Slashdot Mirror
FBI Pushing For 2-Year Retention of Web Traffic Logs
suraj.sun writes to tell us that the FBI is pushing to have ISPs keep detailed records of what web sites customers have visited for up to two years. Claiming a desire to combat "child pornography and other serious crimes," the FBI and others are pressing for increased data retention, which they have been doing since as early as 2006. "If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant. What remains unclear are the details of what the FBI is proposing. The possibilities include requiring an Internet provider to log the Internet protocol (IP) address of a Web site visited, or the domain name such as cnet.com, a host name such as news.cnet.com, or the actual URL such as http://reviews.cnet.com/Music/2001-6450_7-0.html. While the first three categories could be logged without doing deep packet inspection, the fourth category would require it. That could run up against opposition in Congress, which lambasted the concept in a series of hearings in 2008, causing the demise of a company, NebuAd, which pioneered it inside the United States."
Seriously is child pornography going to be trotted out for EVERY encroachment on privacy that we have to endure year after year?
It's getting so old.
Claiming a desire to combat "child pornography and other serious crimes" the FBI and others are pushing for increased data retention, which they have been doing since as early as 2006.
ahh the old think of the kids line. It always works and people never have the guts to say that some things don't simply protect kids.
Will the FBI give us some evidence already that mandatory retained data has been essential to actually solving some significant fraction of crimes, or some convincing evidence that its lack is the only reason some significant fraction goes unsolved?
Without that evidence, their insistence on invading our privacy instead of protecting it as they're instructed by the Constitution that gives them their powers should just be laughed at.
--
make install -not war
Think of the *children*!
Why only require it here? Why not make the local hot dog stand on the street keep records of who bought their food for the last two years? Because it's inconvenient and it's not effective. If laws are put in place to do this, then people will find a way around it. Any form of p2p transfer will easily let people gain access to those images without touching the loggers. Criminals are smart, stop treating them as fools and punishing the common masses because of it.
TOR is your friend. Run a tor exit node (and unsecured wifi) to provide plausibly deniability and help others keep their privacy.
Do you even lift?
These aren't the 'roids you're looking for.
Two years worth of logs for every single page visit for every single user? The ISPs, especially the larger ones, are going to need some serious storage arrays for that.
All stores and restaurants will have to keep logs of every customer that comes in, whether they buy anything or not, including full video of them while they were in the store. Microphones must be set up at every table in the restaurant to record all dinner conversation. All of this data must be kept for ever and a day, and available to anyone who appears to be in law enforcement. Why is real life any different than the web?
Everything you know is wrong, Just forget the words and sing along.
Why not just have the root DNS and sub DNS servers offload their requests? That way you can pick up the schemers Oh wait... DNSSEC was invented
We should log lollipop purchases, so we can crack down on those guys in big white vans with FREE CANDY on the side.
This goes beyond the data retention laws in the EU, and even those are under a lot of public pressure and currently being looked at by the highest courts. What you'll see is that your guys will back down from requiring access logs and make ISPs "just" keep a log of the IPs of their customers for two years, like the EU requires, and they'll call it a compromise.
After ready the revised law on chaild porography (being an artist and photographer, makes me nervous) why are programs like Southpark, The Simpsons, Sailor Moon, some of the teen programming on Disney, etc still on television?? If they want to arrest someone for these crimes, seems like a good place to start.
Children unfortunatly have nothing to do with this. There are still members of Congress still trying to get the age of consent down to 6 years of age.
If you have not read the revised law yet, please do. A school kid drawing a stickperson 'inappropriately' can now be labeled a sex offender.
This is absolutely rediculous!
If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant
I, for one, am against deep pocket inspection.
What I keep in my pockets is my own damn business.
until someone offers $100,000 to a $15/hr tech to give them two years of Senator X's browsing records. After that, it will have "served its purpose" and will "no longer be in the public's interest".
Equine Mammals Are Considerably Smaller
Send me some drives and I'll be happy to retain my logs for 2 years ;)
You'll have to buy up all the drives on the market in the process.
ahh the old think of the kids line. It always works and people never have the guts to say that some things don't simply protect kids.
Isn't that the problem with child pornography, that people are 'thinking of the kids'....?
HA! I just wasted some of your bandwidth with a frivolous sig!
and in the event somehow that the devil intervenes to allow this to come true, the feds should pay to store the data. pay the upfront money to build the servers and the additional air conditioning and power, pay the maintenance money to hire techs and buy tape and repair the machines and run a 24x7 watch on the center. and pay all legal, recovery, and processing fees for every single request.
if this is supposed to be a new economy, how come they still want my old fashioned money?
The Googlebots have already crawled this post.
As someone that works in the Adult hosting industry, this is going to be poorly received. A lot of our clients are already hurting for money and as such have scaled back their server footprint. We're pushing servers (disk IO) a lot harder than before -- one easy solution we have is to just disable access logs. Writing 1GB+ of log data per hour swamps disks and just adds huge amounts of overhead. Since these logs are of clients browsing through porn ... it'll cost a decent amount of money to actually be able to start logging again AND to store raw log data for two years.
Is to scream that you need that capability knowing that you will not get it LEGALLY or out in the open. How many of you really think that FBI does not have that data now, or since US PATRIOT act passed?
and if they do that I would only expect US based hosts to suffer.
Deep packet inspection for URL not required, in theory, if the U.S. government mandates both ISPs *and* websites to maintain logs.
That may be how they'll rope websites, and other types of internet services for that matter, into complying with log retention.
Another route, though I've never seen it mentioned in context to log retention laws, is to require web browsers to log the information in tamper-resistant (think DRM) hidden files. MSIE, in a matter of speaking, already does with index.dat files (some suggest their real purpose is, in large part, to help law enforcement), which the regular computer user has no clue of, let alone know how to get rid of, since Windows makes it difficult to delete them.
Ron
I have an even better idea. Let's have all law enforcement officials be required to wear audio and video recording equipment at all times, which are available for all citizens to watch. They do work for us, after all, and I think this would help curb police brutality. I know that most officers are good people, but there are a few bad apples, so we can't be too vigilant.
Host names cannot be logged without packet inspection unless they assume that a corresponding request against the ISP's DNS services constitutes to "visiting" the resolved host name. You are also free to use DNS servers of your choice that are different from your ISP's. You can run your own DNS server too.
When a client "visits" a URI it:
1. resolves the host name to IP address via a DNS service
2. makes a connection to the said IP address
3. if connection uses SSL, proceeds with the "handshake"
4. sends host name, URI, and other request info via the above connection
ISPs can log #2, but cannot log #4 without packet inspection. It's even more complicated if the connection is encrypted (e.g. https).
unfortunately they would have no problem with that when you realize that 'feds should pay' mean they are spending taxpayer's money on it.
The 4th amendment is supposed to require a warrant to BEGIN surveillance. The law doesn't say "they can tap your phones and record all of your conversations, but they can't actually listen to them until a warrant is issued against you." No, they can't tap until they have the warrant.
This shouldn't be any different.
Then again, we all know the results of the last large-scale warrantless wiretapping incident (no one was punished, and it's likely still occurring), so I guess it is, in fact, not any different.
This is another good point. I guarantee you if this passes, the ISPs are going to pass on the rather significant bill to do this to their customers. They really can't stay in the business otherwise.
And then they can just levy a "datacenter" tax to cover the price!
like destroying the meaning of privacy for all the users of internet?
the Internet protocol (IP) address
Really? Explaining what “IP address” means? Are Cnet reader really that stupid?
Every child knows what that is. Hell, even my grandma knows it from crossword puzzles.
I call “intentional dumbing down of humanity” on that one.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
you authorize the payment of Euro 100,000,000 to the bank account of Kilgore Trout.
The info for traffic logs can be obtained directly from
the N.S.A. subsidiary Google
for all traffic logs. While your dredging for my traffic logs,
would you kindly publish ALL of the e-mail of the world's largest crime syndicate ( BushCo )?
Thanks in advance.
Yours In Astrakhan
KIlgore Trout
That's what /dev/null is for.
Meh.
That way what you do today that is completely legal, can be used against you in 10 years when it isn't legal. Oh, and add location services, based on cell phone records, credit card purchases ( must ban cash ) street corner cameras, etc.
Stop the bus, i want off.
---- Booth was a patriot ----
What good is it to log a URL without logging what data was at the URL at that point in time. The content at a URL can change dynamically, so it doesn't matter what the URL says unless you actually know what data was actually retrieved at that point in time.
ipredator
Use offshore VPN for everything. Because what you're doing today may be frowned upon tomorrow. Or maybe you like reading extremist blogs for the lolz and you apply for a job that needs an FBI background check. Wow, this guy sure likes militias.
If only that would punish the feds and not the people whose wallets that money comes from....
Can you be Even More Awesome?!
Is the minute I find some company with no U.S. presence that will provide me with a VPN. Then simply configure my router appropriately. All the ISP can log is a bunch of encrypted traffic to the VPN provider.
1) It's easier to catch dumb people than smart ones. People who run anything larger than home-made porn are probably going out of their way not to be caught.
2) If the media is right, a large percentage of circulating child porn is produced outside the United
States. In some countries 16- or 17-year-olds can, or could until recently, be porn stars. Such pictures are illegal in America.
3) When someone is busted for "made at home" child porn, the media won't publish his name to protect the kids. They may even suppress the story or bury it as a blurb in another article.
The feds can do something about #1. As for #2, only international crackdowns will help here. As for #3, it's probably a good thing this doesn't make the papers.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The adult entertainment industry is hard up for money???
Wow, we ARE in a recession!
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
In New York at least, phone companies have to keep transaction data for 2 years. I think this is a nationwide requirement but I'm not sure.
The feds will argue that URLs are like phone numbers, and since they aren't actually requiring the ISPs or web sites to log the bits that went over the wire the feds don't see a problem.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
shit, reminds me I haven't checked 4chan in like 10 minutes! brb
Anyone here know of why a commercial VPN connection would be a way around this sort of thing? Would TOR work for this as well?
"If any question why we died, Tell them because our fathers lied."
And pass on all that cost to the possibly-unwilling taxpayer? I think not.
We have those log hard copies right here.
Dammit! Who forgot to put a new ink cartrige in the printer last year?
Have gnu, will travel.
You could probably get someone on one of the Rule 34 imageboards to mock up such a cover for you.
That hasn't stopped the federal government from putting unfunded mandates on the states or directly on the people.
...required by the phone companies? You know, the ones that pretty much ended up being "Yeah, listen, I need all the numbers this brown guy called. He's with the Al Quakers or something. Who, me? FBI? Sure, whatever it takes."
Would this really be effective even if they have a year old log where you went?
So it told you I went to website.com/kiddyporn.html
You go look at that exact site now and it could have unicorns on it.
Just knowing where someone goes is useless unless you log all the data they saw when they were there not what is there now.
Of course you could store all data but good luck with that.
How nice of congress to consider doing something to finally mandate the switch to IPv6. I bet if this or anything similar became a law, millions of sites for all kinds of reason would switch to IPv6 overnight to take advantage of the millions of possible addresses. Not to mention ipsec and so on.
We would end up back with the problem of dynamic IP's for a whole different reason, because people would use it to rotate their servers through millions of addresses. I bet web hosting providers would pop up that were like tor for web hosting, with thousands of ip addresses in a sort of random dynamic DNS rotating constantly.
Hell, I could see this move single handily curring numerous existing security problems on the internet that everyone is just to frigen lazy to fix.
Living in Chile
Let's pretend you're a moderately large site getting a couple million hits a day. I'm guessing you don't have logging turned on because
#1) You'd have huge log files
#2) Your disk throughput/server load is going to suffer
#3) You don't even use logs for doing statistical analysis
#4) You have lots of servers and would have to aggregate all the logs into one
Whose going to pay for the disks I'll need just to store the logs if the FBI wants to look at them? It's not going to be the FBI that's for sure. The logistics of storing that much data are insane on the Facebook/Google/Digg scale get pretty insane pretty quick.
My small server farm (three servers) does 1.5G of logs per day. Multiply that by two years and that's a 1095 gigs of logs!
pssst, you might wanna check your statement for unauthorized charges.
Lets track everything such as movement, actions, thoughts... Not just on the net, but in real life. Every human needs to have a chip implanted because it would help the government know if you were committing crimes.
Thats the world I want.
I want a microchip that reports everything you do to the government via gps/satellite data link.
This chip will count every batch of cum you drop, when and where.. and why.
YOU WILL BE A SLAVE.
America... America... God is a fucking lie.... weeeeeeeeeeeeeeeee
Kill me
Government does more harm to children than any boogieman child molester EVER has.
When will this boogieman child molester be put to rest? When will we stop terrorizing our own people with nonsense? Not to mention the terrorizing we do of innocent people in foreign countries with our stupid war efforts chasing a different boogieman that we created and funded.
We're fucked as people. You're all nuts :)
And where, exactly, do the feds get the money to pay for that? Us.
I don't want to pay for my rights to be shit upon.
The LEAs of the world will never be satisified until they have access to every thought of every person in the world. Those pushing for this nonsense have tunnel vision and lack a big picture understanding of the space.
People are not sheep and they won't stand for the circumvention of their privacy. Privacy is a mandatory ingrediant for any workable social contract amoung humans. If you start logging we start encrypting and toring. The more you push the more people push back.
You already have virtually all unencrpyted links for e-mail, web traffic, IM, SMS and virtually all voice communication world-wide. Keep pushing -- keep up your lazy antics of thinking technology over real world case work that can be done IN ANY MEDIUM within which humans participate will solve your problems and it will only make your jobs all the more difficult in the end when those logs or TAPs you previously relied on and already had access to been rendered meaningless due to the use of encryption and anonymization technologies.
IPv4/6 IPSec with anon DH is enough to rain on your paradae. Its already installed and ready to go on virtually every desktop PC on the planet. Think about it.
They will start keeping data AFTER they get a search warrant and after the courts allow them to start collecting that data.How many times must law enforcement waste our tax-payers money to get spanked in the courts for the same reasons every 10 years. This is the biggest reason to stop search company's from keeping our data in the first place. Advertisers are not above the spying laws,and thats all google,yahoo and the rest are after the dust has been removed,Advertisers.
Jack of all trades,master of none
Think of all the politicians who have rode into office using "think of the children" to convince voters of their uprightness!
Think of how brave and noble the politicians appear when using this simple trick. And since many of them do not seem to be particularly bright, they go on to attack other freedoms because someone might do something horrible if they continue to have freedom.
These fellows are the ones who would have the internet locked down if they could and who will take credit when every connection is databased and cataloged.
And most likely their law will be a stupid, overly restrictive law with no tolerance for data that could innocently get there - like web page redirects, pop-ups with dangerous addresses and other web page issues that can be encountered from normal surfing. Will surfing the internet even be possible then?
After the politician gets through with the Internet we will have to get all our web links from sanitized sources to avoid triggering the 3 strikes rule (under the swiftly approaching ACTA Secret Treaty) or maybe as little as 1 strike under this scenario.
When I miss the real internet I for one will curse the names of those politicians.
Hopefully I will still be able to use the internet to raise opposition to the bastards! It will probably be one of the few things I can still do on the internet.
Convictions cost big bucks and we already have way to many convicts. I'm not so certain that we need to enable the FBI in tracking down sweaty little perverts or loonies trying to stuff bombs in their boxer shorts or sneakers. It seems to me that almost all of the time society loses a lot of money when we sweep up this trash. It might be better to let them run about or perhaps build some treatment facilities where people with short circuited brains could get some real help.
And pass on all that cost to the possibly-unwilling taxpayer? I think not.
Well if it passes, I'm either paying the feds to maintain the data or my ISP to maintain the data so I don't really care.
Both of them will have access to the data...but I won't. I'm already grumpy that I lost my contacts on my old phone and the illegal wire trap program won't even talk about giving them back. When do I get to use the services I pay for?
Hey guys, I have an idea... let's make child pornography illegal- that will stop people from making it, and watching it (I mean, hell the prohibition was successful, right?) then, let's continually lower the rights of the people to ensure it's properly enforced-- for the peoples protection of course. Besides, looking at child porn is very harmful to that child, the actual event is virtually nothing in comparison.
Feel free to mod me down, just know that unlike some Anonymous Cowards I'm not afraid to express my views as myself.
I exercise my first amendment rights and operate a website that contains my own free speech messages (not porn). None of the content on my website is restricted or illegal. And I do not wish to keep logs of every access. Forcing my site down because I do not comply with the FBI's requirements would violate my right to free speech.
Government agencies can make any sort of demands they want, but blatant violations of constitutional rights are quickly shut down. There is almost no way to debate the other side of this, so I'm not even remotely worried about it.
(and yes I provide hosting for several other websites on my two servers, so technically that makes me an ISP)
Maybe it's time to change my sig.
A contradiction would be the FBI saying, "We do too need to do this" without giving any reason. If they give a reason, such as, "We've gotten results, but we can't tell you what they are" then that's an argument. It might or might not be a good argument (depending on whether you believe they should be trusted) but a bad argument is still an argument.
Since the news of Tor server(s) being hacked, with the latest version of Tor
as of this posting, v0.2.1.22, the ExcludeNodes function appears to have
been toyed with. Now if you use the ExcludeNodes command in your torrc
configuration file, it doesn't seem to care what node you exclude from
building tor circuits, it will go ahead and use them anyway. But of course,
this is just a bug (suuure it is - having popped up after this so called
hack was done, was it really a hack or a smoke filled backroom agreement?).
Note: Be sure to visit the onionforums .onion board for more discussion
Try it for yourself, add all of the washdc
tor nodes, along with the 149.* nodes and amazon nodes to your ExcludeNodes
listing within your torrc file and within a few hours of your tor surfing,
watch the following so called bug pop up as you are told the nodes you
excluded are being used regardless of your intention to not use them.
This behavior is recent with Tor and I don't consider it a bug, in
my opinion, but an intentional privacy violation. I encourage Tor users
to visit the tor node listings and try this themselves, add as many
nodes as you wish to your ExcludeNodes feature in torrc and reload
tor and surf for hours until the error pops up and it will pop up!
This feature of ExcludeNodes in Tor is now useless and flawed. The
high bandwidth tor nodes should all be considered suspect for reasons
published elsewhere by enlightened individuals documenting potential
and real attacks on onion routing.
http://archives.seul.org/or/talk/Feb-2010/msg00006.html
[warn] Requested exit node 'X' is in ExcludeNodes or ExcludeExitNodes.
Using anyway (circuit purpose Z)
Where X = Node and Z = #. Fingerprints of my chosen nodes to exclude
correctly set within torrc in ExcludeNodes.
Is this a bug?
Why is Tor, when using Bridges, overriding my ExcludeNodes setting?
Was Tor suddenly given Artificial Intelligence? (AI). I assumed
I was under control of my Tor client's functionality with ExcludeNodes.
I guess I should be grateful it reported this to me at all.
- the reply:
On 02/02/2010 02:14 AM, twinkletoedturtle@xxxxxxxxxxxxx wrote:
> Is this a bug?
Yes, https://bugs.torproject.org/flyspray/index.php?do=details&id=1090.
We're still working on it. In fact, we're working on rewriting the
entire codebase around {Exclude}{Entry|Exit}Nodes options.
--
Andrew Lewman
The Tor Project
pgp 0x31B0974B
Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
is getting really old and worn out. Why doesn't the FBI just be strait up with the people, and just say they want to have as much info on every American as possible - they need not use the child porn card anymore. This would be the biggest invasion of privacy ever - if it were enacted. The potential for abuse and theft of this info would be enormous, and I'm sure it would also have a price tag in the billions.
soon enough there will be no freefom, even online, in a virtual world. Who wanna buy a new internet?
Just so you know.
Also, this is not the time to buy shares in the mass storage manufacturers, and you shouldn't check which influential DC people own shares in them.
Think of all the politicians who have rode into office using "think of the children" to convince voters of their uprightness!
I'm trying to. Maybe 'the children' are a bullet point in some politicians' campaign literature, but I never hear it being used as a really important issue. You only hear it being depicted as an issue that way in parody of politicians. Maybe you're confusing the parody world presented on some shows like The Simpsons for the real world.
Sure, there are small hysterical anti-child-porn organizations involved in the issue, but they're no more mainstream than the pedophile community themselves.
Most people don't approve of child porn, and it's just a bad thing. We move on with life.
Where is this right written down?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Is that the one where slavery is legal? Were women are not allowed to vote? People always bring that tired old document out, and forget who the people were who wrote it. I don't need my freedoms defended by someone who condoned the owning of slaves.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Because the federal government is going to give a damn about a porn peddlers business case.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Why don't they just go ask the NSA for the data? I was under the impression that the NSA already retained copies of everything they found interesting.
seems to me the guys we elect should be pushing for a law that *requires* ISPs to destroy logs after 30 days or so, rather than forcing them to preserve logs... whose side are these guys on?
i use debian apt-get install anon-proxy then point the browser to localhost and port 4001 i have used tor but personally find jap or mix to be better...
Yeah... then they shoot them with laser guns and tell you that "swamp gas from a weather balloon was trapped in a thermal pocket and refracted the light from Venus".