This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Data Retention and Privacy in Electronic Communications
September/October 2008 (vol. 6 no. 5)
pp. 46-52
Panayiotis Kotzanikolaou, Hellenic Authority for the Assurance of the Communications Security and Privacy (ADAE)
The retention of communication data by network providers, often mandated by legislation, raises social and technical security concerns. A generic model combining technical, procedural, and legal controls can help secure retained data and minimize privacy threats against users.

1. A. Zugenmaier and J. Claessens, "Privacy in Electronic 1. Communications," Network Security: Current Status and Future Directions, C. Douligeris and D.N. Serpanos, eds., IEEE-Wiley, 2007, pp. 419–440.
2. Directive 2002/58/EC of the European Parliament and of the Council, "On Privacy and Electronic Communications, Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector," Official J. European Union,12 Jul. 2002.
3. Electronic Frontier Foundation, "Privacy - Crypto - Key Escrow 1993–4 (US): Clipper/EES/Capstone/Tessera/Skipjack," 2003; http://w2.eff.org/Privaccy/Key_escrowClipper /.
4. Directive 2006/24/EC of the European Parliament and of the Council, "On the Retention of Data Generated or Processed in Connection with Provision of Publicly Available Electronic Communications Services or of Public Communications Networks and Amending Directive 2002/58/EC," Official J. European Union,15 Mar. 2006.
5. J. Daemen and V. Rijmen, The Design of Rijndael: AES - The Advanced Encryption Standard, Springer-Verlag, 2002.
6. R.L. Rivest, A. Shamir, and L.M. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM, vol. 21, no. 2, 1978, pp. 120–126.
7. A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, 1979, pp. 612–613.
8. T. Rabin, "A Simplified Approach to Threshold and Proactive RSA," Proc. Advances in Cryptology (CRYPTO 98), LNCS 1462, Springer-Verlag, 1998, pp. 89–104.
9. A.J. Menezes, P.C. Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.
10. B. Schneier and J. Kelsey, "Secure Audit Logs to Support Computer Forensics," ACM Trans. Information and System Security (TISSEC), vol. 2, no. 2, May 1999, pp. 159–176.
11. "ETSI DTS/LI-00033: Handover Interface for the Request and Delivery of Retained Data," European Technical Standardization Institution and Technical Committee for Lawful Interception (ETSI/TC LI), 2006.
12. V. Stathopoulos, P. Kotzanikolaou, and E. Magkos, "A Framework for Secure and Verifiable Logging in Public Communication Networks," CRITIS 06, LNCS 4347, Springer-Verlag, 2006, pp. 273–284.
13. Dutch Data Protection Authority, "Legislative Proposal (Bill) for Implementation of the European Directive on Data Retention," 2007; www.dutchdpa.nl/downloads_advz2006-01542.pdf .

Index Terms:
Electronic communications, data retention, communication privacy
Citation:
Panayiotis Kotzanikolaou, "Data Retention and Privacy in Electronic Communications," IEEE Security & Privacy, vol. 6, no. 5, pp. 46-52, Sept.-Oct. 2008, doi:10.1109/MSP.2008.114
Usage of this product signifies your acceptance of the Terms of Use.