Slashdot Mirror
Bill Would Require ISPs, Wi-Fi Users To Keep Logs
suraj.sun notes CNet reporting on bills filed in the US House and Senate that would require all ISPs and operators of Wi-Fi hotspots — including home users — to maintain access logs for 2 years to aid in law enforcement. The bills were filed by Republicans, but the article notes that the idea of forcing data retention has been popular on both sides of the aisle over the years. "Republican politicians on Thursday called for a sweeping new federal law that... would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates. ... Each [bill] contains the same language: 'A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user [i.e., DHCP].'"
Just knock up a utility to generate fake log files with random IP addresses when required.
Ian
Logging for 2 years? Who is going to pay for the storage costs, backups, etc.? I'm not going to foot the bill for it or get fined because my cheap Linksys router dies after six months of use and I lose my logs.
Posts not to be taken literally. Almost everything is sarcasm.
Home users are really gonna do this. Oh and they will all patch their machines too.
Does that mean we will receive a stipend for storage in order to keep said logs for two years? If the government is going to require me to keep them, then they need to enable me with at least 3 terabytes of storage!
"My immediate reaction is "WTF? What kind of moron doesn't make things 64-bit safe to begin with?" Linus
Most people don't know how to turn on WEP or WPA encryption on their wireless routers let along find how to turn on logging and setting a backup routine to keep years of data. Heck most people/governments/companies cant keep years of data on their own PC.
I wonder how many of these lawmakers are in compliance of this purposed law.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
The unintended consequence of this is that every user on a system is going to get a fixed ipv6 ip and ipv4 traffic would be gradually phased out. Why bother with the administrative burden of issuing an IP address via dhcp and tracking it, when, you could have an ipv6 theoretically assigned to a customer for the life of a device.
This is my sig.
they just *had* to get the children involved in this somehow.. the full title of the legislation is:
Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act
I discovered that if I log my wifi router to /dev/null, it works really fast and never seems to fill up, how excellent!
I want to delete my account but Slashdot doesn't allow it.
Rorschach's log, Feb 20th, 1985
8:50 AM:
Internet connection activated by the scum of this city. Repugnant person scouring 4chan. May be a furry. Must investigate.
9:27 AM:
Wifi user connected to Google Docs. Probably writing communist pamphlet. His web document is shouting to Google's server "save me." I pull internet connection and icmp back "no".
9:45 AM:
Somebody killed one of my servers tonight. Server logs say "slashdot". Might be planning something big.
etc...
is too clueless to secure his wireless router, how the heck is he/she/it going to know how to maintain a 2 year log file of every access?
Wonder if this measure as proposed would apply to wifi networks restricted/encrypted and thus obviously not intended for public use (cracks or the like notwithstanding).
10.10.10.10 Assigned to 01:23:45:67:89:01 20090220135000
Going to be when the 1st bit is a setting made by me and the MAC address is easily Spoofable.
What next - everyone must register the MAC addresses of all their network kit and sanctions if you change it ?
More idiocy from people that dont understand how stuff works.
my router crashed and I lost them all.. oopps
perhaps said user committed a crime, he could not be persuaded to hand over logs because that very act would be self incriminating.
Except for Republican Presidential Administrations...just delete and deny everything. No one has the balls to prosecute in that case...
FE
The Republicans want this "in the interest of national security" so they can stop the terr-rists.
The Democrats want this so they can save the children from all of that evil kiddie porn, and also so the **AA can better control the media you consume, kill P2P and net neutrality, and bill you for it appropriately.
They both want stuff like this so they can control the citizens better.
Where's the party who doesn't want any of this shit and thinks the government has much, much more important stuff on its plate right now?
this is ridiculous
My first thought was basically how the heck can people even comply with this if they wanted to. Not all wireless routers have means to export logs, and most lose their logs after a reboot, etc.
Even if you have the space and the will to archive the logs, it doesn't mean that the hardware will allow you to do so.
Hey, I've got an idea- let's draft some legislation!
How about we make it MANDATORY for bad people to keep online journals of their misadventures to be kept on a secure FBI server! Then we can slam the [other party] for not taking this issue seriously!
Senator John Cornyn, in TFA: "While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children,"
If your goal is to keep "innocent children" safe, don't let them go down to the playground where the axe murderers, pederasts, and drug addicts hang out.
Innocence imposes isolation. You want the kids to be educated, they lose their innocence.
Anonymous communications have an important place in our political and social discourse... or is this the end of the first amendment?
"While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level."
thinkofthechildren tag. where is it?
Cornyn is the scum of the earth as far as I'm concerned. Anyone have an email address that we can slashdot alerting him of this fact?
Yeah? Well I use the Republican email retention algorithm for my records, so errm, sorry about that.
They do this (or something very similar) in Italy. All internet access has to have a name attached to it, and a timestamp.
Anti terror legislation, apparently.
Wish I had one of those handy forms, but it boils down to this:
Even if I kept logs, if they can hack my network, they can hack my logs. In fact, it would probably be easier than the initial hack.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
...and urge them to add an amendment to this bill which would also require all network devices to properly utilize the >a href="http://tools.ietf.org/html/rfc3514">Evil Bit.
...the anti-TOR and other anonymous networks act.
It's not just ideology that the whole media loves Obama because he's promising them big bucks by a crack down on file sharing and piracy. Republicans are stupidly trying to curry Hollywoods favor but its just not going to happen. Republicans should instead take a stand for civil liberties while simultaneously extinguishing their enemies and just oppose any sort of DRM. But they are stupid.
This is my sig.
You have my sympathy, but Big Brother is here - or will be soon.
I remember the glory days of the Republican opposition to Bill Clinton where every federal law that imposed a requirement on local governments was termed an unfunded mandate. This is an unfunded mandate on all of us. Besides being just plan stupid.
Is this from the same guy that said the Internet was just a series of pipes? Heck, I don't think my shower keeps track of my water use, should it be doing that too?
Bankers turned out to incompetent crooks, the auto companies just plan fools, and too many Americans are out of work. But, what does congress worry about? Dumb asses.
You get the party that people vote for, in the US that is the democrats or republikans... or the other way around, hard to tell them apart as a pinko commie hippie from amsterdam.
The simple fact is that democracy is fundementally flawed. It is a popularity contest in which 50% of the voters are below average intelligence. So the US either gets the guy who says he is going to cut taxes or the charmer. Obama is the charmer, bush promised tax cuts, clinton was another charmer, the other bush also promised tax cuts, reagan did both.
It is not just the US, the netherlands we just can't seem to get rid of the CDA, christian democrats. Bak ellende,oops sorry balkende, about as useless as clinton but without the sincerity or charm. For the last decade the country has been at a stand still. One problem is immigrants. 10 years of studies and rapports and nothing actually being done. If you think immigrants are a problem then this is a collosal waste of time and money while nothing has been done about the problem itself and if you don't think immigrants are a problem then this is a collosal waste of time and money that should have been spent on real problems.
Yet you can't shift the responsible party CDA because they have very succesfully settled themselves in the center where they blame everyone to the left or right for the problems and take all the credit for the things that don't go completely wrong.
Same with the US, the presidents are center and blame either the left or the right for their problems and take credit for things that they didn't screw up. So they look good or at least better then any alternative and decade after decade democracy erodes until you nothing gets done anymore except silly plans that are shot down in a matter of weeks.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Just email the logs daily to your local congressman. They have an email retention policy don't they?
With laws like this, I might as well have more liberty in most regards in China. In China the government keeps the access logs of everything I do online for me, I can download all the pirated music, software and videos I want and I can get a cheap massage with "happy ending".
This is COPA all over again.. does not matter how you word a law, throw children in there and people start running around like headless chickens.
Children's safety is the parents responsibility, not those people who provide services (deliberatly or accidentally.. aka unsecured access points)
I came, I conquered, I coredumped
From TFA:
"but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses"
The article seems to infer this is primarily applicable to IP lease data. Doesn't make it any less annoying.
Can anyone explain how this applies to home users? Just password protect your router to not share your wireless and you should be fine... go read the bill. If you disagree with that approach, please correct my thinking: I assert data is not like the water company. Data is not ubiquitous, uniform or equally valuable. To summarize my point, If you have to keep your receipts for 10 years for the IRS, 2 years doesn't seem that bad to an average joe.
Someone contact your representative and convince them to add an amendment requiring all networking devices to properly set and check the Evil Bit.
If the Evil Bit is not set for a packet, of course, there's no need to log it.
I've been keeping access logs of my wifi routers for years. Turns out Mickey Mouse has been the only computer to ever access the router, and he has only visited disney.com. Weird.
--- He advocated thrift and hard work and disapproved of loose women who turned him down. ---
if they want to close down their political opponents and enslave the nation, why not just use the quick and proven method of marching their brownshirts down the streets at 2 am?
if this is supposed to be a new economy, how come they still want my old fashioned money?
Not that I am for this bill in any way shape or form, I just had a theory on how they might do this.
We have servers at our work that perform off-site backups. They do this because a client is installed on the server, and it sends the data to the off-site data center.
Whose to say the government won't require a firmware update, or maybe some kind of "US Government seal of approval" on all wireless routers sold in America that have an updated firmware, or client that sends the logs to an off-site location for backup?
Also if the router goes off-line and is unable to perform the backups, no harm done because if you can't get on the internet, then they are not interested in logs of local activity, only software or digital violations....
Just a thought though....
The greatest revenge in life is massive success.
At issue is the ability to be anonymous on the internet which is necessary for freedom of speech. This is nothing less than an attack on the first amendment and it should be classified as unconstitutional.
Anonymity is not necessary for free speech. You should be accountable to your fellow man for what you say. Words are actionable things.
This is my sig.
Obama Gives a brand new understanding of what he means by supporting Open Source.
You thought it was software.
He was thinking of knowing everything anyone was & is doing on the net.
And you believed him.
Now what?
Why the hell does this get introduced as a "Youth" safety act? For the last eight years everything has been justified with abstracted terrorism threat and shit like that and now this isn't fly anymore? Why do they introduce that crap to catch pedophiles but never thought of that when it was about terrorism? Oh wait, they did but no one believes their stupid fucking lies about the threat anymore and so they need to pull something new from their hat. If there are no attacks you can argue against anti-terror but "Think of the children" has no bearing.
So now I have to figure out how to get my wireless router to track all MAC addresses that connect to it, and maintain that record for 2 years? How am I supposed to do that? I doubt my router (and most others') have the necessary programming or resources to do this, so I'm assuming that we'll all have to run out and buy brand new routers that have logging capabilities.
Seriously, who comes up with this shit?
I have a bad feeling about this...
I have written a number of articles explaining why data retention policies are terrible in words that the average user can understand. The biggest one, IMO, for the average person, is the amount of personal information that their ISP would have to keep on them, and how that would make their ISP an identity theft goldmine for criminals.
Caveat: I'm a staunch conservative. Thoughts: Is it acceptable if my logging and retention is at the same level of reliability as the Bush administration? If I secure my WiFi, can I assume that there is no service provided and therefor no retention or logging needed, or is this in fact a requirement to self-monitor and self-incriminate should something 'happen'? If I do choose to monitor and keep logs (which I do, 365 days worth on my IPCop box), should I now assume that the Fed stakes their claim to rights to my historical logs? I have an answer to all of this: Kiss my butt. Everyone, conservative, liberal, moderate, whatever, needs to collectively stand up and tell the government not only to kiss off, but go home. Replace every last one of these morons from Obama and Bush's administrations and everyone in between. Clean house. I WILL NOT under any circumstances provide my log files. Period. Feel free to jail me.
We already have that.. its called facebook and livejournal :P
I came, I conquered, I coredumped
Close to the ear, from behind, in the gentlest, kindliest, sweetest tone possible. Just like the manicured hand on your shoulder, and the slightly more businesslike one under your elbow, on the other side. (ref:"Firefox" - with Clint Eastwood)
everyone who has home wifi will end up having to hire a service/consultant to configure their units to comply with the law, and do the logging.
Sounds like it'll be creating some "wifi security consultant" jobs and services. More jobs for the economy.
If you do not contact your representatives and do not vote against them next term if they vote for this, you have nobody to blame but yourself.
Go green: turn off your refrigerator.
If you want me to keep two years of logs on my private WPA-encrypted wireless network that I occasionally let my girlfriend and friend use, then you had better damn well pay for the cost of the hardware and software to enable this, as well as support if anything goes wrong.
Of course, this will mean that they'll have to pay for said equipment and then the costs will balloon into the trillions.
More than likely though, this will be one of those laws that nobody plans to really enforce, but can nail you with if they decide to go on a fishing expedition.
This space left intentionally blank.
...and somebody will make a heap of money on all these new storage requirements. Any ideas on who that would be? "Not I" said the fly.
"Most people don't know how..." is a ridiculous argument. People don't know how to do a lot of things legally so they hire someone to do those things for them, do those things illegally, or don't do those things. The law doesn't care if something is "hard" - and rightly so. And your government doesn't care whether people know how or not. It (like all governments) is on the path to criminalizing all behavior. Something that makes criminals out of millions? Awesome!
Where is your outrage for the government wanting you to spy on yourself and your neighbors? Should you also have video cameras in your home recording your every movement "just in case" you or your neighbors commit a crime? Where are the "who the fuck do you think you are" arguments?
In any given year since I started using high speed internet, my IP address has changed as many as 3 times... and most other people I know who are technical enough to understand the concept say they've never had their IP address change that often even though they utilize the same broadband provider I do. Given that, it would seem to me that for most cases, the storage requirements for this are probably quite feasible.
Not that I think the bill is a good idea by any stretch of the imagination, only that I really can't foresee any technological barriers to implementing it.
File under 'M' for 'Manic ranting'
they self destructed. The problem is that the news media takes great joy in showing us the pot smoking side of the party and the anti-war wing looked straight out of the sixties.
That and much of what they propose is totally against the entitlement state we have now the press has to go find the kooks and make America believe that Libertarian stands for "white selfish racist pig"
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Most of the Founders of this country printed their pamphlets anonymously. And not because of the war (it was over), but because it gave them the opportunity to share their actual thoughts without getting lynched by other politicians. For example Thomas Jefferson shared his ideal of "freedom of religion" anonymously, because he feared the backlash from the then-powerful State Church.
Anonymity protects free speech. Anonymity is the enemy of power-hungry men, and the friend of the People's liberty.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
I'll support this as soon as they pass legislation requiring all legislators to record and video all conversations they have - 24 hours a day - in order to make sure they don't do any backroom dealing not in the public's best interest.
I don't provide my wireless to anyone.
I read Slashdot for the headlines, because the headlines, unlike the articles, are usually original and never duplicated
Any bill introduced with a cutesy acronym should be grounds for immediate impeachment. For that matter, the same rule should be applied to weapons systems. I give a pass to open source projects since they actually produce something of value for the rest of us.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
On a slightly related note, I received a copy of Comcast's Privacy Policy last night in the mail. In short, it indicates they use (probably store) information about how you use their network, including websites visited. That seems barely legal, but a growing trend. I could just set up a proxy at work and begin routing all my web traffic there over SSL, I suppose!
Every week just send the government your logs via email to your government rep. Let government store them.
Undetectable Steganography? Yep, there's an app fo
Sure they can have my logs, its going to show them 192.168.x.x and 10.0.10.x (depending on my various subnets), and I am just a home user.
so MAC address X connected to my network, and I supplied IP Address 192.168.x.y ... Yeah, thats going to help law enforcement catch whomever sat in their car near my house for 3 hours while I was at work and them surfing child porn..
Obviously, they way my network is setup, this will never happen (I have my wireless only bridging my wired to wireless network, dhcp from an openbsd box, routing and gateway from an openbsd box, and the fact that the firewall rules prevent any wireless device from going anywhere till they connect to the openvpn which uses pke for authentication... No one uses my network without me letting them...)
But, that was not the point, every wireless AP out there uses RFC1918 address space, and that will be useless to law enforcement.
I came, I conquered, I coredumped
Why are these idiots still in office? What in the hell do we have to do get politicians in office that actually work for the American people instead of a bunch of errand boys for the MPAA/RIAA?
DEAR WASHINGTON, F**K YOU! GET BACK TO WORK YOU USELESS BUNCH OF BUFFOONS.
"all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user [i.e., DHCP]"
Static ip's all the way around the house will take care of that.
If most normal users can't be even bothered to setup WiFi WPA correctly what's the hope of logging 2 years worth or data? And where exactly are you going to log the 2 years worth of data?? What happens if a power surge blows up your device? If it's logged over the Internet then there's going to be bottleneck somewhere which will flood your supposedly stressed out network. Personally I think this requirement is a joke and I hope the folks who vote on this will realize this won't work. Protect the children? You know if you're going to be this anal how about just banning the Internet for kids until they're old enough? Myself I didn't use the Internet until University simply because it didn't exist yet. Maybe it'll teach kids that there's other more reliable sources than the Internet. (Like books?)
because here's my response to them... "No"
Whether or not it actually works is completely irrelevant. They will still make every effort to push it through. Furthermore, if they are successful in getting it passed, they will not hesitate to use it as a club(tool) for the prosecution.
'So-And-So, brought up on a litany of unprosecutable charges was found guilty of not properly maintaining their DHCP log files, aiding and abetting pedophiles and there by is now on the sexual offender list.' Film at eleven.
What a nice opportunity to increase sales for manufacturers of a brand new lines of wifi hotspots with an embedded storage device, or with a connection to web services that store logs in the cloud :-) And also an opportunity to get a huge amount of money off the pockets of US citizens...
Much like driving requires a license, it is no stretch to foresee forcing IPv6 upon everyone and requiring that everyone wanting to connect their computers to the internet purchase an address. That address or range of addresses becomes the license to use the internet, and as such, becomes the diminished reasonable expectation of privacy allowing surveillance. Personally, I am dead set against giving big brother any more power. We are already near Orwellian 1984. This might be why a crushing recession or depression is a good thing. It might stem the tide of loss of individual freedoms as the citizenry loose confidence in their government and government is less likely to function efficiently. All these stimulus bills that force tracking and have other law enforcement assisting technologies should never pass.
The Gov't can probably require wi-fi people to keep logs when they use the people's radio frequencies. It seems like fair regulation of a public resource. I'd like to see some discussion about that, though. Dont' flame me for that, though; it's just an aside.
The real problem with with making the process workable is the 5th Amendment (the privilege against self-incrimination). A person can refuse to turn over any physical object if the act of turning that object over would tend to incriminate that person. A way to get around this would be a 'periodic log disclosure' that, simply speaking, would be the price of using the wi-fi network.
The problem with that is that there is no way Congressmen/Congresswomen would want their wireless logs and their lobbyist's wireless logs out in the public domain. You can be certain of that. Trust congressional self-interest to keep a bill such as this from ever seeing the light of day.
This indicates a publicity stunt to me. The Congressmen proposing this are just seeking publicity. They know this will never get passed. They really don't want it, either. This is just a political game that one party plays to try to say that the other party is 'soft on crime.'
Those are my Mannheim Steamroller Halloween CD.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Here's what I wrote to my House Rep, feel free to borrow it if you feel to lazy to write something original to yours.
I recently read a very concerning article about the proposed bill H.R.1076 and it's senate counterpart S.436. Among other things, this bill would require all operators of wireless Internet access points (including home users) to log routing data for no less than two years.
This creates, in my opinion, a major potential for abuse as this information will doubtless be subpoenaed for more than just child pornography investigations. Furthermore, I don't believe that the average home WiFi user has the knowledge and skills necessary to comply with the bill; it is not a trivial matter to set up and manage such a logging system.
As well as expressing my own concern, I would also very much like to hear your stance on this and similar bills. I look forward to hearing from you.
Thank You
I maybe should have put something in there about the law not succeeding in it's aims; unless the penalty for not logging is as great or greater than the penalty for child porn there is no reason for child pornographers to comply.
For the knowledgeable home user, just turn DHCP off and assign static addresses. It appears by the wording of the article that they are interested in "the standard method" i.e. DHCP. So using static addresses should exempt you from the log requirement.
The Libertarian party supports some principles that, broadly speaking, Americans believe in. More or less, these are classical liberal principles, in the mold of Thomas Jefferson. However, few people support their particular hardline interpretation, which tends to emphasize the anarcho-capitalist aspects, play down Jeffersonian elements that don't fit into that (e.g. Jefferson's view that governments should restrict the power of large corporations), and make few exceptions for any reason. Abolishing free public education, for example, is not a popular position. Neither is privatizing the road system. Some for of social safety nets are also popular---people don't want them abused (e.g. the stereotypical "welfare queens"), but neither do they want them to be totally absent. People also want regulation of private enterprise when its activities can cause negative externalities, such as systemic risks to economies (like banks, where further deregulation, the Libertarian position, is currently extremely unpopular). I could go on for a while.
Now if someone started a political party with positions more similar to those of the editorial line of The Economist newsmagazine, I could see voting for them. That is, support free-market economies with regulation and/or costing of negative externalities (pollution, systemic risks, etc.), a moderate social safety net, and liberal positions on social and civil liberties issues.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Once the manufacturers get into the action and build devices that send all their logs to the appropriate agency. Then those will be mandated for everyone who can't keep their logs themselves. And the rest will be red-flagged.
I have to obey is my home state legislature, since I operate completely and wholly within the state.
Will you configure your access point to block any packets that might cross state lines? The giant loop hole in our constitution, The Commerce Clause, has successfully been used in far more tenuous circumstances to justify laws that encroach on state's rights.
Apparently Pelosi has been passing out the home grown across the aisles too. So I guess every wireless device's MAC address will have to be registered as you purchase it? Oops, there's that darn MAC spoofing thing going on. So if something "illegal" is downloaded via wireless and none of my devices match the MAC address in the log I'm absolved, right? I'm glad our government has the time to waste on things like this. What country can I move to where the government is efficient even if it is corrupt? This corrupt and ignorant stuff just isn't working for me anymore.
If you have to maintain logs for two years, but generally need to fresh reinstall at least once a year (in my experience) then it should be illegal to use windows?
Has anyone ever noticed how many wireless routers are out there in the wild that have the default ID of "linksys" or whatever due to the fact that MOST people just follow the basic directions (maybe!) and never, ever go through the configuration on the routers built-in web server? Security? Ha! Logging? Double Ha!
FAIL FAIL FAIL
1) Does the proposed bill provide that all manufacturers who have sold networking equipment in the last 10 years in the US be required to provide free, mandatory firmware updates to enable this sort of logging for home users? What about companies that are no longer in business, so the end-users are unable to get a patch to enable this functionality?
I don't think your typical 'home gateway' router or 'home wireless router' currently on the market actually has any logging capability built in. So, that means that you would need a firmware update to add such functionality. Not to mention that most of them don't have any significant amount of non-volatile memory to save the logs to, which means that users would have to regularly backup the logs to their PC hard drive, then clear the routers built-in memory.
Besides that, I don't think the Constitution allows for the government to *require* me, as a private citizen not engaging in commercial activity, to keep records, does it? Whatever happened to freedom? I mean, the Constitution does allow for the government to seize my records (with a warrant) *if I have any records*, but I see nothing in the Constitution that provides for the government to be allowed to *force* citizens to create or retain records (the situation might be different for businesses, because Congress is granted "Interstate Commerce" regulation authority, but what I do at home, when I'm not making any profit on the activity, does not seem to fall under that Authority)?
The cops can get a no-knock warrant in seconds, based on any made-up bogus reasons they feel like, and they will kick in your door at 3:00AM, shoot your dog immediately, tear the hell out of your house while holding a machinegun to your head against the floor, and if they find nothing, all they say is oops, sorry, and you have no recourse.
Welcome to 21st century Amerika.
The legislators are well-meaning, but very misguided. Like many such laws, the effect will be that individual or mom-and-pop operations will cease or cause otherwise decent people to become criminals. The criminals will just develop better methods and stay ahead of law enforcement who are by this, in effect, asking the general public to become law enforcement agents. A sad commentary on the mindset of law enforcement and political leadership.
Well, i need subsidy from the ARRA funds to the tune of $353,000 this year, a tax break on the paper i buy, and a bailout for coming two years since i won't be able to work maintaining these records.
"Doing what i can, with what i have." ~ Burt Gummer
are located in /dev/zero. You can read them, if you like. Oh, has someone overwritten them with zeros? Well, sucks to be you...
I can easily imagine them doing this. All the manufacturers have to do is build in a flash drive and log the connections. Lots of wireless routers have USB ports already and support attached USB storage. This would be simply an internal USB device that never goes away. At the same time, it would make sense to build in some kind of back door access so that law enforcement can dump the data without a warrant or even physical possession of the device. Just imagine the exploit possibilities.
But I'm sure the government would not entrust such an undertaking to a technologically inept company. Surely, they would choose a highly reliable company with a background in security. Like Diebold. Of course, they would use something really robust, provided by a trustworthy vendor. Like Microsoft Access.
Seriously, I can easily imagine people faking the logs or hacking the firmware. It wouldn't take much to produce "reasonable doubt" and trash the reliability of the data. If by some chance the "Safety police" try to initiate a download of logs and it fails, their options are severely limited. What happens if the log consists of nothing more than a bunch of VPN connections? Ooops.
The only people who will be unable to avoid this scheme are libraries, internet cafes, and law-abiding citizens. The people whose criminal activity is worthy of this type of audit trail are the ones least likely to be affected by it.
Ok, so everyone thinks that this is going to be a big deal. How many of you have actually read Title 18 section 2703 (you should also read chapters 119 and 121 in their entirety as the include definitions)?
from Title 18, Chapter 121, Section 2711:
(2) the term "remote computing service" means the provision to the public of computer storage or processing services by means of an electronic communications system;
now, I don't know about you, but my WiFi router is not for the PUBLIC. Of course IANAL, but it appears that I do not operate a "remote computing service" nor am I a provider of an "electronic communication service". I provide no service to anyone outside of my family.
So, I fail to see the trouble here. They want ISPs, and WiFi hotspots (ie: Restaurants, Coffee Shops, etc.) to retain records. Note how it does not say you must OBTAIN information from your customers, just retain what information you have.
One other thing that I have not seen mentioned yet. MAC addresses are not guaranteed to be unique, only unique on a particular LAN. There is no guarantee that no two wireless devices that ever connect to your WiFi will not have the same MAC address. This coupled with the fact that there is no way to track a MAC address to a particular person....
Really, why do we even bother.
--
It is obvious to everyone that a bill requiring even home wi-fi users to keep logs for 2 years would never get passed, or at the very least, would not be enforceable. The politicians aren't so stupid that they don't realize this. They make the bill so over-encompassing so that they can later "compromise" and make everyone happy. Oh, the compromised bill will still require the ISPs to log all of our information, and it may even require router makers to automatically keep logs that can later be read by law enforcement. But I am betting the compromised bill will no longer require private wi-fi users to keep their logs for 2 years. Since this will make the average home user happy (hey, they no longer have to worry about their own connection), the bill will easily pass. Try to look beyond the most obvious flaws in the bill, and see it for what it really is: a way for the government to spy on its citizens with the full cooperation of the ISPs.
CALEA - Communications Assistance for Law Enforcement Act - already exists requiring the provider of the 'last link' to give data feed access to the feds upon a request. The way it reads the last link is responsible, not the ISP. This means almost every WIFI hot spot out there is already breaking the law. Every small open hotspot, even at your own house if it's open to the public, is required to use their funky format and allow access. Forget that it's not actually technically doable without very fancy equipment. Forget that even Meraki gear, partly owned by do no evil Google, can't handle it. It doesn't matter, it's the law.
Oh don't forget it's a 10,000 A DAY fine for non compliance and you are not allowed to pull the feed once they request it. You also can't talk about it.
My WAP doesn't have the ability to produce a log of use at all (and it was purchased new last summer) and there's no newer FW update to support logs....so....who will be buying me a new WAP? The GOP, I presume? Or the Government? Someone other than me, because I should not have to suffer financially because they're on a power trip.
Why should they put the burden on home users when they can't even friggin secure their WiFi access?!?!? The wireless routers should have WPA enabled by default forcing people to read the damn manual.
I can see manufacturer's marketing now "This router complies with the 'you lost your rights to privacy law' and keep out hackers too!
Unreal.
I'm happy to loan a couple cords worth to the government. I wouldn't want any bureaucrat to freeze this winter while thinking up more hairbrained ideas. But you'll have to cut and split them yourself.
What could happen is that router manufacturers could (be compelled to) agree to a system that creates a VPN connection to Big Brother to send the log data. No large storage would be required. Every x hours, the log would be sent to Big Brother. If such routers cannot communicate with said computers, it would either shut down, operated in cripple mode or report such as obstruction of government administration. This would be a boom for software based routers.
Whatever allows government to exercise as much authority over as many individuals for as long as the people tolerate.
Submission as evidence constitutes plaintiff and/or prosecutorial misconduct.
If you are an internet cafe, just have a bunch of hang tags numbered 1-254, and tell people that the ip range is 192.168.5.X, subnet mask 255.255.255.0, and gateway 192.168.5.0.
If you want to connect, you grab a tag, connect, and when you are done, you return the tag for someone else to use. No DHCP = no problem, right?
It would be a hassle for users. But it's cheaper than 2 years of logs.
And even if he can manage to somehow do it, what are you going to do, introduce these logs as evidence in a criminal court?
Introduce logs stored on a computer belonging to the kind of people who execute any malware you ask them to? As evidence, these logs have no integrity and are worthless.
"Believe me!" -- Donald Trump
Nice DoS target.
"Believe me!" -- Donald Trump
Let me ask David Spade if this is a good idea.....umm, no. The answer is always NO.
Neither to condemn nor defend those who use the stuff, but said legislation, Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act, smacks to me of the same methods and means as the Marijuana Tax Act.
Further, the "act" from the same "key" legislators having thus far failed to equate the dangers and responsibilties of navigating the information "superhighway" with real roads, real cars, and real dangerous drivers;
The simplest solution (Achem's Razor) would be to take the internet away from kids until they're old enough to drive.
There is nothing to FEAR but NOTHING itself; and I fear there is a whole lot of nothing going on. --scorpivs
I bet most of congress doesn't know what a router even is
"~identity of a user of a temporarily assigned network address the service assigns to that user [i.e., DHCP].'~"
Use static IP's, turn off DHCP and don't log.
You hit on the phrase that's the extra-oomph scary part. I'm easily a midrange user ... but no expert. I have no idea how to do all this stuff.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Senators and Representatives. There you go, it doesn't get much simpler than that.
1. Follow the links
2. Cut and paste the above post
3. Slap your name on it
4. ??
5. Profit! We as a nation will profit from having one less retarded bill rammed through.
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
The user "Erris" is an Erris sockpuppet.
No, without the ability to speak anonymously, things that are "objectionable" or "taboo" will never be spoken as no one will want their name associated with it, even if its not illegal.
That's crazy talk. In America, people that say things that are objectionable and taboo wind up making millions of dollars. Anymore, people just don't give a damn what anyone says. My wife and I were talking about the Beatles had to make clever drug references in their songs and there was a huge controversy when they did it, and now, no one even cares.
This is my sig.
The cynical explanation is that most people everywhere are populist at heart, which leads to a mish-mash of policies depending on what's popular and who the bogeyman is today. The right- and left-wingers have both typically been better at painting vivid images of bogeymen (whether fat-cat bankers or hordes of immigrants or whatever), and foment a sense of Emergency that Something Has to Be Done. In those conditions, the people promoting principled ideologies and cautious approach are usually steamrollered over by hare-brained solutions to the Emergency.
There's a certain populist ring to the classical liberal ideology of a level playing field with some moderate safety net, anyone can succeed but nobody starves, etc., but it's all a positive feel-good sort of vibe. I guess you can win on that sort of sentiment (it was a lot of Obama's "hope" campaign), but it's trickier. The good bogeymen I can think of focus only on one aspect so are already owned by the right or left; e.g. the opposite of civil libertarianism is 1984-style authoritarianism, but the left is already playing that sort of thing up in opposition to e.g. Guantanamo Bay.
A class-based analysis also gives a sort of population reason for it, since it tends to associate classical liberalism, and the similar European market liberal parties, as the ideology of the merchant classes, i.e. the educated middle and upper-middle class.
The entrenched upper classes tend to be more interested in maintaining their current position and exploiting networks of existing power, so aren't very in favor of dynamic markets and low barriers to entry, market fairness, social safety nets, etc. The lower classes tend to be more interested in immediate improvements to their position, and uncovering misdeeds of the higher classes that are allegedly responsible for their poorer position. Sometimes they also vote for conservative parties for reasons of religiosity or tradition. Neither of those classes, though, lend themselves to classical- or market-liberal types of positions. And there aren't enough educated middle-class folks who really understand and believe in the tradition of Voltaire, John Stuart Mill, Thomas Jefferson, etc.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
i think the conclusion that can be drawn from this is quite simple. the government exhibits the same growth pattern as bacteria, doubling its size every four seconds. you already have to keep very specific financial records for years as if it's any of their god damn business. soon you'll have to keep accurate records of every time and place that you shit, piss, or orgasm. the shitting and pissing records are for the clear purpose of taxing sewer usage more fairly. the orgasm reporting forms will be for the purpose of tracking individuals who knowingly spread venereal diseases but will later be used to tax sex. clearly, individuals who have sex more often should pay higher taxes than those who never get any. you see, it's all about fairness. that's why government is totally out of control, and it's only going to get worse. and because YOU won't do anything about it, you deserve what you're going to get.
I don't actually see how you can outlaw fractional-reserve banking in a free society, since it requires central power to prohibit it. Say everyone started using gold coins tomorrow. This is actually kind of inconvenient, especially for large sums, so people would start producing "accounts" in which you could store your coins, and you could transfer gold to/from people with tokens, physical or electronic. Since not everyone needs to redeem their gold at the same time, some of these transaction services might lend some of the money out again, not operating at full reserve. As long as you agree to that in the contract when you sign up for an account with them, that seems perfectly legitimate to me.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
"SINCE YOU DON'T HAVE THE LOGS YOU WERE REQUIRED TO KEEP TO PROVE YOU DIDN'T ACCESS THAT CHILD PORN... ON YOUR OPEN NETWORK... YOU ARE GUILTY"
"I ask the jury, why would he not have logs -- if he were innocent?"
Oh yeah, this is next great thing from the US Senate. You don't get a 22% approval rating by doing things right.
Its not like people can't just create bogus log files. We all know there's no way to spoof a MAC address and connect to your own, or another router. (sarcasm).
Read and be enlightened
/.ers have too narrow a viewpoint. We actually envision doing this. Instead, let's publicize to the entire "normal" non-technical world how the government expects everyone to keep two years' logs of all of their communications, like all of your phone call records, so they can be inspected at any time. After all, cordless phones on standard frequencies are totally unsecured, and someone might have made a call to a terrorist on your phone line, so maybe you should record your phone line too. THAT is something that the average person can understand as (1) a burden to maintain, (2) an invasion of privacy, and (3) a change from presumed innocence to presumed guilt. That last one is the most dangerous. It used to be authorities had to prove I was doing something wrong; this bill seems to say that I have to continually maintain and update my records to prove that I was not doing something wrong, and it is assumed that if I can't produce those records then I'm hiding something and am guilty. Very, very dangerous.
----"While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level."----
As a Texan, I officially apologize, a thousand times over, for John Fucking Cornyn. This guy needs to go down.
Billy Brown rides on. Yolanda Green bypasses Gary White.
...is that all this time, money and energy is being spent on bolstering a terrible system that already horribly violates the rights of the public. We shouldn't even be having this discussion at all.
Fix copyright law so it does what it's supposed to and all of these problems will cease to exist, virtually overnight.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
"2. It will require expertise which most people simply don't have, forcing everybody to hire IT professionals to manage their home networks. (Ask your congerssperson if they know how to set up such a log without enlisting the help of an expert. Then ask them how a working-class family could ever afford to hire such help simply to use the Internet on their home laptops.)"
I remember a time when content ripping and P2P downloading required an "expert". Not anymore.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
uuuuh you guys sure are talking alot obout home users having to setup logs, im a home user and i dont have a hotspot, my network is private and secured so i dont have to log anything, however my isp will be logging everything i do. which is kinda like having your phone tapped by att incase the government ever decideds to investigate you they can just look at the logs
Wikipedia isn't enlightment, its censorship of the masses censored by the people that run it. It's useful sometimes, but to say that "chilling effect" matters is ridiculous.
I mean, seriously, what is it that you want to say, but you feel like you can't say in person? What, you don't like black people? There's web sites for that. You don't like white people? sites for that. Or women, or dogs, or you like to engage in some kind of gay stuff? There's sites out there just like that.
What are you afraid to say? You can say it now...
This is my sig.
The lumber industry is in on it!
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
As a citizen I'm outraged and this is the Stupid Congressional Idea of the Month ...
As an employee of a network firewall company that includes log servers as part of our default installation package, thanks for the marketing efforts, Congress!
It's good to know that the idiocy of the GOP continues unabated.
It's sad to realize that the moronic Dems will probably also vote for this.
The only thing that will save us is that ISPs will fight this tooth and nail
Of course, the big ISPs will probably agree to do it since they can afford it and it will help them drive the small ISPs out of business.
What a great system of government we have... not.
"There are laws that enslave men, and laws that set them free. " - Sean Connery as King Arthur
While ISP are required to keep logs already, on tuesday when introducing the debate on yet another clueless copyright bill, the Minister of Culture told her intentions of requiring public access wifi (schools, towns, ..) to only allow a whitelist of sites.
The opposition deputee ironized telling it could include the governement and the UMP (the majority party) sites...
What a shame, really!
I mean before deposit insurance, that was more or less the system we had. But people didn't all gravitate towards full-reserve banks, despite actually bearing 100% of the risk if a bank went bust. I blame people being short-sighted: they'll go for the fractional-reserve bank if it doesn't seem that likely to fail in the immediate future, and pays better interest. Then when the banks actually do fail, especially a lot of them at once, people demand something be done about it. Which is why we have deposit insurance now, and even the last European holdouts against deposit insurance are instituting it after this round.
I guess I don't have that much confidence things wouldn't work out the same way in another go-around. The fractional-reserve gold banks would become more popular than the full-reserve ones, creating the same money-multiplier issues you describe. Then when some of them went bust, people would demand something be done to restore their savings.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I be more than happy to keep info on myself... I'll turn over the logs to whomever wants them...
In KLINGON.
Maybe I'll even ROT13 them as well, just for own personal laughs as well!
Is the response "All my logs are right here in this 200 pound case of paper punch cards... what do you mean, you don't have any equipment that will read them?" an acceptable answer when they request your logs? Or would paper tape be a better media on which to store logs?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
I don't understand where logging the DHCP data connecting the IP address to the MAC address for a particular timeframe even gets you anything in a home environment. If the home user's wifi is assigning the IP address then its almost certainly an IP masquerading system. So I record that 00:21:91:21:12:19 got assigned 192.168.1.121 on my LAN. So what? Its not like that IP address, or even that MAC address ever gets shown to anyone. Unless I misunderstand, the router passes on the request as if it came from itself, and knows where to pass the conversation back to via which ports and IP address in the outside world the packets come back from. The other server isn't going to ever see 192.168.1.121 in their logs, so they're not going to know which machine to request info on. As far as they know, the connection originated from somewhere in my network, but that doesn't narrow down where at all.
LOL. It actually DOES take a law degree. Words in a legal sense quite often have a different 'meaning' than their use in the common vernacular.
What if I told you that Congress can regulate the amount of wheat grown by a farmer solely for personal use, on the grounds that his action affected interstate commerce because he would not be buying wheat on the open market? Even if it would take hundreds of farmers doing the same thing to affect the supply and demand equation?
http://en.wikipedia.org/wiki/Wickard_v._Filburn
Disclaimer: I am not a lawyer. This is not legal advice.
Do I have logs? If I do, where do I get them? I've never seen these logs your talking about. I don't even have a fireplace. Why would I keep them around?
This is nonsense. There's no friggin way the fed can expect me to keep computer logs for two years. Heck, I can't even keep a hard drive two years anymore, little loan maintain a data warehouse for some law enforcement agency. Who's going to pay for that?
This will be treated just like most un-funded mandates handed down from congress. Ignored.
Hurricane Island Outward Bound
OB
My router keeps it's logs in RAM and is deleted every time it reboots -- which is more often than I'd like because it's D-Link firmware and it's crap like most other routers out there. Are they going to buy me a shiny new router/WAP that keeps persistent log files in perpetuity? I think not. More bullshit legislation that isn't going to go anywhere because when it comes to technical things they're talking out of their ASSES. MEMO TO LEGISLATORS: Concentrate on getting the country back on it's feet financially and stop wasting time with things nobody cares about and that you're wasting money talking about, k?
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
I generally delete my logs. If the police want to investigate crimes they're going to have to do their own legwork.
“Common sense is not so common.” — Voltaire
I am an ISP and the accounting records this refers to, is (for us anyways), what freeRadius spits out. We keep this data in a mysql database already - ip address, mac address, connect time, bytes in/out, time/date, etc. This accounting information is useful to us and powers several backend systems that are related to customer support functions. For example, we dynamically discover users and their mac addresses (we're pppoe) and when you need customer support the database lets me put in a name and all sorts of useful information (keyed from the most recently used mac address) comes back, that then lets me assist the customer effectively. There are other examples too, but the bottom line is that we have this and it's a core part of our business and we're never going to be able to 'turn it off'.
I haven't decided how long we should be keeping the information. On the one hand, I would say 3 months is probabbly the outside of what we could possibly need for support purposes (eg: customers sometimes call after two months to say 'this never worked', so we then get the logs out and tell 'em "you gotta plug it in, dummy'). Beyond that, there are some kinds of retrospective quieries we might like to run, like max # logged in users over time, or to discover who the top bandwidth consumers are (for network peformance discovery and so forth).
Two years wouldn't be useful to us, but the storage requirement doesn't seem too awfully bad for our 1000 customers. Right now online however I have since 2-14-08, which is the last time I cleaned out the tables. I have over 2.7 million radius accounting records, consuming about 1gb. I can do this because I have the technical resources, but I doubt home users / wifi coffee shops could.
OK, I may be a clueless bastard that believes fairy tales and does not comprehend the dangers and law of unintended stuffs and so on, but...
1) Storage costs for ISPs. GIVE ME A BREAK! Lets say a record is 100 bytes per event (and it won't be more than that since they are only asking about DHCP records), lets say an ISP has a million users and they all get new IPs twice a day (lets pretend no cable modem is ON 24/7 for months and same IP is not reassigned to the same MAC at reconnects). Such ISP would end up with horrid 73G file a year. It would likely compress to 10% of that size with zip but lets say we keep it uncompressed. Puhlease, ISP that can't handle THAT doesn't deserve to live.
2) Public AP. Same math- different budget or providers but I can guarantee that simple firmware update for the router and retention policy "download once a week, burn on a 30c CD and put it into a safe" or something like that can be easily implemented.
3) Home users... Plain stupidity, don't even want to go there but router developers should start taking better care about securing this stuff by default, like forcing first password change and defaulting to WPA2.
There were few other points floated: text files are editable, MACs are spoofable, etc. All valid, but nobody said that logs alone are supposed to carry burden of proof. Making part of evidence chain might be enough.
Finally, privacy concerns. First, bull about "ISP would have to store mount of PII" is just that, bull, unless bill says "and will not issue such IP before driver's license or alternate form of ID is provided". Just MACIP mapping. If whoever asks for these logs can find machine with that MAC- they have something. ISPs can also (and IMO should) include customer ID number or something. Now, there is (IMO) a very legit worry about censorship and about authorities using this to inquire "how went to this Arabic newspaper site" or "who googled 'how to make a nuke from household materials'". I think this is a HUGE concern and we might want to concentrate on that and how it will play with Patriot act and such. But rest is noise (again, IMO, please correct me)
How do they expect ordinary people to set up a log? I know that most people with wireless networks do not even know what "DHCP" means, never mind how to monitor it. Also, where are the logs supposed to be stored? Are ordinary users supposed to have storage servers in their basements? What about all of that "conserve energy" stuff? I wish the government would get a clue. I am reminded of the "System of tubes" speech...
Hostes futuri sint socii.
Just keep a paper log when you use your own access point.
Problem Solved.
It's really quite simple: Any time you buy something, go plug an ethernet cable into the back of your router and do it from the wire. Now you haven't actually used your home Wifi access to enact in trade, and are therefore not responsible to log a damn thing.
Furthermore if my ISP is logging everything I do for two years regardless, I highly doubt what my home system logs is of any consequence unless they just need more ammo to conduct a search - which is an interesting possibility - getting a subpoena to nab your gear based on "access to logs". My guess is the existence of the logs is really not as useful as the reason to enter your home.
It's all a bunch of Orwellian bullshit anyway. I have no intention of logging anything. Maybe I can rent some colo space in some country that isn't a police state (if it exists) and run an encrypted proxy. Log that, bitches!
If I am required by law to keep my router logs for two years... well, no way my router can store that much data, so I need have it send my logs off to a syslog server or email them to me or something. I'm sure I can figre it out, but that is BILLABLE TIME. For someone less tech savvy, they might have to buy a new router or hire someone to set things up for them, costing them actual money.
IANAL, but I believe that when federal government passes a law that mandates something that costs money, the state can resist it if there's no associated funding... State vs local governments have something like that too. Sucks that we little folks don't get the same break.
Of course, I live in Massachusetts... whose idea of "Universal health care" is to fine the crap out of you if you can't prove you have insurance. I am used to being sh*t on by da gubbmint.
Ok, done being histrionic now. /annoying bill DO NOT WANT
The Digital Sorceress
This law speaks of retention, not generation.
Ergo, the solution is to simply not generate a log.
Hound your ISP about it, too.
Disclaimer: The opinions and actions of the US Gov't are in no way representative of those held by this author or its ci
[A]nd if they find nothing, all they say is oops, sorry, and you have no recourse.
Look up Section 1983 claims sometime. The usual recourse in a 4th Amendment case is to suppress evidence against you in trial taken by illegitimate means, but if there are no charges, you can independently sue the government for violation of your civil rights via 42 USC 1983, and plaintiffs do win in cases where the police acted unreasonably.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Republicans should work on public safety bill requiring every household to install safety camera monitoring neighborhood and keep tapes for two years
But the 1st lecture is based on an incorrect premise. So I'm not sure if I should waste my time on the other lectures.
;).
The statement "Governments derive their just power from the consent of the governed." is incorrect. I don't care whether it was Thomas Jefferson who said it or not. I say he's wrong.
Governments do not get their just power from whether they have consent or not.
Governments that are just, _serve_ the people they govern (and serve them well I hope).
After all, it is possible (though hopefully unlikely) that an unjust government could have consent of the governed. Especially a devious and dishonest government.
People never consented to being born into a world and to be governed by the laws of physics or Man or "Daddy". Daddy got his just power to punish and restrict you not through your consent, but because he is _serving_ you.
You're going to end up with government and laws anyway, wherever you go (unless you're alone on some deserted island). Government and laws emerge once you have more than a few people living together. Whether people consent to them emerging or not is pretty much irrelevant.
What people should do is work towards getting governments and laws that better serve the people.
The US people are lucky they live in a democracy. If they really do not like any of the candidates, they can themselves be candidates. If nobody better than the candidates can or wishes to serve, then you've got the best candidates. As long as the election is not rigged, the resulting Government is a reflection of the people's will. Yes it's a distorted reflection, but keep working to improve it (and don't forget to try to working to improve the people as well - no point having a perfect reflection of an ugly image).
Lastly, on the Constitution only restricting the government (and not the people). If that's such a wonderful thing according to the lecture, then wouldn't you prefer strong governments, and not big strong corporations - since corporations aren't restricted by the constitution.
Seriously though, as I've said what you want is a government that serves the people. Whether it is big or small is irrelevant. Don't get distracted from the important stuff.
A provider [...] shall retain [...] the identity of a user of a temporarily assigned network address the service assigns to that user [i.e., DHCP].
(emphasis mine)
Just assign each new user a unique, static IP address. Run IPv6 on your local network, that should give you plenty of addresses to dish out. By making sure that the assigned IP is static, you do not need to keep any logs.
How much space does keeping DHCP assignment logs require, though?
My computer boots once a day, perhaps twice.
My wife's boots a similar amount.
My laptop, when actually being used (rare) probably connects a couple times in a day, perhaps more if wireless connections in my house are flakey.
My server boots ~2x a year due to bumping-the-UPS-switch accidents.
Non-nuclear family members occasionally bring laptops (~3x a year), and those are I think negligible.
In theory, I deny wireless access to everyone else.
All told, that sounds like my network sees less than 2000 successful connections per year, right? If logging one connection uses one kilobyte of space (and for a line in a text file, that sounds like an overestimate), I'd still only use ~1.8 MB per year. Less than two megabytes per year. Why should I be worried about storage costs?
Also ... if I change my router's firmware to OpenWRT, would I be able to gather such information? I imagine I would. It'd be an interesting data set to look at. (Well, a boring one, I hope.)
Your reply illustrates exactly what I mean, and just reinforces my question... how did the Libertarian party become equated with "death by salmonella"?
By repeatedly advocating for the abolition of the FDA. (e.g. Here. Most commonly, it's done under the evidence-free belief that the FDA causes more harm than good protecting Americans from unsafe drugs, but there are a handful that also think food safety is just more nanny state tyranny.)
How did a party that says "People should be free to live their lives and take responsibility for their lives" become the "idiotic" party that screams "government control is bad bad bad"?
You tell me. Why is the libertarian solution to every difficult problem to "let the market sort it out?" The environment? Public health and safety? Unfair contracts and predatory lending? "Let the market sort it out!" And if the market managed to tread on someone while "sorting it out," then it's solely that person's fault for not making the wisest possible purchasing decision based on their total freedom to consider it in a vacuum with their perfect knowledge of the market. We are all >homo economicus!
"Act responsibly" is just a cop-out for blaming the victim when someone takes advantage of you. Drink contaminated milk? Well, shame on you for not doing your research and intelligently picking another brand! (Even if the contamination wasn't reported to anybody.) And if all products in an industry are contaminated with something except for a handful of "luxury" versions, then obviously that contamination is good because of how it lowers the price and makes the product more available. The market has spoken.
This is the sort of attitude that many vocal libertarians have that makes people roll their eyes at the party for being completely divorced from reality. The Libertarian Party is the party of no public education, no health and safety organizations, no social security, no public medicine, and no other help for the impoverished at all; no protections for workers, no restrictions on contracts, and no protection against racial or religious discrimination. Try to boil yourselves down to being "pro-freedom" and "pro-responsibility" and everyone will agree with those principles, but explain what you actually think they mean and people will run away in horror.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
White House != Congress
This is proposed by Congress (Legislative branch), not the White House (Executive branch)...
Sorry for getting the Greed and Corruption branches mixed up there. My apologies.
Besides the questions of storage space and what good it will do to log MAC addresses that people pull out of their *sses.....
....doesn't Congress have anything better to do right now? Afghanistan? The economy? Israel vs Hamas?
Have gnu, will travel.
Static IPs will be free if this passes! Nice.
"Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on--but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.)" So if I just use static IP addresses I don't have to log anything?
You're all being extremely myopic. What would you do if you had a home wireless network and faced the responsibility of keeping logs? I know what I would do: Make the router WEP key protected, thereby closing it to the public. No public use = no need for log keeping.
Regardless of whether geeks=lawyers or not, the simple fact is that most home wifi boxes aren't equipped to keep logs on this kind of scale. The Homeland Security agent can demand until he turns black in the face, but demanding isn't getting. Simple answer: No. Tough shit.
Ah, but where does the burden of proof lie? Not only does your "tough shit" answer have to cover your ass with regards to the lack of logfiles, but you'll likely have to prove that your device(s) have NO way of archiving that much data. If they do(in any way), you'll likely have to produce it. And yes, most wifi boxes (even today) have the ability to save the logs, the problem is it is a VERY manual process for YOU to archive them off before you run out of memory.
What?! They are encrypted? Oh, that's too bad. What's that? You want the decryption key? Oh yeah, I lost that darn thing right after I generated the key pair. Guess you're going to have to brute force all 512 bits yourself.
...to the Hired Help in D.C. who submitted this bill and to those who co-sponsored it.
Email daily, weekly, monthly logs. Several times, just to make sure they get them.
The Post Office has flat rate boxes. Send hard copies if you can afford them.
If they're so concerned with US keeping records, then they can keep those records for us.
Guaranteed! This comment 100% Anthrax free!
Too bad there isn't such a party for people to support.
I voted for some Bob Libertarian guy for president.
I think he didn't win because he doesn't like to lie.
Anonymity is not necessary for free speech.
The Supreme Court has strongly disagreed. Take McIntyre v. Ohio Elections Comm'n , 514 U.S. 334 (1995). In the majority opinion, Stevens noted that any attempt to force people to include their identity in their speech was an attempt to regulate the content of the speech.
He stated: ... It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation--and their ideas from suppression--at the hand of an intolerant society. The right to remain anonymous may be abused when it shields fraudulent conduct. But political speech by its nature will sometimes have unpalatable consequences, and, in general, our society accords greater weight to the value of free speech than to the dangers of its misuse.
"Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority.
Thomas concurred in the judgment, but he based his reasoning off of a rather fascinating historical analysis (worth a read). Scalia (with Rehnquist on board) was the only dissenter, finding that he could "imagine no reason why an anonymous leaflet is any more honorable, as a general matter, than an anonymous phone call or an anonymous letter. It facilitates wrong by eliminating accountability, which is ordinarily the very purpose of the anonymity." He said that there should be exceptions to protect against a fear of threats or reprisals, but no general rule protecting anonymity.
You should be accountable to your fellow man for what you say. Words are actionable things.
Why? Why should you be "accountable" for your beliefs, and what form of "accounting" do you consider acceptable?
Stevens noted, "The decision in favor of anonymity may be motivated by fear of economic or official retaliation, by concern about social ostracism, or merely by a desire to preserve as much of one's privacy as possible. ... On occasion, quite apart from any threat of persecution, an advocate may believe her ideas will be more persuasive if her readers are unaware of her identity. Anonymity thereby provides a way for a writer who may be personally unpopular to ensure that readers will not prejudge her message simply because they do not like its proponent."
Why are all of these reasons wrong to you?
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
The home user part is just a distraction; if it actually gets to the notice of lawmakers they'll write a weak-ass exemption (which the FBI will immediately figure a way around when they want to nail a home user). The whole concept of requiring people to keep records to make the police's job easier is a bad idea in the first place. It screams "police state".
http://thomas.loc.gov/cgi-bin/bdquery/z?d111:s.00436:
http://thomas.loc.gov/cgi-bin/bdquery/z?d111:h.r.01076:
I would guess that you only have to comply with this if you run your own open source firmware on your router. For eveyone else they can just get the logs from the NSA database.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
I can see it now Granny gets fined for not keeping logs of her access point
no matter how good it is, it is human nature always wants to make things better
Lord Bitman, Master of all:
The bill is NOT "to maintain access logs for 2 years to aid in law enforcement". The bill is meant to make it difficult and expensive for small operators. The entire intent is for the big ISP's to be able to make more profit.
The U.S. government is EXTREMELY corrupt.
I say we let them pass this law under one condition:
Whoever wrote the damn bill show that they know how to configure their own router to save the logs for 2 years.
Like Ypsi wireless right down the street from me? I think these are excellent initiatives that allow wi-fi to be rolled out in poor areas on the cheap, Will they be required to keep these sorts of extensive records of their users?
http://www.wireless.ypsi.com/
When did we start taking East Germany in the Communist era as the model for our society?
Tired of all the isms, don't exploit people as an employer, or a government, mmmmK?
...it would ever happen. The wording of the bill makes it clear that the author has no idea the rammifications/expense involved, nor are they technical.
Some people in here are reacting as if this would actually get passed. Despite its flaws, this is still AMERICA!
Christian, Conservative, Patriotic, Techie
But I'm more worried about legislation that has a chance of passing. Legislation proposed by a minority party to pander to its crazy-base is not particularly interesting, or likely to pass.
Please stop moving about the room as you read Slashdot. You keep walking out of our camera's field of view.
Thanks,
The men in the van across the street
http://news.cnet.com/8301-13578_3-10168642-38.html?tag=mncol;posts
FTFA "Other portions add criminal penalties to other child pornography-related offenses, increase penalties for sexual exploitation of minors, and give the FBI an extra $30 million for the "Innocent Images National Initiative." " So are they going to spend $30 million to pay some people to sit around and look at porn all day, ensuring there are no kiddies in it under the "Innocent Images National Initiative"? I think I know where I am applying for employment!
And keep them away from their parents and other family members, who are the most likely source of all forms of abuse.
http://news.cnet.com/8301-13578_3-10168642-38.html RIAA, MPAA, Time Warner, et al.
...The trouble is that "small government" is usually taken to mean "smaller government social services for the lower and middle classes"
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
Seriously, just think of all the benefits. Next we can pass a bill that requires all U.S. citizens to generate their own electricity by running on a treadmill!
Just what we need. That pesky freedom just isn't compatible with this brave new world.
---- Booth was a patriot ----
I'm not worried that they'll require me to do it. I just want to know if they'll give me money to do it. /sarcasm
https://192.168.1.1/Log.asp
So would I have to take a screenshot of my Logging configuration to prove that I have logging on? The WRT54G v2.0 isn't exactly the king of detailed logging.
I'm not expecting this to pass.
I don't know about there, but in my state (Texas), the statewide Libertarian candidates actually want to abolish Texas's public school system, not just get the federal government out of it. They fundamentally oppose the levying of taxes to provide free universal public education, and believe schooling should be provided solely by private institutions, whether for-profit or charity. But public schooling funded by taxes is hardly something that started in 1980; the common school has been a feature of the U.S. essentially since its inception.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
The general philosophical problem here is to what extent packets sent and received on the internet constitute public speech vs. the extent to which they are extensions of the private thoughts of the user. We already know that search engine queries reveal an enormous amount about what a user is thinking. We (at least many Slashdotters) also know how the internet can at times feel like an extension of our brains. But if all of our internet accesses were put in the public domain (and associated with our real-life identity), we would very soon begin to treat internet access more like public speech.
The question is whether people should be able to use the internet as a brain extension. My feeling is that this has enough value that it ought to be not only allowed, but encouraged. I think people should at least be able operate with one or more identities which are explicitly designated as anonymous. It would then be up to server administrators to determine what access would be allowed to an anonymous identity. This is similar to the current state of things, except that I would add explicit legal protection for anonymous identities as an extension of the right to privacy. I think I would draw the line at anonymous monetary transactions, as these have too much potential for abuse. That is not to say that all monetary transactions should be in the public domain, but that I have no objections to record-keeping requirements for monetary transactions, and making them subject to a reasonable discovery process.
As a practical matter, guaranteed privacy of internet accesses appears to at least involve multiple hops through a large number of random nodes, or is impossible, depending on your assumptions. Encryption, when the server supports it, helps with hiding the nature of accesses as they cross the internet, but guarantees nothing about how much information may be logged on the server side. Because of the practical difficulty of achieving privacy on the internet, I do think it needs legal protection. That wouldn't make privacy any easier to assure technically, but would provide some legal recourse if someone's privacy is violated.
For the people who think there should be no anonymity on the internet, I'd ask you to consider how you'd feel about technology that can read your thoughts directly from your brain. Because that's not far off. I do think that privacy will be virtually eliminated someday, and that sentient beings can exist happily without it, but we aren't ready for that yet. And anyway that's not the same thing as the government having access to your thoughts while you don't have access to theirs.
This is silly, I can understand commercially operated wireless access points would need the logs anyways for billing/abuse-tracking purposes, but people who have personal access points... like dude you can by them for 40$ and they have have at most 64MB's of flash memory. Requiring logging of every access, to the router would fill it up in minutes. Even if it had a hard drive in it, it would be filled up quickly since it's not hard to send junk data to wireless access points.
Case in point, unprotected routers can trigger a factory reset by the person who "borrowed" it, thus wiping all access records, and leaving the person with the router wondering why their internet blipped out for a minute.
The House version has some additional troubling language.
Sec. 1960A. Financial facilitation of access to child pornography
`Whoever knowingly conducts, or attempts or conspires to conduct, a financial transaction (as defined in section 1956(c)) in or affecting interstate or foreign commerce, knowing that such transaction will facilitate access to, or the possession of, child pornography (as defined in section 2256) shall be fined under this title or imprisoned not more than 20 years, or both.'.
Wouldn't the "facilitating" part apply to the ISP or phone company? They knowingly conducted a transaction that could facilitate child pornography.
and then there is this section
`Sec. 1960B. Internet facilitation of child pornography and exploitation of children
`(a) Offense- Whoever, being an Internet content hosting provider or email service provider, knowingly engages in any conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography (as defined in section 2256) shall be fined under this title or imprisoned not more than 10 years, or both.
again isn't the mere act of providing an internet connection or email account potentially facilitating access to child pornography?
.
.
Link to 18 USC 1956(c): http://www4.law.cornell.edu/uscode/18/1956.html
I would support this if every Congressional employee had to maintain logs of everything they did online, including from home, for two years - to aid law enforcement, of course.
I am sorry but before being allowed to pass or even suggest legislature folks in government should be required to pass a basic technology proficiency test.
WTF is log going to say my MACaddress? Who cares
Who are these Idiots - I want to fund opposition to their reelection. AND I am a republican (for now)
My Nokia 800 tablet was stolen. I had it configured so that every time it detects a network it downloads my mail
from a server I control. The thieves did not notice, so I accumulated a lot of logs that I passed to the police.
Did they catch the thieves? No way! They had the logs for 3 months now, but their "computer expert" is still trying to figure out what to do with the IP addresses. It is not that difficult, though, as one address shows up a lot and is clearly a cable connection, so that must be the thieves home. So logs are totally useless to the police, at least in small towns.
To log a DHCP server address assignment, there are really only 3 pieces of info you can possibly log: timestamp, IP address, MAC address, lease duration.
If you use as few bits as possible (which you should), 32-bits for the assigned IP address, 32-bits for the timestamp, 48-bits for a MAC address, 16-bits for the lease duration. Perhaps 2-bits for a logging 'record version' and 6-bits for a 'record size in bytes' field
That's 136 bits, even if you pad that to 256 bits (which allows extra space for IPv6 addresses and a checksum), it's still pretty small.
You can record 2 billion log entries, and it's still only 4.9 gigabytes of log data.
Nowadays, you can just about fit that on a flash drive.
The average home user won't over the entire lifetime of their AP record even 2 million entries, let-alone 2 billion.
The space requirements for the average home user should be less than 4mb for a couple years worth of data.
I'll comply with their silly non-enforceable non-positive law when they repeal the illegal unconstitutional income tax as promised.
Till then Ted Kennedy or whatever other moron thought this up can slob on my knob.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
Essentially, the requirement to preserve is a seizure of your private archives. As it is not based on probable cause determined by a magistrate, it is an illegal seizure.
Where's the party who doesn't want any of this shit and thinks the government has much, much more important stuff on its plate right now?
Well, it's a dinner party! The important stuff went cold on the bain-marie of the media while the maitre d' of government was busy cramming your plate with shit du jour. Attendance is compulsory, but you'll want to chow down anyway 'coz it's all for the children! Happy eating. Oh - and did someone say a French restaurant would somehow be better ...?
Note that the UK government, usually the leader in Orwellian initiatives, has actually tried to plan for extensive phone call logging (of content!) at the provider level. Google.
We have a simliar law in Thailand. I implemented our logging using wireshark. I may have to log the stuff for the cops but I don't have to make it easy for them to read it.
Just write a perl script to fill a text file with randomised log entries that look like normal but all the data in them are randomly selected from a preset of IPs, useragents, file requests, and dates and times. The cops won't be able to tell if it's original or not anyway.
For Internet firms, the quandary is this: The mere provision of e-mail, electronic storage, cloud-computing services, and social-networking sites could be viewed as an act that "facilitates access to" illegal content, especially if the provider knows that some users in the past have been less than law-abiding. (And the threat of arrest, indictment, and imprisonment makes them unwilling to hope prosecutors interpret the language conservatively.)
You hit the nail right on the head, whether you know it or gnot. They keep enacting what appears to be silly little laws when the sole intent is to catch someone on some obscure stupid "violation" as an excuse to SWAT your home and family.Just like having a picture of your kid in the tub, or not wearing your seat belt. They don't actually care about your children or whether you go thru the windshield. What they want is a convenient probable cause.
Read some history, real world examples, you'll see you are wrong.
Actually, the government wouldn't stand a chance, not even close. Way too many good old boys in the military would mutiny-you aren't going to get them to attack their own people and kin in other words, they'd be fragging officers and politcal commisars left and right, and armed citizens outnumber the feds by 50 to 1 or more. And even just civilian government workers would be quitting in droves once they started being targeted for collaboration with the fascists, or again, engaging in sabotage from within. How many network admins would it take to logic bomb huge amounts of the networks they use? How could they possibly keep ANY networks up? How cxould they maintain power, even running generators, they'd need to refuel somehow. How many "rebel" quartermasters to make sure shipments of gear got routed to the wrong place, or over areas of roadway or tracks where the IEDs would be placed? How many food shipments would it take to be contaminated before the imperial forces couldn't trust ANY supplies? Spare parts, fuel? They just couldn't do it, not near enough manpower to guard everything.
Fighting an insurgency takes a ratio of around 10 to 1, 10 government troops against 1 rebel, and even then it is real dicey depending on the level of local popular support fort the rebels. That has been the successful classic model in any number of insurgencies, less than that, the government loses, or doesn't win, put it that way.
And the only reason they have *any* success at all in the mideast now is that they have an unattacked peaceful rear supply train supporting them, including their airpower, the lack of which would end the war in one hour. In fact if they lost air power, they would have to run a fighting retreat and most likely wouldn't make it. If they had to do EVERYTHING inside the theater of operations, the iraq and afghani wars would have been over a long time ago, the US/UK would have lost, and badly. The only way they could successfully run a campaign like that all inside the borders of Iraq and Afghanistan - having to make do with getting all their supplies and support in country in other words, is to use WMD indiscriminately against huge regions, and then what's the point again? Get to be warlords over a wasteland? No wall street profit in it much. No outside unfettered support, borked air power=they withdraw or get creamed.
If they tried that inside the US, with monkey wrenching and sabotage going on disrupting their resupply and travels, by the citizenry at large, all over, all the time, they couldn't possibly last very long. They'd eventually just be holed up in some bases, that's about it, they wouldn't control much of any of the actual countryside, and eventually the bases would turn into masada's for them because they would run out of everything. If they went nukes, that's just suicide when you are nuking your own turf.
This is very basic guerrilla war 101 stuff, read up on it, it is very enlightening and will put to rest that notion that people can't fight back against advanced armies, they do it daily now all over. And it is also way governments bent on eventual fascism/totalitarianism ALWAYS de arm their citizens FIRST, because they know it is impossible without that first step.
If they started using the nat guard extensively, all the locals know where those folks live, can you spell reprisal for quislings? Most of those guys would join the rebels within a week once they bingoed to that, or at least go neutral as much as they could get away with. And as for the standing full time forces, not enough, they just don't have it. There's 300 million people in the US, around 30 million alone are deer hunters with powerful rifles and they know their local terrain and how to shoot, and many of them have previous military training and are down with tactics and improvisational resistance. And there's another equally large number who are target shooters o
that people will set up their routers to email the logs to them to be saved in a .zip.
shameful politicans.
If gov. big brother wants to they should require the logs emailed to a local police station for scrutiny.
F%*k them. Encrypt Everything.
That fight was won long ago.
How is he supposed to manage this nonsense? Besides, divulging this information is likely to have fifth amendment implications.
The courts have held, many times, that the right to speak means nothing if other people do not have a right to listen. And, that the right to publish means nothing if other people do not have a right to read. Censorship of reading, by which a person is forbidden to read a certain type of material, is not different from censorship of publishing.
Have you ever stopped to take a long hard look at the people who run this country? You know, the congressmen, senators, etc? Sadly, these are the people among us that create policy every single day affecting the very mechanisms of society they simply do not understand.
The problem is most of the criminals on the Internet who aim to do harm to our country are not the same idiotic dirty old men that show up on NBC's "To catch a predator" because they were horny for a 12 year old. Proxy servers and onion routing are technologies that have existed for sometime now and are becoming more and more common and easier to use everyday, even for 60 year old perverts.
When are these empty suits in our government gonna wake up and realize that this cat and mouse game is only gonna cost our society more money and wasted effort leading to just a few more arrests than they had before? If you're worried for your child's safety on the Internet, then keep him off the damn computer! Hows that for a novel idea! I liken this whole thing to the driving with a cell phone ban. The cops can't enforce it and people keep driving with their cell phones pressed into their faces more than ever. So what's the point????
I'm all for law enforcement, just not law enforcement that amounts to wasted effort and my hard earned tax dollars thrown out the window by a clueless empty suit with a bad haircut and a southern accent. If you don't believe me, just ask Al Gore (the inventor of the Internet) what he thinks!!
From Senator Saxby Chamblis of GA
Dear Mr. D:
Thank you for contacting me regarding S. 436, the "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act." It is good to hear from you.
S. 436 was introduced on February 13, 2009, and referred to the Senate Judiciary Committee. This legislation would create a new federal offense for the financial facilitation of child pornography or child exploitation by an Internet or e-mail service provider. Additionally, it would require the U.S. Attorney General to pursue regulations to require Internet Service Providers to keep records of websites visited by customers. Finally, it would increases the penalties for sexual exploitation of children and the distribution of materials containing child pornography.
It is imperative that we protect our children and grandchildren from online exploitation by child predators. We must also provide our law enforcement community with the resources and legal framework needed to prosecute these pedophiles. Should this legislation come before the Senate, I will keep your comments in mind.