All SMS Messages

mountainyman

Directive 2006/24/EC, on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC"

Pursuant to the above and the Data Protection act can I get a copy of all SMS messages I have sent and when they were sent?

MM

seamus

mountainyman wrote:

Directive 2006/24/EC, on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC"

Pursuant to the above and the Data Protection act can I get a copy of all SMS messages I have sent and when they were sent?

MM

I don't think so.

Article four of that directive states:

Member States shall adopt measures to ensure that data retained
in accordance with this Directive are provided only to the com-
petent national authorities in specific cases and in accordance
with national law.

It doesn't oblige the company to disclose the information to you. But this doesn't override the DPA.

Article five doesn't state that companies are obliged to store the payload of the transaction (i.e. the text in the message), only other pertinent detais.

Article six says that the minimum storage period of data is six months, and the maximum storage period is 2 years.

So although the Data Protection Act does apply, the company is only obliged to provide you details with when you sent a message and who you sent it to. They don't have to store the data in the message. Further, they are only obliged to provide you with the (6-month minimum) information they have stored, and not *all* of the information. I know Vodafone, for example, have a company policy of stating that all information more than six months old is gone and cannot be provided to you

mountainyman

seamus wrote:

I know Vodafone, for example, have a company policy of stating that all information more than six months old is gone and cannot be provided to you

Presumably then they don't actually have the information? Because wouldn't they have to give me all information that they had?

MM

Tom Young

Correct. No obligation, this is a counter terrorism measure in the main. Those close to this will know the the Irish Government is litigating this Directive based on the placement of the measure as a directive. Those familiar with the EU Pillars, Pillar 1 or Pillar 3. Three pillars: I: European Community: II: Common Foreign and Security Policy: III: Police and Judicial Cooperation;


The OJ publication was some months ago and its likely to come into force at some point in the next 2 years in the EU in general. We have another measure in place in Ireland re: data retention under the 2005 Counter Terrorism Act.

MM - I doubt you will be successful. Directives in any event are generally actions directed at goverments. So seeking to rely on same would need or have a requirement to show the government failed to transpose etc.

seamus

mountainyman wrote:

Presumably then they don't actually have the information? Because wouldn't they have to give me all information that they had?

Indeed. I know online you can view your bills for about a year, and your call details for about six months. So it really depends on what they have.

Like any good I.T. department, I would assume Vodafone's have backups running back a long time, but I would suspect that in the interests of not having to retrieve backups for customers asking for them, they store customer information on specific backup tapes and wipe them every six months.

johnnyskeleton

On a slight tangent, do mobile phone companies actually have access to what is written in the text message, or just the fact that it is sent?

I would have thought that it travells through in binary or some such language, and that it would need to be specifically interpreted by another device (e.g. another phone). So, unless they are singling out your messages to read, they wouldn't have a record of what you sent, only that you sent something.

This is just how I imagine it to be; rather than them keeping millions of texts stored, they just keep the records of usage.

Is there anyone who works for a mobile phone company prepared to put me straight?

seamus

In the NOC, there's a screen which shows the text of all messages streaming past (just like the one they have in google). Or at least there used to be.

The text messages are sent in binary, but then so is all text. As far as I know, they're just sent in plain Unicode, so pretty much any device can read the text. So the companies "have access" to the content of the text, but because they don't store it, once you and your recipient(s) delete it, the message is gone forever.

aidan_walsh

seamus wrote:

As far as I know, they're just sent in plain Unicode

One byte per character in a regular format SMS, so most likely ASCII. Not that thats actually relevant here

maidhc

mountainyman wrote:

Directive 2006/24/EC, on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC"

The problem is that nobody is sure what that directive requires! Last time I heard McDowell was threatening to take the European institutions to court because the legislation didn't go far enough in fighting terrorists/interfering with peoples rights*

*Not quite true, he was talking about bringing the action based on the competencies of the European institutions and security issues, but the reasons for doing so are as above, since it would require McD to reduce the length of time information is held from telephone companies in Ireland at present from 3 yrs to 2yrs.

Tom Young

Well actually the 2005 Act would remain relevant.
Italy is also a problem, where 2 years is applying at present, with a further 2 years by court order.

Other matters might include:

1. Criminal proceedings.
2. Cost recovery to telco's, search and store.
3. Dynamic IP addressing and dial-up access services.
4. Commission view is that there in no point in reopening the discussion on the merit of the directive. The directive has been adopted and needs to be complied with. The Irish challenge is irrelevant from a transposition point of view - until the Court decides otherwise the directive is legally binding and transposition and implementation must continue.

maidhc

Tom Young wrote:

4. Commission view is that there in no point in reopening the discussion on the merit of the directive. The directive has been adopted and needs to be complied with. The Irish challenge is irrelevant from a transposition point of view - until the Court decides otherwise the directive is legally binding and transposition and implementation must continue.

I would have thought (without reading the directive) that the 2005 Act would need to be modified downwards? Is there a derogation of some nature in it?

If the directive isn't wanted, it won't be implemented for a long long time. We have a pretty bad record in this respect.

Tom Young

Normally I'd agree. The 2005 Act was to rectify a problem with the 1983 P&T act that only captured eircom in call records retention for 6 years in total. Then some S.I.'s were issued against 2/3 other companies re: Data Ret. and another change came in 1993 reducing the period (could be inaccurate, to 3 years).

So effectively I think its stand alone.

During her presidency Ireland put forward 3 years DR with Sweden, UK and France as cooperating member states. I can't see it being modified downwards at all. The after Madrid and London the Enforcement Directive grew legs and Charles Clarkes administration push for agreement. Ireland and Slovakia opted not to vote in support and the litigation follows.

In fairness to the Law Enforcement Agencies here, they have been very proportionate and understanding of the problems with volume, cost, delay and complexity. I think DRI have issues with Constitutional Rights but I am not sure where they are at with that.