The Ministry of Internal Affairs and Communications is to formulate new guidelines for Internet providers to store communication data in the face of a rise in cybercrime, with experts to begin discussions on Thursday and report in March.
The ministry is leaning toward revising existing guidelines for Internet businesses and creating a benchmark after the National Police Agency called for the long-term storage of data, which it says is needed for investigating Internet-related crimes.
Another factor behind the move is the government’s cybersecurity strategy, approved in 2013, which calls for deliberations on data storage for police investigations.
But with the measure likely to be nonbinding and leave providers with considerable leeway it may be ineffective, said one official at a major provider.
“Small businesses may feel it a burden and consider it unnecessary since it is not obligatory,” the official said.
The ministry has been reluctant about making storage regulations binding as doing so could infringe on a constitutional provision ensuring the secrecy of communications. It has been urging providers to delete data as soon as it becomes redundant.
Meanwhile, Internet providers, particularly small businesses, have expressed concern about the costs of storing data as well as the likely risks of data leaks, unintentional or otherwise, increasing along with the volume of data they have to hold.
While the Telecommunications Business Law says the secrecy of communication must not be violated, providers are allowed to maintain logs about who used what services and when. This is considered necessary in handling billing and complaints.
Providers are currently allowed to choose their own storage periods and many have not made those details public. Major providers are believed to be keeping three months’ worth of logs, while some maintain no logs at all.
Out of consideration for small providers’ concerns about increased management costs and risks of data leakage, the experts could end up skirting binding rules and limiting storage to some kinds of data rather than a comprehensive measure, one observer said.