Implementing privacy sensitive governmental systems based on the concept of the Austrian data retention exchange service

With April 1st, 2012 the implementation of Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services, or of public communications networks came into effect in Austria. With this implementation, not only the obligations of the providers of telecommunications services are controlled with respect to the retention of communications data, but also the powers of the security and law enforcement authorities with respect to request both retention data as well as traditional connection data (e.g., security police in the course of fulfilment of affairs). To make the retrieval of such data as transparent as possible, legally secure and traceable, all requests (with only few exceptions) must be carried out only via the so-called DLS, a central exchange service. This allows preventing unauthorized or hidden inquiries practically and not just legally. Both requests and replies must be transmitted only over HTTPS connections to the DLS and must further be secured using end-2-end encryption, enforcing a blind central service.