Slashdot Mirror
U.S. Pressures ISPs on Data Retention
packetmon writes "According to Wired's Declan McCullagh 'In a private meeting with industry representatives, Gonzales, Mueller and other senior members of the Justice Department said Internet service providers should retain subscriber information and network data for two years ... A more extensive mandate would require companies to keep track of e-mail messages sent, Web pages visited and perhaps even instant-messaging correspondents.'"
that's a lot of data... I wonder how many hard drives it would take to keep that much. besides, it would be so much data that it would be really had to sort through it all in order to try and prevent any crimes (I'm assuming this is an anti-terrorist thing - as most crazy freedom reducing laws these days are)... all this would do is after someone had blown themselves up and you knew who they were you could say "so in this instance "flower" meant bomb... but because of the cellular nature of these groups we're no closer to stopping any other attack"
*''I can't believe it's not a hyperlink.''
Rather than put all of the onus on spying on the population on third parties, such as telcos, credit card companies, ISPs and airlines, why not just implement the solution in 1984. You just install two-way TVs in everyone's homes and offices. That way you can efficiently monitor what everyone is doing in a centralised fashion. The data would be recorded for later playback if needed. As a safeguard, officials would only be able to examine the recordings if they obtained a court order (unless, of course, the President decided it was necessary to the fight against terror to waive the requirement for a court order). After all, if you are not doing anything wrong, why object to such a system?
I don't know wheter to mod you insightful or funny. So i'll reply instead and it won't be my problem.
Not to mention that all that extra has to be pored through. The FBI had gotten information on a case from homeland security, unfortunately they did not parse it down and the FBI agents lamented that they spent a majority of time chasing down pizza deliverys instead of spending more time on the actual case.
Image the uproar when (not if) a cracker gets into the database and abuses all that information.
The information gathered from users can also be used(abused) for blackmailing.
You might be asked to testify against someone, if not then well your employer and spouse might accidently find out about your surfing habits.
All in all, this sounds like a lose-lose situation for almost all involved.
"I will reach out personally to the CEOs of the leading service providers and to other industry leaders," Gonzales said. "Record retention by Internet service providers consistent with the legitimate privacy rights of Americans is an issue that must be addressed."
Privacy rights and citizen-snooping mix worse than water and oil.
Is this not exactly the sort of problem public key cryptography is well-suited to combatting?
Sadly I'm not American, but this seems like the sort of thing that would be pretty early on in the list of rights you guys have - freedom of speech, not incriminate yourselfs in court etc - so is there any possibility that you could have a new amendment - the right to have private communication with people without having to tell - or without the carrier having to tell - the government? It sounds a bit much to me.
Also, from a technical point of view, why isn't Linux and other Open Source software using encryption by default? If emails are hard to encrypt as a matter of course, perhaps it's time for another system which handles messages strongly encrypted. I've heard about TOR from the EFF, and I remember the short-lived Triangle Boy system - it really sounds like this sort of thing needs to be made up and running sooner rather than later.
It's lifted from the TFA but I guess this is supposed to mean 'instant messaging correspondence' (...in addition to logging the correspondents)?
Personally I don't see little that can be really achieved with this approach to actually prevent terrorist, since there are dozens of ways that can be used to circumvent this data mining approach.. and even a 12-year old can think of them.
I think one might only be able to do something with when something has actually happened, parsing these amounts of data in real-time andextracting something you didn't know from it is extremly hard.
Note number 1: The famous Dutch ISP xs4all has started a counter in the beginning of september 2005, giving an indication of how much cd's one would need to store only their traffic (~6% market share AFAIK). As I write this, the counter approaches 62 million cd's.
Note number 2: I once saw someone make a small calculation on the back of an envelope about how much physical space would be needed to store all this information using hard disks.. and how many disks would fail every day given their MTBF of such a large 'warehouse filled with disks'. IIRC, one would need about 10 FTE only to replace the failing disks..
Note number 3: It's obvious that these ideas are not made up by people with technical expertise
Note number 4: perhaps it's not a bad idea to start buying shares of companies that provide storage solutions ;O
Note number 5: I'm really wondering how this whole non-sense would hold up against the 'innocent until proven guilty' idea. If I'm innocent, why am I being tracked?!?
Based on logs i've seen of similar information 2 years of logs would easilly be 26 gbs for a single person. That's just a conservitive number for the types that check their email a few times a week and look at the Lost forums every now and then.
Multiply that by 100s of thousands of users and you're looking at warehouses full of tapes and/or hard drives. That's if you're conservitive.
I'm sure the ISPs wouldn't mind - as long as the government provides the data storage center and pipe to the same. I just don't want to be the poor sucker that's expected to develop an algorithm to efficiently search the steaming pile of crap that results from that sort of requirement.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
I wonder if they have some privacy issues about the content of their private meetings showing up on the internet?
are we sure this story isn't just to distract us from the AT&T + NSA snooping headlines? if they need to ask ISP's to retain all this data, then surely the NSA isn't doing what everything thinks they are doing.
Donald Ray Moore Jr. (mindrape)
Suspected Terrorist
Friends don't help friends install M$ junk.
The cost of freedom and rights is paid not just on the battlefields of the wars we fight, but in our everyday lives. When we become so weak that we cannot accept that cost, then we cannot have rights and freedoms.
In Massachusetts, USA, we now have State Police on television, threatening the citizens of the State over seatbelt use. In the mad desire to save the last life, our government and police oppress and threaten not murderers or rapists, not armed robbers or burglars, but citizens commuting to work, mothers doing shopping, and old people on the way to bingo.
You can be sure that the requirement to hold all ISP information on individuals will extend from 2 years to 5 to 10. Then there will be a lifetime requirement on all communication by an individual.
They justify these incroachments on rights and freedoms by saying they are fighting crime and saving lives. We have to be strong enough to accept the consequences of our freedom to chose in our lives and tell them we are not mere cells in the body of society. We must tell them that we are not all "uncaught criminals" who must be monitored and spied upon by the government for our own good. We must tell them to go to hell.
E Proelio Veritas.
...between ISPs and their users, the users said they would jump ship the moment they thought their ISPs were helping to spy/keep tabs on them. The users also read a statement into the record proposing that the Justice Department, quote, "go fuck themselves", and, further, that the DOJ heads would, quote, "hit the bricks as soon as we have fired their elected masters".
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
How do you plea?
Autonomous Retard -- Is your camp safe? UnsafeCamp.com
... harddisk and other mass storage companies.
:)
If nobody listens when we object on privacy grounds, at least object on environmental grounds... how many kw is it going to take to power the systems to record this data?
Oh well... at least somebody is backing up my data, even if it's not me
(Not that i'm in the US, but i'm sure my government can't be far behind)
If you don't wear it, the cops have a legit reason to pull you over.
Your argument that this law is just because I can negatively affect others through non-use of a seatbelt is a bit reaching, don't you think?
Blar.
Where has someone NOT had freedom and had security?
I get 3 million trackback spams a month. They can have those if they want them.
What will happen here is once this starts to get a foothold, it will not stop advancing from the original 'reason'.
i.e. data retention under the guise 'terrorists' will slowly degrade into a state 'eye' of everything you do, and even slight regressions against the law you will be pulled up. Remember speed cameras? Now they are used to monitor road users/collect revenue, nothing to do with overspeeding much anymore.
The strange thing is, 'terrorists' would then move back to snail mail to correspond. Safe, unmonitored and secure (but a little slow).
I work at a small WISP. Wireless Internet is secondary to our primary business, so anything to do with the Internet gets put on hold when a primary job comes up. The practical result of that is, we barely have a spare minute to work on the network side of the WISP (the result is also crappy customer service, but that is a different post).
Should something like this actually happen, it would take not only a large amount of space, but for us, probably a full time person just to manage backing up the logs. For a large ISP it would take probably a couple of people or more. Not to mention the fact of the cost of the network monitoring software it would take to record all of this information.
We are already on the edge, something like this would just do us in.
But maybe that is an intended result, as having a few AT&T's that give you a straight pipe right onto their backbone, is a hell of a lot easier to monitor than a whole bunch of mom & pop ISPs who could not possibly to even begin to comply with these monitoring requirements.
Let the cry be heard: V for Vendetta
Usurper_ii
Ron Paul
Infiltrated dot Net
The Government should foot the bill for all the additional storage needed. Afterall it serves little benefit for ISPs to do this. Wonder how quickly this idea would be shelved when they realise how much it would cost to store detailed info on browsing and digital comunication...
"(I'm assuming this is an anti-terrorist thing - as most crazy freedom reducing laws these days are)"
Honestly, how many terrorists are they going to catch? How many have they caught so far? How long do you think it will take them to find other uses for your information?
If you think it's ok for them to do this to 300,000,000 + Americans just to catch 5 or 6 terrorists, you deserve everything you get.
It's not an anti-terrorist thing. It's an anti-American thing.
Never forget that.
The parent poster is dead correct. Not being spied on and continually asked "Your papers comrade" was supposed to be one of the touchstones of American citizenship. When I was growing up, I was often told that not enduring such things and NOT TOLERATING them was one of the many things that made us better than the Russians. People used to care enough about that citizenship to even brook contemplating the traitorous ideas Gonzales and the rest of the Bush administration keep coming up with.
The people in charge right now really suck. But the lack of spine being showed by the People means they suck worse. We should be howling for these clowns' heads on platters.
Well, the first thing that comes to my mind is Russia before the Cold War.
Back then they thought Communism was a good idea; the state would take care of all your needs. Plenty of security, but little to no personal freedom.
-- You are in a maze of little, twisty passages, all different... --
They are already doing it, and they know how many small ISPs would have to shut down because of the cost and complexity of doing something on this scale, if it became law. Big monopolistic-type businesses loves big government, because it puts up a large barrier for entry into the market.
Usurper_ii
Ron Paul
Every normal man must be tempted at times to spit on his hands, hoist the black flag, and begin to slit throats.
This administration is doing everything it can to erode our privacy rights, take away due process and legal protections, increase governmental secrecy and decrease governmental accountability. All this ironically in the name of our saftey and freedom.
The Bush administration is eroding our privacy rights through warantless wiretapping of American Citizens phone calls, and we dont know if its only international phone calls because there has been no investigation of this, we only have the people who are violating the FISA statue's word on this. FISA was set up for exactly this purpose. Not only that, they have a database of nearly every phonecall made in America, and they are using it to monitor phonecalls made by reporters to find leaks in their own administration without warrants.
http://www.thenation.com/blogs/thebeat?pid=83880
As for our legal protections, this administration wants to be able to detain indefinitely without trial anyone suspected of terrorism, Jose Paddilla is a American born citizen and though he will now be tried as a criminal due to the threat of his case going to the supreme court. This administration wished to detain him indefinitely without trial prior to that threat. That is scary and unprecedented. Were not talking about legal resident aliens, or people who illegal gained entry into the country, this guy was born here as a citizen and under the constitution he deserves a trial, every citizen deserves a trial, thats a fundamental right.
As for increased government secrecy and decreased accountability we have documents being reclassified under the freedom of information act, and non-compliance for freedom of informaiton act requests. Its not just security related concerns, but corrupt things like whether a power plant is up to code and is likely to have an accident, hand outs to his industrialist buddies. Another nice tidbit hidden from the public for a long time by Bush's rewritting of the Freedom of Information act is a memo from Exxon mobil to the Bush white house demonstrating the influence of oil companies on this administration's global warming policy's. All of this having nothing to do with national security but being withheld from the public just because it protects monied interests or can embarrass elected officials.
Admittedly it would be a lot funnier if I didn't live a stone's throw from the US (I checked once, and the local transit system goes to within 300 metres of the US border... although there is no border crossing at that location). It would be funnier still if I wasn't aware that Canada's latest batch of census data is being processed by a US business, and is therefore considered property of the US government. Oh well, c'est la vie, long live rock, and all that.
"Note number 5: I'm really wondering how this whole non-sense would hold up against the 'innocent until proven guilty' idea. If I'm innocent, why am I being tracked?!?"
In a court, you're innocent until proven guilty. That doesn't mean detectives can't dig up evidence to present in court.
This only applies to the legal system. As is my understanding, American citizen or no, someone can be taken prisoner after having been declared an "enemy of state". Any takers?
...to Web 3.0, where your every click and view is tracked by Big Brother "for your own good".
never bring a twinkie to a food fight.
More email than snail mail..
what's the basis-- # of pieces of each or amount of data contained within or 3-d mass volume of actual mail?
if you mean # of pieces.. if (fer analogious example) I had to store 1000 copies of of postal mail, or 100,000 pieces of email per person-- I know which would be simpler to arrange&store... the email.. I think the comparison to postal mail is useless..
every day http://en.wikipedia.org/wiki/Special:Random
You can't have one without the other.
But you can have them only if you're willing take
RESPONSIBILITY.
The moment you allow someone else to be responsible for your freedom *or* your security, you start losing both of them.
Il n'y a pas de Planet B.
I don't think they'd be interested in checking my feed out further seeing as I would just beat off in front of it to piss them off. :)
If they want that data, each packet should be printed out and mailed to them!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
And whether they'd like theor own logs posted for all to see!
I'm surprised that the US Govt. hasn't already told ISPs to start keeping a record of DNS requests. While easily bypassed, the average Joe Five Pack user would have no idea it could even be happening. DNS records would really make the first pass of a data mining run a ton easier than starting with something like URL requests.
"I hate to advocate drugs, alcohol, violence or insanity but they've always worked for me" - HST
Russia before the Cold War
Do you even know what you are talking about? What security? Feeling secure in your right to be sent to a slave labour camp where you would be able to help complete Stalin's industrialization plan (such as building a huge network of canals that were barely used).
If you don't believe me, just look at the technical specs of the device which AT&T is using for the NSA. Also look at packetmotion.com. And, from looking at the job openings at dice.com, there's at least another startup on it's way to do the same thing in this market.
Right now, they can't keep all of your packet data for two years. But they CAN keep all of your connection data, and tell not only what sites you are connecting to, but also what type of connections you have. It's pretty useful for identifying Kazaa (et. al.) types of connections.
If you don't believe me, just ask the IT staff at UC Berkeley. They actively pursue this type of snooping on both faculty and students. They, and other Universities, are a preferred testing ground, since they throw such a load at the devices.
Now, why Universities encourage outside spying on the faculty and students is beyond me. But yes, this stuff is happening right now.
The current goal for all of these companies is to preserve ALL data for at least two years. They aren't there yet, as the disk space required is extensive. But they CAN do it for shorter periods of time, if one spends the money on filers.
What's more, it will only be a matter of time before they can preserve this data for at least two years, and longer. There are companies which make use of cheap fast SATA storage for about 1/5 the cost of a NetApp filer. 50 Terabytes is affordable; in 5 years, you're looking at affordable Petabyte storage.
The point here is that the Government is ahead of the curve, as they know it's only a matter of time before the disk storage required to keep all data is afforable. So they want this snooping in there now, as it will be a lot easiler to mandate that ISP's keep ALL data once they have these hooks in place.
So please quit misleading people into thinking that there's too much data. Snooping, reporting and storing this stuff is possible now, and is only going to get easier and cheaper in the near future.
The Justice Department must be running out of hard drive space, and want the ISP's to share the cost.
Thinking about this, I have to wonder, what's stopping the feds from just fabricating the data they need to prosecute the so-called "terrorist". Most packet logging software I have seen uses text to display info or compressed packet info that makes graphs/reports. This would be very easy to manipulate to fit their needs. Combine this with judges that have no clue and you have the recipe for disaster.
Oh, we're not talking about those people. Those were just troublemakers, rabblerousers, criminals and traitors like that Solzhenitsyn guy.
Contrary to popular belief in America, Communism had a whole lot of fans in Russia (which is why the Communist Party is today the only significant opposition party to Putin's United Russia party), with plenty of people willing to sacrifice freedom for a sense of security under Communist rule. Historically, Russians do this all the time.
Thing is, for a while Russians had it the other way: plenty of freedom (due to a completely collapsed government) and no security. The result? Organized crime by the bucketload and dead schoolkids in Chechnya. How many Russians are now screaming for more freedom? Not many.
It's all perception. No authoritarian/totalitarian state can exist without collaborators who think they're more secure if someone else's freedom is taken away, but who never think that it could be them going to the gulag instead. The sad truth is that even under Stalin, millions of Russians still felt safe and secure, knowing that firestarters were going to the camps.
I hope you aren't fat, out of shape, smoke, drink or are over-stressed. All these things cause your load on the medical system to rise.
Same principle, don't you know?h
Blar.
MOD PARENT UP!!!
The U.S. government is becoming involved in a culture of all war, all the time, and all surveillance, all the time.
Most people don't realize that former presidents have access to CIA and NSA data. So, if voters in the U.S. elect a president who has family and friends and business associates heavily invested in oil and weapons companies, that president will be able to use the data to spy on competitors. It's not so crude as that, and a lot more sneaky, but that is the result.
U.S. Vice-president Cheney had a secret meeting with oil executives. A few months later, the price of gas rose enormously. Coincidence?
George W. Bush is the "worst president of our lifetime".
--
Taxpayer Karma: If you give money to kill people, expect your own quality of life to diminish.
I don't care how much pressure the Government puts on me. It's not going to happen. I think what's going on with AT&T and the NSA it's obvious why the Bush regime wants ISPs to do this. I can give them who was on what IP for however long with a subpeona, but that's all they're going to get out of me.
Not only is it a privacy violation, the amount of money that would be required to store that information for 2 years is staggering. I'm not spending hundreds of thousands of dollars or more and violating the trust of all of my customers just in the off chance that one of them might be doing something wrong that the government wants to get them for in 2 years.
Join the fight against an orwellian government. Encryption is still legal. Use it. Pay for email service in countries that remain neutral and free and support SSL encryption to/from their mail servers. Use desktop email encryption to protect the content of your messages and start requiring others to do so as well. Use anonymizing network tools and support their creators by donating money. Use encryption tools on your local system to encrypt entire filesystems such as TrueCrypt.
The US government needs to understand that we won't tolerate this. They need to understand that terrorists aren't idiots, and that there are plenty of ways to bypass the ISP altogether, and they will use it.
If we make their attempts to monitor the activities of the average citizen useless, they will realize that communication is a freedom that deserves the right to privacy. Our government has no business having access to our personal records and communications. This is a fight they won't win. Our government has been overrun by those who would throw out our constitution and remake it to their own liking. This being the case, we are in a civil war. You just don't realize it yet.
Just logging IP connections, i.e. a date stamp, the IP address on both ends, the port number, whether or not the packet was blocked, and the firewall rule that finally determined this, on the firewall on my little home LAN of 5 computers, 1 of which acts as a mail and web server, was cranking out roughly 1MB of log every hour at a slow time in the day, i.e. most of my LAN machines were not being used and the traffic was coming from outside.
I wonder who's going to pay for all this data retention? Oh yeah, its digital data. That's free, right?
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
At this point, I was beginning to think that the R's went after him because they were jealous. Well, at least until I heard about the whole Dusty Foggo hookers, poker, and scotch thing. I guess the R's are just dicks.
That is all.
Its worth keeping in mind that the EU has recently passed a similar directive (covering "data retention") that obliges all EU countries to pass laws within 18 months (or 3 years, depending on the country) on data retention by ISPs.
ISPs will have to keep data for 6 to 24 months. This will exclude URLs visited, but include the name, address, IP adress etc of every user, and also the addreses they send emails to or receive emials from.
ISPs are currently negotiating with national governments on the exact wording of these laws.
Ouch!
Alex
Ah, computer dating -- it's like pimping, but you rarely have to use the phrase "upside your head" -- Bender
While still in its early stages, wouldn't something like the JAP Anonymity project undermind the entire purpose and usability of data retention? http://anon.inf.tu-dresden.de/index_en.html
..Anonym.OS http://kaos.to/cms/content/view/14/32/
Until then, consider contributing to these kinds of projects, as they soon may be the only things standing between you and governments being able to track and parse every communication you make.
Does anyone else find it ironic that some of the most "free" countries are some of the former Soviet Unions' 'client' states?
Cheers!
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
The good ol democrat^H^H^H^H^H^H^H^H republican^H^H^H^H^H^H^H^H^H^H Government manifesto.
If the ISPs can't afford the disc space, then we'll provide it for them for free!
Then we can even spin it on them -
"We'll give you FREE hard drives if you'll just do us ONE little favor and record the data of all your customers. Simple stuff, email, transfer data, what percent was encrypted, destination IPs, peak activity times... 2 years later: Also if you want to keep those hard drives coming, we want chat logs, email logs, and you need to start blocking encrypted traffic.
I wonder if Seagate is really behind this one
I do not own an ISP company but I as I understand the profit margins can be quite low in the business once you pay your overhead (bandwidth) etc + the tech support costs.
If they want data rentention for 2+ years, that means hiring extra staff to take care of it and buy the infrastructure to take care of it. These additional costs might cause some smaller ISPs to get out of the business. If there isn't enough money to be made, why not leave? If you charge more $$$ you're left to compete against larger companies who might not raise their fees.
Will ISPs simply keep their offices outside of the US but provide services there? How is the information going to be passed to the authorities securely? More importantly, how does one know that the data being submitted is not altered? Suppose an ISP has a customer that they don't like. The authorities ask that information be submitted about him. How would they know wether the information on that customer's records are true or unaltered?
Maybe its an attempt to further strenghten their ties with AT&T and the other backbone providers who signed onto the NSA wiretap agreements.
did this become a police state..?
Push push push for laws in another country, then once it gets passed, you push to amend your laws.
All in the name of international harmony.
It's a complete short cut through the legislative process. It's the political equivalent of saying "well so and so did it too".
Don't think the process doesn't works both ways. The Europeans are on the recieving end of American patent/copyright laws, amongst other things.
[Fuck Beta]
o0t!
Time to buy stock in foreign anonymous proxy server companies.
-- Gary Goldberg KA3ZYW 301/249-6501 AIM:OgGreeb Digital Marketing Inc., Bowie, MD
Good luck storing that. I'll be sure to start a Government-level storage company if that gets signed in. Then I can live in a house made of money with platinum siding.
So far there are a LOT of claims by the lobbyists, but where are the *NUMBERS* How many cases, of those how many had requests to ISPs? Of those how many went unfilfilled because data was not retained that long? In the cases that the data was there, how useful was it, really? How many times was the data wrong? Where did these numbers come from? So far I see none of this, so there is no case for, or really even against these laws on the position they, the lobbyists, are claiming!
I think we, as americans, need to pass a law that requires some 'proof in advertising' before it can be passed. Especially in cases like this where there's all this shock and awe agains the media, and trying for sensationalism like protect the children, stop the terrorists, etc.
Sad part is it won't happen. Since the majority of people just want to join in on the sensationalism and not find out the real truth behind it. Is it one case? Two? Two hundred cases that didn't get any data, that the data would've helped? Are there any law officers dealing on the boards here who can help fill any of us in on this?
To me it all sounds like a lot of hot air.
...and thought you were going to talk about Ron Jeremy.
Libertas in infinitum