Slashdot Mirror
Police Want Fast Track To Get At Your Private Data
An anonymous reader writes "According to this story on CNET, police again are pushing for new laws requiring ISPs and webmail providers to store users' private data for five years and also want a new electronic way of speeding up subpoenas and search warrants via police-only encrypted portals at all ISPs and webmail providers."
As well as criminality. Can we see a pattern here? These measures don't seem to help at all. They are ethically wrong and have been empirically proven useless.
Have you heard about SoylentNews?
This seems like a security vulnerability, as Google's recent issues with China were caused by this sort of thing exactly.
They think just because they can it's a good idea? Doesn't sabotage the principles of free and open societies at all?! Imagine if they did in real life half the things they already do online. I'd have already picked up a gun just because others already would have too.
Shh.
I have no problem with police getting this kind of private information, as long as it is fully disclosed that they have requested it, and they can only request it with probable cause. I doubt either of these conditions will be satisfied.
Aside from internal 1984 style abuse of this proposed system, the fundamental concept (and all existing implementations of it) introduces a new level of security risk and it is this exact interface that is said to be the weakness that was exploited in the Google China attack. From a computer security perspective, this is wrong on many different levels.
My work here is dung.
As long as the guy with the files is using Internet Explorer, they can have all the access they want.
SJW: Someone who has run out of real oppression, and has to fake it.
The police have to pay for the storage. Since the amount of online data is constantly increasing, I figure having to lay out funds for that many terrabytes of storage should bankrupt them, and then they can focus on doing the job they *should* be doing (picking up garbage), instead of the one they *want* to be doing (invading privacy without probable cause).
Canada: The US's more awesome sibling.
>police-only encrypted portals Oh good. Those will never be exploited, hacked, cracked, or otherwise compromised.
Hey, they can look at my data. It will bore them to death.
Seriously, the internet has enabled a range of new criminal activity. This move to preserve data and mine it is to be expected. As time goes on, it will get worse.
I'm reminded of how people used to live in small towns and everybody knew everybody else's business. The only difference is that, now, police agencies and other spying organizations can conceal their activities. I vote that ISP's must reveal who asked for what.
Best regards.
Just where is it taking us?
I am the richest astronaut ever to win the superbowl.
The electronic version of No-Knock, and we all know how well that worked.
Why is it that LE types always think speed will improve action? Don't they know speed kills?
Where is Kevin Mitnick when you need him?
Yo dawg we heard you like wire taps so we put a wire tap in your wire tap so we can hear while you hear.
A million internets to the first person to crack this system.
It's no great surprise the cops want this. But can you imagine the response of banks (and customers) if the police were to demand a special door in every bank so they could waltz in and search the safety deposit boxes at their convenience? Of homeowners if the cops were to demand a master key to every house to make search warrants easier to execute?
Unfortunately, when it comes to electronic records, lawmakers seem to think expanding the AT&T NSA rooms to access portals for every cop in the country is a great idea.
These "police portals" are logistical nightmares. Keep in mind that there are hundreds of police forces in the US then take into account security services and other interested parties are we might be talking about the population of a city who need completely secure access to a great deal of private information.
Then we need to talk about audit trail and legality of these searches. Who monitors the police/security services to make sure they're acting within the law? How do we know someone isn't spying on their ex' or getting stock tips?
I think the best system for all involved is a dedicated department at large ISPs/hosts who responds to requests, reads the warrant and grants/denies it. If they grant it then they're given a portal for JUST that request which disables when the warrant expires.
need to put to death.
There are going to be a lot of jackasses that comment with "so what you should have nothing to hide" or "that's what you get when you don't run your own email server" etc.
My question is, how many people would it acceptable if the USPO opened all your mail and made photocopies of it to store for their own use? What about UPS, or FedEx?
The solution everyone is too afraid to talk about is simple: kill the tyrants.
That will send a message to the other tyrants that we are no longer in the position to have our privacy, our freedom, and our liberty trampled upon.
"Be prepared, son. That's my motto. Be prepared." --Joe Hallenbeck
>A system like this should have strong logins, should require that the request be documented fully, and should produce statistical information so there can be strong oversight
You cannot make a system strong enough to protect this attractive of a data store. That's how China accessed Gmail accounts, and that was fucking Google. If it can happen at Google, it can happen anywhere.
Police-only encrypted portals?
Hmmmm... sounds like a challenge.
"I might have made a tactical error in not going to a physician for 20 years." -- Warren Zevon
http://yro.slashdot.org/story/10/02/04/1442214/Bill-Gates-Knows-What-You-Did-Last-Summer?art_pos=8
Wasn't a system very similar to the proposed encrypted portal responsible for the Google hack, where the email accounts of many human rights activists were compromised?
And now they want EVERYONE to have such a system? Lovely. Because it's not like those will be hacker-bait or anything...
Anything that gives too much centralized and easy access to thousands of users' data is a terrible thing to even consider, be it for Police or whatever.
Law enforcement agencies are not filled with angles who will just stick to a line if they have access like this.
And criminals want to be given everything they want without having to work for it first.
They both need to grow the fuck up, and leave the rest of us alone.
If the masses can keep you down, you're not the Ubermensch.
"...via police-only encrypted portals at all ISPs and webmail providers.
Er, why don't you just hang a big sign over this system that says "Hack Me!"? And "police only"? Like we've never put the words "Police" and "Corruption" together before. I also like how they use the term "speed up" when referring to the process of obtaining search warrants and subpoenas. I think what they really mean to say is "go around".
I can just see it now. Users with access to this "all-seeing" system bankrolled by lawyers to either "clean" users data, or create some "evidence"...
The corruption smacks harder than S&M porn.
The bad guys are way better at getting this sort of data out of the ISPs
than the ISPs are at protecting it. The scammers are going to love
this new data, nicely collecting valid IP addresses, email addresses,
and more in convenient form to steal.
for cell traces and wiretaps....
0
it's OBSCENE-- why wouldn't this law automatically include payment for such service/record keeping?
(yes, I realize that shifts the cost to taxpayers (everyone) instead of consumers (local customers) only)
but seriously- when LEOs ask for information they pay the major carriers for the taps....
why isn't this requirement reimbursable-- what is the different theory?
every day http://en.wikipedia.org/wiki/Special:Random
Why is it that these intelligence gathering entities always seem to think that the problem is not enough information? They already have way too much info, and collecting even more isn't going to help. Sifting through the info they have to weed out the useless stuff is what they really should be concentrating on. And hasn't law enforcemnt ever heard of the Wayback Machine?
"But this one goes to 11!"
We can't afford all the police. Time to just decriminalize some stuff, have speedy death sentences for other stuff, and just have a cheaper justice system. And, if someone shoots a burglar or a would be home invader, don't give them a bunch of crap.
This is my sig.
They want provisions to pay for all the extra storage and have provided a mechanism to verify a judge's sign-off and create a public record of the judicial process, right?
What are all those crickets doing in here?
I agree that until they have a very specific reason to be looking at my data, they have no business with my data. But I also acknowledge that, starting soon after 9/11, they started looking at my data despite laws that were supposed to prevent that.
And I also acknowledge that they will construe my information in ways that will put me at a disadvantage because I supported such-and-so politician, or because I looked into the side-effects of medication X. This manner of data-mining is already happening. Outlawing it is fruitless, but we can make laws that disclose who has looked at my data.
Until we have a sort of reciprocity wrt searching data, until we know who has been doing it, we will be at a disadvantage. The searching is already happening. But who is watching the watch-birds? That's what I want to know.
Best regards.
Sorry, No.
Time to break out S-MIME. That should slow 'em down a bit.
Starting with emails at the White House, and working down from there?
Seven puppies were harmed during the making of this post.
We are supposed to be protected against unreasonable search and seizure but where is that line? We're now told we should have no assumption of privacy on the web. The GPS devices in our cars can be used to track us at times with no court order. What privacy rights do we have left? Our thoughts? Even that is limited. I heard of a guy being sued because he had an idea for a piece of software he didn't write down and the company he worked for sued to get the idea. Isn't that "unreasonable"? 'Dear Supreme Court. Please define "Unreasonable" because apparently we all have different definitions of what constitutes unreasonable.' If I post on-line that I think I know what happens on the last episode of "Lost" can I be sued for what's in my head and if I reveal it and I happen to be right have I broken laws and can I be sued?
I guess it's time to bring back the cypherpunks.. Somebody light up the Phil Zimmerman beacon! ;-)
Only upside I can see is more willingness to use GPG or S/MIME if a law like this gets passed..
Blessed are the pessimists, for they have made backups.
If you've actually committed a crime, I don't care about your privacy. I only care about the privacy of people who haven't committed crimes.
Define "crime".
Police (or, equivalently, their political masters) ALWAYS want ways to make their job easier or more convenient for THEM, meanwhile YOUR rights be damned!
tl;dr: Stumbled upon or unsolicited - fine. Active investigation targeted request - search warrant.
What I'm told (IANAL) is they don't need a search warrant if they walk into a hardware store and ask to see all the receipts for January 12th - so long as the business owner says "sure - here you go..." So, 99% of officers responded that they would like to login and search a site's entire database from their desk. Duh, oh course they want it. Who wouldn't?
In other news 99% of the employees I polled in my office would like to have unfettered access to our payroll system.
I would like to see the rules of evidence tightened to exclude data requested in this manner whether by a generic FAX up to and including a sticky note with the suspects name on it. If police stumble upon evidence in the course of their duties or information is offered to them unsolicited that's one thing. But if they're actively requesting information about a particular suspect - my opinion is it should require a search warrant that's fully vetted by the courts stipulating the search parameters.
This has always been a sticking point with investigators. They want full access to anything and everything at their discretion with zero oversight. No surprise when polled that's what they want. It's my opinion the state should not be able to buy a subscription to a private company like LexisNexis and be able to use that information. Not without a search warrant.
-[d]-
You want the keys to the kingdom? Prove you can be trusted
1.) All police officers, all employees of all police forces that may have any kind access to confidential data and any contractors or consultants
must submit to annual interviews including polygraphs regarding their activities, private and professional, past and present.
The Canadian Mounties have a process like this for applicants but I don't think it's done once you become a constable.
2.) No question is off-limits; all questions must be answered.
3.) Failure to submit or answer a question will result in dismissal.
4.) All interviews are to be observed by a panel of witnesses of which several are private citizens
5.) All (unedited) interviews will be available to the public upon request.
If those conditions are met, then I'll gladly comply with your requests for private data.
Pain is merely failure leaving the body
Let the administration know what you think. He has some control over policy and direction. He should know what this community thinks.
Everything looks nice on paper however like we learned systems like these are abused and used for unlawful requests.
Can someone please recommned solution for offline email server. Which provider would be the best? Offshore maybe?
Is the email stored as it passes through the intermediate servers?
as well as the police demand for complete access to GPS data on automobiles. As soon as someone said "we'll track the police cars too, for efficiency" - which actually makes sense - they raised hell and and claimed it was unfair.
I figured they would want a fast track to the donut shop really though isnt this a violation of my privacy fucking cops nothing better to do then to read peoples email your not the CIA or the FBI your useless cops get over it and move on
Just like he was with FISA. Some Constitutional Law professor, huh?
I see 3 major issues:
* the desire for electronic-speed/non-paper efficiency from the police point of view
* the desire not to have records be routinely destroyed between the receipt of a police request and the time the record is scheduled for destruction, i.e. "almost immediate" data-freezing
* (not stated, but probably desired) the desire to have historical information available for years.
Traditional phone companies already keep records of what phone called what phone for 2 years, which IMHO is about 22 months too long. I'm sure the police would love similar transaction records of who emailed whom and who chatted with whom going back that far, and they would salivate over having the actual content of the communications for that long.
As a taxpayer, I'm all for increased efficiency as long as it doesn't increase the "efficiency" of illegal or barely-legal-but-inappropriate records requests. It also makes sense that data-retention requests should be honored as soon as practical, not "oops, we just now got around to processing your request from yesterday, the data you want was purged last night, sorry."
However, transaction records and other records should not be kept any longer than necessary for billing and other internal processes. For most services which aren't billed a la carte or per-bit or per-transaction, we are talking days, max, for individual records. For billed services, they need to be kept until the billing=dispute deadline has passed or until all billing disputes are finalized, or the normal "few days," whichever is later.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
"School's out, time to go! "
Your own mail server, encrypt everything, don't use American made mainstream commercial security products.
for snail mail as well. You never know when you'll need that year old coupon.
Why I run my own mail server.
and, hey - it automatically sells the data to the highest bidder (weighted on the side of capitalism - yay)
Bing-O!
Use Tor (with a bridge), pidgin with OTR, overseas/offshore mail or SSH proxy accounts and be safe from surveillance crap. Also, don't bring your phone everywhere with you. At least Skype is still OK (as it's located in Luxemburg).
Google also deserves a middle finger for helping the police on (mostly warantless) spying on citizens. I would really like to know to which jurisdictions (governments) they provide that "chinese" backdoor Obviously US can do what they want, but for some reason China is exception. As usual it's always "human right activists" (yeah,right) that get hurt when something like this happens.
I read through TFA and nowhere is the word "webmail" or "web mail" mentioned at all, and even if it did, what would it mean for those of us who run our own private email servers with web interfaces such as Squirrelmail? I'm sure I'm not the only one among all slashdotters who does this and there is absolutely no way in hell that I am going to keep a record of every piece of email ( 99% of which is spam) that graces my server for 5 years.
that evil will always triumph, because good is dumb.
What's really sad about this kind of thing, CALEA, etc is that even if the cops had all the powers they ask for, it would only catch the people who don't worry about being caught. If you're a Serious Criminal (TM) such that you actually know you're breaking laws and you're paranoid enough to think that the cops are out to get you (e.g. Tony Soprano), then you can defeat all these intercept systems by using end-to-end encryption. Access my mailbox, but you still need to break PGP.
Given that, and given the fact that cops say they're trying to catch the Serious Criminals, right out of the starting gate it sounds like a plan that cannot possibly be work. Ergo, we assume the cops are lying, and that they just want to fish. At best they're out to get grandma when she has her friends over for illegal poker games, not the kiddie porn dealer or pyramid-scheme investment broker who lives next door to her. Those guys will only get caught if they want to get caught, or if they're just stupid.
The technology is heavily in favor of privacy. People who are willing to put up with being a little off the mainstream, can have privacy, right now, and all the governments' TLA agencies in the world combined, don't have enough supercomputing power to overcome that. The delays in mainstreaming privacy have been shocking and depressing, but even so, eventually people are going to encrypt. It's just a matter of when. Everyone is waiting for the "Pearl Harbor" event where a bunch of people get fucked over by ne'er-do-wells because they didn't encrypt, but once that happens and justifies doing the obvious thing, then people are going to close the barn door. (We just haven't lost enough money/lives yet.) Long term, intercept is doomed as being a useful tool. The cops need to see this, get over it, and deal with it. The sooner that they do, the sooner we'll stop wasting money on their nonsense.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
has never been easier.. The smart criminals will wardrive and use an innocent person's internet. There would be no traces if done correctly, and the innocent person gets screwed.
I would also like a fast track to get at the data used to determine that my data is significant, and to sue those who abuse said system. The only way for people to accept loss of privacy, is to reduce abuse of power. (since the whole concept of privacy stems from protecting the people from abuse of power)
My messages start with this...
-----BEGIN PGP MESSAGE-----
Perhaps that's why the captcha is "infamous"
Comment removed based on user account deletion
Until we have a sort of reciprocity wrt searching data, until we know who has been doing it, we will be at a disadvantage. The searching is already happening. But who is watching the watch-birds? That's what I want to know.
Considering the news that broke just today, outlining how Google is partnering with the NSA to investigate CN state sponsored "cyber attacks", it should come as no surprise when this opportunistic partnership matures into something very different from what was originally intended (the China pretense).
Same thing happened when the Special Prosecutor position created to investigate Richard Nixon matured into the investigation of Bill Clinton's extra-marital affair (the Whitewater pretense), and Bush's blanket telecommunications investigation "matured" into a similar witch hunt of the governor of New York, who coincidentally was one of the few lawyers prosecuting banking and investment fraud (the 911 pretense).
I'd bet any money the Google/NSA partnership will mature into more political and economic espionage than it will into protection from anything illegal.
I am someone who has responded to law enforcement requests. The process is pretty cumbersome. They deliver a piece of paper to you (since 9/11 they can fax it to you, before that it generally had to be delivered by hand).
You then do the search (after the attorneys tell you the request/demand is legit) and have to negotiate with them as to which format they can accept and you can produce. All very time consuming.
I believe what is being asked for here are two separate things:
This is very different then a web portal back door! Now I am sure that there are some folks who would want that, but that isn't what is being asked for here! Btw. I suspect that those who want the "spy" portal are not law enforcement. Law Enforcement wants to receive information that is squeaky clean. If they violate the law in their gathering of information, they can lose their case. They want information so they can prosecute someone, and they want that prosecution to be strong, not weakened by poor evidence gathering.
So please don't confuse a spying backdoor with a request for a better way to communicate. When you do, it weakens your argument and makes it easier to label you a crackpot!
All my US ISP proides me with is a connection to the Internet. My sensitive e-mail is hosted overseas. Where US warrants aren't worth squat.
Have gnu, will travel.
Do not store your data on US based servers (or UK based, they may be even worse). Maybe Canada is better? Or how about Sealand, does that still exist? It is really something holding me back to use gmail or google docs or so. I keep all my e-mail on my server, so if any government would want to have a look at it they would have to go through me. I use Debian as server and I do trust them (for being open-source) to not have back doors built in in their distribution. This for the fact they are open source, not a business but a huge group of volunteers, so irregularities will be found and published.
I think there is big business to be made to set up in a country that has strong privacy laws: start lobbying some island nation to be more than a tax haven. Have them lay a fat pipe to connect to the rest of the world, and have your data protected there well. No logging allowed for longer than a few months, no specific data retention, maximum permissions for privacy.
Oh but wait that will probably a haven for child pornographers as well. And for Al Qaeda. And for $villain-of-the-week.
Otherwise just dump it on a server in China or so. Then you don't have to worry. Then you can be sure they will listen in to it. With the US government you can't be sure about that yet.
The only real private data you have is the one you keep in your head or write on a piece of paper as long as nobody has access to the said piece of paper.
Don't get me wrong here, I still encourage privacy online defenders to continue their efforts but the above statement will always remain a fact when you think about it carefully. Electronic data goes with inherent risks for privacy in my humble opinion ;-))
Everything I write is lies, read between the lines.
Why is outlawing it fruitless? Just because the government got away with it in the past doesn't mean that people will let it happen forever. Oh, it will happen, but if it remains illegal then there is always the hope of prosecution, discouraging further violations. That's why it's such a shame that the telecom immunity bill passed (with the support of Senator Obama)--what should have been nipped in the bud is probably on the rise. Making it legal will only stoke that engine's fires, while continuing to make a big deal out of it will force a reckoning on those involved and let everyone know that we will not tolerate it.
Your brain is not a computer.
The article mentions that law enforcement considers Cox Communications "uncooperative". That's because Cox Communications' procedures are legally correct.
Cox insists that all requests go through their Records Custodian in Atlanta. Local offices aren't allowed to deal with law enforcement. There's a worksheet to be filled out. "Please complete with all relevant information and fax with court order". Cox flatly refuses to do anything without a court order. They do accept "emergency requests". The "Emergency Request" form requires law enforcement people to sign this:
That makes whomever signs that personally responsible if there's anything illegal about the request.
Then there's billing. Trap and trace, $2500 for 30 days. Wiretap, $3500 for 30 days. Inaccurate requests (for non-Cox phones), $25 each. Payment may be required in advance. Visa, Master Card, and AMEX accepted. Cox reserves the right to withhold delivery until payment.
Cox refused to cooperate with NSA's warrentless wiretapping program.
Cox is obeying the law. Law enforcement hates that when it applies to them.
As if it were a big surprise that the police want more police powers to produce a police state, the priests want a "priest state" one where society worships and follow the whims of the priests, and the lawyers want their equivalent as well.
Its almost as if they were all cut from the same cloth, at least mentally speaking.
Haven't done much code breaking, eh? The poster didn't specify what direction the timestamps were in or indicate that said direction(s) were consistent, much less that the intervals to the next digit were of constant offset or sign. In fact, it's an unwarranted assumption to think that one knows the base, the number of bits involved, the interval between the bits, or any number (hah) of other things.
I've fallen off your lawn, and I can't get up.
Only fairly recently have some of the ACTA Treaty details become public knowledge but already the groundwork is being laid for this new internet world order. It looks like Big Media is not content to wait for the outcome of the treaty they wrote to do away with our internet freedoms.
1. Now ISP's are being pushed to maintain records of your internet activity - which would include any downloads or BitTorrent activity.
This will make ACTA's ISP policed 3 strikes law easy to implement by just extending ISP duties a little.
2. The RIAA/MPAA have also been pushing ISP Copyright policing now. This would likely involve the 3 strikes rule, but just for that ISP.
3. Recently the RIAA/MPAA convinced the FCC that file sharing should NOT be protected under net neutrality. This opens the door to ISP blocking of BitTorrent and other services. (Almost certainly ACTA will squash net neutrality too.)
4. The US champion of ACTA is President Obama. He wants to force his bleak vision of a neutered internet with Copyright policing down not only US throats but down the rest of the world's if possible.
5. Let's not forget how Obama hired RIAA lawyers into the Justice Department. What do you suppose Obama's plans are for them?
It seems to me that we are all voyagers on the digital equivalent of the Titanic. Icebergs have been sighted but no course corrections have been made. Soon our freedoms are going to sink beneath the waves forever just to help Big Media make an extra few dollars!
Unjust laws should be repealed.
But consider how possible that really is.
Passing a US law in the first place is a huge effort but repealing it is far more work.
Repeal can never happen unless citizens demonstrate a overwhelming support for repeal.
This is why almost all of the laws that have been passed remain in force unless they were superseded by another law.
And if you think repeal is tough, imagine how hard it would be to change the anti-internet freedom ACTA treaty.
http://en.wikipedia.org/wiki/Aldrich_Ames
"Past performance is not indicative of future results".
It is simply impossible to prove that someone can be trusted. As an icon of the Right once said, "trust but verify."
... so long as it's enforceable.
If the majority of ISPs refuse to comply, what could they possibly do about it?
Nothing.
But if they start arresting people, then you'll know what kind of country you're living in.
What if the USA, faced with insurmountable debt, decides to sell your state to Saudi Arabia? Then their police decide to look over all this data and see who's guilty of violating their morality laws.
Best thing that could happen to New Jersey.
All that would do is place all the real power in the hands of professional staffers, who would lead the clueless six-monthers around on a leash like poodles.
It's happening, slowly though. Enjoy: http://www.opensourceg.com/ Sure as he'll worked for Linux! :)
I'm pushing for daily voting. Doing the best this garbage man "can" :)
Would love some critique e-mails, links to add, etc.
I thought corporate law could be battled with 330 million American votes saying no to copywrong and intellictual poverty.
It's the best chance a Canadian has b/c our laws are imported under threat of trade sanctions from down south!
http://www.opensourceg.com - A Man Can Dream