How data retention is done in Germany

[OpenSourcerer 1359]

Today Posteo published a letter they got from a company called Uniscon, a cloud provider as it seems. This letter allows a sneak peek on how German authorities are planning on enforcing data retention in Germany. Who would've thought it - by outsourcing this to private entities. It goes well beyond pathetic, they can't even do it themselves!

 

So, yes, the letter. In the letter, CEO Martin Kinne introduced a product he calls "VDSaaS" (VorratsDatenSpeicherung as a Service) - a service tailored to the "needs" of telecommunication providers as the new data retention regulations come into effect. Several points were made to emphasize the need for their service:

• Secure storage of all data, no word on where this happens
• An automated process of processing requests for all kinds of data from all kinds of authorities
• They would exclusively communicate with the Federal Network Agency and make life easier for telecommunication providers (not sure how, though)
• Full compliance with our "Telecommunications Act" (TKG)
• Full transparency for the number of Call Detail Records and web dashboard requests given out (Is this web dashboard comparable to accessing and searching all data with a few clicks? No word on that.)
• Low cost
• ...

The critical part, though, is where he claims this service has been closely developed with our Economics Ministry. So this ministry of ours generally approves that it's better to outsource this "difficult" task and enable private entities handling sensitive and possibly identifying data. Right, let's just give these out on the free market, what can possibly go wrong? They claim to be secure, after all!"..

 

Mr. Kinne apparently doesn't know that email providers in Germany are not counted towards the telecommunication providers, so laws affecting that very providers don't apply to Posteo. His campaign is a clueless attempt at being present on the market. And what a market this is, where our authorities help generate revenue!

 

So, dudes in Germany, there is a data retention law coming to effect July 01, 2017 and from the looks of it, private entities will have a look at some of your everyday metadata, possibly made available through easily searchable databases. If you're still not convinced whether to use a VPN or not, maybe this will help you in your decision. Clock is ticking.

 

Dudes outside of Germany, Posteo is still a very viable mail provider choice. They are not interested in your data, as they just proved again.

 

The original post (in german) with the letter

[tuxornot 2]

Thank you for posting this, makes an interesting read. Once private entities become involved with data in this way the only possible outcome will be a huge mess or as we say over here 'strong and stable' !  /s

 

As a user of posteo I often take it for granted, I sometimes forget that its there, in the background working seamlessly, your post reminded me to actually visit the website and have a good read  :-)

 

--