A network of European and communications tapping centres will be installed to provide law enforcement agencies with 'real-time, full-time' access to the Internet and other new communications systems.
According to leaked European Union documents, Internet service providers (ISPs) will be required to install and operate 'interception interfaces' in their premises in order to operate the systems. These will be contained in secure areas, and be accessed and operated only by security-cleared members of staff.
The so-called interfaces will have to operate internationally, so that law enforcement agencies in one country can monitor users in another by remote control. ISPs will be required to provide sufficient bandwidth to securely relay targeted communications from their networks to whichever remote interception facility wants to listen in.
The leaked documents, called Enfopol 98, set out 54 detailed interception and security requirements to be imposed on ISPs and network operators.
Under the regulations, ISPs will be compelled - once interception is authorised - to provide direct access within minutes or hours of a request being made.
Once the tap is running, ISPs must instantly download not merely any Internet data being sent to or from the 'intercepted person', but all available personal particulars including credit-card numbers used to pay for the account, PIN codes, passwords and log-on identities, and encryption algorithms and keys.
The Home Office last week said that the Enfopol 98 plan, which was first drawn up in September by Austrian officials, was 'over the top'. It said that a more sensible revision would be completed by German officials for EU ministers to see.
Since then, Computing has obtained a leaked copy of the German revision.
In this version, the security regulations to be imposed on ISPs have not been dropped, but have been put in a separate papers which would not be reviewed by ministers.
See leader, page 37.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy