Slashdot Mirror
DOJ Wants ISPs to Retain All Customer Records
doubledoh writes "CNET reports that the Department of Justice is 'quietly shopping around' the idea of requiring ISP's to retain all data of their customer's online activities for at least several months. The SEC already mandates that publicly traded firms retain all company emails for at least 2 years, but it looks like John Q. Public may also soon be subject to similar Constitutional violations. Big Brother, here we come."
Does this mean I have to start snooping on my patrons, even if I don't currently? At the moment, I don't even store who's using the machines, let alone browsing habits.
If the government tries to make that happen, the ISPs and users of the world will shout out a resounding "Fuck You". Not only is that invasion of privacy, it is technologically very difficult to store such a massive amount of information.
I just love it when people try to regulate something that they know nothing about.
You are secure in your documents. However, these are the documents of the ISP.
Those documents can't be trawled without a court order, so there isn't really anything about this that is in violation of the U.S. Constitution.
It may be a little bit distasteful in its invasion of privacy, but it is no more unconstitutional than cameras at intersections or strip searches at the airport.
So if I build my own private internet, and don't connect it to the real internet, am I free of the logging requirement?
How about if I have my own virtual internet, running on top of the real internet? Do I become a virtual ISP and then I have to keep logs?
What if I don't use the same physical protocol to move bits? E.g. instead of volatages on a wire, I used morse code or smoke signals -- do I then esacpe the logging requirement?
How big can a LAN/WAN be before it becomes the internet (assuming it isn't connected to the unfree Al Gore created internetwork)?
What if the information is not contained in the protocols, but some side-channel? Do I, as an ISP (virtual or otherwise), have the duty to discover and provide "side-channel" logs?
http://www.thebricktestament.com/the_law/when_to_
the idea of requiring ISP's to retain all data of their customer's online activities for at least several months. The SEC already mandates that publicly traded firms retain all company emails for at least 2 years
AHH! At last! A valid reason for SPAM. Clog up the backups...
Seriously though, surely to be thorough this would also require the post office to steam open and photocopy all correspondence? It'd be a return to the so-called Black Chambers that once existed in the US and Europe that opened dipolomatic letters.
So are the DOJ offering to pay for all this? Storing that volume of data isn't free, in fact its bloody expensive. Why should the ISP's have to pay for this themselves, they won't get any benefit from it.
Its like a hidden tax
They don't need to log everything in the beginning. The goal is not to take all our freedoms and privacies all at once. They just want to get the ball rolling. They will ask the ISPs to log a totally unreasonable amount of data knowing they will settle for a lesser but still privacy killing amount. Then every few years as storage technology improves, more and more will be logged.
This beautifully refined process of slowly chipping away at our rights always begins like this. Figure out a way to kill this right now or you never will.
Their latest "Bullshit" episode deals directly with the US Patriot act and crap like this. It's pretty interesting, their take on all of this.
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Brokerage firms are regulated by the SEC. The SEC has long mandated that brokerage firms retain ALL communications with and about customers (including phone calls and paper mail) in order to allow the SEC to investigate violations of SEC rules. These searchs are carried out with the knowledge of the investigated firms. The only time this would affect a customer's privacy would be if there was a suspicion of an SEC rule violation, such as the Martha Stewart case.
Allowing for searching of ISP logs is much more a violation of customers' privacy. There is no notification to the customer, the Justice department keeps asking for the ability to review these records without issuing a subpeona and without any oversight.
Presenting the ISP logs as an extension of the SEC rules is both incorrect and dangerous. The SEC rules are primarily for the protection of customers and are well founded Constitutionally. The ISP snooping is not.
...land of the free indeed. such idea's come from idiot pencil pushers with no technical savy.
Well, it seems we don't have a monopoly on idiot pencil pushers. Quote from the article:
"France, the United Kingdom, Ireland and Sweden jointly submitted their data retention proposal to the European Parliament in April 2004. Such mandatory logging was necessary, they argued, "for the purpose of prevention, investigation, detection and prosecution of crime or criminal offenses including terrorism.""
Time is what keeps everything from happening all at once.
This isn't a USA-only problem. Similar pencil pusher idiots are trying to get ISPs in The Netherlands to store *ALL DATA* including e-mail, web traffic, P2P et al for 3 years!
Just the disk systems required to do so will contribute significantly to global warming...
To Terminate, or not to Terminate, that's the question - SCSIROB
A good way to raise a politically effective storm of protest over this would be to suggest that the data could also be used to find people who are violating gun laws, say by flagging anyone who's looked at the web site of a gun shop, or done a web search for gun information. This would get the NRA all riled up, and the spineless politicians would back down.
I'm sick and tired of these hip, "ironic" sigs. This is an actual, honest-to-goodness no-nonsense sig!
We have a lovely law called the Regulation of Investigatory Powers (RIP) Act that forces ISPs to keep various logs and submit them on demand to investigatory agencies. The best bit about this is that the ISP can't tell anyone that they've done it.
Big brother's already here, and has intercepted you reading this comment.
Big Brother loves you.
Only old people keeps logs...
Ok, avoid the bad joke, today I found out this link about a law for ISP and how much they should log and for how much this info should be keeped.
The original link is in spanish, but in resume it talks about logs of all user activity (sited visites, information trasmited, etc) and how it should be keeped by ten years... and of course, how the ISP should take charge of all this, no the state.
>Linux is not user-friendly.
It _is_ user-friendly. It is not ignorant-friendly and idiot-friendly.
Tracking -everything- all users do online might be problematic - but certainly a list of all the web sites a given user hits in a month wouldn't be too tough.
Presumably they'd need a warrant -require- an ISP turn over the logs - but there'd be nothing preventing some of the more "patriotic" ones from "cooperating in a more pro-active fashion". Ie - just turning over a nice synopsis of everything on a monthly basis.
Don't think it's possible? There's a case in Seattle where the FBI tried to get a library to hand over a list of everyone who checked out Osama Bin Laden's biography.
I've personally provided web server logs to police without a warrent because a bomb-threat was involved. I'm 100% sure that case was legit - but I probably would've helped if I was only 60% sure. In reality - they were my employers servers - so I didn't really have a choice.
"We think 1 of the 10,000 customers you service might be up to something really bad. We'd really like your logs. All of them."
Are you gonna say no? Is your boss going to let you say no? Requiring ISPs to have the data on hand is not far from requiring the data be readily available to the government upon a "request for cooperation"
That's why you should never allow the government to limit your freedom "a bit" because inevitably that "bit" will become full blown anal rape.
This guy knew what he was talking about...so did the rest of the guys that drafted the Constitution. It's too bad most of their wisdom is ignored today.I think, therefore I doh.
FWIW, this is standard issue in Europe already
the pun is mightier than the sword
US Constitution
Amendment IV - Search and seizure. Ratified 12/15/1791.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Unless they wish to provide funding for this, it will kill small mom and pop ISP's that are barely making a profit with small scale operations. Now they would have to invest large amount of cash in hardware and storage space to archive huge amounts of data. I don't see this going anywhere, and it's going to be impossible to enforce.
How many voters does it take to change a lightbulb? ...None, voters can't change anything.
You said the right words - don't you think that this is an unlawful search and seizure?
Amendment IV - Search and seizure. Ratified 12/15/1791.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
I'd like to meet this congressman and smack him in the head with a newspaper... and say "Nooooo, bad congressman"
If you still refer to the Internet as "the big blue e" then you can not regulate it.
Thankfully, technologies like tor render any ISP's logging capabilities, even if they were to log every single packet, completely useless. You can even run some p2p apps through it.
(Before I used it, I assumed it would be too slow to use. Boy was I wrong - I hardly even notice the difference in web browsing).
Part of me wishes the mother fucking terrorists and paedophiles would just start using encryption so we can forget about all these logging/tapping ideas for good and find something else. Obviously what's going to happen in the real world is that the government(s) will waste billions getting these systems working and 3 months later everyone will be encrypting like there's no tomorrow, then these systems will be worthless. I guess after that we will just have to wait until 19 biometric ID-card holding terrorists hijack some more planes and wonder as everyone says "how did this happen?? they had ID cards!!" or perhaps until someone is gang-raped in front of 10 cameras by masked attackers who never get caught.
This comment does not represent the views or opinions of the user.
How is this a surprise? Go look on google groups and see some other quiet actions being taken. Many people who ordered from chemical suppliers, even frickin plastic tubes and such from many years ago are getting threatening letters. These are legitimate citizens who are into chemistry (many licensed) getting pushed around by the DOJ. The government has MANY regulations that cost businesses a fortune to comply with. If you want to get paranoid, you could say that "the system" does these things because that way the poor man will NEVER be able to get rich, because only the rich will be able to afford to comply. So, if they can comply, and their competition is reduced in the process (i.e. smaller businesses), that is all the more bank in their pockets. Personally, this is rediculous. If someone wants to commit crimes, they will find a way. This just reduces our liberties and privacy. Isn't this really what the terrorists wanted all along? A paranoid country spending tons of money on the mere thought of an attack? wide spread panics? companies going out of business due to new regulations? This is what the terrorists wanted. All it took was 19 guys to turn us into our own worst enemy.
At the moment, systems are in please so that they can MONITOR everything that is sent out onto the network.
The article however, speaks of retaining the information, in other words storing everything.
I myself work for a hosting company: we host several websites (not much) internally, they generate a total of 18GB log files averaged per day! I cannot imagine storing them for years and years to come.
http://jcsnippets.atspace.com/ - a collection of Java & C# snippets
I RTFA and, again, "child pornography" is being trotted our as the excuse for violating everyone's rights. Does anyone have any idea how much kiddie porn is really out there? I'd go look but I don't want anything hanging around in my browser cache.
As storage technology improves, so will network technology, which means that what can be logged now is what can be logged later. Now for why it's too costly:
1. Divide the profit of an avarage large ISP by its amount of customers.
2. Calculate the cost of storing the avarage data throughput of a client per 3 months.
3. Be astonished on how many years of company profits will go into setting up this system.
4. Wonder how on earth you're going to search through such a huge data storage.
5. ?
6. Profit!
While both of them improve, Jo average speed of typing and speed of perception does not. As a result while the amount of data grows (flash, animations, video), the amount of items remains relatively constant (or grows at a much slowlier rate). Do not forget that the DOJ (or its equivalent elsewhere) can subpoena the data from the source or destination or both. Hence all it needs to see at the ISP level is that the data has been exchanged. Similarly, the fact that the data has been exchanged is sufficient to subpoena the content (Carnivore anyone?).
There is plenty of technology to do this now. No need for storage improvement. They can get it now and they are likely to get it.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
In the meantime, it would be nice if people knew that the whole reason we have terrorism and fear in the first place, is because our big government has been bombing, invading, and generally pissing other countries off all around the world for decades. If we had maintained our small isolationist government, we wouldn't have enemy terrorists to be afraid of (or use as an excuse to erode privacy and liberty).
But what are the politicians' answers to the problems of big government? Bigger government!
Sigh.
I think, therefore I doh.
Actually, no I don't. I don't see that anything is being seized, at least not in the traditional sense of taking it (possibly by force or under threat of force) from my possession. Likewise, merely recording the information cannot possibly qualify as "search".
Now, if those logs were actually searched or data mined, then perhaps it would fall foul of the "unlawful search" clause, but failing that, I don't see that it does violate that particular Amendment.
(Of course, IANAL, etc)
It's official. Most of you are morons.
As far as I know the law has passed in Denmark also.
I remember some discussions about how small an ISP you have to be to be free from these demands as it is a major expense and even worse for small ISP's.
I think the limit for this was set to 1000 customers here in Denmark, but I may remember this wrongly.
Does anyone know about these systems being used by the police etc. in the countries where this has been implemented?
This discussion is also going on in Europe and in the Netherlands there are ISP like XS4ALL, BIT and Interned Services who have made some calculations. The cost is pretty high, but it seems the government and the EU are still pushing this in name of preventing crime and terror.
Some Dutch and English reading material can be found here http://www.ispo.nl/home/dossiers/bewaarplicht/.
I'm all for it. Provided that the DOJ is similarly obliged to log and deliver to my inbox a notification that someone in the DOJ has mentioned considering making me the subject of an investigation, so that I can run away and change my name. Also, if I get apprehended and the case goes to trial, I want the log of every jury member, prosecutor and member of the judiciary subpoenaed and presented as evidence for the defence. I'd happily be imprisoned for a cause I believe in, but I'll be damned if I'm being convicted by someone that likes shopping for antique furniture and goat porn.
Osama just called to say he's hung up his terrorism hat. We no longer have enough freedom to be worth hating.
Freedom to fear. Freedom from thought. Freedom to kill.
I guess the War on Terror really is about freedom!
In fact there are a lot of people here in the UK who do take action against speed cameras in order to disable them. There is even an organisation dedicated to this hobby. We don't need guns.
Gee, what word does that remind you of?
thats true... but this will only serve to push more people into using encryption and more websites into automatically setting up and sending session key encrypted data to any browser that requests it. secondly, this legislation has no effect on users that would simply hop on one of the many available open wifi hotspots. all this will serve to do is to make things more difficult for law abiding citizens while exposing them to all sorts of privacy invasions at the same time...
I'm quite convinced that Karl Rove et al take the history of the Roman Empire very seriously in assessing how to preserve the special status of the American ruling class (=patricians.)
The point about the Roman Empire was that there was nowhere to hide for its citizens. The reason that, when accused of crimes, senators went off and committed suicide was that there was nowhere to escape to. This gave the people in power effectively total control.
In classical Rome, just like Elizabethan England, huge networks of paid informers ensured that the government knew what people were thinking. The result was that the upper classes could continue their internecine wars (i.e. kill one another) while knowing that the system that kept them, as a class, in power was secure. There was no risk that while they were slaughtering one another, the peasants would revolt. Of course, in Rome the emperor also had a private security force - but ultimate power was controlled by whoever had the support of the army. So one Imperial tactic was to keep the army as far away from Rome as possible fighting foreign wars.
Any similarities are purely coicidental.
Panurge has posted for the last time. Thanks for the positive moderations.
Yeah, well... I'm gonna go build my own internet, with blackjack and hookers. In fact, forget the internet!
They are looking for needles?
Make BIGGER haystacks.
Tor, now than ever.
"Flyin' in just a sweet place,
Never been known to fail..."
Corporations can basically pay to have just about anything enacted into law if they have enough money to throw at the issue and it's not so egregious as to piss off Joe Sixpack. There's no way the large ISP's will go for this. Look at who some of these large ISP's are. We're talking about large media conglomerates and cable and telecommunications companies. This would probably cost them a lot of time and money to setup and maintain so there's no way they'll go for it and they'll spend a lot of cash to defeat it. They'll score points with the privacy advocates for fighting it and it will benefit them in terms of profitability. It's a win - win for them. This will never happen.
Well, Lucas, I looked through some of your other posts and noticed that your have encryption turned on on your wireless network. Why? Do you have something to hide?
I assume that you have encryption turned on to keep bad people from hacking into your network and reading your PRIVATE data. Now, how good a job do you think your ISP is going to do of securing all of the logs of all of your activity?
Find and compromise as many of these files as you can. Identify as many politicians' accounts as you can. Post all of the log files on the internet.
If even half of the log files found are as embarrassing as I'm imagining then all of Washington would go into a buzz about protecting privacy.
...when next the US Post Office will be required to scan and image and index into a searchable database every letter and document that flows thru the postal system.
> 2. Calculate the cost of storing the avarage data throughput of a client per 3 months.
> 3. Be astonished on how many years of company profits will go into setting up this system.
> 4. Wonder how on earth you're going to search through such a huge data storage.
> 5. ?
> 6. Profit!
5. Buy stock in Western Digital, Seagate, and Maxtor.
You're welcome.
A prime example of this, an article on Slashdot some time ago, was a fireman who's house burned down. Fire investigations proved that it was arson, that the fire started in one of the basement vents. "Fire Starter" logs were found there. They were bought at a local grocery store.
The fireman's "discount card" at that grocery store provided a record of his purchace of "Fire Starter" logs.
Yes it was arson, ** but ** it was another person that started the fire, not the fireman.
An inocent man was almost sent to prison on the word of a machine, on a record collected, on a privacy lost.
I feel like SNL's impression of Alex Trebek here durring a session of Celebrity Jeapardy.
Sean Connery: Preserving your Privacy for $1000
Alex: "Distributed Anonymizing Proxy network of Onion Routers"
Sean Connery: What is your mother's onion sized breasts! I hear she distributes them pretty well, pansy boy!
Alex: I'm sorry, the answer is 'What is Tor?', found at http://tor.eff.org./ And if you talk about my mother again... I will be forced to thrash you.
Cleaning the net one sed at a time! s/sex/sermons/; s/hot/holy/; s/goats/thebible/; www.holysermonswiththebible.com
If privacy is indeed lost, we must work all the harder to regain it. If it is not yet lost, we must work hard to keep it.
Better yet, just create a spider that requests random pages all day, every day. Do this at a reasonable rate so it looks like regular surfing and can't be construed as some type of attack.
This would accomplish two goals, increasing the amount of storage the ISPs would have to have and put so much noise in the logs that it would be hard to find anything that could be used as evidence.
As an additional bonus, it might be possible for users to store the data the spider finds and sell it to a search engine.
Find coupons in Greeley
Only companies that actively trade in securities (IE: brokerage firms) are bound by this SEC rule. Regular corporations (public or private) don't have to keep mail around unless they are part of active litigation. Read and understand what you link to!
"This beautifully refined process of slowly chipping away at our rights always begins like this. Figure out a way to kill this right now or you never will."
Never? Abusive dictatorships get violently overthrown at some point or another, how long it takes to be corrupted into another abusive dictatorship is a measure of the wisdom of the new system.
We are just following the age old cycle: Rebel, rinse, repeat.
I imagine that if someone was trying to make communications that they wanted to hide, then they could just create a simple flash animation to hide the message. There are plenty of ways to embed text into another medium in order to make it more difficult to just see. And as bandwidth becomes cheaper you can increase the amount of noise in the message that can't easily be eliminated by a machine.
...lots of dead Americans.
Actually, this is a misconstruing that is at the heart of a lot of the problems the US is now having with the rest of the world.
The Sep 11 attack wasn't on the American Trade Center; it was on the World Trade Center. Citizens of around 60 nations died in that attack.
When you claim that this was an attack on America or Americans, you are repeating the Bush administration's oft-stated attitude that the rest of those dead don't matter. They weren't Americans; they aren't relevant; we don't care if they died. Only Americans are important.
With the Internet, it's fairly easy to find information about bin Laden and his Wahhabi gang. Their fight isn't with America; it's with the entire modern world. America is just the biggest, baddest of their opponents. But they are fighting us all, not just Americans. The Sep 11 attack wasn't their first try at the World Trade Center, and they have perpetrated attacks on many other places and people who weren't American.
But, of course, only American deaths count. The rest of the world is irrelevant.
Small wonder that the rest of the world isn't being too cooperative with the US these days.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
No, the world was not with us when we 'stopped it'. The UN declined to authorize the use of force. There were more nations in Bush's "Coalition of the willing" than there were in the attack agains Serbia
And there was no ethnic cleansing going on. Yes there were attrocities comitted, bhe mass graves that were used to sell the war to the American and European public never materialized.
Yes reprehensible things occurred, but they were nowhere near the level of the crap that was being reported. It certainly didn't compare the crap that that was going on in Iraq under Saddam Hussein, and it doesn't compare to the crap that is going on under Robert Mugabe RIGHT NOW.
BS. Clinton was a lawyer, he doesn't get to claim he didn't understand the law when he signed it. Besides, there was plenty of criticism of the DMCA when it went through Congress. He knew what he was doing when he signed it.
No, that would be Waco.
I've been thinking about this ever since they did that experiment in Switzerland where they sent one half of a quantumly-entangled pair to the other side of Geneva via fiber optic cable. They pinged one half with lasers, and determined through precise measurement that the information was instantaneous and faster than the speed of light.
At the same time I read about the experiment, apart from dreams of ansibles, I thought, hey, there's no way in hell for any third party to eavesdrop on two quantumly entangled particles.
Also in the news was Napster and Freenet, and I wondered if a person couldn't build an Internet using quantum entangled pairs that is totally immune from government intrusion.
Try to read our logs then, mofos!
Do what you can, with what you have, where you are.
I work for a small ISP in NW Ohio. I have a few questions:
Who is going to pay for the disk space to store all of these logs. we couldn't possibly afford to keep even a weeks worth of logs. We have 2 DS3's for upstreams, out of two POPs, you know how much bandwidth that uses?
Who is actually okay with the policy of sniffing the innocent in case they might do something wrong? Sorry, no, this is just more repbulican facsist bullshit. Anyone who believes this is a good idea clearly doesn't value freedom in any real sense.
Who is going to station armed guards in my network, to keep me from making it official company policy to kick the logging machines as you walk by them?
As an employee of an ISP, I can say we are unprepared to do this, we are unwilling to do this, and..... fuck the DOJ, this is just wrong.
--Nuintari
slashdot : where an opinion can be wrong.
...on a technical level.
They'd be storing this much information on me: http://www.google.com/search?q=6+million+per+secon d+*+1+month
Which works out to about 1.80 TiB
And since hard drives are about $0.3875/GB,/ www.pricewatch.com/prc.aspx%3Fi%3D26%26a%3D4429
http://www.pricewatch.com/default.aspx?p=http%3A/
That means I'm getting an extra $714.24 value out of my $80 Comcast bill, or whatever they charge now.
And since I only watch my porn that I stream from the internet at H.264 1280p HD (5-6Mbps), caching the data on Comcast's servers is just as good as saving it on my own hard drive.
Now I already know what you're going to say:
To which I say:
-- I was raised on the command line, bitch
Just because one guy has a bazillion files, doesn't mean that everyone on the planet must have contributed to his collection. A fairly small number of file traders, especially if a few are in some country with a thriving kiddie porn industry, could easily account for a very large number of files. No need to assume that because there are a lot of files, there must be a lot of file traders.
There may BE a lot of file traders, but log-trawling starts with an assumption that the majority of people must be guilty, which is a lot of why I object to the whole log-trawling concept.
If you aren't guilty of kiddie porn, surely we can find SOMETHING you're guilty of...
~REZ~ #43301. Who'd fake being me anyway?
The devil is in the details. The government can require the ISPs to retain the records, but the government's access to those records still must abide by the Constitution (e.g., the DOJ shouldn't be able to see those records without a warrant/court order).