GuestTrack Compliance tracks and retains all guest activity on Open-Mesh networks to help public network providers meet the legal requirements of their national governments.
Apparently anyone providing access to the general public from their network connection may be liable for the conduct of their guest’s use of the internet. If the network access provider (someone providing wired or WiFi access to guest users) wants to escape those liabilities then they need to provide records to their Local Law Enforcement Agencies that can prove that their guest(s) specifically accessed the internet using the respective guests’ electronic device’s MAC address at a specific date and time. This can only be done if that network has constant monitoring and recording of all activity on that network.
Where does Guesttrack Compliance fit in?
Guesttrack’s “Compliance” software as a service (SaaS) is the most economical way to reduce or eliminate those potentially risky liabilities. Without Guesttrack Compliance you would have to invest in very expensive hardware solutions that also provide extensive local storage and you would have to consciously maintain and remove any data older than your government’s requirements of 6 to 24 months storage – depending on jurisdiction. Anything stored a day longer than mandated would open you to additional risk and liabilities. The Communications Assistance for Law Enforcement Act (CALEA) is a USA federal mandate with fines up to $10,000 per day when hotels/cafes/restaurants/public venues that provide internet to their guests are non-compliant!
Guesttrack is able to serve either of two existing models of logging and storage.
1) Data Retention(Blanket) Order/Act/Directive – where all data for all users must be stored for up to two years in case of a specific request for information from a law enforcement agency
2) Data Preservation Order – where data pertaining to a specific case or suspect is only recorded for a finite period at the request of a law enforcement agency and forwarded in a predefined format directly to the law enforcement agency for their own review without any storage at Guesttrack. At this time Canada is the only country using a “Data Preservation Order” but several European countries are now considering or beginning to adopt the “Data Preservation Order” instead of using the “Data Retention” methods mandated by the Data Retention (EC Directive) Regulations 2009
For more information about Compliance and Government mandates and their directives, visit the following links we found on the web.
References found for CALEA and DCMA compliance.
Communications Assistance for Law Enforcement Act, or CALEA
CALEA Compliance Guide for WISPs
http://www.wispa.org/calea/WCS – very useful when trying to interpret the CALEA directives.
References found for compliance in other jurisdictions.
For England – The Data Retention (EC Directive) Regulations 2009
For England – http://www.legislation.gov.uk/uksi/2009/859/contents/made – retain data for one year. – Part 3.
For England – http://www.legislation.gov.uk/uksi/2009/859/schedule/made – communications data to be retained
For Europe – The European Directive (2006/24/EC)
EU Legislation has come into force since 6th April 2009, under The Data Retention (EC Directive) Regulations 2009. This has an effect on the wireless sector where certain data is required to be retained and kept for a minimum of 12 months from the date of the communication. The directive was designed to aid Police; Security and Intelligence agencies undertake law enforcement and public safety functions. Previous to this directive, data retention was voluntary, and it became difficult for long running investigations to be supported. The directive ensures a minimum requirement for retention, which would help cases that tended to be those that involved murder, serious sexual offences and terrorism.
For Europe – http://www.edri.org/files/shadow_drd_report_110417.pdf – Page 6 is interesting – mentioning Canada and its “Data Preservation Order” versus the blanket “Data Retention” of CALEA and the European Directive (2006/24/EC)
For Europe – http://ejlt.org/article/view/29/75 – article 4.2 – has clear descriptions as to what is to be retained in 6 categories with different data per category. Article 6 – Access to Retained data.
For Europe – http://www.digitalairwireless.com/wireless-blog/recent/keeping-data-on-public-internet-use-the-data-retention-directive.html –
For Australia – http://www.aph.gov.au/parliamentary_business/committees/house_of_representatives_committees?url=pjcis/nsl2012/report/appendixf.htm – no existing law or directive in place but if they did it would include a copy of the European model …..
To protect the integrity of retained data, the Directive requires Member States to ensure that operators respect four data security principles, specifically, that the retained data shall be:
a) of the same quality and subject to the same security and protection as those data on the public communications network;
b) subject to appropriate technical and organisation measures to protect the data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful storage, processing, access or disclosure;
c) subject to appropriate technical and organisational measures to ensure that they can be accessed by specially authorised personnel only; and
d) destroyed at the end of the period of retention, except those that have been accessed and preserved for the purposes set down in the Directive.
Most interesting summary of all opinions regarding “data retention” http://www.techdirt.com/blog/?tag=data+retention
Disclaimer: the opinions and references found on this page are inferred from materials found around the web and as such are an honest opinion of the current events and state of the current practices of Data Retention by government agencies around the world. If you see any inaccuracies presented on this page please provide appropriate corrections and we will adopt them if they are clear and make sense. Any facts or opinions represented on any websites or documents at the end of links on this page are those of their appropriate authors and do not represent the opinions of the authors of this website. Contact us through the details provided on our “Contact Us” page.