Slashdot Mirror
ISP Tracking Legislation Hits the House
cnet-declan writes "CNET News.com reports that Republicans in the U.S. House of Representatives announced yesterday legislation to force ISPs to keep track of what their users are doing. It's part of the Republicans 'law and order agenda,' with other components devoted to the death penalty, gangs, and terrorists. Attorney General Gonzales would be permitted to force Internet providers to keep logs of Web browsing, instant message exchanges, and e-mail conversations indefinitely. The draft bill is available online, and it also includes mandatory Web labeling for sexually explicit pages. The idea enjoys bipartisan support: a Colorado Democrat has been the most ardent supporter in the entire Congress."
They may as well legislate that gravity be lessened to solve the obesity problem. It's just as feasible from a technical sense.
You know, I'd like find out what kind of porn or other illicit sites these legislators are surfing and then dredge that up those records to news agencies. See how that flies in their faces.
This is just sick. Every time I hear this shrill siren about protecting the children I know they're coming for another liberty.
I, for one, don't want my kids growing up in a country run by the thought police.
Trouble making decisions? Just flip for it.
What they need is exactly the opposite: optional Web labeling for non-sexually explicit content.
If you think your site is safe for children then you can add a label to that effect. There could even be a well defined process where, if you labeled your site as safe-for-children and it wasn't, then you could be required to take down the safe-for-children label.
Ideally, there wouldn't just be one safe-for-children label but a variety of specific government defined labels that identified a site as being free of specific types of content (e.g. no nude photos versus no sex photos).
Republicans in the U.S. House of Representatives announced yesterday legislation to force ISPs to keep track of what their users are doing. It's part of the Republicans 'law and order agenda,' with other components devoted to the death penalty, gangs, and terrorists.
Why don't they just put everyone in prison? Then we wouldn't have any crime at all. Problem solved.
The theory of relativity doesn't work right in Arkansas.
I imagine many people would simply start tunneling all their traffic to countries without such idiocy.
Mandatory labeling of sexually explicit images will make them much easier to find.
This will be another "unfunded mandate" where they'll just fine you if you fail to spend the money to comply.
All in the name of "protecting the children" and "War against Terror".
The question will be, how much money will an ISP have to spend to record everything, in a secure fashion, for years and years? And at what point will the that expense be LESS than any fine that will be levied for non-compliance?
Folding this bill into a larger "law and order" agenda makes it more difficult for people to criticize it; "what, you against law and order, you filthy terrorist?"
If similar bills had no chance in a Republican-controlled Congress, does it really have a chance now? Doubtful, especially since the Democrats have a comfortable majority in the House.
Besides, I'm not a fan of impractical laws that are extraordinarily difficult to enforce. If this bill became law, do you think certain users would create scripts that visit hundreds of thousands of sites, just to clog the log books?
I can only imagine how politicians think:
"Hey how can we kill off a lot of small businesses so our big behemoth telecomm contributors can make more money in the long run? Ooh! increased operating costs! Our friends have the coffers to handle this while their smaller competitors die off. We'll have to make it look like something else though. Tie it to crime. Everyone hates criminals."
Do not taunt Happy-Fun Ball
Then they will just make it illegal to use proxie servers.
Undetectable Steganography? Yep, there's an app fo
we havent had a decent amendment in a while. time for a push for an explicit right to privacy?
"I like to wear big boy pants."
Doesn't this just amount to wiretapping using different wires, only instead of just doing it for individuals suspected of something illegal, it's being done en masse to the masses. Certain members of Congress have been very vocal about how they're against the President listening to the conversations of suspected terrorists or foreign nationals because it might violate their rights...but it's okay to monitor everyone else?
We here at the Future Crimes Department take pride in knowing you're going to do something wrong before you do it so we're going to start building our case againt you now. Thank you and have a nice day.
Hell, just default to ssh tunneling all traffic between all hosts. they won't be able to prove you downloaded anything, just that you pulled 500mb from port 22 of bigbazoongas.com. For all they can prove, you were aggressively reloading robots.txt.
President Eisenhower speaking:
"If all that Americans want is security, they can go to prison. They'll have enough to eat, a bed and a roof over their heads. But if an American wants to preserve his dignity and his equality as a human being, he must not bow his neck to any dictatorial government."
Conservatives like the concept of absolute monitoring of citizens. It's the whole war on terror thing that is their brainchild to begin with. Conservatives brought us the USAPATRIOT Act, etc.
--- Grow a pair, liberals... stop letting the Republicans bully you!
My first reaction was "Good because wading through terrabytes of useless data will really help win the war on terrer!" However on sober reflection I realize that the very technical infeasability of this is part and parcel of the problem.
For those of you that haven't seen Terry Gilliam's Brazil you must it is an essential requirement for anyone who would just react with the snarkiness I mentioned above.
They can't parse all of that data. A single major ISP on a single day would generate terrabytes of data if everything was logged. In that event any actual law enforcement methods would be swamped by the sheer beureucratic waste of it all. Massive computer systems performing continuous number crunching would still come up with garbage.
But that doesn't matter!
It isn't necessary for this to work. What is necessary is for them to make people perceive that it works at least enough to get it put in place. At that point the system becomes self feeding. Don't like it, well that can get you put on the short list for a check of your habits. Because they can look at a single person's habits, they may be wrong but they can and will do it. But in general the system will be a large self-feeding monstrosoty and any "errors", because there are always errors will be dealt with in the same way that the no-fly-list errors are handled: "not my department, next please!"
Eventually success of this process ceases to be the object only its continuation. Once a large enough beureucracy is established staffed with enough place-men and place-seekers to protect themselves then this will take over. Consider the Drug war as an example. Yes it hasn't hit full steam but think of ho many things today are justified by means of the "Drug War". And take a look at the way justifications for the war are handled. Money for the Partnership for a Drug-Free America (led by America's Drug Czar) is spent convincing us to back the drug war or not to vote for legalization. In turn the DEA's budget (paying America's Drug Czar) goes up and who the hell cares if the drugs are stopped. And they aren't even fighting "Terrorists".
In many respects it reminds me of East Germany. At the height of their power the East German Stasi employed one in fifty members of the population as full or part-time spies. This doesn't count the large beureucratic staff that they had or the massive infrastructure that was built and run just to sort through it all. The social costs were enormous as any infraction was targeted for no good reason. The economic costs in turn were insane and deprived the state budget of much of the money that might have been spent say building an infrastructure or feeding the population. No nation on earth had more complete information on its citizens and no nation on earth spent more obtaining it.
Ultimately crime was still committed and even the dissident groups grew because they a) hated the government that much, b) were often flooded with spies sent in by the Stasi, and c) could get away with it. None of the objectives of the Stasi were acheived and East Germany fell, it fell and noone misses it.
This "Law and Order" bull must be stopped, and it must be stopped now! We cannot sit back and think that this is okay or that it will "work its way out. Those of us with a technical mindset are in the best position to explain why this will not work and what a costly destructive system this will be, and we cannot put it off.
For those in the U.S. go Here to find your house rep and place a phone call or send a letter. Then for good measure go Here and tell the Senate not to go there either. Following that try sending a letter to you local paper's letters to the editor. While many of us no longer read the dead-tree press it can and will make a big impact for those that do (read: most people over 35).
Here is how politicians think:
"What sort of grandstanding can I do to get my name in today's local/state media cycle? Let's see, my likely opponent has introduced a bill in the statehouse mandating that sex offenders register their online accounts. . . . Hrm, what trumps pedophiles? Sure, Terror, domestic Terror! that's the ticket!"
Actually, that is the politician's Chief of Staff thinking; the politician is thinking:
"Does this tie make me look soft on crime? If that minxy little intern thinks she's going to get that last donut, she's got another thing coming. Hrm, I wonder who's scheduled to buy me lunch today. It better not be seafood, them shellfish gives me the burpies."
illegitimii non ingravare
You might want to look at Sarbanes Oxley laws and look at the similarity. You have to keep emails, access logs, etc for years and years for businesses, this is a smaller extension of that. Same with phone records, business transactions, etc.
I'm not quite sure you understand reality some ISP's delete customer login information hours after they are used, (which in reality may or may not be the truth as which information really gets destroyed diverges from the official company policy). It litterally takes days to weeks to months to track down a user to an originating IP who went through multiple servers in different countries, talking with different admins and end users who have a compromised box, working your way back to the source. The police don't have a movie style magic box, they can plugin that will tell them, hacker trying to break into bank , bounced through 10 different systems, 3 different countries but is actually sitting in Columbus, Ohio (of course as a proper nod to the movies, the hacker always knows they are onto him and disconnects right as the last line is being drawn to his house).
What I think it comes down to is there is such a wide varience to the rules, 8+ years ago when admined at an ISP we had conversations with FBI about retention policies: email, backup, authentication logs, etc. There statement to us was that we could do anything we wanted as long as the whole organization followed the same rules; if they would call up the secretary and she said that we never deleted backup tapes, and they call up the admin and he says they are deleted every days. That they would be flying in and getting all the equipment under court-order evidence protection (effectively putting us into a bind operationally having no equipment anymore).
Look at what they have also introduced! Beware H.R. 393!!
---- "XML is like violence. If it doesn't fix the problem, you aren't using enough."
The post refers to IM and chat logging but they are mentioned no-where in the bill draft. The bill asks that IPs be logged to subscriber names and nothing else. The words instant messaging and chat dont even appear in the text of the the bill at all. The post then links to a previous post about what some people in government would like to monitor - including the IM and chat logs. You cant just draw a line between the two without support facts.
I was crazy back when being crazy really meant something. (Charles Manson)
From the ISP's side, they will take the time/effort to simply provide a way for the data to be delivered in bulk to a gov't contractor. From there the contractor does the actual storage. The ISP's will jump at that because it's costs practically nothing. On the contractor's side, when you are buying storage by the petabyte, it's pretty cheap.
/. echo-chamber. The time to have done something about it was maybe 10 years ago.
It still boggles my mind that this is somehow offensive behavior in the
Most of us have *no* clue about the scale and scope of data collection is like in the U.S. right now and I believe most would be very nervous if we actually knew besides what's already been leaked. What brings me some comfort is gov't agencies are not known for their effectiveness or ability to coordinate much beyond a luncheon.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
This storage method is based on the accoustical storage method that was proven over 50 years ago, now updated with more recent innovations to provide better bit density and bandwitdh. The way this works is that the digital stream is moduled onto a laser that is pointed upwards. As we all know, space is curved, so eventually the laser beam comes back to earth where it can be reread after a long trip through space. There's lots of space out there and it is free.
Engineering is the art of compromise.
Hello freenet.
Physicist and hard sci-fi author Robert L. Forward envisioned a method to do this that violates no laws of physics. It was in one of his non-fiction collections of essays, either Future Magic or Indistinguishable from Magic. It's a bit far fetched, but quite interesting.
First, find a big asteroid. Put a bunch of metal plates around it with a carbon on the inside and nuclear bombs on the outside. Set off the bombs. If you've set it up right, the plates slam into the asteroid, compressing it tremendously. The carbon fuses into diamond, trapping the compressed asteroid, now a tiny fraction of it's original size, inside. Being very dense, it will have a high gravitational gradient.
Now comes the tricky part. Hehe.
Somehow get the thing down to earth and sit it on some big old diamond pillars. Nanotech and space elevator or space fountain technology would come in handy here. Underneath the thing, its gravity would cancel out Earth's.
Feasible? Um, no. Possible? Maybe. I'm no physicist so I can't check his calculations but he is and I suspect he did them right.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Seriously, you use SSL?
You must have something to hide.
Once I was a four stone apology. Now I am two separate gorillas.
First, I love this idea, bravo. ;)
:(
However, there is a flaw, the earth, solar system, and galaxy itself are moving at incredible rates, the point in space we occupy now will not be the same point that the laser will return to in a hojillion years give or take. BUT! I think you have come up with a very novel approach at creating the proverbial write-only memory. Quick, patent it!
To keep on topic (some mod has been busting my chops lately for trying to have actual interesting conversations), since the bill sets no maximums on the retention requirements I think it's very likely that Gonzalez et al are going to ask for a rediculous amount of data retention. They've been dropping hints about it for years now, something like a permanent record of every website visited would be the first thing they try to mandate. That alone will be a gut-busting storage requirement, and force many non-mega ISPs right out of business. This bill has the potential to radically affect the businesses that provide internet access, and radically alter the privacy people expect when using the internet. While I hope this bill dies quickly, I fear it will ride the tide of "think of the children" with few obstacles.
-- I'm not a pessimist, I'm a realist. It's not my fault that life sucks so much. --
My hardware matches the description of Internet Content Hosting Provider and Internet Email Provider, but the record-keeping portion of the bill refers to "Internet Service Provider" which I presume is defined elsewhere (not in this bill.)
*sigh*.
I do have something to hide.
It's my password. If anybody learns what it is they can use my server as a spam relay, read my mail, etc.
Lamar Smith's bill's language is ambiguous. It requires, at a minimum, the retention of personal identification linked to IPs. The contention that that Smith's bill does not explicitly mandate the retention of IM and chat logs ignores a very important fact. The Attorney General gets to interpret the bill. Alberto Gonzales is the man that recently advocated revocation of Habeus Corpus, citing the lack of its specific constitutional foundations. Gonzales has an expansionist view of the Constitution, as evidenced by his moronic opinion that specific protections not enumerated in the constitution are open season for federal government. I have a feeling that his interpretation would augment the executive branch's power. This is just is one major problem with this bill-- it's ambiguous language is too broad, and Gonzales could liberally interpret the legislation however he feels. More generally, this bill is part of a national problem-- the belief that politicians are justified in sacrificing our privacy. This "struggle" they face, balancing individual liberty against security, is a nonexistent red herring. We can be both safe and free. The bill also represents a scary possibility. If passed, it would establish a legal precedent for acceptable invasion of personal privacy. Socially, this precedent has already been established. The technology industry has already justified, and is currently implementing, the widespread, viral invasion of our personal computer-- in the form of DRM protection of music and software. All of this must be qualified by the following--Smith's bill is aimed at stopping child predators, and I understand and wholeheartedly support his desire to protect our children. This bill's reach extends far beyond the sick and twisted world of pedophiles, though-- it requires retention of everyone's records. Alberto Gonzales could theoretically interpret the bill to include widespread monitoring of internet use. Including AIM conversations and E-mails. I do not believe this bill will make us safer. I am interested to see how many times an ISP could not produce personal information on their customers, and how many times failure of an ISP to produce personal information translated into the loss of a conviction for child predators. My guess is none. One of two things can happen with Lamar Smith's bill in the short term. First, it could die, or second, It could be amended-- perhaps with limits on the retention of records to convicted sex offenders. This bill represents the beginning of a slippery slope for internet privacy, and a more general affront on free speech. We must not let our leaders continue the abolition of rational thought.
Does this help?
Problem: "Attorney General Gonzales would be permitted to force Internet providers to keep logs of Web browsing, instant message exchanges, and e-mail conversations indefinitely."
Solution, from 3 stories down on Slashdot: "UK will start jailing the people who trade in email addresses, or any other personal data. The new regulations will result in a two year prison sentence for violating the Act."
Not counting the minor detail of countries involved, does anyone else read this as : "Attorney General Gonzales could be jailed for trading in email addresses and personal data"?
If you pass too many consecutive over-reaching laws, you eventually create something that convicts yourself. Unfortunately, Governments are above the law. I'd love to see a "consitututional crisis because the entire congress discovered it cast itself into jail".
The preview word for this post is victors.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
So, way back, I ended up with a block of IP's and have been my own ISP ever since. I, of course, would never do anything illegal but if I did, and the police wanted my surfing records, is there not a 5th amendment situation here?
As a dual citizen of Canada and the US (born here), can people like me or maybe EU citizens opt out of the illegal recording of our private data, which is barred from data collection by international treaty?
And how long before we hack the IP trail of the very same politicos who wish to spy on us and publicize it?
-- Tigger warning: This post may contain tiggers! --
Real conservatives would have nothing to do with this stupid bill, which places way too heavy a load on small businesses. And no, I don't consider any of the supporters of the bill conservative in the fiscal sense.
Oh, the conservatives are pissed. But like you said, it all comes down to whether they'll stop strategizing long enough to not elect another Bush.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
The internet was fun when the government didn't really understand or know how to use it... Now with every keystroke being run through heuristic scans and filters and all sorts of other "Big Brother" type algorithms, we have lost yet another freedom. See, the U.S. got upset when China wouldn't let their users search for the term "Democracy" or "Freedom" etc. We said it wasn't right, and that the people should be able to search for anything they want, yet we do the same thing, only in the reverse order. We let the users search for whatever they want, but then they get in trouble for it once they have done so.
It must be really nice to tell everyone else how they should do things, while we're making the same mistakes, only in different ways.
Relocating to San Francisco / Palo Alto... Hire me?
They actually passed a law like that in Latvia.
And then it got revoked quietly and quickly, when ISPs made a united front... I mean, honestly, what would be the _costs_ alone to comply with it, I don't even NEED to mention privacy and other legal issues.
Basically, storing packets is already a pretty insurmountable burden (coupled with having to store them -indefinitely-), if you want to add analyzing packets for which ones are chat log, which web requests etc... why don't you become Google while you're at it then?
There has been some hinting around - mostly at the state level - a couple years ago that open WiFi will be made illegal - the rationale was [from the published articles, which unfortunately I don't have a cite for at hand] to "protect" the owner of the back-haul connection from "liability". The context here was the state of Michigan, who - it was my understanding - had just become the first state to successfully prosecute war-drivers.
Obviously the "protection" pretext was bogus - this fact was re-inforced by the information that in no case, of the several on record of individuals having been prosecuted criminally for use of an open WiFi hotspot, had the owner of the hotspot been thoght to be the perpetrator of illegal activity. Nevertheless, the "legal eagles" - as usual - choose to penalize the innocent as a "deterrent" to actual criminals, while creating loud, high pitched whining noises about protecting people from themselves...
There should be some Constitutional protection to prevent lawmakers from passing laws based on the idea that they are protecting us from ourselves - even if it's our own [purported] stupidity, imo.
Furthermore, Open Mail Relays have not been outlawed, despite all the legal activity [allegedly] against SPAM email - it seems to me that, before we accept that the people who push these kinds of brain-dead legislation are qualified to do so, we should get an explanation from them concerning how and why it's a plausible defense against "terrorism" and "child porN" to ban open WiFi when they did not find it useful to outlaw open mail relays. If they can explain that, we might have a basis for conversation with the morons who like to claim they represent the citizens as "lawmakers"... of course, if they could do that, the situation that now exists almost certainly wouldn't.
If anonymity is made illegal, only criminals will have anonymity.
"The Internet is made of cats."