So, I’m just in from the SAGE.ie Symposium on Data Retention in Trinity College See Here

First off I want to give a big thumbs up to Donal and Liam and all involved in putting tonight together, it was a hard brief to try and keep the techie members of the audience interested and entertained, whilst explaining the technologies involved to the non techie members without loosing them in the technology.

A few points mentioned tonight struck me, and I have to say, the most significant one to me really is a bit of a shocker, and it’s the one I’m going to start off with here.

The point was made by Andrew Barnes, who was talking about when he was consulting over in Australia, where they have introduced similar legislation to the Data Retention currently being discussed in Ireland and how it impacted on the University he was working for. All of the different departments within the University set out to tackle their data retention in their own individual way, but in one group in particular, where they had sucessfully implemented the laws, there was a user base of ~400 users and a Systems Administrator headcount of ~40 sysadmins. Even with this level of staffing of sysadmins, they were serverly stretched in their resources according to Andrew. At the time of writing however, I do not know if these were full/part-time SysAdmins.

This immediately raised the hairs on the back of my neck. This means that we are talking about needing to have a circa 10:1 ratio of users to sysadmins. Those numbers are staggering. Obviously different scenarios will dictate different needs and figures, but if we take an institution like UCD with its ~25,000 students, that leaves a need for 2,500 sysadmins!!! Now expand that thought a little and take Eircom.net as an example. With our current customer levels of ~550,000 active users, that leaves us needing a staffing level of ~50,000 sysadmins!!! I think not. Even a very conservative figure though leaves us needing a huge amount of extra staff.

Donal gave the point that on his HEAnet network they push through 40 megabytes of traffic per second. To put this into perspective, it would take a standard home user approx 6 hours to download a 40 meg file onto their pc. So, as we can see, that’s a whole lot of data (8640000 Meg’s per day to be precise). To archive that on tape alone creates a staggering amount of tape, and a huge cost to go with it.

One other point that was raised was that of copyright. Although it was touched on in a very basic sense at the meeting, as in if I send someone an email to their work address, and it’s retained by the employer of the intended recipient, then they are holding onto my Intellictual Property without my consent and in breach of basic copyright laws. Expand that one a little further to companies relaying email/traffic through an ISP. The ISP is forced to retain this traffic. This traffic may in fact contain sensitive information belonging to a competiting ISP (say someone in Esat mails details of a project they are working on to a contractor who has their email solution provided by Eircom.net) then Eircom.net retain sensitive copyright of a competitor. Now don’t tell me that there are not going to be companies out there not willing to exploit this fact to their own advantage!

When I came home, my family, being either of the non techy or young variety asked me what the meeting tonight was all about. So I explained it to them on two levels.

  • One: Data retention is bad from a privacy/human rights point of view. Ok, we can say that this data should be safe from prying eyes, but we all know that nothing is entirely secure and safe in the IT industry. Ok, if data is archived on tape and stored in a remote secure location with no machies to read it nearby, it’s fairly safe, other than someone physically stealing the tape and running away with it. But if this data retention idea stays around with us, and let’s face it, once it’s implemented, where is going to be the sense in going back on things, and storage technology develops in years to come to the point where all our data can be stored on live servers with internet connectivity, and no need for archiving to tape, then these systems could potentially be hacked, and all of our data about emails sent/received, webpages viewed etc could be compromised. That for me is a very worrying thought that I haven’t heard being passed around much. As was asked of one of the non technical members of the audience tonight, data storage mechanisms currently lag behing the development pace of other IT related areas, but I can’t see this being the case forever.

  • Two: From a technical point of view, trying to archive all this data will be a massive task to be undertaken. To quote Donals figures again:

    DDS tape holds 20 Gb, writes 3 Mbytes/sec, EUR 25 each
    HEAnet: 13 tapes every 5 days, EUR 65 per day
    HEAnet: EUR 23k and 949 tapes/year!

    Added to this is the fact that traditionally network data volumes double year on year, so therefor the amount of resources, tapes and cost also doubles year on year. On top of this, it’s all very well having all of this data backed up, but what if 5 years down the line, the powers that be decide they want to see what other sites I viewed when writing this article, and who I chatted to about it, how does one go about getting their hands on that data again. It would take some pretty special cataloging of tapes, and a reliance on old technology (well we’d like to think of DDS as old in 5 years time!) to actually dig out this information. And what about in a case that involves a lot of different ISP’s and countries, the task of mining that data is mind boggling. And ultimately, who should the responsibility of digging up that data fall on, the tech’s belonging to the company/ISP in question, or those of the relevant authorities.

    • I know all of these musings have been based on a worst case scenario of the government implementing these requirements into law, and I have to say that if I take a step back and look at things that I know (hope) such a situation will never arise. We will have to come to a compromise on things that best suits both parties. I would be intersted to see if the government would be prepared to finincally help out the companies and institutions involved. I don’t mean by means of a cash in hand incentive, but perhaps tax breaks or some such incentive, as implementing such a system is going to cost everyone a whole lot of money.

    I would also encourage every internet user in the country to closely follow developments in this field, after all it is going to be the consumer who is most affected. Yes, ISP’s may have to pay to implement the technology, SysAdmins may have to toil over implementing the technology, but at the end of the day it is the end user who will be having their each and every step on the internet monitored and logged and accessable to someone.

    Donal’s Presentation from tonight can be found here
    Liam’s can be found here