Slashdot Mirror
DOJ Wants ISPs to Log User Traffic UPDATED
Anonymous Coward writes "Kevin Poulson writes in an article in
SecurityFocus that in an early draft of the
White House's "National Strategy to Secure Cyberspace", the DOJ proposes that the US
enact European style 'data retention' laws,
which force ISPs to log and retain all of your
email headers, as well as your Web browsing
history." Nothing worse for the DOJ to be upstaged by Europe in oppressive lawmaking, they must feel like they're losing their edge. Update: 06/19 23:04 GMT by M : The SecurityFocus article has been updated with this note, saying that the U.S. denies having any plans for data-retention laws. Guess we'll have to wait until the plan is released to see.
I'll have to meet real girls instead of browsing pr0n.
Maybe, I dunno. But anyway... this sucks. Doesn't anyone at the DOJ realize that keeping a history of web browsing is about the equivalent of having someone follow you around with a pen and some paper and record the address of every place you visit during the day? I don't understand how keeping track of information like this can possibly help with security or ANYTHING for that matter.
If you need to interpret my post, then you don't get it.
Article seems slashdotted, so I haven't read it yet... but what does this mean for those of us who run our own mail servers? Do we know have retention and reporting requirements on our systems at home?
I once logged packets going in and out of my machine and I generated a huge log file very fast. It was only like 200kb, but really... for an ISP to log as much as they're being asked to, they would need INCREDIBLE storage to hold it all, wouldn't they? I wonder if then ATTBI would tax me another $5 a month to pay for their storage equipement.
----------
Check out my blackbox styles
Logging such a huge volume of data requires massive hard-drive space, extra CPU power, extra manpower. All of those things cost money.
Considering how little money ISP's tend to make, I don't see this as at all fair, unless the government will pony up the cash.
WWJD? JWRTFA!
I wonder if Zero Knowledge, Inc. might decide that it might be time to re-introduce their personal anonymous web browsing service.
___
Cogito cogito, ergo cogito sum.
I visited the site, and this is what it says here. I'm posting it in case the site gets slashdotted. [And I'm not a karma whore since I already have 50.]
U.S. Denies Data Retention Plans
The Justice Department refutes claims that Internet service providers could be forced to spy on their customers as part of the U.S. strategy for securing cyberspace.
By Kevin Poulsen, Jun 19 2002 12:24PM
An early draft of the White House's National Strategy to Secure Cyberspace envisions the same kind of mandatory customer data collection and retention by U.S. Internet service providers as was recently enacted in Europe, according to sources who have reviewed portions of the plan.
But a Justice Department source said Wednesday that data retention is mentioned in the strategy only as an industry concern -- ISPs and telecom companies oppose the costly idea -- and does not reflect any plan by the department or the White House to push for a U.S. law.
In recent weeks, the administration has begun doling out bits and pieces of a draft of the National Strategy to technology industry members and advocacy groups. On Tuesday, sources who had reviewed segments of the plan said a federal data retention law is suggested in a section written in part by the Justice Department.
The comprehensive strategy is being assembled by the President's Critical Infrastructure Protection Board, headed by cyber security czar Richard Clarke, and is intended as a collaborative road map for further action by government agencies, private industry, and Congress.
While not binding, proposals that find their way into the final version of the National Strategy would likely have added weight in Congress, and could lead to legislation.
A controversial directive passed by the European Parliament last month allows the 15 European Union member countries to force ISPs to collect and keep detailed logs of each customer's traffic, so that law enforcement agencies could access it later.
Data to be gathered under the European plan includes the headers (from, to, cc and subject lines) of every e-mail each customer sends or receives, and every user's complete Web browsing history. The period of time that the data will have to be retained is up to each member country; specific legislative proposals range from 12 months to seven years, according to Cedric Laurant, policy fellow at the Electronic Privacy Information Center (EPIC), which opposed the directive.
"Somebody could see their past for the last seven years be completely open," says Laurant, speaking of the European directive. "It violates freedom of speech," as well as the legal principal that a defendant is presumed innocent until proven guilty.
The White House did not return phone calls on the National Strategy, which is scheduled for release in September.
Finally got through, and ... Nothing to worry about yet. Apparently, this is from a misreading of the report. No data retention requirements, these aren't the droids you're looking for, move along.
Does anyone know if using anonymous web surfing services, like Anonymizer or COTSE, will help, with their URL encryption? Of course, this won't fix the problem of e-mail headers, but it might keep flags from being raised when you visit a "hacker" site, or some other "suspect" material on the web.
Wow...
Now the DOJ will have the biggest Free Password List on the web..
Could you imagine the amount of money they could make from X-10 pop-under ads...
The DOJ is on crack. If they think for ONE f*cking second that this would actually work, they're wrong. Ill just start encrypting my email more often. Lets see them get through to my mail headers under 128bit RSA. Yeah I know they have Carnivore, but it only selectively stores email. So, what do you think they will call the machine that collects all THIS information? Lets have a little slashdot naming game shall we? Department of Justice my ass. They need a new name too. Department of Snooping, gives a new meaning to the acronym DOS.
In college, really poor, need a flatscreen.
At least the government will probably be required to disclose what they do.
Your best bet is to not send any sensitive info over email, and don't store any unencrypted sensitive or private data in online storage systems.
Perhaps the DOJ should be able to find out the title of every book I purchase, every TV show I watch, what kind of hamburger I buy.
Wholesale spying is not justified by the war on terrorism. Especially for us non-Arab, born and raised in America types. It's just an excuse for the government to do something they've wanted to do for a long time anyway.
WWJD? JWRTFA!
What I want to know is how this impacts those of use who own/operate our own domains and SMTP server (i.e. those of us who do not use ISP supplied SMTP servers to send out mail). Will we be forced to log our own traffic for fear mean old Uncle Ashcroft wants to know who we emailed three years ago? Will we have to enact some sort of robust long term backup of these logs (i.e. fire resistant safes and offsite backups of logs)? What if, through no fault of our own, a fire destroys the last weeks worth of backups and Uncle Bush needs yesterdays logs (i.e. how paranoid about backing things up do we need to be)?
--
Can't the data the ISP have to log be spoofed by those who know what they are doing. If so, only us poor saps who have "nothing to hide" are screwed... the "pros" will do other things... Chalk this one up in the "dumbass idea of the month club"
Accentuate the positive, don't waste your mod points on the negative.
Numerous broadband providers have gone bankrupt already. The number of requests directed at huge broadband providers could be huge. Besides, law enforcement would end up with large amounts of data that don't really prove much, since criminals (and non-criminals) can encrypt their emails anyway.
"I'm not a karma whore because I already have 50" simply means "I karma whored enough and now I can do this simply because I enjoy it"
It seems that the issue at hand isn't the act of logging activities themselves, but how willing your ISP is to distribute those logs. In all previous cases I am aware of, ISP's do not give out personal information about a user without first being served with a subpoena. This is no worse than the restrictions we have had on wiretapping and eavesdropping for the past 50 or so years, so I don't see any reason for anyone to get upset about this. If you aren't breaking the law, then you have nothing to worry about, and your information will remain private in the hands of your service provider, however if you're doing something illegal, then there is no reason that the FBI or such should not be able to serve your ISP with a subpoena to obtain your usage logs. Its perfectly within our Constitutional rights for the government to do this, and anyone who is made nervous because of this probably has something to hide.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
It's an unworkable idea even voluntarily. Who is going to PAY for the storage, retention, and transfer of the GIGABYTES of data that these records will require the ISPs to keep?
I would think that much data would take up more than GB's, more like TeraBytes.
In college, really poor, need a flatscreen.
I have a better idea. The UN should pass a law requiring that all network traffic in the world, whether on a home LAN or through the Internet, must pass through one central checkpoint machine that will log all the traffic. This will provide a worldwide data retention center where authorities and large corporations can perform queries to figure out exactly what someone was doing. (Obviously, defendants won't be allowed to perform similar queries, because that wouldn't be fair.)
Oh yeah... And the central machine that would fulfill this function would be a 386 SX with a tape drive serving as RAM, running Windows XP Professional, and it would be connected to the Internet through a 1200 baud modem. This will make true worldwide broadband a reality and keep the economy strong.
Attempts like this just make encrypted messaging protocols more desired. SMTP is just old, slow, rusty, and stupid. See here: IM2000
you will see that there is an update: US DENIES DATA RETENTION PLANS
My life in the land of the rising sun.
How would they know if the data they get is real anyway? I can write a perl script to generate fake sendmail log files all day...
This is only slightly different than forcing telcos to retain phone records, with one exception.
Many URL's can be used to guess WHAT data you've been looking at without actually looking at the website. For example, if someone saw the URL: http://www.nakedkids.com they would assume that it was child porn and whomever looked at it should be red-flagged and investigated. Quite possibly however this site could have NOTHING to do with porn and could simply have a questionable DNS name.
Perhaps if ISPs were only allowed to track IP addresses....
Even if the DoJ were to keep a log of your web browsing, who's to say it was you sitting at the keyboard?
I can see people making scripts to go to all sorts of "undesireable sites", and when they get busted, they can prove they were nowhere near the computer at the time.
Would also smoke out all sorts of surveillance schemes.
This would put the government at odds with its own policy, as well as make some big media companies really, really mad. The reality is that surfing the web now encompasses many more things than just vanilla html sites - and because of that, internet companies have found it easier to make money. Storing that history would now require much more space, and, due to the fact that most online businesses are now going for pay-per-use models instead of advertising-based, the government would end up storing a whole bunch of content that is, ironically enough, protected by copyright law. In effect, the government would be breaking the law - the copyright law that John Ashcroft & Co. are doing so much to proserve, protect, and extend.
My god beuracrats are stupid!!!!!
The biggest problems wiht this are the fact that to do this for all of you ppl in the US that use the web will end up generating HUGE log files. Who ius going to pay for the storage space required to house these bohemoths????
What exactly do they expect to achieve in doing this??? By far the vast majority of web users are NOT terorists or criminals (lets just ignore those downloading priated software etc.) They are just going to weind upo wiht lots of stored prOn URLs and inane sites.
For this inative to be of any use, they will have to employ quite a few ppl to troll through these vast log file looking for the needle in the haystack.
Seagate and maxtor stock prices just jumped 10%, western digital 8%. Conspiracy i tell you!
Home Secretary David Blunkett has admitted he blundered over plans dubbed a "snooper's charter" to give a raft of public bodies in the UK access to private e-mail and mobile phone records.
The proposals are to be put on hold indefinitely in the face of huge opposition, which the home secretary conceded his department totally failed to predict. (...)
See http://news.bbc.co.uk/hi/english/uk_politics/newsYou always hear the analogy that email is just sending a postcard... well, its about time that we start to make email "envelopes" (aka encryption) standard for ALL email.
I think Joe Sixpack would be more inclined to use encryption if he thought it was just an envelope to put mail into... he doesn't need to know about technojargon like PGP, GPG, SSL, S/MIME, X.509 certificates, just tell him its an "email envelope" instead of the old postcard he's used to.
The only thing that really needs to be public is the To address. Everything else could be encrypted (enclosed in the envelope) except for maybe a couple fields like the From Address and the maybe the Subject Line (but even those could be "inside").
What needs to happen before email encryption becomes a "standard" thing that everyone uses all the time?
This morning I was listening to "the Bob and Tom show", a syndicated radio program. The discussion topic this morning was "How do you goof off at work?"
The third caller worked at a bank, and she and her co-workers amuse themselves by looking up old high school acquaintances. I don't have a quote, but she said something along the lines of it being fun to see who was overdrawn and who had huge mortgages.
Powers will be abused. Who needs Big Brother?
Europe still blows worse.
http://freenetproject.org or something like it.
UPDATE:U.S. Denies Data Retention Plans
Where can I get an auto-surfing app? Sounds like something out of the Matrix. (You know the scene where Neo is sleeping and his computer is doing searches on Morpheus?)
If Kevin Poulsen was still up to his old tricks today, this would be exactly the sort of setup that would ensure he was busted very quickly...
Freedom: "I won't!"
Confucious say:
They who want log sit on toilette all day.
I cannot agree any more.
I am the nightmare of nightmares.
Many other posters have already commented that the update to the story says the Gub'ment denies attempts to do this. I'm surprised this story wasn't taken with a grain of salt in the first place...you know this wouldn't stand up to any kind of court scrutiny.
Really, the idea that the government can arbitrarily spy on anybody, but only look at later if they have a reason, violates your 4th Amendment rights against unreasonable searches (OT: sometimes I feel bad for the 3rd Amendment...it just gets completely ignored. Nobody ever takes to the streets demanding their 3rd Amendment rights be protected. Oh well). The federal government has no power to inventory your entire home, or keep a list of every person with whom you correspond by mail, and as such, they have no similar power to log your email headers or http requests. I don't see this one happening any time soon.
We don't have a state-run media we have a media-run state.
I am partial to having it renamed to the ministry of love
(orwell reference)
I used to have a cool sig, back when I cared
Who cares what the government logs, when all you simply do is encipher all your traffic to trusted hosts. With anonymous Proxy services being easy to use and setup... more people will simply take notice that they exist, and begin to use them. Some people might even resort to paying a premium to under the counter internet service from their Broadband having friends Finux server. I wonder if this legislation takes into consideration that IP6 can travel right atop of traditional ip4, and can trick out attempts to monitor top level protocols, like email. Besides, you opt out of the monitoring by simply opting out of your providers email facilities. Other forms of message passing exist, and are in use by motivated people.
The USA is the top internet using place on the planet, and Europe is no doubt second, with Asia/Pac being third. So how the USA officials plan to effectively monitor the data required is interesting. Logically one is left to wonder how well the USA carnivore system is working these days, and its sister Echelon. To resort to forcing these ISP to log data on behalf of the government officials seems very controversial. Almost as if the government is passing on the burden of Carnivore on the backs of the struggling ISP's in America. The interesting thing is: who is to prevent the ISP from simply not logging all the data the government officials claim to require? How would they be able to prove the ISP otherwise?
It isn't a lie if you belive it.
The way i viewed it was much akin to the Australian censorchip laws. Its probably a token political effort designed to say theyre protecting the children and stopping terrorism. Its extremely hard to pin down anything really, and if you want to remain unknown, theres always the library.
So I'd say, its political point scoring, with no real teeth to it. But hey, it could always be that they progressed to the next chapter of 1984.
Think nothing is impossible? Try slamming a revolving door.
Even better, there's this thing called encryption. Let them record all the blowfish encoded data they want... they'll never get my session key. :-)
I see a bright future for off-shore encrypted proxys and mailhosts.
How would they decide what is loggable and what is not? By looking at ports 80 and 25? The solution to that is simple, switch all your "sensitive" browsing to port 666. Use PGP for your email or perhaps use something as mundane as ICQ, or FTP drop points.
In addition you can have a script generating spurious emails and web browsing requests all day long so that you quickly overwhelm anyone's ability to actually log anything of substance (if you are really dedicated, you could probably generate 1GB of trash data a day).
Whoever is thinking about these moronic ideas appears to be technically ignorant.
Um, yeah, ok, except that nothing of the sort has happened. Care to provide credible cites to anything like that?
Just the opportunity:
Hey all! Has anyone seen that AL QUEDA member lurking around here? I coulda sworn I saw him with one of the few NUCLEAR BOMBS in the world.
... d'oh! You mean they're not monitoring content?? That takes ALL the fun out of it!
--pi
But a Justice Department source said Wednesday that data retention is mentioned in the strategy only as an industry concern -- ISPs and telecom companies oppose the costly idea -- and does not reflect any plan by the department or the White House to push for a U.S. law.
They just have no fucking respect for our rights at all in the DOJ, do they? None whatsoever. I mean, come on - industry concerns?! Sure, industry would have concerns, but have any of these fucknuts heard of liberty and/or privacy?
Send Lady Liberty back to France, it's over. Sell the Declaration of Independence on Ebay, clearly it has no meaning for our appointed officials.
sulli
RTFJ.
Um, yeah. Except that unlike the rest of the world, we're not trying anything of the sort.
I've read the proposal that passed the European Parliament, and if the policy the Bush administration is attempting to put in place is similar, then it won't pass Constitutional muster. It fails on at least three major points:
I don't think they really realize the volume (either the US or Europe) as to what they're requiring, either. A rough estimate is that an email header is 1k, and that a log of an http request is .5k. For an average user, 1000 http requests (remember, each picture/icon is a new request) and 10 emails per day would be typical. That's about 500k per person per day. For a mid-size ISP with 10,000 users, that's 5GB per day, 1.825 TB per year. Even assuming good compression of 90%, that's 180GB per year. Given that you would need to get a good machine and lots of redundancy for it (remember, this is a LEGAL requirement), I can easily see it costing $30k PER YEAR or more for the hardware alone for log space (plus the additional costs to upgrade the routers/mail servers/proxies and other infrastructure to allow for such vast logging in the first place). I'd estimate that it would be at least triple that, when all other factors are included. Even a $30k capital expenditure per year is a pretty good chunk of change for a company with a probable revenue stream of $3M per year. That's a 1% value of gross receipts (conservatively). And what about someone like Earthlink or similar, who has millions of customers? You're looking at requiring Terabyte storage systems costing multi-millions of dollars.
Even though I've seen some really dubious legislation and policies over the past 10 years (e.g. DCMA), I don't think this one will fly.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
Blunkett went all uncharacteristically contrite on us, but according to the Register this just means that they're not actually formalising what they are doing anyway.
They probably really are handing around traffic analysis data like smarties. "Oh looook what he's accessing!" Probably there's people out there being blackmailed right now; there's bound to be some bad apples with access to this data.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"It was originally designed to help Chinese Internet users get around the Great Firewall Of China.
Looks like the US and EU will be needing it too...[sigh]
Knowledge is power. Knowledge shared is power multiplied.
Outright I hate the idea, this is just pre-emptive search/seizure. The gov would only propose this because it's in the digital domain where it's A: feasable, B: deemed by J. Pulic to be a non-issue. The could NEVER get such a thing in to action with physical mailings.
But then I thought.... If every ISP had to monitor port 25, isolate all to and from IPs and email addresses (forged or not), and fill up all those hard drives, tapes and whatnot...
Can you image how fast SPAM would drop off as the ISPs attempted to control the now real costs of hosting spammers?
Article X: The powers not delegated... by the Constitution...are reserved...to the people
I guess ISPs themselves will go back to old fashioned memos....
Imagine what happens when admins are backing up/reading the days e-mail and read the subject "Fire Admins"
No, I guess not. For people that far out on the fringe, there is little hope of something like the actual facts of the situation interfering with their rants...
... we can't count on laws to protect our privacy. With the number of governments ( and the increasing disregard for liberty the "war" on terrorism is breeding ) sifting our online traffic increasing daily, its past time to move crypto into the main stream. Let them listen to the hum of white ( almost ) noise.
I have read it. All it does is extend the tactics which were already ruled constitutional 40 years ago when JFK applied them to the mafia to organized terror networks. Not as scary as some of the claims being made about it here, I know, but hey, sometimes fact isn't as exciting as fiction...
.. sell your email address to the asians so that they can spam you to death...
Only 'flamers' flame!
Here is yet another example of the federal government's aspirations to be big brother. Since 9-11, almost nobody will stand up and oppose this stuff. The data they could collect this way might be too much to digest, but they would sure try. It could be 1984 by 2004. I wonder if they monitor webcams? http://www.uncoveror.com/webcams.htm
The Uncoveror: It's the real news.
So does this mean that ISP's are going to be forced to pipe ALL port 80 traffic through a proxy, because hey, how else do they get EVERY web page we go to...
Either that or they just keep track of what connections are being made through them to port 80 of places...but then what about web sites simply not on port 80...seems an easy enough way for "terrorists" to avoid being caught.
And then there's the issue of people who run their own mail servers...I'd LOVE to see the government FORCE me to log all my own damned emails. It's not like it's hard to setup your own sendmail box and use that instead of your isps
My parent post here was marked 'Overrated'. I am politely requesting information on what is 'overrated' about it? That kind of implies there's something seriously wrong with my comment, but as of yet I don't see that.
Somebody help? Frankly, I suspect that it was modded down because the person who did it thought I don't value privacy. That's not true at all. I'm just saying I trust a computer to scan my e-mail and retain my privacy, not a human. Once a human reads my email, I get spooked.
The internet is NOT a secure communications medium regardless of what the DOJ wants. So why make yourself stand out to them?
"Derp de derp."
I would like to read it. Do you have a link?
The Uncoveror: It's the real news.
GPG will protect you from email listening (although I guess they just get the headers, so that won't help much.) Too bad SafeWeb isn't around anymore.
Not an app. but you might try:
Programming Perl
O'reilly
ISBN 1-56592-149-6
what the f*ck are you talking about?? Computer security are you crazy? This is just another attempt for the government to spy on it's own citizens! Security? Since when does snooping on your neighbors or co workers have anything to do with security? Man you people are f*cking stupid.
I dislike the European plan. But I also recognize it's a different place with very different attitudes of both police and populace. EU member nations are also free _not_ to enact the plan in their countries. I expect that a number, including the UK, will not.
As far as the individual goes email content can be encrypted. But it looks like the government wants the headers of email and web traffic. Therefore I think there are some things that site maintainers can do to make things more secure.
-- Thou hast strayed far from the path of the Avatar.
"USA Patriot Act" mean anything to you? Did you bother to check the tap and trace provisions in that? No, because if you're like many of the reps who voted for it, you didn't read the legislation.
On the contrary, having actually read the USA Patriot act, I would point out that it does nothing more than extend actions which were already ruled constitutional forty years ago when JFK applied them to the Mafia to organized terror groups. Not as exciting as the fiction some people here on /. are trying to build up, I know, but hey, fact is rarely as exciting as paranoia...
How about indefinite detention of US citizens without charge or trial (now happening, see the Padilla case).
Mr. Muhajir (ne Padilla) was, in reality, picked up on a material witness warrant, and had access to a lawyer at every stageof the process, under procedures upheld by the 1942 supreme court case Ex Parte Quirin. He is currently contesting said transfer in a court in New York, as is his right. None of this sets a new precedent in any way.
Again, not as exciting as your version, but then, again, reality rarely is.
America isn't Nazi Germany, It's the new Roman Empire. I Just havent figured out if Bush is Caligula or Nero yet.
How ya like dat?
See here.
I can just hear them now!
Why is it this group of people all visit one web site? And it's from a Russian domain!
Well, we've looked into it sir - it seems to be a, uhhh, proxy
What the hell is a proxy?
We are on it sir!
Get your Unix fortune now!
The problem is the general populus and law makers don't understand what they're saying/hearing. A analogy would help to put things into perspective.
Logging email headers can be compared to the phone company keeping records of your incoming/outgoing phone calls.
Do they do it now? Yes...and most ISPs keep generic logs as it is.
Does the phone company retain ALL the info? No...but they CAN get the info and keep it if you're suspected of doing Bad Things...or they can tap the line. Can an ISP track the same amount of info? Sure...but they don't do it right now unless you're doing Bad Things.
Keeping track of where you go on the web can be compared to driving.
Does your state's dept of transportation keep track of what road you drive, and what time you did it? No.
Does your ISP track what sites you go to and when you go to them? No...unless you have a proxy, in which case they might keep a generic log.
Can the dept of transportation put cameras at all intersections and track your license plate number? Yes...but think of the hideous cost and hideous amount of data. Same goes for an ISP to track where you go.
It's all about perspective...
Lets require that each user of the net record all of his/her activities while on the net with monitoring software installed on thier PCs. And we all know that the good citizens have nothing to hide and will go along with anything Uncle George says.
Now lets see, who should get the contract for that software... why MicroSoft of course, they are into trust worthy computing now a days.
Even if they do this, places like Anonymizer will provide Secure Tunneling. Anonymizer also has other services, and they seem to be trusted for their part.
This can handle most web activity. Email can be encrypted, remailed, or signed up for and used through Secure Tunneling, or a similar method.
As an example, when I browsed the web at work, I used Secure Tunneling. For my email, I used Hushmail. Hushmail encrypted all the data that I saw, so it could not be tracked until it left Hushmail's servers.
NNTP is a problem. There are anonymous NNTP sites. Altopia, a site run by a staunch Libertarian, seems to be pretty reliable. You can even pay rather anonymously. More recently, Teranews has offered privacy, though I don't know of many reports on their trustworthyness.
The problem with NNTP service is you cannot encrypt the actual data stream to the NNTP server itself. Hopefully someone will provide such a service. (At another glance, it looks like the Secure Tunneling package includes "Anonymous Newsgroups". But I am not sure what that means.)
Have you read my journal today?
I can see it now...
Programs that act like web browsers hitting pages at random generating way too much traffic to record.
Increases in junk mail to overload the databases with uh... junk From, To, CC addresses.
I'm sure the Security and Storage industry sectors will be happy.
Codifex Maximus ~ In search of... a shorter sig.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's simple, enact this and we'll all be forging as much as possible. It wouldn't be complete, but it would be a start.
But if they ever actually do pass this kind of heavy handed, knee jerk, bullshit legislation, I will chunk every computer I can get my hand on out a window and quit my job. Yes, it will be technically possible to circumvent any kind of logging they put up, but why bother with it? The government will only continue to try to execute a stranglehold on that which it cannot control, thus sucking the life right out of it. It'll be more fun to start the revolution on horeseback with pen and ink anyway.
Never argue with a man carrying a water buffalo
Isn't this what carnivore is already doing?
"If anything can go wrong, it will." - Murphy
Has anyone ever considered the effect of boycotting European websites and European goods for as long as they maintain the legislation?
I know it's not very realistic, but hey, it's a start.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
What I would like to see ISP's required to track is traffic patterns that are clearly emminating from a script kiddie or malicious program. If my Firewall can recognize a Smurf Amplification attack then they should be able to as well. A stream of identical traffic (aside from simple pings) or the signature of a known virus attempting to spread itself. While I know that it would be hard to keep up, but frankly I'm sick of having to waste my time telling ISP's about the illegal activity that is occuring on their network.
I'm not posting as someone looking from the outside, I'm telling you from the inside that people with access to personal information go snooping through it all the time. Please inform every root user I've ever met about your honor system.
Joe Sixpack either can't understand encrypted email or doesn't care, because the twenty odd encrypted email startups in the Bay Area have all ended up on the scrap heap, and some of them had truly nice, easy to use solutions.
we got a head start on the EU punks with our DMCA...
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
Thanks for that link. It will take time to read all this, but I will do it.
The Uncoveror: It's the real news.
Comment removed based on user account deletion
FidoNet reincarnation starts tomorrow.
iGo USA #1!!! For democracy!!!
You're forgetting that the USA isn't a democracy, we're a representitive republic. Democracies tend not to work very well.
And you are conducting business over an insecure medium like the internet then you are going to use strong cryptography to protect the contents of your communications. All that is left is traffic analysis. You can feed the watchers false and misleading information to make the analysis imposable.
If you don't do this you are stupid and disserve to get caught. If you are smart you will achieve your goals regardless of being watched.
Don't feel bad. This means that the 3rd amendment worked. It placed a simple constraint on the goverment, and the government has never violated that constraint.
Since email is almost always junk, and easy to forge, I can't imagine that any valuable information will come of this.
--
Ask the Ya-Hoot Oracle Anything!
This is true, but whatever the motivation for imposing this burden on ISPs, history should tell us that if a system is open to abuse (and http logging is flagrantly so) we can be assured that there are plenty of people out there who are willing to abuse it.
Matrix:
Energy for electronic life
Real World:
Pr0n URL's for immediate DOJ, childpr0n URL's for eventual congressional investigation.
- DOJ wants local garbage men nationwide to store all residential and commercial trash in marked bins for 10 years so the FBI can research an individual's lifestyle
- DOJ wants power companies to keep detailed records of household power usage so the FBI can determine what time of day is best to break in and plant listening devices
- DOJ wants all White House officials to publish full transcripts of their meetings so the public knows just how much of Bush's energy policy was written by Enron
- DOJ wants all ISPs to log and retain all of your email headers and browsing history so the FBI can go through your trash without feeling nauseous.
Which of the above seems reasonable to you, your Honor?indeed. it's only a redirect but still...
Found InterNIC referral to whois.opensrs.net.
Registrant:
NewPic.com Inc.
9 East Loockerman Street
Dover, DE 19901
US
Domain Name: NAKEDKIDS.COM
Administrative Contact:
Hostmaster, Hostmaster www@37.net
9 East Loockerman Street
Dover, DE 19901
US
310-203-6699
Registered to a man in delaware... How strange.
There are, as yet, no data retention laws for ISP's in Europe. The UK tried to do this the other day, and got massively slapped down by the public, thereby forcing them to table the issue.
Now THAT's democracy in action.
BTW, doesn't anyone else find the world a scarier place after 9-11? The problem is that it's Bush who is so scary, not Al Quaida...
-- Waht? Tehr's a preveiw buottn?
It is about control!
... etc), the people who send you emails, the people you send mails to. Scared? :-)
Your face, your fingerprints are not the only thing that makes you unique (i.e. a person that can be identified on as needed basis).
Think about all the information that you send over InterNet (logins/passwords/nicks
They can always catch you one way or another. But as one saying goes: "The one who is afraid of bears does not go in the wood."
Cheers
All the gummint needs to do is invest heavily in AI "helper" agents that'll assist you with your browsing, finding the best deals, talking to your friends' agents so they can let you know what your friends are doing, etc. Since they do all this for free, these agents should become very popular. Unca Shuga gets to maintain the database the agents need to perform their help, though, so they can see when disaffected youth are studying bomb design, nazism, etc. and can take appropriate pro-active action. They can also see who refuses to use these incredibly helpful little agents, and thereby focus their non-automated energies on those who obviously have something to hide.
although the pressure on the privacy is on the great increase the second wave webs are getting started to secure any private communication. they try to combine the encryption and simplicity. and some managed. for example s-mail. they don't put any effort to make a promotiond crying out loudly about, imho but the product is quite good... ;)
Yeah, my vote goes for s-mail.com, too.
Looks like the right way how "PGP-for-all" should be.
Many years ago, law enforcement units of various levels of government maintained what were called "Red Squad" files. In theory, the squads and files existed to prevent espionage, subversion and terrorism. Yes, there were "reds" who engaged in such things, although most left-wing activists were generally, for the most part, law-abiding citizens. Unfortunately, any data base of personal associations will include many peaceful types as well as a few actual or potential enemy spies, bombers, etc. So when someone from the personel office of a local factory called his buddy on the local squad, asking about an applicant, the squad guy might reply, "Oh, yeah, we've got a file on that character!" and a perfectly decent citizen would be denied the job.
I followed much of the "Red Squad" controversies during the '80s. The files were indeed abused, and those abuses gave ammunition to those who wanted to reduce the effectiveness of America's foreign and domestic intelligence agencies. AFIK, the agencies themselves pursued some agendas that had much more to do with stifling dissent rather than tracking down the real bad guys. So there was some weird stuff on both sides of the issue.
And so it is now. It's a new day, a new ball game. Law enforcement intelligence units are being re-invigorated beyond all reason. The levels of surveillance of ordinary citizens that government agencies are now working towards is orders of magnitude greater than the local cops writing down license plate numbers of a few hippies at a peace rally.
And what is the real reason for all of this? To prevent acts of mass violence on American soil? Well, that might be a positive side effect, but perhaps the true agenda is to make effective political dissent almost impossible. Those of us who would oppose the great wars now being contemplated at the highest levels of the U.S. government should keep this in mind: They know much, much more about us now than they did 30 years ago. In other words, the true motive for this apotheosis of spooks is not to prevent mass violence, but rather to facilitate it.
----------
Manifesto for the Peoples of the Third Millennium
All those popups telling us that we're being watched by our wives, bosses, etc will have to be updated to include the DOJ. That could help our unemployment rates drastically. The amount of man hours needed to fix all the ads has got to be tremendous.
"In the beginning, there was nothing; Then it blew up."
"I can email my mother in complete piracy."
;)
I meant 'privacy' not 'piracy'. Been posting too much about the RIAA lately.
"Derp de derp."
I keep on reading comments saying that the US government is trying to prevent a terrorist attack.
Can anyone back up this claim?
There are two types of people; those who divide people into two types of people, and those who don't.