Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOJ Wants ISPs to Log User Traffic UPDATED

Posted by ryuzaki0 on from the call-your-congressman dept.

Anonymous Coward writes "Kevin Poulson writes in an article in SecurityFocus that in an early draft of the White House's "National Strategy to Secure Cyberspace", the DOJ proposes that the US enact European style 'data retention' laws, which force ISPs to log and retain all of your email headers, as well as your Web browsing history." Nothing worse for the DOJ to be upstaged by Europe in oppressive lawmaking, they must feel like they're losing their edge. Update: 06/19 23:04 GMT by M : The SecurityFocus article has been updated with this note, saying that the U.S. denies having any plans for data-retention laws. Guess we'll have to wait until the plan is released to see.

17 of 335 comments (clear)

  1. First post? by Paradoxish · · Score: 4, Insightful

    Maybe, I dunno. But anyway... this sucks. Doesn't anyone at the DOJ realize that keeping a history of web browsing is about the equivalent of having someone follow you around with a pen and some paper and record the address of every place you visit during the day? I don't understand how keeping track of information like this can possibly help with security or ANYTHING for that matter.

    --
    If you need to interpret my post, then you don't get it.
    1. Re:First post? by gorf · · Score: 4, Insightful

      Which is also the equivalent of putting cameras in public places...

      (Emphasis mine) My web browser is certainly not in a public place.

  2. Will they fund it? by cardshark2001 · · Score: 4, Insightful

    Logging such a huge volume of data requires massive hard-drive space, extra CPU power, extra manpower. All of those things cost money.

    Considering how little money ISP's tend to make, I don't see this as at all fair, unless the government will pony up the cash.

    --
    WWJD? JWRTFA!
    1. Re:Will they fund it? by bsDaemon · · Score: 2, Insightful

      It isn't fair even if they DO fund it. It is just wrong and evil. What about prsumption of innocense and, freedom of press, freedom of speech, due process? How about 'reasonable expectation of privacy'? Fuck the federal government. "...--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it..."

      So there.

  3. They're the only ones NOT looking by Ars-Fartsica · · Score: 3, Insightful
    Any ISP employee, sysadmin or free email provider admin can already look at your data any time they please. And they do.

    At least the government will probably be required to disclose what they do.

    Your best bet is to not send any sensitive info over email, and don't store any unencrypted sensitive or private data in online storage systems.

  4. What's next? by cardshark2001 · · Score: 2, Insightful

    Perhaps the DOJ should be able to find out the title of every book I purchase, every TV show I watch, what kind of hamburger I buy.

    Wholesale spying is not justified by the war on terrorism. Especially for us non-Arab, born and raised in America types. It's just an excuse for the government to do something they've wanted to do for a long time anyway.

    --
    WWJD? JWRTFA!
  5. we need a standard "envelope" for email by jimmcq · · Score: 4, Insightful

    You always hear the analogy that email is just sending a postcard... well, its about time that we start to make email "envelopes" (aka encryption) standard for ALL email.

    I think Joe Sixpack would be more inclined to use encryption if he thought it was just an envelope to put mail into... he doesn't need to know about technojargon like PGP, GPG, SSL, S/MIME, X.509 certificates, just tell him its an "email envelope" instead of the old postcard he's used to.

    The only thing that really needs to be public is the To address. Everything else could be encrypted (enclosed in the envelope) except for maybe a couple fields like the From Address and the maybe the Subject Line (but even those could be "inside").

    What needs to happen before email encryption becomes a "standard" thing that everyone uses all the time?

    1. Re:we need a standard "envelope" for email by T-Ranger · · Score: 2, Insightful

      Your analogy is flawed. Opening a letter not addressed to you is illegal. Owning a letter opener is not, but the DMCA makes owning a electronic knife illegal.

  6. Re:Sounds reasonable by schon · · Score: 2, Insightful

    I don't think the DOJ's request is at all unreasonable

    Of course it's unreasonable. Think about this: The logs don't show content.

    Your email headers don't show what you were talking about - you emailed "somejoeuser99@hotmail.com" asking about his lost puppy... but unbeknownst to you, he's a suspected terrorist, and all of a sudden, you're being investigated... They pull up your http traffic file, and it turns out that the HTML email he sent you has IMG tags that pull pictures from known terrorist sites.

    You'll probably change your mind once you're in an FBI interrogation chamber.. that bare bulb shining in your face, as Agent Smith says "Vhy vhere you communicating vis a known terrorist? Ve haf vays of makink you talk!"

    Or better yet, someone wants to make your life hell, so they get some anonymous web space, put some content that might interest you, and get you to view it... then then change the content to some terrorist propaganda, and place an anonymous call to the FBI. Suddenly there is PROOF that you've been visiting terrorist sites.. so you must be a terrorist!

    Think it can't happen in good ole' USofA? Just like the McCarthy witchhunts couldn't happen.

  7. What's the fuss? by meta-monkey · · Score: 3, Insightful

    Many other posters have already commented that the update to the story says the Gub'ment denies attempts to do this. I'm surprised this story wasn't taken with a grain of salt in the first place...you know this wouldn't stand up to any kind of court scrutiny.

    Really, the idea that the government can arbitrarily spy on anybody, but only look at later if they have a reason, violates your 4th Amendment rights against unreasonable searches (OT: sometimes I feel bad for the 3rd Amendment...it just gets completely ignored. Nobody ever takes to the streets demanding their 3rd Amendment rights be protected. Oh well). The federal government has no power to inventory your entire home, or keep a list of every person with whom you correspond by mail, and as such, they have no similar power to log your email headers or http requests. I don't see this one happening any time soon.

    --
    We don't have a state-run media we have a media-run state.
  8. Love/Hate the idea by gerardrj · · Score: 5, Insightful

    Outright I hate the idea, this is just pre-emptive search/seizure. The gov would only propose this because it's in the digital domain where it's A: feasable, B: deemed by J. Pulic to be a non-issue. The could NEVER get such a thing in to action with physical mailings.

    But then I thought.... If every ISP had to monitor port 25, isolate all to and from IPs and email addresses (forged or not), and fill up all those hard drives, tapes and whatnot...
    Can you image how fast SPAM would drop off as the ISPs attempted to control the now real costs of hosting spammers?

    --
    Article X: The powers not delegated... by the Constitution...are reserved...to the people
  9. GPG by norweigiantroll · · Score: 2, Insightful

    GPG will protect you from email listening (although I guess they just get the headers, so that won't help much.) Too bad SafeWeb isn't around anymore.

  10. Re:Mail headers. by jmd! · · Score: 3, Insightful

    Your ISP wouldn't do it on their mail server, they would have to sniff all outbound port 25 traffic and record that way. Scary stuff, since even PGP doesn't help much. They'd still known everyone I mail. Time to start putting the Subject: in the body of the message, people!

  11. Misinformation by SamMichaels · · Score: 3, Insightful

    The problem is the general populus and law makers don't understand what they're saying/hearing. A analogy would help to put things into perspective.

    Logging email headers can be compared to the phone company keeping records of your incoming/outgoing phone calls.

    Do they do it now? Yes...and most ISPs keep generic logs as it is.

    Does the phone company retain ALL the info? No...but they CAN get the info and keep it if you're suspected of doing Bad Things...or they can tap the line. Can an ISP track the same amount of info? Sure...but they don't do it right now unless you're doing Bad Things.

    Keeping track of where you go on the web can be compared to driving.

    Does your state's dept of transportation keep track of what road you drive, and what time you did it? No.

    Does your ISP track what sites you go to and when you go to them? No...unless you have a proxy, in which case they might keep a generic log.

    Can the dept of transportation put cameras at all intersections and track your license plate number? Yes...but think of the hideous cost and hideous amount of data. Same goes for an ISP to track where you go.

    It's all about perspective...

  12. Secure Tunneling by Chacham · · Score: 2, Insightful

    Even if they do this, places like Anonymizer will provide Secure Tunneling. Anonymizer also has other services, and they seem to be trusted for their part.

    This can handle most web activity. Email can be encrypted, remailed, or signed up for and used through Secure Tunneling, or a similar method.

    As an example, when I browsed the web at work, I used Secure Tunneling. For my email, I used Hushmail. Hushmail encrypted all the data that I saw, so it could not be tracked until it left Hushmail's servers.

    NNTP is a problem. There are anonymous NNTP sites. Altopia, a site run by a staunch Libertarian, seems to be pretty reliable. You can even pay rather anonymously. More recently, Teranews has offered privacy, though I don't know of many reports on their trustworthyness.

    The problem with NNTP service is you cannot encrypt the actual data stream to the NNTP server itself. Hopefully someone will provide such a service. (At another glance, it looks like the Secure Tunneling package includes "Anonymous Newsgroups". But I am not sure what that means.)

    --
    Have you read my journal today?
  13. Of course they don't have any *plans* by billstewart · · Score: 3, Insightful
    They do this sort of thing all the time, and sometimes they get away with it. *Plans* implies that they've gotten sufficiently wide internal buy-in to implement something, or at least to announce it. Simply leaking wish-list desires like this and seeing how the public reacts to it gives them deniability, and lets them pretend it was just an idea, and hey, maybe it'll take off and they'll get to push the envelope a little farther past what common sense and the Constitution actually authorize them to do. In addition, by putting a wide spectrum of proposals out there, from the reasonable to the totally totalitarian wacko, lets them not only know where the edge is, but lets them take any position they want and say "see, we've been talking about this for a long time, and we're just updating this long-discussed plan to reflect current circumstances". Remember Clipper? They got their teeth kicked in on that one. Remember CALEA? That passed, though the telcos resisted for a long time because the FBI wanted billions of dollars of infrastructure implemented in ways that disrupted the potential evolution of the telecom infrastructure and market without actually having to pay for any of it, but it's vague and fuzzy enough that they've been able to use it to gradually impmement some things, even if they're way beyond the Congressional approval level, much less the Constitutional one. Don't expect the ratchet to go back in the other direction without it getting pushed really hard - and this also means support your local so we can stop these things before they start.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  14. Not entirely true... by Mac+Degger · · Score: 2, Insightful

    There are, as yet, no data retention laws for ISP's in Europe. The UK tried to do this the other day, and got massively slapped down by the public, thereby forcing them to table the issue.
    Now THAT's democracy in action.

    BTW, doesn't anyone else find the world a scarier place after 9-11? The problem is that it's Bush who is so scary, not Al Quaida...

    --
    -- Waht? Tehr's a preveiw buottn?