.
chose a technical solution that will allow its customers to continue surfing
anonymously, Karlung said. With the encryption in place, Bahnhof will have no
idea what its customers do online, what sites they are looking at or whom they
are talking to, Karlung said. The company will store all customer data up to
the point where the traffic is anonymized, and that information will be
available to the police, but it will be "irrelevant," Karlung said. "What
happens after that is not our responsibility and is outside Bahnhof," he
for accusations that Bahnhof will become a safe haven for drug dealers,
stalkers and other criminal elements, Karlung said Bahnhof supports law
enforcement cracking down on Internet crime. Those efforts must be based on
individual cases "where there is suspicion" and not just looking at a
"general storage of all the people's communication," he said.
admitted to Sveriges Radio that the proposed law has loopholes because
technology changes rapidly. "It is impossible to cover every possible
alternative route," Ask said. "I always think it's bad when you slip
away important legal rules," she said in reference to Bahnhof.
isn't the first time Bahnhof circumvented Swedish law. Sweden
introduced the Intellectual Property Rights Enforcement Directive in 2009,
which gave rights holders the authority to request personal details of alleged
copyright infringers. Bahnhof promptly ceased logging customer activity
altogether, claiming there was no data available to hand over.
are on average 148,000 requests per year for the customer data in countries
that have implemented the directive, according to the European Commission.
States business interests appear to have
pressured Swedish officials to draft the law, according to a U.S. State
Department cable from March 2009 that was released by WikiLeaks, reported Rick
Falkvinge on his InfoPolicy blog
. The Motion
Picture Association of America
is an organization that relies on ISP data
to crack down on piracy. The Federal Bureau of Investigation has relied on such
logs as part of its probe of "Operation
" attacks perpetuated by the "Anonymous" group of
activist hackers protesting efforts to shut down WikiLeaks.
really concerned about staying anonymous can use Internet cafes, anonymization
services, public telephones or unregistered mobile telephone cards.
to Sveriges Radio, several other Swedish ISPs are also researching technical
solutions to circumvent the upcoming law. Bahnhof is the only one that has
publicized its intentions at this time.
Karlung says he is all for giving customers a choice. Customers can opt-in to
have Bahnhof save their traffic data for an additional $8 (SEK 50) a month, he