German data rentention law

Roger Dingledine arma at mit.edu
Sun Oct 19 22:06:58 UTC 2008


On Sun, Oct 19, 2008 at 02:30:32AM +0200, Sven Anderson wrote:
> Am 18.10.2008 um 22:13 schrieb Roger Dingledine:
> >I say "maybe" because it's far from clear that all ISPs will be forced to  
> >log TCP connection start and stop timestamps.
> 
> Wait, ISPs will _not_ log TCP connections (in general).

Great. That would make it even better.

> Do you have  
> any reference for that assumption?

"Some guy at 24C3 told me", I believe is what I'm working with. Lots of
rumors. It would be great to see this one turn out to be false.

> All sources I know don't let any  
> doubt that ISPs will _only_ keep data, which they log anyways, that is  
> which IP has been assigned to which user at which time.

That idea matches what the officers in Stuttgart told me they asked for:
https://blog.torproject.org/blog/talking-german-police-stuttgart
But they also seemed to be under the impression they'd gotten a much
more far-reaching law than they asked for.

> So it will be very interesting how this will continue, since it  
> is assumed by many, that the data retention law violates the German  
> constitution.

Quite so. Good thing all the German laws are so clear. :)

(To be fair, the amount of contradictory legal goo in other countries
is no better.)

So: if it turns out that German ISPs don't log anything related to traffic
headers, then the only remaining concern is the Germany-specific clause
about anonymizing services.

And we do not want to see any Tor relays that log traffic information. So
should Tor's role for now be to simply say "the only risk from the German
data retention law is if its vague wording convinces Tor operators
to install backdoors in their relays. If you think your new law is
enforceable, and would like to backdoor your relay, please shut it down
instead.", and then wait to see how the people fighting the law fare?

Is there anything more active that we could usefully do?

Are there actually any design changes in Tor that are needed for now?
Assuming ISPs don't suddenly start becoming logging stations, and assuming
not very many Tor relays become compromised, there really aren't any
new threats for Tor users.

--Roger



More information about the tor-talk mailing list