Slashdot Mirror
FBI Head Wants Strong Data Retention Rules
KevHead writes "Speaking at a conference of international police chiefs, FBI Director Robert Mueller called for strict data retention guidelines for US ISPs. Echoing DHS head Michael Cherthoff's assertion that the Internet was enabling terrorists to telecommute to work, Mueller went further and said that the US needs stricter data retention guidelines. '"All too often, we find that before we can catch these offenders, Internet service providers have unwittingly deleted the very records that would help us identify these offenders and protect future victims," Mueller said. The solution? Forcing ISPs to retain data for set periods of time.' If that happens, how long before the MPAA and RIAA start asking to take a peek at the data too, as they have in Europe?"
I know of people who recieve cardboard boxes from FEDEX filled with 20 lbs of weed... I think the internet is the least of our problems.
A broken solution for a non-existent problem.
I used darkstat once on 2 T1's for a 24 hour period just the URL log was over 500MB, no packet captures, no session data.
Just imagine an OC-3, you are talking about a lot of storage space.
Mueller went further and said that the US needs stricter data retention guidelines.
With the AT&Ts "collaboration" with the NSA, and CARNIVORE, one would think the government already has all the tools they need. Are they now saying that's not enough? That's kind of pathetic, don't you think?
Push Button, Receive Bacon
There's no rule about how to store it, is there?
In theory there is no difference between theory and practice.
In practice, however, there is.
Database poisoning, ie. entering information that is not only bogus but also harmful, making previously useful lookups turn back so much garbage that real info is hard to find. In other words, some kind of proxy program on client side that loads pages from given list of addresses. That list can be composed of all sites possibly under surveillance. It randomly loads pages in the background, makes google searches with offending words, but doesn't bother user with the data it loads.
Preserve old classics: copy your collection onto all hard drives.
Add stopping this to the list of "things to do after the Democrats take over Congress".
Don't forget to vote, everybody.
And remember, as one leading Democrat has said, if Democrats control either house, there's going to be "oversight, oversight, oversight". Look how much has come out with the Republicans in charge: everything from the plan to divide up northern Iraq amongst oil companies to the CIA's torture program. There has to be more stuff we haven't heard about. Look forward to people like the FBI Director testifying under oath before Congress. Coming soon to a C-SPAN channel near you.
You might also want to volunteer to be a poll watcher, especially if you're in a state with Diebold voting machines.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him"
-Cardinal Richelieu (French Minister and Cardinal. 1585-1642)
if the people who make legislation actually had some idea about the problem the legislation was supposed to solve? Or, ya know, refused to vote for something they didn't understand? Just a simple "introduction to hacking" course would help so many of them recognise that data retention aint going to help you track a hacker. I hate to say it, but I honestly think the only way to "police the Internet" is to give policing powers to a police force. Those powers would include the right to enter systems without permission, install logging software, etc. Question is, who would you want to trust with that much power?
How we know is more important than what we know.
Republicans or Democrats in office will not matter. The US has started down a road that has no end (at least not a pretty one).
So if you can't change them, change yourself. Come be part of the solution.
-- http://anonet.org -- The internet the way it was meant to be. Check it out, you may be surprised.
However, by one tiny chip of compromise after another, one infinitesimal shift to accommodate a "reasonable response" after another, a group of people can turn into "The (choose ethnic group) Problem" and suddenly it's okay to treat people as things, the only capital crime there is. You never quite know where you cross the line and suddenly you have become the enemy your grandparents fought war, bloody war to prevent from turning the future into a long night of horror.
Will you have the courage to say "NO" to the new Gestapo? They're just nice guys like you who have a job to do, y'know? Or will you draw a line somewhere and say "At long last, Mr. McCarthy, have you no shame?"
(*Title refers to the short story in The Last Whole Earth Catalog. Find it and read it. Was a school experiment designed to show how good people could turn into black, black Nazis and why there were no Nazi's in Germany after the war. Scares the tar out of me, more so as the days go by.)
Do not mock my vision of impractical footwear
Despite all the statistical evidence that this does NOT work to PREVENT any "terrorist" acts ... they will attempt to use this to intimidate people into voluntarily restricting their actions.
... but you will not have access to their's. Asymmetrical. And because they are the government, they can release only the information they want from your records. Only the information that shows that you are really a wannabe child molesting, America hating, terrorist loving, Communistic, gay atheist.
When every search / posting / IM / etc from you is available to elected officials (and may be accidentally "leaked"), they hope that most people will self-censor their activities to only items that would be "appropriate".
Should you ever take a stand against the elected officials, they will have access to your records
It's all about maintaining power and control.
Since the terrorists will be using encrypted messages or coded messages which don't appear to be anything special (you know those -1 Slashdot comments are for something), this will help retrace the terrorist's online activities after people have died in a terrorist attack. My guess: lots of porn and a few messages to E-mail accounts which no longer exist.
It's just that there are so many disposable E-mail accounts available and the easy access to Internet cafes. If someone is using a disposable E-mail account and an Internet terminal which is paid for in loose change (usually used in airports), how are you going to track that person down one month later? What if the terminal is outside the United States?
Not to mention free Linksys brand wireless Internet access which is available in most areas.
Any government fighting terrorists needs to setup its own terrorist propaganda websites which make use of Microsoft Internet Explorer's many vulnerabilities. Spyware for the spies. Microsoft's poor security practices not only hurt you, they also hurt the terrorists. Of course terrorists using Firefox screws us all.
Here's the trick. Don't scare your population with too many moves at once. Take away their freedoms one by one, starting with the ones no-one really cares about. Let other countries take one step too far, and if their populations don't squeal, make a further step yourself.
So the EU enacted its spy state law last year, while people said, "even the states does not go that far". The EU Data Retention Directive wants (it needs to be ratified by individual countries) to track every phone call made, every email sent, every web site visited, every cell phone location, and hold this data for over a decade. The data would be available to non-governmental organisations (private firms). Anonymous internet usage would be banned. Anonymous prepaid mobile phone cards would be banned. All this, of course, to save us from terrorism and organised crime.
And the UK has constructed a surveillance system that beats anything ever built by the soviet spy states. Every public urban space is monitored, recorded, tracked. The only privacy you have is in your home, where you are safely under house arrest, unable to do anything to damage the interests of the state.
It was just a matter of time before the FBI asked for the same powers. What police force would not? It's a copper's wet dream. Every one of us stinking criminals-in-waiting tracked like cockroaches in a pen. No more crime. No more disorder. No more rebellion.
My blog
I would hope that the UK's Data Protection Rules will basically tell the US to get lost if they come knocking. However as there is the special relationship I expect it will just be ignored
Cheap UK and US VPS
Phone companies do it, after all...
It is nevertheless impractical for ISP's to do the same because there are several orders of magnitude more simultaneous connections than there are with phone companies because phone calls typically last on the order of minutes, while individual IP packets take less than a fraction of a second to transmit and they are done. One could track entire TCP streams, but even those can be over in less than a second, and it wouldn't be helpful for tracking things like UDP or even raw IP. It would require absolutely huge amounts of data storage to chronicle even a single hour's usage in entirety on a major ISP, let alone keeping it around for days or weeks.
File under 'M' for 'Manic ranting'
There are 2 questions, really:
If you're looking for a guess, I don't have it. All I know is that it bothers me when the government's fear of people they can't even identify is enough reason for them to start "monitoring" the 300 million people in our country that they can identify. I don't know how much liberty one has if they are aware that everything they type, or every call they make, is "monitored". Is that liberty? Does that make anyone feel safer?
-- I'd give my right arm to be ambidextrous
The summary does right in pointing out that retaining this stuff attracts copyright holders like flies round shit, but, thankfully for the moment, they're not allowed access to this data [in fact, it would be a criminal offence if they were granted such access]. Part of the fighting between the EU commission and the EU parliament was that the parliament wanted access locked down to ultra-specific cases (things that could be prosecuted under the European Arrest Warrant only). They didn't get it, but the compromise was that access could only be granted for serious criminal activities, defined by each member state's law.
Civil torts (ie, copyright infringement) are way outside the ballpark by anybody's measure, so it'll be a long while before they wheedle their way into this. They will try, but Big Content doesn't hold quite the same disproportionate influence in the EU that it does in the USA. So, from a US point of view, I think that you have much more to fear from data retention that EU citizens have, given that AG Gonzales explicitly mentioned copyright infringement in his reasons for pushing this turd of an idea.
Not saying that the data retention doesn't suck - just that the existing fears of abuse are more than enough the scare the bejesus out of me without imagining what *AA snooping would be like. I've yet to be convinced that it's not the usual government trick of "let's spend lots of money (better still, other people's money) on a problem, and rely on the traditional public belief that the government is tackling something because it wouldn't spend billions to accomplish nothing".
--Ng
The terrorists are broadcasting communications with steganography embedded in all those viagra and stock option emails. Please filter and retain all spam for further detailed and ongoing analysis.
thank you,
everyone
First, the practical:
:p
I'm sorry, but I am not going to waste my resources storing every email every one of my customers has received from now until kingdom come. Unlike Google, I don't have the spare cash sitting around for that kind of storage space. Make it a law and I bet you see a surge of ISPs basing their servers offshore to protect their investment (customer privacy mainly).
Secondly, the privacy concern
So the FBI reading my sarcastic emails to friends and family is going to help us catch a bunch of terrorists who, last I heard, had one webmaster who was stupid enough to get himself arrested in Germany? I've got news for you guys: Teenagers, CEOs, and computer enthusiasts coordinate things through the internet. I imagine terrorists prefer suicide bombing training camps or mountain hideaways for their secret conferences. Besides, we haven't heard anything of Al Qaeda declaring Jihad on Microsoft over Netmeeting or even MSN Messenger, so it is highly doubtful that they have tried to use them.
As far as 'terrorist websites' go, the FBI just needs to get some of their buds at the CIA to break into the server and plant a basic hit reporter. Figure out who is logging in and making changes, and you've got your man.
I hope one day you post similar feedback to Google over "data kept forever, mail is never really deleted, analysed for advertising purposes"...
You know.. Gmail..
It is the guy from the FBIs job to demand that our freedoms be observered and monitored. It is his job to lobby politians to pass laws to make his job easier and minimize the tax burden of his department. Its the politians job to take him seriously, concider the facts and then tell him bollocks. If he fails to do this it is your job to make it very clear that this is unacceptable, and then not vote for him in the next elections. If he gets in, then thats democracy, and the freedom that you thought was important, was clearly not that important to your fellow countryman.
Its perfectly possible that, despite living in a liberal democracy at the moment what the people want is to live under the rule of a paternal dictatorship - people are stupid. If thats the case, then democracy will let that happen. All you can do then is either raise a militia or leave. I guess you could always try and educate people, but thats never worked in the past
Scared of flying, pointy things snce 1979!
His plan goes like:
1. make some attacks to high-profile targets in US and its allies
2. see how those people will (slowly but surely) erode their civil liberties and transform _their_ countries in the same kind of totalitarian theocracies as Taliban-Afghanistan
3. ???
4. Profit!!!
PS. too bad those intelligent, enlightened, Spanish people saw right thru our plan and threw Aznar off.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Sure, you can write a law full of language that says it can only be used against terrorists etc etc etc. You can write a law that is 1000's of pages in length detailing these correct uses. ...and then 10 minutes later, somebody attaches a provision to a farm subsidy bill that says these records can be used by RIAA and MPAA to discover copyright abuse with no warrant because "users have no expectations of privacy on the internet" and POOF all those protections are gone.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
This is about control of disaffected people not fighting real terrorism.
And what's with the comment about not needing to "speak with anybody else" - are the FBI scared of shut-ins now?
Reduce, reuse, cycle
Internet service providers have unwittingly deleted the very records that would help us identify these offenders and protect future victims
So the ISPs are retaining the info, but not long enough for the Feds to do their job right, so they are asking for them to keep them longer. Well how long? Why are the Feds so slow? Will they want to extend the retention length again if the time table they recommended isn't long enough?
Can I bum a sig?
Data retention is a way to catch the stupid offenders, blame innocent people and also abuse the data for other purposes.
If I was to commit a crim over the Internet, I'd encrypt any data transmission I'd use.
Then all they have is the ip/domain I talked to. It's not quite a crime to talk to someone.
I thought we were fighting both. And the war on poverty. And the war on illiteracy. And the war on AIDS, pollution, hunger, disease. No wonder why we can't keep up (.. the focus and funding).
The internet is not the least of my worries, nor is the RIAA or MPAA the most of my worries. The government enacts data retention laws under the guise of 'neccessary to catch terrorists' when in reality they will use this data for any snooping they would like to do. After this law is passed without a sunset clause, the next law will be a change in requirements to access this data such as the current circumvention of warrants for phone taps.
It doesn't take a rocket scientist to see the progression.
No no - just drugs and terror.
See, poverty, illiteracy, AIDS, pollution, hunger, disease - and those you didn't mention like genocide, etc., are too hot politically to be fought, for they provide no gain to the government.
Drugs and terror... and let's go ahead and add child porn... allow the government a "war" that can be used to justify reductions in personal privacy, massive amounts of data collection, and emboldening of the Executive.
Those other "wars" are just hippie rally-cries. Duh.
Excuse my speling.
Making The Bar Project
No, we are fighting Terror. We have always been fighting Terror. Drugs are our ally. We have always been allies with Eastasia, I mean, Drugs.
You are in a maze of twisty little passages, all alike.
We don't delete log files for no reason. We delete them because they're not worth keeping. Why wash toilet paper?
Don't piss off The Angry Economist