Lately we have repeatedly reported on safety aspects of IT since the topic of data retention has come to public awareness internationally. We consider the currently proposed solution of data retention in Germany as wrong but will provide a better solution:
First of all, data retention is illegal according to law and violates the fundamental rights of the European Union.
Secondly, the main argument for data retention is the ability to facilitate crime detection, but in fact there is not a single example for the contribution of data retention to crime detection. Thirdly, data retention involves a great risk: Since being able to grant the enduring security of the collected data in today’s rapidly moving IT-world is a fairy tale, skilled hackers will be able to get hold of the data. This is not an acceptable option. Additionally, the german law enforcement has a history of damp squibs like the “Bundestrojaner” which doesn’t quite encourage reliability.
Lastly, many perpetrators are aware of effective counters to data retention like VPN, Proxy and encryption. Therefore the proposed solutions in data retention would not apply to the target group, making the solution not only useless but dangerous for the illustrated reasons.
We propose a dual solution for the desired purpose: a first instance analyzes data in real time, making storage of random data dispensable. Based on algorithms like predictive behavioral targeting (as discussed in a previous article) the program is able to deduct further actions. If the acquired information is relevant, further information could be used. For example the program would now work with anonymous data such as hashed or alienated IPs or with the fingerprinting process. If the program would find concrete evidence of criminal activities, personal data could be acquired via court order.
As a result, the balance between security and privacy is ensured. Big companies like Google, Zanox and plista are already using these techniques. Why shouldn’t we?