France Goes Overboard In Data Retention: Wants User Passwords Retained
from the anti-privacy-laws dept
Information furnished when agreeing to a contract or opening an account, including first name, last name, business name, associated mailing addresses, and pseudonyms utilized, associated e-mail addresses and accounts, telephone numbers, and passwords as well as data permitting the verification or modification of the password.Just the fact that these companies would even have access to passwords should be problematic. Why aren't these services encrypting the passwords? I'm really curious how a law like this could possibly work in conjunction with European privacy laws?
These companies must also keep all user id's and passwords for any internet connection, the IP address of the terminal used to connect, the time and date of every connection, and...
Here's the kicker: for EVERY action of a user on the internet, these companies are now required to record the nature of the operation, whether it is writing an e-mail or downloading an image or video.
Not surprisingly, it appears that pretty much every online service provider is planning to challenge this decree in court (Google translation of the original French).