Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOJ Wants ISPs to Log User Traffic UPDATED

Posted by ryuzaki0 on from the call-your-congressman dept.

Anonymous Coward writes "Kevin Poulson writes in an article in SecurityFocus that in an early draft of the White House's "National Strategy to Secure Cyberspace", the DOJ proposes that the US enact European style 'data retention' laws, which force ISPs to log and retain all of your email headers, as well as your Web browsing history." Nothing worse for the DOJ to be upstaged by Europe in oppressive lawmaking, they must feel like they're losing their edge. Update: 06/19 23:04 GMT by M : The SecurityFocus article has been updated with this note, saying that the U.S. denies having any plans for data-retention laws. Guess we'll have to wait until the plan is released to see.

4 of 335 comments (clear)

  1. They changed their mind! by I+Want+GNU! · · Score: 5, Informative

    I visited the site, and this is what it says here. I'm posting it in case the site gets slashdotted. [And I'm not a karma whore since I already have 50.]

    U.S. Denies Data Retention Plans

    The Justice Department refutes claims that Internet service providers could be forced to spy on their customers as part of the U.S. strategy for securing cyberspace.
    By Kevin Poulsen, Jun 19 2002 12:24PM
    An early draft of the White House's National Strategy to Secure Cyberspace envisions the same kind of mandatory customer data collection and retention by U.S. Internet service providers as was recently enacted in Europe, according to sources who have reviewed portions of the plan.

    But a Justice Department source said Wednesday that data retention is mentioned in the strategy only as an industry concern -- ISPs and telecom companies oppose the costly idea -- and does not reflect any plan by the department or the White House to push for a U.S. law.

    In recent weeks, the administration has begun doling out bits and pieces of a draft of the National Strategy to technology industry members and advocacy groups. On Tuesday, sources who had reviewed segments of the plan said a federal data retention law is suggested in a section written in part by the Justice Department.

    The comprehensive strategy is being assembled by the President's Critical Infrastructure Protection Board, headed by cyber security czar Richard Clarke, and is intended as a collaborative road map for further action by government agencies, private industry, and Congress.

    While not binding, proposals that find their way into the final version of the National Strategy would likely have added weight in Congress, and could lead to legislation.

    A controversial directive passed by the European Parliament last month allows the 15 European Union member countries to force ISPs to collect and keep detailed logs of each customer's traffic, so that law enforcement agencies could access it later.

    Data to be gathered under the European plan includes the headers (from, to, cc and subject lines) of every e-mail each customer sends or receives, and every user's complete Web browsing history. The period of time that the data will have to be retained is up to each member country; specific legislative proposals range from 12 months to seven years, according to Cedric Laurant, policy fellow at the Electronic Privacy Information Center (EPIC), which opposed the directive.

    "Somebody could see their past for the last seven years be completely open," says Laurant, speaking of the European directive. "It violates freedom of speech," as well as the legal principal that a defendant is presumed innocent until proven guilty.

    The White House did not return phone calls on the National Strategy, which is scheduled for release in September.

  2. Re:They're the only ones NOT looking by digitalsushi · · Score: 4, Informative
    As a netadmin for a small-medium sized ISP, I'm going to have to disagree with that on two levels. First off, most of us small guys dont have all the bells and whistles, or disposable overhead to implement free tools to spy on our users. Quite a few of us pipe our customers "straight through". (That and you need to remember that the majority of us are no Vincent Cerfs.. we're smart people but we could sit here 24 hours a day and still not have enough time to learn it all- but thats another thread)


    Second, for the things that we *can* look at (easy stuff like say someone's POP mailbox, just a text file) there is (most people wont believe this) actually an honor system amongst admins. We won't edit a mailbox if its broken until we have permission. Otherwise we might see something that isnt ours to see. Privacy is THE most important thing we can promise our customers, so everything else has to take the back seat, even if it means some uptime.


    Even given that, though, I do recommend that people encrypt their email, cause just cause I wont read your mail, doesn't mean the kid who has a 60 minute kernel exploit who just rooted me wont- (the rooting being another thread, lets not talk about perfection in admining here) (So sorry to reply like this, but I just took it a little personally. We're not all sleazy. Most of us arent.)

    --
    slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
  3. Re:As long as data goes in the clear ... by Tazzy531 · · Score: 4, Informative
    How bout these: Also if you think this and the USA/PATRIOT Act is unfair, sign the petition to get it repealed
    --


    _______________________________
    "I'm not Conceited...I'm just a realist..."
  4. Re:we need a standard "envelope" for email by Anonymous Coward · · Score: 1, Informative

    I am quite sure that any potential terrorists are quite capable of encrypting their emails already. Which of course means that the terrorists are getting better privacy than the rest of us.