Royal order from September 19, 2013
The minister of Justice, Annemie Turtelboom and the minister of economy, Johan Vande Lanotte are the authors of a proposition that is now a royal order published on October 8, 2013 in the Belgian Official Journal. It concerns data retention by Internet service providers and telephony providers (fixed or mobile). It is available (in French) at this URL, the Dutch version is available at this URL.
I am not a lawyer, but highlighting the important points of this order seems important, since it extends considerably the European directives (directive 2006/24/EC and directive 2002/58/EC) on which it’s based and which already require data retention, that is, according to me, malevolent and imposes a useless cost on service providers.
The data must be saved by Internet service providers and telephony providers during a year and are held at the disposal of Belgian courts. This data, to summarise, allows to know whom communicates with whom: IP addresses/phone numbers, connection time, etc. All billing information must also be kept. It’s what the NSA pretends it intercepts (and only that, they say…) and that has created some heated debates: what they call themselves in their own jargon^W newspeak “metadata”. One can speculate that this data will facilitate finding suspects worthy of wiretapping by the executive branch of the Belgian State — and their friends that have legal recourses against privacy, such as the Belgian Anti-piracy Federation — among other things.
I also fear the malevolent use of this data by foreign spies: the intrusion of Belgian ISPs has already happened.
Finally, it should be noted that this text is a royal order and not law voted in parliament. Apparently, it doesn’t have the same status and can be invalidated in court, but let’s not count on that.
To avoid this newly legal broadened surveillance, you should (and always have, surveillance isn’t new):
- Encrypt all communication, no matter their nature or importance.
- Use darknets and access the Web via The Onion Router.
- Use steganography.
- Host the services you use yourself.
The website PRISM Break has useful links even if you aim to protect yourself from somebody else than the NSA.
That being said, I don’t really fear the Belgian State when I see this:
% nmap -A www.ejustice.just.fgov.be
Starting Nmap 6.40 ( http://nmap.org ) at 2013-10-09 21:25 CEST
Nmap scan report for www.ejustice.just.fgov.be (193.191.241.18)
Host is up (0.015s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http-proxy BlueCoat SG-400 http proxy
|_http-favicon: Netscape Enterprise Server 4
| http-open-proxy: Potentially OPEN proxy.
|_Methods supported: CONNECTION
|http-robots.txt: 7 disallowed entries
| <path> /mopdf/ /tsv_pdf/ /bulpdf/ /vzwpdf/ /cgi/api2.pl
|_/cgi/list.pl
|_http-title: Site doesn't have a title (text/html).
443/tcp open ssl/gnutella LimeWire Gnutella P2P client
|_http-favicon: Netscape Enterprise Server 4
| http-robots.txt: 7 disallowed entries
| <path> /mopdf/ /tsv_pdf/ /bulpdf/ /vzwpdf/ /cgi/api2.pl
|_/cgi/list.pl
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=www.mbbs.just.fgov.be/organizationName=Ministerie van Justite/stateOrProvinceName=Brabant/countryName=BE
| Not valid before: 2004-08-24T14:00:12+00:00
|_Not valid after: 2014-08-22T14:00:12+00:00
|_ssl-date: 2013-10-09T19:26:45+00:00; -1s from local time.
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_RC2_CBC_128_CBC_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_DES_64_CBC_WITH_MD5
| SSL2_RC2_CBC_128_CBC_WITH_MD5
|_ SSL2_RC4_128_EXPORT40_WITH_MD5
7777/tcp open http Dreambox httpd
|_http-favicon: Netscape Enterprise Server 4
| http-robots.txt: 7 disallowed entries
| <path> /mopdf/ /tsv_pdf/ /bulpdf/ /vzwpdf/ /cgi/api2.pl
|_/cgi/list.pl
|_http-title: Site doesn't have a title (text/html).
Service Info: Devices: proxy server, media device
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 69.04 secondsNetscape Enterprise Server 4 is Web server software released in September 1999 and SSLv2 is deprecated since 1996.