For SME Telecom Providers

New Technology Enables TA & EU Privacy Law Compliant Data Retention as a Service

(Instant trial feasible)

sealedfreeze_logo

Data Retention

Data retention adds up when it comes to forensic intelligence, i.e. criminal investigation and national security. Yet surveillance normally conflicts with the basic right to privacy. For this reason, current legislation foresees particularly high security of traffic data (metadata!) on the basis of state-of-the-art technology, in order for data retention to comply with statutory, constitutional rights. Hence, „maximum security“, which postulates state-of-the-art technology, owes clarification.

Sealed Freeze technology enjoys the German Federal Ministry for Economic Affairs and Energy’s support and was developed explicitly for this purpose, i.e. to protect metadata and yet enable privacy compliant, court-ordered access.

On this note, Sealed Freeze complies with Germany’s exemplary, high privacy protection standards and is synonymous with Privacy by Design.

sealed-freeze-infografik-ausschnitt

Sealed Freeze in a Nutshell: Its Potential for Data Retention

  1. Sealed Freeze excludes all access to metadata during memory and disclosure, even by specially authorized Sealed Freeze or telecom provider staff, at all times.
  2. Sealed Freeze employs technical means only, to comprehensively protect data across all process phases. As a result, it constitutes a quantum leap in data security and safeguards against data abuse.
  3. Besides providing maximum security, Sealed Freeze also benefits telecom providers economically. For instance, by allowing part of the mandatory infrastructure to be outsourced and shared with other carriers.

Sealed Freeze not only constitutes state-of-the-art privacy technology. It is also the most viable, cutting-edge solution to date.

Sealed Freeze Process

  1. Obligated carries link their systems to the Sealed Freeze encryption appliance per interface (REST API). The appliance, in turn, sends the retention data to the Sealed Freeze engine in encrypted form.
  2. The data is stored in the Sealed Freeze engine’s memory (via Sealed Cloud technology). Contrary to conventional memory, freezing implies that all access to data lacking a court-ordered, special purpose, even per two-man rule, is excluded technically at all times.
  3. Access to said data is only possible via inquiry interface, which is only activatable upon court order for a special purpose. The interface, in turn, only discloses data pertaining to said court order. In contrast to conventional memory, the measures allowing court-ordered, special-purpose access are of mere technical nature.
  4. If a service provider receives a court-ordered RFI (request for information), it is taken up by the specially authorized party and processed in a similar vein as a trouble ticket.

In other words, the obligated carrier outsources the court-ordered, special-purpose data retention service yet is still entitled, via terminal, to statistics as to recorded call data volumes (Call Data Records) and the number of submitted and processed RFIs.

Illustration of described Sealed Freeze process:

sealed-freeze_-data-retention-2_0-architecture

Sealed Freeze Specification, for Data Retention as a Service

 

Memory of Metadata in Compliance with § 113b TKG (German TA)

  • Once set up, no further action necessary by obligated partyten notwendig
  • Observance of deletion terms (10 or 4 weeks)
  • Certified compliance with TCDP v1: exempts user from control obligations as per § 11 BDSG (German Privacy Act)

 

Disclosure of Metadata in Compliance with § 113c TKG

(Usually via data retention SaaS provider, optionally via obligated constituent)

  • RFI processing pursuant to applicable TR TKÜV (ETSI XML interface), i.e.Technical Directive Outlining the Requirements for the Implementation of Legal Measures for the Surveillance of Telecommunications and Information Requests for Traffic Data.
  • As a rule, RFI straight from law enforcement agent to service provider
  • Speedy response, even to complex inquiries
  • Workflow solution, includes compensation claims pursuant to JVEG (German judicial compensation law)

 

Data Security in Compliance with § 113d-f TKG

  • Full compliance with BNetzA (Federal Network Agency) Specification Catalogue, even for multiple-client operations and remote RFI processing
  • Compliance with upcoming stricter laws as per § 113f (2) TKG, no  retrotfitting necessary
  • Compliance with EU law (maximum security thwarts access attempts lacking court-ordered special purpose)

 

Security in Compliance with § 113g TKG

  • Communication with BNetzA (German Federal Network Agency) on behalf of obligated party
  • Submission of security concept
  • Audited by BNetzA (Federal Network Agency), BSI (Federal Office for Information Security), and BfDI (Federal Commissioner for Data Protection and Freedom of Information)

 

Service Implementation, Modification & Add-ons

  • Per-call installation of encryption unit
  • Open CDR API interface minimizes cost
  • Devoteam mediation expertise minimizes cost

 

Service Reporting

  • Constituent can access CDR and RFI statistics any time
  • Monthly reporting to constituent
  • Instant incidence and disturbance reporting to constituent

In contrast to conventional, on-premise solutions, data retention as a service provides considerable economic benefits to small providers, in particular:

easy-pricing_-per-mcdr-implementation-as-per-labor-costs-thats-it
Nearly no fixed cost with Sealed Freeze, since no hardware, software, or operational costs.

Focus on your business, while we do the work.

Your Benefits as Telecom Provider:

  • Exoneration upon communication with Federal Network Agency (§ 113g TKG, i.e. German Privacy Act)
  • Full compliance with TKG (§ 113b, § 113c, §113d-f)
  • Full transparency as to number of CDRs & inquiries via web-based dashboard
  • Negligible set-up fee
  • Managed Service option, to process inquiries

 

Further documentation available upon request:

  • Sealed Freeze Spec Sheet
  • System Specification
  • System Description & Concept
  • Specification of Open CDR API
  • White Paper on Compliance with EU Law
Contact us for trial access!
Contact

White Paper

Sealed Freeze: Privacy Compliant SIEMDownload PDF »

Blog

More on data retention and Sealed Freeze in our privacy blogMore »

Weiterführende Information

Sealed Freeze: A Future Technology? (Security Insider article)More »