The Belgian SIEM… wounds my heart with a monotonous languor!

Belgian Log FileLot of Belgian newspapers and sites reported today (Example of  article – in French) that a project of law will be discussed soon (deriving from the EU Data Retention Directive) to request providers of telecommunications (Internet – Mobile services) to keep a trace of electronic communications. Wait, the article should say “will be discussed again soon“, Belgium being very slow to address this topic. I’m not a lawyer but I tought there was already such law in place. The EU directive was adopted in 2006 and there was already huge debates in Belgium in 2010 about this topic (status here). I also wrote a blog post about this. If anybody has more information, please share! Is the text of the law available somewhere? Why did the Belgian government decided to put this project again on the table? After the stories around PRISM or the French DGSE, maybe they would like to be transparent?

According to the news, the retention of data was already implemented for telecommunications (fixed & mobile calls) but the ISP’s are now included in the game. What changed? Not much. The article is very fuzzy and says “The Belgian government will request ISP’s to keep a trace of all communications passing by their servers“. A few paragraphs later, the journalist speaks about emails only. Immediately the following questions pop up:

  • If ISP’s need to keep trace of communications passing by their “servers“, do they include their backbone? Personally, I never used the email address provided by my ISP and I even don’t use their SMTP relays. How to track people using webmails?
  • If they keep traces of all SMTP/POP/IMAP traffic, they are tapping the customer’s connection. How to be sure that other protocols are monitored?

So, nothing new… IMHO, the excuse of “fighting cyber-crime” is not relevant… only if the tapping of users’ communications is implemented. Think about the French resistants during the 2nd world war. Messages were broadcasted from London with very specific words (Remember the famous “Blessent mon cœur d’une langueur monotone” in June 1944). The exact same sentence could be used today to announce an imminent bomb explosion against the USA during an Obama‘s meeting in Boston (Sorry, I could not resist). Government agencies should not only intercept data but understand them. And to achieve this, tools won’t be enough!

Ok, to be able to analyze this, the content of messages must be parsed and “they” certify us that only the metadata are processed… Are we living in the cloud cuckoo land? I see only one positive fact to this Belgian SIEM project: we won’t need to store our logs locally, they will process them for us! There is even a business model: to ask a few EURs per search request!