Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside Comcast's Surveillance Policies

Posted by kdawson on from the cost-you-a-pretty-penny dept.

Monk writes "The Federation of American Scientists has obtained a recently disclosed Comcast Handbook for Law Enforcement which details its policies for divulging its customers' personal information. (Here's the handbook itself in PDF form.) All of Comcast's policies seem to follow the letter of the law, and seem to weigh customer privacy with law enforcement's requests. This is in apparent contrast to AT&T and a number of other telecommunication companies, which have been only too happy to give over subscriber records. According to the handbook, Comcast keeps logs for up to 180 days on IP address allocation, and they do not keep all of your e-mails forever (45 days at most). VoIP phone records are stored for 2 years, and cable records can only be retrieved upon a court order. The document even details how much it costs law enforcement to get access to personal data (data for child exploitation cases is free of charge)."

11 of 134 comments (clear)

  1. Secure your email by MacDork · · Score: 3, Informative

    I'll trot this pony out one more time:

    (Mac OS X 10.3+) http://www.joar.com/certificates/
    (Windows) http://www.marknoble.com/tutorial/smime/smime.aspx

    1. Re:Secure your email by greg_barton · · Score: 3, Informative

      They track mud in, can drop anything anywhere and say that they found it there. That can't be done with email.

      You're kidding, right?
    2. Re:Secure your email by shawb · · Score: 3, Informative

      And I forgot to post a link to this article

      --
      I'll never make that mistake again, reading the experts' opinions. - Feynman
  2. Re:How much it costs? by Burdell · · Score: 2, Informative

    IIRC, when a subpoena is issued for information from a third party, that party can charge a fee to cover the costs of gathering the requested information.

  3. Re:How much it costs? by the+unbeliever · · Score: 2, Informative

    Most law enforcement budgets have a clause for "emergency funding for investigative purposes"

    Comcast's charges don't seem unreasonable either, considering the amount of data they'll have to sift through to provide the information.

  4. Quick and Dirty Summary by value_added · · Score: 4, Informative

    Interesting read, especially considering the "Comcast Confidential" footer at the bottom of every page. That said, it's informative only insofar as it states there's laws to be considered, and makes clear the folks at Comcast insist on following them. Nothing in that document is very different than a typical publically-available TOS. Here's an excerpt:

    Generally, the following information, when available to Comcast, can be
    supplied in response to the types of requests listed below. Each request
    is evaluated and reviewed on a case by case basis in light of any
    special procedural or legal requirements and applicable laws. The
    following examples are for illustration only.
     
    - Grand Jury, Trial, or Statutorily Authorized Administrative Subpoena
    - Judicial Summons
    - Court Order
    - Search Warrant
    - Preservation Request/ Backup Preservation Request
    - Pen Register / Trap and Trace Device
    - Foreign Intelligent Surveillance Act of 1978
    - National Security Letter
    - Child Abuse
    - Emergency Disclosure

    As for the email policies referred to in the summary, Comcast does not store emails any longer than the subscriber chooses keeps them.

    Comcast's Webmail service permits customers to change their email
    deletion policies, but the current default settings are described below.
     
    - Inbox (Read Mail No automatic deletion policy)
                        (Unread Mail 45 day retention period)
    - Trash (Read Mail 1 day retention period)
                        (Unread Mail 1 day retention period)
    - Sent Mail (Read Mail 30 day retention period)
                        (Unread Mail 30 day retention period)
    - Screened Mail (Read Mail 3 day retention period)
                        (Unread Mail 3 day retention period)
    - Personal Folders (Read/Unread No deletion policy)
    - Popped Mail (Deleted immediately from web mail servers)

    Put another way, Comcast doesn't store your emails. You do.

    1. Re:Quick and Dirty Summary by Technician · · Score: 2, Informative

      Doesnt matter, Vonage and all VOIP Providers must be CALEA Complient or huge fines are given.

      correction Vontage and all US VOIP Providers must

      There fixed it. From you link..
      "The Communications Assistance for Law Enforcement Act (CALEA) is a United States wiretapping law passed in 1994 "

      Vontage is US based. Where is Ekiga which ships with Ubuntu based?
      http://ekiga.org/index.php?rub=3&pos=0&faqpage=x149.html
      "1.1.4. What is it compatible with?
      Ekiga is compatible with any software, device or router supporting SIP or H.323. It includes SwissVoice, CISCO, SNOM, ... IP Phones, but also software like Windows Messenger, Netmeeting, SJPhone, Eyebeam, X-Lite, ... or also the Asterisk popular IPBX, as well as any other commercial or Open Source IPBX."

      How many of these supported services is directly under CALEA?

      Vontage may be CALEA Complient. Not everyone is under US rule. Not all VOIP service is commercialy provided.

      --
      The truth shall set you free!
  5. Re:The law doesn't protect you by Anonymous Coward · · Score: 1, Informative

    If it's the government you are worried about, I wouldn't be concerned with how long it would take them to brute force.

    They'll just sneak into your house when aren't there and install a keylogger on your computer to get your passphrase. It's not like they haven't done it before

    With that kind of power, why even worry about brute force attacks?

  6. Cox by DanielBoz · · Score: 2, Informative

    For any interested here is the equivalent info on Cox Communications: http://www.cox.com/policy/leainformation/default.asp http://www.cox.com/policy/leainformation/CoxLawfulInterceptWorksheet.pdf

  7. Re:The law doesn't protect you by Anonymous Coward · · Score: 1, Informative

    Unless they can gain access to your PC and bypass the security, they wont have any idea that its not QWERTY. Any hardware keylogger or bug they insert will produce "garbage" since they have no way of knowing that will produce 'x' instead of 'q'.

    You really don't know how hardware keyloggers work, and you do not understand how easy it is to crack a replacement cipher (which is what a random keyboard would essentially be equivalent of)

    And by the way, it's easy to pick up the electric currents generated by your keypresses from a distance of about 100m. Google for tempest and you'll learn why your physical security needs to include tinfoil.

  8. Verification by Anonymous Coward · · Score: 1, Informative

    I was told more-or-less the same thing when I interviewed at comcast earlier this year.
    They also do not monitor outbound traffic at all unless for diagnostic purposes or because of a warrant. I was told, point blank, that they simply 'do not want to know' what is going on with their subscribers.

    And to be frank, I can't say that I blame them. Collecting subscriber usage data is more of a liability than anything else these days.