Slashdot Mirror
DOJ Wants ISPs to Log User Traffic UPDATED
Anonymous Coward writes "Kevin Poulson writes in an article in
SecurityFocus that in an early draft of the
White House's "National Strategy to Secure Cyberspace", the DOJ proposes that the US
enact European style 'data retention' laws,
which force ISPs to log and retain all of your
email headers, as well as your Web browsing
history." Nothing worse for the DOJ to be upstaged by Europe in oppressive lawmaking, they must feel like they're losing their edge. Update: 06/19 23:04 GMT by M : The SecurityFocus article has been updated with this note, saying that the U.S. denies having any plans for data-retention laws. Guess we'll have to wait until the plan is released to see.
I'll have to meet real girls instead of browsing pr0n.
Maybe, I dunno. But anyway... this sucks. Doesn't anyone at the DOJ realize that keeping a history of web browsing is about the equivalent of having someone follow you around with a pen and some paper and record the address of every place you visit during the day? I don't understand how keeping track of information like this can possibly help with security or ANYTHING for that matter.
If you need to interpret my post, then you don't get it.
Article seems slashdotted, so I haven't read it yet... but what does this mean for those of us who run our own mail servers? Do we know have retention and reporting requirements on our systems at home?
I once logged packets going in and out of my machine and I generated a huge log file very fast. It was only like 200kb, but really... for an ISP to log as much as they're being asked to, they would need INCREDIBLE storage to hold it all, wouldn't they? I wonder if then ATTBI would tax me another $5 a month to pay for their storage equipement.
----------
Check out my blackbox styles
Can you imagine all the logs they'll have of people who go to nothing but porn sites?
On the other hand, I'm paying for their wasted time, so this is just as annoying as it is amusing.
Logging such a huge volume of data requires massive hard-drive space, extra CPU power, extra manpower. All of those things cost money.
Considering how little money ISP's tend to make, I don't see this as at all fair, unless the government will pony up the cash.
WWJD? JWRTFA!
All your ISP logs are belong to us!
Nothing worse for the DOJ to be upstaged by Europe in oppressive lawmaking, they must feel like they're losing their edge.
-1, Flamebait
I wonder if Zero Knowledge, Inc. might decide that it might be time to re-introduce their personal anonymous web browsing service.
___
Cogito cogito, ergo cogito sum.
I visited the site, and this is what it says here. I'm posting it in case the site gets slashdotted. [And I'm not a karma whore since I already have 50.]
U.S. Denies Data Retention Plans
The Justice Department refutes claims that Internet service providers could be forced to spy on their customers as part of the U.S. strategy for securing cyberspace.
By Kevin Poulsen, Jun 19 2002 12:24PM
An early draft of the White House's National Strategy to Secure Cyberspace envisions the same kind of mandatory customer data collection and retention by U.S. Internet service providers as was recently enacted in Europe, according to sources who have reviewed portions of the plan.
But a Justice Department source said Wednesday that data retention is mentioned in the strategy only as an industry concern -- ISPs and telecom companies oppose the costly idea -- and does not reflect any plan by the department or the White House to push for a U.S. law.
In recent weeks, the administration has begun doling out bits and pieces of a draft of the National Strategy to technology industry members and advocacy groups. On Tuesday, sources who had reviewed segments of the plan said a federal data retention law is suggested in a section written in part by the Justice Department.
The comprehensive strategy is being assembled by the President's Critical Infrastructure Protection Board, headed by cyber security czar Richard Clarke, and is intended as a collaborative road map for further action by government agencies, private industry, and Congress.
While not binding, proposals that find their way into the final version of the National Strategy would likely have added weight in Congress, and could lead to legislation.
A controversial directive passed by the European Parliament last month allows the 15 European Union member countries to force ISPs to collect and keep detailed logs of each customer's traffic, so that law enforcement agencies could access it later.
Data to be gathered under the European plan includes the headers (from, to, cc and subject lines) of every e-mail each customer sends or receives, and every user's complete Web browsing history. The period of time that the data will have to be retained is up to each member country; specific legislative proposals range from 12 months to seven years, according to Cedric Laurant, policy fellow at the Electronic Privacy Information Center (EPIC), which opposed the directive.
"Somebody could see their past for the last seven years be completely open," says Laurant, speaking of the European directive. "It violates freedom of speech," as well as the legal principal that a defendant is presumed innocent until proven guilty.
The White House did not return phone calls on the National Strategy, which is scheduled for release in September.
Herr Adolf Ashcroft!
Pull your nose out of the latest case mod or whatever you've been preoccupied with and notice that the terrorists have won in the undeclared war. The Constitution has been shredded in the past few months. Better get out the scotch tape and put it back together.
See buzzflash.com for the latest assaults on freedom.
and simply buy bulk bandwidth from one or more providers. does that mean that you have to log your own habits?
and what about those places that are multi-homed?
and what about throughput? i would assume that a machine that's logging all email headers and logging all web surfing would have to be pretty powerful to handle multiple ds3 connections, or even a level up, multiple oc48 connections.
Finally got through, and ... Nothing to worry about yet. Apparently, this is from a misreading of the report. No data retention requirements, these aren't the droids you're looking for, move along.
Does anyone know if using anonymous web surfing services, like Anonymizer or COTSE, will help, with their URL encryption? Of course, this won't fix the problem of e-mail headers, but it might keep flags from being raised when you visit a "hacker" site, or some other "suspect" material on the web.
Wow...
Now the DOJ will have the biggest Free Password List on the web..
Could you imagine the amount of money they could make from X-10 pop-under ads...
The DOJ is on crack. If they think for ONE f*cking second that this would actually work, they're wrong. Ill just start encrypting my email more often. Lets see them get through to my mail headers under 128bit RSA. Yeah I know they have Carnivore, but it only selectively stores email. So, what do you think they will call the machine that collects all THIS information? Lets have a little slashdot naming game shall we? Department of Justice my ass. They need a new name too. Department of Snooping, gives a new meaning to the acronym DOS.
In college, really poor, need a flatscreen.
I guess, they'll eventually illegalize applications that auto browse the web for you while you are off doing something.
Or else they will simply state that by visiting a site, you agree to have read, understood, and agree (ideologically) with it's content.
Does the law specify HOW the data must be retained. Couldn't an ISP encrypt it using a custom encryption routine. Then Big Brother would violate the DMCA when they hacked the encryption.
Oh, wait. I forgot, laws don't apply to the US government, especially not that pesky Constitution.
At least the government will probably be required to disclose what they do.
Your best bet is to not send any sensitive info over email, and don't store any unencrypted sensitive or private data in online storage systems.
Perhaps the DOJ should be able to find out the title of every book I purchase, every TV show I watch, what kind of hamburger I buy.
Wholesale spying is not justified by the war on terrorism. Especially for us non-Arab, born and raised in America types. It's just an excuse for the government to do something they've wanted to do for a long time anyway.
WWJD? JWRTFA!
What I want to know is how this impacts those of use who own/operate our own domains and SMTP server (i.e. those of us who do not use ISP supplied SMTP servers to send out mail). Will we be forced to log our own traffic for fear mean old Uncle Ashcroft wants to know who we emailed three years ago? Will we have to enact some sort of robust long term backup of these logs (i.e. fire resistant safes and offsite backups of logs)? What if, through no fault of our own, a fire destroys the last weeks worth of backups and Uncle Bush needs yesterdays logs (i.e. how paranoid about backing things up do we need to be)?
--
Can't the data the ISP have to log be spoofed by those who know what they are doing. If so, only us poor saps who have "nothing to hide" are screwed... the "pros" will do other things... Chalk this one up in the "dumbass idea of the month club"
Accentuate the positive, don't waste your mod points on the negative.
Numerous broadband providers have gone bankrupt already. The number of requests directed at huge broadband providers could be huge. Besides, law enforcement would end up with large amounts of data that don't really prove much, since criminals (and non-criminals) can encrypt their emails anyway.
Most of what I send is encrypted. They can have fun looking through that. If they do send the time to break the encryption they will realize that there is no real reason for it to be encryted. Ha, break my 4096 bit GPG emails to read my plans to goto a movie. Have fun working on my ipsec tunnels to get to my jabber traffic.
If enough of us uselessly encrypt our data it will keep them busy with nothing.
"I'm not a karma whore because I already have 50" simply means "I karma whored enough and now I can do this simply because I enjoy it"
It seems that the issue at hand isn't the act of logging activities themselves, but how willing your ISP is to distribute those logs. In all previous cases I am aware of, ISP's do not give out personal information about a user without first being served with a subpoena. This is no worse than the restrictions we have had on wiretapping and eavesdropping for the past 50 or so years, so I don't see any reason for anyone to get upset about this. If you aren't breaking the law, then you have nothing to worry about, and your information will remain private in the hands of your service provider, however if you're doing something illegal, then there is no reason that the FBI or such should not be able to serve your ISP with a subpoena to obtain your usage logs. Its perfectly within our Constitutional rights for the government to do this, and anyone who is made nervous because of this probably has something to hide.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
As a person with almost no faith with the government (especially now), I'm inclined to believe these laws may actually go through. Therefore, what ways are there to get around this assuming they are put in place. For example PGP doesn't work on e-mail headers (not that I e-mail people who know the slightest thing about encryption). Also with Browsing proxy servers are there that offer encryption and are hopefully free. I'm affraid my post doesn't offer much information, but I'm hoping people who do know stuff might be able to give informative replies (Flames about the government sucking (definitely true) won't really help with reality.
Every slashdot reader and friends and family and aquantances - insert keywords into your headers like drugs, terrorism, hijack, etc and let's see just how fast the DOJ's database overgrows their servers will irrelevent data... :)
I have a better idea. The UN should pass a law requiring that all network traffic in the world, whether on a home LAN or through the Internet, must pass through one central checkpoint machine that will log all the traffic. This will provide a worldwide data retention center where authorities and large corporations can perform queries to figure out exactly what someone was doing. (Obviously, defendants won't be allowed to perform similar queries, because that wouldn't be fair.)
Oh yeah... And the central machine that would fulfill this function would be a 386 SX with a tape drive serving as RAM, running Windows XP Professional, and it would be connected to the Internet through a 1200 baud modem. This will make true worldwide broadband a reality and keep the economy strong.
Attempts like this just make encrypted messaging protocols more desired. SMTP is just old, slow, rusty, and stupid. See here: IM2000
you will see that there is an update: US DENIES DATA RETENTION PLANS
My life in the land of the rising sun.
How would they know if the data they get is real anyway? I can write a perl script to generate fake sendmail log files all day...
This is only slightly different than forcing telcos to retain phone records, with one exception.
Many URL's can be used to guess WHAT data you've been looking at without actually looking at the website. For example, if someone saw the URL: http://www.nakedkids.com they would assume that it was child porn and whomever looked at it should be red-flagged and investigated. Quite possibly however this site could have NOTHING to do with porn and could simply have a questionable DNS name.
Perhaps if ISPs were only allowed to track IP addresses....
Even if the DoJ were to keep a log of your web browsing, who's to say it was you sitting at the keyboard?
I can see people making scripts to go to all sorts of "undesireable sites", and when they get busted, they can prove they were nowhere near the computer at the time.
Would also smoke out all sorts of surveillance schemes.
This would put the government at odds with its own policy, as well as make some big media companies really, really mad. The reality is that surfing the web now encompasses many more things than just vanilla html sites - and because of that, internet companies have found it easier to make money. Storing that history would now require much more space, and, due to the fact that most online businesses are now going for pay-per-use models instead of advertising-based, the government would end up storing a whole bunch of content that is, ironically enough, protected by copyright law. In effect, the government would be breaking the law - the copyright law that John Ashcroft & Co. are doing so much to proserve, protect, and extend.
My god beuracrats are stupid!!!!!
The biggest problems wiht this are the fact that to do this for all of you ppl in the US that use the web will end up generating HUGE log files. Who ius going to pay for the storage space required to house these bohemoths????
What exactly do they expect to achieve in doing this??? By far the vast majority of web users are NOT terorists or criminals (lets just ignore those downloading priated software etc.) They are just going to weind upo wiht lots of stored prOn URLs and inane sites.
For this inative to be of any use, they will have to employ quite a few ppl to troll through these vast log file looking for the needle in the haystack.
Seagate and maxtor stock prices just jumped 10%, western digital 8%. Conspiracy i tell you!
Home Secretary David Blunkett has admitted he blundered over plans dubbed a "snooper's charter" to give a raft of public bodies in the UK access to private e-mail and mobile phone records.
The proposals are to be put on hold indefinitely in the face of huge opposition, which the home secretary conceded his department totally failed to predict. (...)
See http://news.bbc.co.uk/hi/english/uk_politics/newsYou always hear the analogy that email is just sending a postcard... well, its about time that we start to make email "envelopes" (aka encryption) standard for ALL email.
I think Joe Sixpack would be more inclined to use encryption if he thought it was just an envelope to put mail into... he doesn't need to know about technojargon like PGP, GPG, SSL, S/MIME, X.509 certificates, just tell him its an "email envelope" instead of the old postcard he's used to.
The only thing that really needs to be public is the To address. Everything else could be encrypted (enclosed in the envelope) except for maybe a couple fields like the From Address and the maybe the Subject Line (but even those could be "inside").
What needs to happen before email encryption becomes a "standard" thing that everyone uses all the time?
This morning I was listening to "the Bob and Tom show", a syndicated radio program. The discussion topic this morning was "How do you goof off at work?"
The third caller worked at a bank, and she and her co-workers amuse themselves by looking up old high school acquaintances. I don't have a quote, but she said something along the lines of it being fun to see who was overdrawn and who had huge mortgages.
Powers will be abused. Who needs Big Brother?
Europe still blows worse.
http://freenetproject.org or something like it.
The law over here in Belgium is this:
;-).
(they should be the same all over the EU)
All ISP's must hold data on when a certain person used his account (date/time + ip address) for a period of 6 months. And tracing email is easy when you have this info of course.
BUT:
The information is to be kept by the ISP's themselves, and the government (eg: the police and other judiciary services) can only access the records when they get a subpoena from a judge, and then only the only information has to be released must have something to do with the investigation.
I guess that this way of working isn't too bad, since it gets a lot of evil kiddiepr0n fans and credit card fraudeurs arrested
UPDATE:U.S. Denies Data Retention Plans
Once again, the USA introduces fascist policies designed to destroy the freedoms of the 'freest nation on Earth'. Once again, the rest of the world sits back and laughs at how pathetic you really are.
Go USA #1!!! For democracy!!!
If Kevin Poulsen was still up to his old tricks today, this would be exactly the sort of setup that would ensure he was busted very quickly...
Freedom: "I won't!"
For the life of my I cannot understand what these idiots that we elected are trying to pull off here. I for one am tired of of watching these bastards try to remove every last right to privacy we have. I feel that the Government is declaring war on the populace and am not willing to take it laying down. Time for encrypted everything? Maybe it is time for another revolution after all.
I forget, is it Amerika?
Welcome Comrade!
Hmmm, looks like time for a distributed, peer-to-peer proxy system, so... already exists...
...but I've googled for awhile, and cannot find the URL...
It decided it didn't care. So the member states are free to do whatever they want.
The civil libertarians would have liked the EU to protect the citizens from their democratic governments. I don't like that approach. Fight it democratically at the state level instead of sneaking political change in through the Commission.
Confucious say:
They who want log sit on toilette all day.
I cannot agree any more.
I am the nightmare of nightmares.
you suck major ballz.
Many other posters have already commented that the update to the story says the Gub'ment denies attempts to do this. I'm surprised this story wasn't taken with a grain of salt in the first place...you know this wouldn't stand up to any kind of court scrutiny.
Really, the idea that the government can arbitrarily spy on anybody, but only look at later if they have a reason, violates your 4th Amendment rights against unreasonable searches (OT: sometimes I feel bad for the 3rd Amendment...it just gets completely ignored. Nobody ever takes to the streets demanding their 3rd Amendment rights be protected. Oh well). The federal government has no power to inventory your entire home, or keep a list of every person with whom you correspond by mail, and as such, they have no similar power to log your email headers or http requests. I don't see this one happening any time soon.
We don't have a state-run media we have a media-run state.
I am partial to having it renamed to the ministry of love
(orwell reference)
I used to have a cool sig, back when I cared
Who cares what the government logs, when all you simply do is encipher all your traffic to trusted hosts. With anonymous Proxy services being easy to use and setup... more people will simply take notice that they exist, and begin to use them. Some people might even resort to paying a premium to under the counter internet service from their Broadband having friends Finux server. I wonder if this legislation takes into consideration that IP6 can travel right atop of traditional ip4, and can trick out attempts to monitor top level protocols, like email. Besides, you opt out of the monitoring by simply opting out of your providers email facilities. Other forms of message passing exist, and are in use by motivated people.
The USA is the top internet using place on the planet, and Europe is no doubt second, with Asia/Pac being third. So how the USA officials plan to effectively monitor the data required is interesting. Logically one is left to wonder how well the USA carnivore system is working these days, and its sister Echelon. To resort to forcing these ISP to log data on behalf of the government officials seems very controversial. Almost as if the government is passing on the burden of Carnivore on the backs of the struggling ISP's in America. The interesting thing is: who is to prevent the ISP from simply not logging all the data the government officials claim to require? How would they be able to prove the ISP otherwise?
It isn't a lie if you belive it.
The way i viewed it was much akin to the Australian censorchip laws. Its probably a token political effort designed to say theyre protecting the children and stopping terrorism. Its extremely hard to pin down anything really, and if you want to remain unknown, theres always the library.
So I'd say, its political point scoring, with no real teeth to it. But hey, it could always be that they progressed to the next chapter of 1984.
Think nothing is impossible? Try slamming a revolving door.
So some unidentifiable source alleges that new plans of this nature are on the way, and even though nothing of the sort could happen without action in both the house and the senate, the /. crowd goes wild with conspiracy theories. Shortly later, the report turns out to have been untrue, yet the conspiracy theories remain.
How would they decide what is loggable and what is not? By looking at ports 80 and 25? The solution to that is simple, switch all your "sensitive" browsing to port 666. Use PGP for your email or perhaps use something as mundane as ICQ, or FTP drop points.
In addition you can have a script generating spurious emails and web browsing requests all day long so that you quickly overwhelm anyone's ability to actually log anything of substance (if you are really dedicated, you could probably generate 1GB of trash data a day).
Whoever is thinking about these moronic ideas appears to be technically ignorant.
you really think they dont do this already? They just want to make it legitimate :)
Just the opportunity:
Hey all! Has anyone seen that AL QUEDA member lurking around here? I coulda sworn I saw him with one of the few NUCLEAR BOMBS in the world.
... d'oh! You mean they're not monitoring content?? That takes ALL the fun out of it!
--pi
But a Justice Department source said Wednesday that data retention is mentioned in the strategy only as an industry concern -- ISPs and telecom companies oppose the costly idea -- and does not reflect any plan by the department or the White House to push for a U.S. law.
They just have no fucking respect for our rights at all in the DOJ, do they? None whatsoever. I mean, come on - industry concerns?! Sure, industry would have concerns, but have any of these fucknuts heard of liberty and/or privacy?
Send Lady Liberty back to France, it's over. Sell the Declaration of Independence on Ebay, clearly it has no meaning for our appointed officials.
sulli
RTFJ.
What kind of nonsense is this. The evidence is that all the data about 9/11 was sitting with the FBI and CIA, but as they claim, they didn't have the manpower or computer horsepower to put that data to use. Now the suggestion is that every ISP dump an additional couple of gigs of data on them every week.
pure friggin genius.
I've read the proposal that passed the European Parliament, and if the policy the Bush administration is attempting to put in place is similar, then it won't pass Constitutional muster. It fails on at least three major points:
I don't think they really realize the volume (either the US or Europe) as to what they're requiring, either. A rough estimate is that an email header is 1k, and that a log of an http request is .5k. For an average user, 1000 http requests (remember, each picture/icon is a new request) and 10 emails per day would be typical. That's about 500k per person per day. For a mid-size ISP with 10,000 users, that's 5GB per day, 1.825 TB per year. Even assuming good compression of 90%, that's 180GB per year. Given that you would need to get a good machine and lots of redundancy for it (remember, this is a LEGAL requirement), I can easily see it costing $30k PER YEAR or more for the hardware alone for log space (plus the additional costs to upgrade the routers/mail servers/proxies and other infrastructure to allow for such vast logging in the first place). I'd estimate that it would be at least triple that, when all other factors are included. Even a $30k capital expenditure per year is a pretty good chunk of change for a company with a probable revenue stream of $3M per year. That's a 1% value of gross receipts (conservatively). And what about someone like Earthlink or similar, who has millions of customers? You're looking at requiring Terabyte storage systems costing multi-millions of dollars.
Even though I've seen some really dubious legislation and policies over the past 10 years (e.g. DCMA), I don't think this one will fly.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
Blunkett went all uncharacteristically contrite on us, but according to the Register this just means that they're not actually formalising what they are doing anyway.
They probably really are handing around traffic analysis data like smarties. "Oh looook what he's accessing!" Probably there's people out there being blackmailed right now; there's bound to be some bad apples with access to this data.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"It was originally designed to help Chinese Internet users get around the Great Firewall Of China.
Looks like the US and EU will be needing it too...[sigh]
Knowledge is power. Knowledge shared is power multiplied.
you know they can deny deny deny all they want.
just like they deny everything else untill they have no way to deny it, then they just say they did what was in the "publics interest"
problem with something like this is most ISP's will go bankrupt quickly making prices go up, also offering less variety. then we will have yet another monopoly, caused in part because of the gov't and in part due to the fact that the average person doesnt think it "affects them"
hey worst case scenario all of the ISP's go bankrupt and the US gov't takes over icann and the net in general. just think it takes them a week to deliver regular mail.
they would probably come up with some way to filter and monitor everything through one big system , which would slow everything down.
mail would have to go through a very large scanning/storing program (which will not be quick because micro$uck will probably make it for them) then sit in the mailq waiting to arive at the destination.
not to mention if said system gets hacked or goes down
----
the US gov't taking technology back 20 years and working harder for you everyday
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
Outright I hate the idea, this is just pre-emptive search/seizure. The gov would only propose this because it's in the digital domain where it's A: feasable, B: deemed by J. Pulic to be a non-issue. The could NEVER get such a thing in to action with physical mailings.
But then I thought.... If every ISP had to monitor port 25, isolate all to and from IPs and email addresses (forged or not), and fill up all those hard drives, tapes and whatnot...
Can you image how fast SPAM would drop off as the ISPs attempted to control the now real costs of hosting spammers?
Article X: The powers not delegated... by the Constitution...are reserved...to the people
might want to rethink their company name / marketing strategy...
No, I guess not. For people that far out on the fringe, there is little hope of something like the actual facts of the situation interfering with their rants...
... we can't count on laws to protect our privacy. With the number of governments ( and the increasing disregard for liberty the "war" on terrorism is breeding ) sifting our online traffic increasing daily, its past time to move crypto into the main stream. Let them listen to the hum of white ( almost ) noise.
It's good to see the US catching up with Europe regarding computer security. There was a time (between the World Wars) when the US led the pack in terms of national security and technology. Sadly, we've seen a lot of that slip away, as second-world countries like France and Canada have upstaged us.
I'm happy to see that we're at least catching up. Now we just have to make the switch from Windows to Linux throughout the government, and we'll be ahead again.
One note on rights...I am a little frightened about ISPs keeping tabs on my netwanderings. But they probably keep the records anyway, so as long as the spooks (meaning gov't, not black people) need a warrant to get to it, I'm cool with this.
Karma: Good (despite my invention of the Karma: sig)
Then pipe down, write your reps, ask 'em to read what they signed.
I have read it. All it does is extend the tactics which were already ruled constitutional 40 years ago when JFK applied them to the mafia to organized terror networks. Not as scary as some of the claims being made about it here, I know, but hey, sometimes fact isn't as exciting as fiction...
.. sell your email address to the asians so that they can spam you to death...
Only 'flamers' flame!
Here is yet another example of the federal government's aspirations to be big brother. Since 9-11, almost nobody will stand up and oppose this stuff. The data they could collect this way might be too much to digest, but they would sure try. It could be 1984 by 2004. I wonder if they monitor webcams? http://www.uncoveror.com/webcams.htm
The Uncoveror: It's the real news.
So does this mean that ISP's are going to be forced to pipe ALL port 80 traffic through a proxy, because hey, how else do they get EVERY web page we go to...
Either that or they just keep track of what connections are being made through them to port 80 of places...but then what about web sites simply not on port 80...seems an easy enough way for "terrorists" to avoid being caught.
And then there's the issue of people who run their own mail servers...I'd LOVE to see the government FORCE me to log all my own damned emails. It's not like it's hard to setup your own sendmail box and use that instead of your isps
My parent post here was marked 'Overrated'. I am politely requesting information on what is 'overrated' about it? That kind of implies there's something seriously wrong with my comment, but as of yet I don't see that.
Somebody help? Frankly, I suspect that it was modded down because the person who did it thought I don't value privacy. That's not true at all. I'm just saying I trust a computer to scan my e-mail and retain my privacy, not a human. Once a human reads my email, I get spooked.
The internet is NOT a secure communications medium regardless of what the DOJ wants. So why make yourself stand out to them?
"Derp de derp."
I would like to read it. Do you have a link?
The Uncoveror: It's the real news.
for the enormouse amounts of data.
100 year shelf life for holographic
media.
>>>>>>10 Gbytes/sec data transfer bandwidth
>>>>>>10 terabytes data storage on 3.5 in disk
http://colossalstorage.net/colossal.htm
GPG will protect you from email listening (although I guess they just get the headers, so that won't help much.) Too bad SafeWeb isn't around anymore.
---some hints to anyone thinking about this.
It's a red herring.
We have router/backbone chokepoints. They exist, can be tapped. This just isn't that hard.
Government built and designed the net, and has always had their fingers in it
nsa (and others) has a lot more money and smarts than you do, no matter how 1337 you or your company think you are
Storage tech is beyond what you can buy at fry's, as is probability mapping of gross sections of traffic and keyword searching. Think it's a coincidence that a certain 3 letter drive manufacturer with long standing ties to bigbro all of a sudden went out of the business after announcing a storage "breakthrough"? Think that's all they got, what's released in PUBLIC? Stuff worth quadzillions they will just publicise for the heck of it?
crypto is a big red flag for a closer looksee, good general rule of thumb there. It's exactly akin to IRS audit flags. they don't need to read the entire weblogs daily, what they do is eliminate what is boring to them, and quickly. THEN they can look at what theywant to see. Needle in haystack is hard. Needle mixed in with a few dozen pieces of straw can be found. Owning "the magnet" works wonderz, too.
Did I mention quite a lot of money and employees and interest yet?
Ever hear of PROMIS? Think it's a joke, or it hasn't improved in the last few decades?
Care to name some more warez people have been killed over?
Think carnivore et al are really the top of the line boxen and proggies they got? Or are they what they want you to look at and focus on?
Think bigbro isn't above setting up their own pr0n sites, irc channels, etc, using "interesting" "teeny" images they have on file, just like they give real drugs to their tame snitches to get further into the smuggling gangs? How about when they setup and infiltrate political orgs, everything from the klan to the black muslims to whatever? Think they wouldn't do that on the net, too? Think that the d00dz who issue "security analysis programs" and "remote administration t00lz with droogy little cute names who make serious ca$h on the side from bigbro aren't also at risk (and leisure) to being further bribed and blackmailed to add little zingerz to their "products"? Think big bro would hesitate to use trojans? Ever really wonder WHY so few hax0rz actually get popped? Is it because they "really can't find them", when anyone with a search engine can find them in 5 minutes tops, or could it be maybe because they feel no need to bust themselves or their tame pallid troglodyte typists?
Do you really think microsoft is really that stupid with their security issues, or do ya think maybe some were sorta released "on purpose" and they just play surprised and dumb? And maybe why the dog and pony show trial keeps dragging on and on and on? Might it be "melodrama" to keep the kiddies happy?
Think they wouldn't set up their own "secure crypto e-mail, sign up here, FREE" sites, even "off shore" in "secure sites"?
Hey, how about 3-letter instant messaging, think that if it was labeled "internet mossad phone home messaging" people would have used it so much? Like, 3 broke stoontz paid for all those servers and bandwith initially and thunked it all up themselves? Really? DOWNLOAD NOW, FREE!
Uh huh, yep, "free"
There's more, that's enough h1n72 4 now..
I dislike the European plan. But I also recognize it's a different place with very different attitudes of both police and populace. EU member nations are also free _not_ to enact the plan in their countries. I expect that a number, including the UK, will not.
As far as the individual goes email content can be encrypted. But it looks like the government wants the headers of email and web traffic. Therefore I think there are some things that site maintainers can do to make things more secure.
-- Thou hast strayed far from the path of the Avatar.
DOJ Wants ISPs to Log User Traffic Oh no what ever shall i do romeo, where art thou they are trying to take away my civil liberties now i cant download pirate warez and kiddie porn and hack into stuff with evil open source software
See here.
I can just hear them now!
Why is it this group of people all visit one web site? And it's from a Russian domain!
Well, we've looked into it sir - it seems to be a, uhhh, proxy
What the hell is a proxy?
We are on it sir!
Get your Unix fortune now!
The problem is the general populus and law makers don't understand what they're saying/hearing. A analogy would help to put things into perspective.
Logging email headers can be compared to the phone company keeping records of your incoming/outgoing phone calls.
Do they do it now? Yes...and most ISPs keep generic logs as it is.
Does the phone company retain ALL the info? No...but they CAN get the info and keep it if you're suspected of doing Bad Things...or they can tap the line. Can an ISP track the same amount of info? Sure...but they don't do it right now unless you're doing Bad Things.
Keeping track of where you go on the web can be compared to driving.
Does your state's dept of transportation keep track of what road you drive, and what time you did it? No.
Does your ISP track what sites you go to and when you go to them? No...unless you have a proxy, in which case they might keep a generic log.
Can the dept of transportation put cameras at all intersections and track your license plate number? Yes...but think of the hideous cost and hideous amount of data. Same goes for an ISP to track where you go.
It's all about perspective...
Lets require that each user of the net record all of his/her activities while on the net with monitoring software installed on thier PCs. And we all know that the good citizens have nothing to hide and will go along with anything Uncle George says.
Now lets see, who should get the contract for that software... why MicroSoft of course, they are into trust worthy computing now a days.
Even if they do this, places like Anonymizer will provide Secure Tunneling. Anonymizer also has other services, and they seem to be trusted for their part.
This can handle most web activity. Email can be encrypted, remailed, or signed up for and used through Secure Tunneling, or a similar method.
As an example, when I browsed the web at work, I used Secure Tunneling. For my email, I used Hushmail. Hushmail encrypted all the data that I saw, so it could not be tracked until it left Hushmail's servers.
NNTP is a problem. There are anonymous NNTP sites. Altopia, a site run by a staunch Libertarian, seems to be pretty reliable. You can even pay rather anonymously. More recently, Teranews has offered privacy, though I don't know of many reports on their trustworthyness.
The problem with NNTP service is you cannot encrypt the actual data stream to the NNTP server itself. Hopefully someone will provide such a service. (At another glance, it looks like the Secure Tunneling package includes "Anonymous Newsgroups". But I am not sure what that means.)
Have you read my journal today?
I can see it now...
Programs that act like web browsers hitting pages at random generating way too much traffic to record.
Increases in junk mail to overload the databases with uh... junk From, To, CC addresses.
I'm sure the Security and Storage industry sectors will be happy.
Codifex Maximus ~ In search of... a shorter sig.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I'll tell you why, because there's some real morons moderating. Well maybe not really morons, but they're moderating for the wrong reasons. Don't agree with someone? mod em down. agree with someone? mod em up! That's not how it's supposed to work people. I routinely moderate people whom I don't agree with if they make a good point, or I think that they need to be properly refuted.
Posting as ac to preserve my precious karma. I also think "off topic" is a horrible moderation choice.
It's simple, enact this and we'll all be forging as much as possible. It wouldn't be complete, but it would be a start.
But if they ever actually do pass this kind of heavy handed, knee jerk, bullshit legislation, I will chunk every computer I can get my hand on out a window and quit my job. Yes, it will be technically possible to circumvent any kind of logging they put up, but why bother with it? The government will only continue to try to execute a stranglehold on that which it cannot control, thus sucking the life right out of it. It'll be more fun to start the revolution on horeseback with pen and ink anyway.
Never argue with a man carrying a water buffalo
by this for Congress to pass a law giving the same privacy protection for internet use they give for your video rental records. (c.f. Clarence Thomas) Librarians generally, as a policy, delete records of what you check out as soon as you return the book so that they CAN'T give the gov't that information even if they're tempted. Why should ISPs be different?
Isn't this what carnivore is already doing?
"If anything can go wrong, it will." - Murphy
Has anyone ever considered the effect of boycotting European websites and European goods for as long as they maintain the legislation?
I know it's not very realistic, but hey, it's a start.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
What I would like to see ISP's required to track is traffic patterns that are clearly emminating from a script kiddie or malicious program. If my Firewall can recognize a Smurf Amplification attack then they should be able to as well. A stream of identical traffic (aside from simple pings) or the signature of a known virus attempting to spread itself. While I know that it would be hard to keep up, but frankly I'm sick of having to waste my time telling ISP's about the illegal activity that is occuring on their network.
I'm not posting as someone looking from the outside, I'm telling you from the inside that people with access to personal information go snooping through it all the time. Please inform every root user I've ever met about your honor system.
Joe Sixpack either can't understand encrypted email or doesn't care, because the twenty odd encrypted email startups in the Bay Area have all ended up on the scrap heap, and some of them had truly nice, easy to use solutions.
we got a head start on the EU punks with our DMCA...
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
Thanks for that link. It will take time to read all this, but I will do it.
The Uncoveror: It's the real news.
Comment removed based on user account deletion
I know of a chip company that was sniffing traffic with the help of some ISPs. The data was suppose to be used to study network traffic patterns to help design better networking chips.
As I understand it, the IP addresses were randomly translated to obviously fake ascii addresses (> 256 bits) before the trace was saved.
FidoNet reincarnation starts tomorrow.
the U.S. denies having any plans for data-retention laws. Guess we'll have to wait until the plan is released to see.
Yeah, like the DOJ is going to publish the full extent of what is being logged or not. They'll publish a plan that represents their intentions and then implement whatever they're able to keep secret.
And you are conducting business over an insecure medium like the internet then you are going to use strong cryptography to protect the contents of your communications. All that is left is traffic analysis. You can feed the watchers false and misleading information to make the analysis imposable.
If you don't do this you are stupid and disserve to get caught. If you are smart you will achieve your goals regardless of being watched.
Don't feel bad. This means that the 3rd amendment worked. It placed a simple constraint on the goverment, and the government has never violated that constraint.
Since email is almost always junk, and easy to forge, I can't imagine that any valuable information will come of this.
--
Ask the Ya-Hoot Oracle Anything!
This is true, but whatever the motivation for imposing this burden on ISPs, history should tell us that if a system is open to abuse (and http logging is flagrantly so) we can be assured that there are plenty of people out there who are willing to abuse it.
Matrix:
Energy for electronic life
Real World:
Pr0n URL's for immediate DOJ, childpr0n URL's for eventual congressional investigation.
These MORONS at DOJ are just blowing hot air as usual. As long as places like ultimate-anonymity.com and cotse.org are around, PISS on the DOJ asswipes.
- DOJ wants local garbage men nationwide to store all residential and commercial trash in marked bins for 10 years so the FBI can research an individual's lifestyle
- DOJ wants power companies to keep detailed records of household power usage so the FBI can determine what time of day is best to break in and plant listening devices
- DOJ wants all White House officials to publish full transcripts of their meetings so the public knows just how much of Bush's energy policy was written by Enron
- DOJ wants all ISPs to log and retain all of your email headers and browsing history so the FBI can go through your trash without feeling nauseous.
Which of the above seems reasonable to you, your Honor?YHBT. YHL. HAND.
With current communications networks, providers are only required to keep a record of the to and from parts of the communication (phone records, pages, cell phone records, etc.). If this is implemented as reported, then this is like requiring all phone companies to record every phone call every customer makes. IF they don't require it for all other forms of communications, why should the Internet be any different?
a german newspaper ("taz" - wouldn't like to /. their server...) is reporting today that UK government had to abandon the proposed laws allowing a wide range of institutions to easily access user data from postal services, telcoms and ISPs.
[rant]
by the way, france is a NOT a second world country. it's older than the US by far, most of us are counting upwards and following this logic the US would be third world.
[/rant]
There are, as yet, no data retention laws for ISP's in Europe. The UK tried to do this the other day, and got massively slapped down by the public, thereby forcing them to table the issue.
Now THAT's democracy in action.
BTW, doesn't anyone else find the world a scarier place after 9-11? The problem is that it's Bush who is so scary, not Al Quaida...
-- Waht? Tehr's a preveiw buottn?
It is about control!
... etc), the people who send you emails, the people you send mails to. Scared? :-)
Your face, your fingerprints are not the only thing that makes you unique (i.e. a person that can be identified on as needed basis).
Think about all the information that you send over InterNet (logins/passwords/nicks
They can always catch you one way or another. But as one saying goes: "The one who is afraid of bears does not go in the wood."
Cheers
Im too lazy to create an account, but certainly am no coward.
If these laws come to pass in the United States, I'm sure blood will spill. Our country cannot and will not be oppressed like this.. Oppression you ask? Yes my friends, oppression. It is indirect oppresion and the pseudo-crush of our rights of free speech. With all browsing history stored, and email headers on file...Noone is digitally free. This is the equivalent of putting an electric dog collar on us all and when we cross a certain line, we get zapped. It is this same fuzzy logic that may cause a person to WATCH someone drive home drunk from the bar, follow them, and when the drunk bastard gets into an accident, the person that watched 'em leave the bar drives them to JAIL. Story's like this disgust me. Keep the internet free as it was meant to be. I will continue to hack until this single fact is on everyone's lips.
+Kryojenix
How do we know our IP traffic isn't ALREADY being intercepted by the other organizations in the government such as the NSA, the CIA, or the FBI?
Carnivore is one thing, but Echelon I and II are reportedly much worse. I think the best (and safe) assumption would just be to assume that our privacy is already compromised...
To quote a an old wing commander game:
"The price of freedom is eternal vigilance."
How do we know we aren't already paying for our freedoms by already being monitored?
All the gummint needs to do is invest heavily in AI "helper" agents that'll assist you with your browsing, finding the best deals, talking to your friends' agents so they can let you know what your friends are doing, etc. Since they do all this for free, these agents should become very popular. Unca Shuga gets to maintain the database the agents need to perform their help, though, so they can see when disaffected youth are studying bomb design, nazism, etc. and can take appropriate pro-active action. They can also see who refuses to use these incredibly helpful little agents, and thereby focus their non-automated energies on those who obviously have something to hide.
My complaint about John Ashcroft
May I be cynical for a bit? I hope you don't mind,
but with Ashcroft's latest barrage of
malodorous notions, I can't resist the urge to make a
few cynical comments. To get right
down to it, some of the facts I'm about
to present may seem shocking. This
they certainly are. However, it's time that a few
facts had a chance to slip through the fusillade of hype.
What's my problem, then? Allow me to present it
in the form of a question: Where are the people
who are willing to stand up and acknowledge
that Ashcroft, in his infinite wisdom, has decided
to destroy the natural beauty of our parks and forests?
On the surface, it would seem to have something to do
with the way that his whole approach is repugnant.
But upon further investigation, one will find that
by allowing Ashcroft to put mephitic thoughts in our
children's minds, we are allowing him to play puppet master.
As for the lies and exaggerations, Ashcroft's
epigrams are rife with contradictions
and difficulties; they're entirely maladroit,
meet no objective criteria, and are unsuited
for a supposedly educated population.
And as if that weren't enough, if Ashcroft is going to
obstruct important things, then he should at least have
the self-respect to remind himself of a few things: First, a
true enemy is better than a false friend. And
second, many people respond to his debauched vituperations
in much the same way that they respond to television
dramas. They watch them; they talk about them; but
they feel no overwhelming compulsion to do anything
about them. That's why I insist we pronounce the truth
and renounce the lies.
Even people who consider themselves scornful
foolhardy-types generally agree that Ashcroft's slurs
symbolize lawlessness, violence, and misguided rebellion
-- extreme liberty for a few, even if the rest of us
lose more than a little freedom. One might conclude
that Ashcroft is incapable of writing a letter without using
such phrases as "crapulous pop psychologists", "loquacious
exhibitionists", "oppressive personae non gratae", or
some combination thereof. Alternatively, one might conclude
that Ashcroft has a different view of reality from the rest of us.
In either case, if you're not part of the solution,
then you're part of the problem. His historical record of
fickle pleas is clearer than the muddled pronouncements
of his apple-polishers for a variety of reasons. For
instance, the worst sorts of inconsiderate Neanderthals there
are must be treated with political justice, not with
civil justice, as they are sincerely not real citizens. Let me
rephrase that: I wonder if he really believes the
things he says. He knows they're not true, doesn't he?
A complete answer to that question would
take more space than I can afford, so I'll have to give
you a simplified answer. For starters, if
we let him cause riots in the streets, then greed,
corruption, and tribalism will characterize the government.
Oppressive measures will be directed against citizens.
And lies and deceit will be the stock and trade of the
media and educational institutions.
Even Ashcroft's bedfellows couldn't deal with the full impact of
Ashcroft's refrains. That's why they created "Ashcroft-ism," which is
just a garrulous excuse to force square
pegs into round holes. He plans to drag everything
that is truly great into the gutter. He has instructed
his votaries not to discuss this or even admit to his
plan's existence. Obviously, Ashcroft knows he has
something to hide. Most of you reading this letter
have your hearts in the right place. Now
follow your hearts with actions. I have traveled the length and
breadth of this country and talked with the best people. I can
therefore assure you that Ashcroft's artifices cannot stand on
their own merit. That's why they're dependent on elaborate
artifices and explanatory stories to convince us that Ashcroft's
warnings can give us deeper insights into the nature of
reality. We can and we must protect ourselves by any means
necessary against the unrestrained bestiality
of stupid, quasi-macabre paper-pushers. And that's the honest truth.
although the pressure on the privacy is on the great increase the second wave webs are getting started to secure any private communication. they try to combine the encryption and simplicity. and some managed. for example s-mail. they don't put any effort to make a promotiond crying out loudly about, imho but the product is quite good... ;)
Yeah, my vote goes for s-mail.com, too.
Looks like the right way how "PGP-for-all" should be.
Lets say you are an EU citizen, and this data retention law is passed there. Whats stopping me, an enterprising American, from selling VPN connections out of the EU to the US? You can send your email out via the states. Same with any Web-browsing you want to do.
And if the US passes the same laws, I'll move the server to Mexico, then Honduras, Nigeria, a small boat in the south pacific........
Many years ago, law enforcement units of various levels of government maintained what were called "Red Squad" files. In theory, the squads and files existed to prevent espionage, subversion and terrorism. Yes, there were "reds" who engaged in such things, although most left-wing activists were generally, for the most part, law-abiding citizens. Unfortunately, any data base of personal associations will include many peaceful types as well as a few actual or potential enemy spies, bombers, etc. So when someone from the personel office of a local factory called his buddy on the local squad, asking about an applicant, the squad guy might reply, "Oh, yeah, we've got a file on that character!" and a perfectly decent citizen would be denied the job.
I followed much of the "Red Squad" controversies during the '80s. The files were indeed abused, and those abuses gave ammunition to those who wanted to reduce the effectiveness of America's foreign and domestic intelligence agencies. AFIK, the agencies themselves pursued some agendas that had much more to do with stifling dissent rather than tracking down the real bad guys. So there was some weird stuff on both sides of the issue.
And so it is now. It's a new day, a new ball game. Law enforcement intelligence units are being re-invigorated beyond all reason. The levels of surveillance of ordinary citizens that government agencies are now working towards is orders of magnitude greater than the local cops writing down license plate numbers of a few hippies at a peace rally.
And what is the real reason for all of this? To prevent acts of mass violence on American soil? Well, that might be a positive side effect, but perhaps the true agenda is to make effective political dissent almost impossible. Those of us who would oppose the great wars now being contemplated at the highest levels of the U.S. government should keep this in mind: They know much, much more about us now than they did 30 years ago. In other words, the true motive for this apotheosis of spooks is not to prevent mass violence, but rather to facilitate it.
----------
Manifesto for the Peoples of the Third Millennium
All those popups telling us that we're being watched by our wives, bosses, etc will have to be updated to include the DOJ. That could help our unemployment rates drastically. The amount of man hours needed to fix all the ads has got to be tremendous.
"In the beginning, there was nothing; Then it blew up."
"I can email my mother in complete piracy."
;)
I meant 'privacy' not 'piracy'. Been posting too much about the RIAA lately.
"Derp de derp."
That sucks. Now I have to have even MORE ssh tunnels going out of the country to a squid proxy in europe. Stupid government. They can't take the pr0n of my cold dead fingers!
I keep on reading comments saying that the US government is trying to prevent a terrorist attack.
Can anyone back up this claim?
There are two types of people; those who divide people into two types of people, and those who don't.