Data retention and privacy in electronic communications

A generic security model for data retention that combines technical, procedural, and legal controls to enforce dual control and the separation of duties in data retention, is described. The model consists of four logical entities such as the electronic communications provider, the law enforcement authority (LEA), the judicial authority, and the regulatory authority (RA). The provider can autonomously encrypt the retained data by using the public encryption key public key (PK). Standard cryptographic hashing techniques such as SHA-1 and MD5 can maintain the retained data's integrity. The judicial authority should also control access to the retained data by an external authority, such as an LEA. The provider and the LEA must send a copy of the warrant to the RA through a secure channel, which can be later used during the auditing procedure. Data retention involves high costs concerning data storage and protection and these costs must be shared among the involved parties.