20120822 schubert alpbach_final
-
Upload
ispa-internet-service-providers-austria -
Category
Technology
-
view
97 -
download
2
description
Transcript of 20120822 schubert alpbach_final
„between a rock and a hard place“ Maximilian Schubert 21.08.2012, EFA 2012 - Alpbach
About ISPA
Implementation Data Retention Directive
Official Requests for Information by LEA
Outlook & Future Challenges
Overview
About ISPA
• Founded 1997
• Approximately 200 members from the fields of access, hosting, content, services etc.
– 75 % purely Austrian companies
– 25 % are part of international organizations
– Two thirds of members have up to 25 employees
– 50% more than € 1 Mio. annual turnover
– Customer structure 60% mainly business customers 10% mainly private customers 30% both
„ISPA is the Austrian association of Internet Service Providers, representing approximately 200 ISPs. ISPA is the major voice of the Austrian Internet industry. Our goal is to shape the economic and legal framework supporting optimal growth of the Internet and Internet services. We regard the use of the Internet as an important cultural skill and acknowledge the resulting socio-political responsibilities.”
ISPA’s mission statement
Stopline.at - an International Success Story -
ISPA founded Stopline.at, the Austrian internet hotline for
• Child Pornography
– § 207 a StGB (Austrian Penalty Act)
• National Socialist (‘Nazi’) Offences
– VerbotsG, Abzeichengesetz
Reports are handled anonymously, no feedback is provided.
“Deletion instead of blocking & filtering”
Stopline - workflow
Number of illegal content found remains relatively stable
0
1000
2000
3000
4000
5000
6000
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
Potentially illegal reports Incoming reports
Some numbers
More than 21.000 reports since 1998; continuous increase, most likely due to increased awareness.
● Approx. 16% of all reports refer to obviously illegal content
● Approx. 95% of valid reports refer to child pornography
● Approx. 5% of valid reports refer to national socialist offences
In 2011 in only one case illegal content was found to be hosted by an Austrian ISP.
About ISPA
Implementation Data Retention Directive
Official Requests for Information by LEA
Outlook & Future Challenges
Overview
Timeframe for the implementation
t
30th of March 2012 Enactment of decree for reimbursement of costs
2009 2010 2011 2012 2006 2007 2008
Nov 2009 Draft of revised
Telecommunications Act (TKG)
2006 Enactment of DR-Directive
2007 Failure of the 1st implementation
Feb 2009 Assignment of a
Human Rights Institute
July 2010 ECJ: Infringement
of EU law
May 2011 Enactment of national acts
Dec 2011 Publication of
first tech. spec.
1st April 2012 commencement of retention duty
late March 2012 planned go-live of the
data exchange interface (“Durchlaufstelle”; DLS)
Data Retention in Austria - Factsheet
• Retention of traffic data, no content data (Access-IP, mobile communication, Email)
• Retention for a maximum period of six month
• Access to retained data only for criminal offences
• Exceptions for small ISPs and certain technologies (approx. EUR 300.000 yearly turnover, public ISPs, NAT/PAT)
• Data remains with the IPS, exchange interface (DLS) and use of CSV-Files to prevent data mining
• No “ex ante” safeguards for lawyers, doctors, etc.
ISPA actively participated in the implementation
ISPA helped to scope an interface (DLS) which facilitates the secure and transparent exchange of information (CSV-File), while providing a high level of security and transparency.
DLS could provide information on the total number of requests for information!
Data Retention in Austria - Summary -
The Good • Legal definition of “dynamic”-IP-Adr
• High degree of security through DLS
The Bad • Very incoherent legal framework & numerous delays
The Ugly • No requirements for judicial decree & no minimum
sentence required for most important cases (e.g. IP-Adr.)
• Incomplete statistics
About ISPA
Implementation Data Retention Directive
Official Requests for Information by LEA
Outlook & Future Challenges
Overview
Cooperation with LEA: continuous improvement
• Numerous and lengthy legal disputes concerning “dynamic IP-addresses” within last couple of years.
• Reference by the Austrian Supreme Court (OGH) to the European Court of Justice on this matter
• Clarification through adaption of the Austrian
Telecommunications Act §92 Par 3 Z 16 TKG
ISPA position paper and sample answers provide guidance for ISPs and LEAs.
ISPA supports members and LEAs
• formal requirements (e.g. request in writing)
• substantial requirements (within 48hrs, continuing danger)
Requests for information under Austrian Law – legal environment
• Requests for information can be based on different legal grounds
- Telecommunications Act 2003 (TKG)
- Security Police Act (SPG)
- Criminal Procedure Act (StPO)
- eCommerce Act (eCommG)
- Federal Act Against Unfair Competition (UWG)
About ISPA
Implementation Data Retention Directive
Official Requests for Information by LEA
Outlook & Future Challenges
Overview
Future challenges for ISPs - Intermediary Liability -
Directive 2000/31/EC 'Directive on electronic commerce'
Article 14
Hosting
1. Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:
(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or
(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.
Future challenges for ISPs - ACTA et al -
Anti-Counterfeiting Trade Agreement - ACTA [3.12.2011]
Art 27
ENFORCEMENT IN THE DIGITAL ENVIRONMENT
2. Further to paragraph 1, each Party’s enforcement procedures shall apply to infringement of copyright or related rights over digital networks, which may include the unlawful use of means of widespread distribution for infringing purposes. These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity, including electronic commerce, and, consistent with that Party’s law, preserves fundamental principles such as freedom of expression, fair process, and privacy.1
1For instance, without prejudice to a Party’s law, adopting or maintaining a
regime providing for limitations on the liability of, or on the remedies available
against, online service providers while preserving the legitimate interests of right
holder.
Future challenges for ISPs - Net Neutrality -
Net Neutrality
vs.
Network Management
Future challenges for ISPs - Net Neutrality -
Net Neutrality
vs.
Network Management
Future challenges for ISPs - Privacy -
● Continuous improvement of awareness about the safe use of the Internet (e.g. Stopline.at, saferinternet.at)
● Efforts to reduce legal uncertainty as to the liability of ISPs for illegal conduct by their customers
● Contribution to the discussion on copyright and its enforcement
Future challenges for ISPs
BACKUP
BACK UP
BACKUP
NAT/PAT
internal IP: 10.xxx.xx3
internal IP: 10.xxx.xx2
internal IP: 10.xxx.xx1
Explanation: NAT/PAT
Öffentliche POOLADRESSEN
IP_a_194.xxx.xxx.xxa IP_b_194.xxx.xxx.xxb IP_c_194.xxx.xxx.xxc IP_xy_194.xxx.xxx.xxd
NAT
10.xxx.xx7 10.xxx.xx1 10.xxx.xx2 10.xxx.xx3 10.xxx.xx4
Ports Port_a Port_b Port_c Port_xy
PAT
Internal IP: 10.xxx.xx5
internal IP: 10.xxx.xx1
Public IP 194.xxx.xxx.xxb Port a
Public IP 194.xxx.xxx.xxb Port b
Public IP 194.xxx.xxx.xxb Port c
IP-Adr. identical
Ports differ
internal IP: 10.xxx.xx3
internal IP: 10.xxx.xx2
internal IP: 10.xxx.xx1
Explanation: NAT/PAT
Öffentliche POOLADRESSEN
IP_a_194.xxx.xxx.xxa IP_b_194.xxx.xxx.xxb IP_c_194.xxx.xxx.xxc IP_xy_194.xxx.xxx.xxd
NAT
10.xxx.xx7 10.xxx.xx1 10.xxx.xx2 10.xxx.xx3 10.xxx.xx4
Ports Port_a Port_b Port_c Port_xy
PAT
Internal IP: 10.xxx.xx5
internal IP: 10.xxx.xx1
Public IP 194.xxx.xxx.xxb Port a
Public IP 194.xxx.xxx.xxb Port b
Public IP 194.xxx.xxx.xxb Port c
IP-Adr. identical
Ports differ
Even after the implementation of the data retention Directive in Austria ISPs are not under the obligation to store NAT (internal IP addresses) and PAT (Port) information, as such information also had not been stored before the implementation.
Requests must not be answered by the ISP, if the information provided would identify a “larger number” of subscribers (“größere Anzahl” von TeilnehmerInnen).