WikiLeaks ISP anonymizes all traffic to neutralize data retention laws
The Internet service provider (ISP) hosting WikiLeaks’ servers is fighting back against the European Data Retention Directive by running all customer traffic through an encrypted virtual private network (VPN) service before logging it.
The European Data Retention Directive, which was approved in 2006, aimed to identify the origin, time and means of communication for all Internet traffic to support investigations.
By anonymizing all traffic, not even WikiLeaks ISP Bahnhof will be able to see what customers are doing, making any such logs useless.
“In our case, we plan to let our traffic go through a VPN service,” Bahnhof’s Jon Karlung told SR. “Technically, this is a stealth section, we will store all data up to this point of invisibility.”
“What happens after that is not our responsibility and is outside Bahnhof. So the only thing we are going to store is very little information, which in practice will be irrelevant,” he added.
“Since the service will encrypt user traffic, not even Bahnhof will know what their customers are doing online,” TorrentFreak noted. “If the ISP doesn’t know about their activities, then there’s not much to log. Nothing to log means there’s nothing useful to hand over to authorities and anti-piracy companies.”
In 2009, Bahnhof thwarted Sweden’s Intellectual Property Rights Enforcement Directive (IPRED) by ceasing to log customer traffic at all. IPRED allowed copyright holders the ability to request personal details for alleged offenders.
Under implementation of the European Data Retention Directive, logs were once again required — so the company decided to take new measures to protect their customers.
A recent study of German police statistics found that the European Data Retention Directive was “ineffective” in fighting serious crime.
Sweden’s plan to require ISPs to retain information was driven by US business interests, according to a US State Department cable from March 2009, revealed late last year by WikiLeaks.
Another cable, detailing a communique from April 2009, revealed that US business interests also played a role in the passage of a French law that created Internet user blacklists, ostensibly to be used against people who accessed copyrighted content online. The movie and music industry groups MPAA and RIAA suggested the move was key to their anti-piracy efforts.
— With earlier reporting by Stephen C. Webster