The pressure to comply with the European Union's Data Retention Directive is building. So far it has been slow, but the clock is ticking. HP has been quick to see a market opportunity, launching its Data Retention and Guardian Online (DRAGON) solution last year to help operators comply with the legislation. Ten out of the 27 EU nations that are subject to the legislation are working with HP.
It's a big market with some serious challenges. The legislation (2006/24/EC) was introduced in the wake of 9/11 and the Madrid and London bombings. It is designed to protect against terrorism, drug and people trafficking, and child exploitation.
It will cost every operator between €750,000 and €1 million in systems, storage, software and services, adding up to a €1.2 billion market as there are some 1,200 Tier 1, 2 and 3 operators in Europe.
The first phase was for all those operating fixed and mobile networks in the EU to retain call detail records (CDRs). A large operator will rack up between 250 million and 500 million CDRs daily. Retaining CDRs was supposed to have been done by September last year.
According to Nigel Upton, Communications, Media & Entertainment, HP, this is "now starting to accelerate. Operators were frantic to comply, but often were not clear about what they are being asked to do." They need to get on with it; the deadline for compliance is September this year.
The next target is for operators to save the details of data exchanges, such as email, which is to be in place by September 2009. As Upton said, "CDRs for telephony are straightforward, but the records for IP-based interchanges are far more difficult - for email, web sites, VoIP - the records are seven to eight times bigger."
He added, "The legislation says that for every email, the operator has to keep the time, the address is was sent from and to and so on. With IP, not all the information is stored in one place like it is for CDRs, for example, the location associated with an IP address will be stored separately. The records also have to include the duration of the interchange, the type of service and equipment involved."
One of the difficulties for operators has been commissioning and implementing a system that can scale to accommodate all these records. However, Upton commented, "There has been a change in the way operators view the legislation. Previously they saw it as something of a tax, but attitudes have changed because operators are now acting as ISPs and hosting sites, and have to comply with other initiatives too, such as the Child Exploitation and Online Protection Centre in the UK."
Although there has been a great deal of criticism concerning data retention and the infringement of personal privacy, the operators themselves do not have access to the retained data, only law enforcements agencies - and they have to request information specifically by a court order. It is sent to them encrypted from end-to-end.
Upton said that beyond the initial collective cost of €1.2 billion, there will, "not be a dramatic increase in that initial outlay because although the volume of traffic will increase, the cost of hardware, storage and servers is falling all the time." Of course the ultimate cost will be borne by the consumer.
Upton thinks the global market could be worth €3 billion: many other countries are looking to implement similar legislation, such as those in Latin America (in addition to the US Communication Assistance for Law Enforcement Act - CALEA). HP is well positioned to exploit it, particularly as Telefonica is believed to be a customer in Europe and has so many properties in Latin America.
Mike Davis, Senior Analyst, Ovum, commented, "European operators are now moving forward to comply with legislation in their respective countries. These deployments can be complex, particularly where an operator is present in more than one country, and they require many sophisticated capabilities beyond the obvious storage resources. HP's DRAGON approach is comprehensive and potentially the most mature offering in this arena."