Slashdot Mirror
DOJ Wants ISPs to Retain All Customer Records
doubledoh writes "CNET reports that the Department of Justice is 'quietly shopping around' the idea of requiring ISP's to retain all data of their customer's online activities for at least several months. The SEC already mandates that publicly traded firms retain all company emails for at least 2 years, but it looks like John Q. Public may also soon be subject to similar Constitutional violations. Big Brother, here we come."
Does this mean I have to start snooping on my patrons, even if I don't currently? At the moment, I don't even store who's using the machines, let alone browsing habits.
If the government tries to make that happen, the ISPs and users of the world will shout out a resounding "Fuck You". Not only is that invasion of privacy, it is technologically very difficult to store such a massive amount of information.
I just love it when people try to regulate something that they know nothing about.
So if I build my own private internet, and don't connect it to the real internet, am I free of the logging requirement?
How about if I have my own virtual internet, running on top of the real internet? Do I become a virtual ISP and then I have to keep logs?
What if I don't use the same physical protocol to move bits? E.g. instead of volatages on a wire, I used morse code or smoke signals -- do I then esacpe the logging requirement?
How big can a LAN/WAN be before it becomes the internet (assuming it isn't connected to the unfree Al Gore created internetwork)?
What if the information is not contained in the protocols, but some side-channel? Do I, as an ISP (virtual or otherwise), have the duty to discover and provide "side-channel" logs?
http://www.thebricktestament.com/the_law/when_to_
the idea of requiring ISP's to retain all data of their customer's online activities for at least several months. The SEC already mandates that publicly traded firms retain all company emails for at least 2 years
AHH! At last! A valid reason for SPAM. Clog up the backups...
Seriously though, surely to be thorough this would also require the post office to steam open and photocopy all correspondence? It'd be a return to the so-called Black Chambers that once existed in the US and Europe that opened dipolomatic letters.
Their latest "Bullshit" episode deals directly with the US Patriot act and crap like this. It's pretty interesting, their take on all of this.
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Isn't that a bit irresponsible? I don't log everything but I do log all traffic that contains keywords like for instance "lolita", "kiddie" and "pthc" as well as all traffic in iso-8859-6/asmo-708.
You could always flood the ISP with a series of request and very small pacets, there by quickly filling up logs and possibly even crashing there monitoring systems due to an over sized file. Hell get sevral people together on it and it might be posible to crash the system every few minutes. They can't posibly hope to store insain amounts of requests even with sevral HexaBytes to storage. In the end there is no fool proff system as not every one is a fool.
You said the right words - don't you think that this is an unlawful search and seizure?
Amendment IV - Search and seizure. Ratified 12/15/1791.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Thankfully, technologies like tor render any ISP's logging capabilities, even if they were to log every single packet, completely useless. You can even run some p2p apps through it.
(Before I used it, I assumed it would be too slow to use. Boy was I wrong - I hardly even notice the difference in web browsing).
At the moment, systems are in please so that they can MONITOR everything that is sent out onto the network.
The article however, speaks of retaining the information, in other words storing everything.
I myself work for a hosting company: we host several websites (not much) internally, they generate a total of 18GB log files averaged per day! I cannot imagine storing them for years and years to come.
http://jcsnippets.atspace.com/ - a collection of Java & C# snippets
As storage technology improves, so will network technology, which means that what can be logged now is what can be logged later. Now for why it's too costly:
1. Divide the profit of an avarage large ISP by its amount of customers.
2. Calculate the cost of storing the avarage data throughput of a client per 3 months.
3. Be astonished on how many years of company profits will go into setting up this system.
4. Wonder how on earth you're going to search through such a huge data storage.
5. ?
6. Profit!
While both of them improve, Jo average speed of typing and speed of perception does not. As a result while the amount of data grows (flash, animations, video), the amount of items remains relatively constant (or grows at a much slowlier rate). Do not forget that the DOJ (or its equivalent elsewhere) can subpoena the data from the source or destination or both. Hence all it needs to see at the ISP level is that the data has been exchanged. Similarly, the fact that the data has been exchanged is sufficient to subpoena the content (Carnivore anyone?).
There is plenty of technology to do this now. No need for storage improvement. They can get it now and they are likely to get it.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
As far as I know the law has passed in Denmark also.
I remember some discussions about how small an ISP you have to be to be free from these demands as it is a major expense and even worse for small ISP's.
I think the limit for this was set to 1000 customers here in Denmark, but I may remember this wrongly.
Does anyone know about these systems being used by the police etc. in the countries where this has been implemented?
I'm all for it. Provided that the DOJ is similarly obliged to log and deliver to my inbox a notification that someone in the DOJ has mentioned considering making me the subject of an investigation, so that I can run away and change my name. Also, if I get apprehended and the case goes to trial, I want the log of every jury member, prosecutor and member of the judiciary subpoenaed and presented as evidence for the defence. I'd happily be imprisoned for a cause I believe in, but I'll be damned if I'm being convicted by someone that likes shopping for antique furniture and goat porn.
I'm quite convinced that Karl Rove et al take the history of the Roman Empire very seriously in assessing how to preserve the special status of the American ruling class (=patricians.)
The point about the Roman Empire was that there was nowhere to hide for its citizens. The reason that, when accused of crimes, senators went off and committed suicide was that there was nowhere to escape to. This gave the people in power effectively total control.
In classical Rome, just like Elizabethan England, huge networks of paid informers ensured that the government knew what people were thinking. The result was that the upper classes could continue their internecine wars (i.e. kill one another) while knowing that the system that kept them, as a class, in power was secure. There was no risk that while they were slaughtering one another, the peasants would revolt. Of course, in Rome the emperor also had a private security force - but ultimate power was controlled by whoever had the support of the army. So one Imperial tactic was to keep the army as far away from Rome as possible fighting foreign wars.
Any similarities are purely coicidental.
Panurge has posted for the last time. Thanks for the positive moderations.
They are looking for needles?
Make BIGGER haystacks.
Tor, now than ever.
"Flyin' in just a sweet place,
Never been known to fail..."
Well, Lucas, I looked through some of your other posts and noticed that your have encryption turned on on your wireless network. Why? Do you have something to hide?
I assume that you have encryption turned on to keep bad people from hacking into your network and reading your PRIVATE data. Now, how good a job do you think your ISP is going to do of securing all of the logs of all of your activity?
Properly indoctrinated, he won't even believe in the value of your freedoms.
I love a good dystopia!
Killing off the small ISPs is likely one of the primary indended (unspoken) goals.
That probably has more to do with Meth labs than terrorism.
And at least Meth is a valid concern. Terrorism is not really much of a problem on US soil (compared to other forms of death), but crystal meth is huge and getting worse.
A prime example of this, an article on Slashdot some time ago, was a fireman who's house burned down. Fire investigations proved that it was arson, that the fire started in one of the basement vents. "Fire Starter" logs were found there. They were bought at a local grocery store.
The fireman's "discount card" at that grocery store provided a record of his purchace of "Fire Starter" logs.
Yes it was arson, ** but ** it was another person that started the fire, not the fireman.
An inocent man was almost sent to prison on the word of a machine, on a record collected, on a privacy lost.
Better yet, just create a spider that requests random pages all day, every day. Do this at a reasonable rate so it looks like regular surfing and can't be construed as some type of attack.
This would accomplish two goals, increasing the amount of storage the ISPs would have to have and put so much noise in the logs that it would be hard to find anything that could be used as evidence.
As an additional bonus, it might be possible for users to store the data the spider finds and sell it to a search engine.
Find coupons in Greeley
I imagine that if someone was trying to make communications that they wanted to hide, then they could just create a simple flash animation to hide the message. There are plenty of ways to embed text into another medium in order to make it more difficult to just see. And as bandwidth becomes cheaper you can increase the amount of noise in the message that can't easily be eliminated by a machine.
-- Oct 21, 2001 Osama bin Laden
When information is power, privacy is freedom.
I've been thinking about this ever since they did that experiment in Switzerland where they sent one half of a quantumly-entangled pair to the other side of Geneva via fiber optic cable. They pinged one half with lasers, and determined through precise measurement that the information was instantaneous and faster than the speed of light.
At the same time I read about the experiment, apart from dreams of ansibles, I thought, hey, there's no way in hell for any third party to eavesdrop on two quantumly entangled particles.
Also in the news was Napster and Freenet, and I wondered if a person couldn't build an Internet using quantum entangled pairs that is totally immune from government intrusion.
Try to read our logs then, mofos!
Do what you can, with what you have, where you are.
The devil is in the details. The government can require the ISPs to retain the records, but the government's access to those records still must abide by the Constitution (e.g., the DOJ shouldn't be able to see those records without a warrant/court order).