Slashdot Mirror
FBI Pushing For 2-Year Retention of Web Traffic Logs
suraj.sun writes to tell us that the FBI is pushing to have ISPs keep detailed records of what web sites customers have visited for up to two years. Claiming a desire to combat "child pornography and other serious crimes," the FBI and others are pressing for increased data retention, which they have been doing since as early as 2006. "If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant. What remains unclear are the details of what the FBI is proposing. The possibilities include requiring an Internet provider to log the Internet protocol (IP) address of a Web site visited, or the domain name such as cnet.com, a host name such as news.cnet.com, or the actual URL such as http://reviews.cnet.com/Music/2001-6450_7-0.html. While the first three categories could be logged without doing deep packet inspection, the fourth category would require it. That could run up against opposition in Congress, which lambasted the concept in a series of hearings in 2008, causing the demise of a company, NebuAd, which pioneered it inside the United States."
Seriously is child pornography going to be trotted out for EVERY encroachment on privacy that we have to endure year after year?
It's getting so old.
Claiming a desire to combat "child pornography and other serious crimes" the FBI and others are pushing for increased data retention, which they have been doing since as early as 2006.
ahh the old think of the kids line. It always works and people never have the guts to say that some things don't simply protect kids.
Will the FBI give us some evidence already that mandatory retained data has been essential to actually solving some significant fraction of crimes, or some convincing evidence that its lack is the only reason some significant fraction goes unsolved?
Without that evidence, their insistence on invading our privacy instead of protecting it as they're instructed by the Constitution that gives them their powers should just be laughed at.
--
make install -not war
Why only require it here? Why not make the local hot dog stand on the street keep records of who bought their food for the last two years? Because it's inconvenient and it's not effective. If laws are put in place to do this, then people will find a way around it. Any form of p2p transfer will easily let people gain access to those images without touching the loggers. Criminals are smart, stop treating them as fools and punishing the common masses because of it.
Two years worth of logs for every single page visit for every single user? The ISPs, especially the larger ones, are going to need some serious storage arrays for that.
All stores and restaurants will have to keep logs of every customer that comes in, whether they buy anything or not, including full video of them while they were in the store. Microphones must be set up at every table in the restaurant to record all dinner conversation. All of this data must be kept for ever and a day, and available to anyone who appears to be in law enforcement. Why is real life any different than the web?
Everything you know is wrong, Just forget the words and sing along.
We should log lollipop purchases, so we can crack down on those guys in big white vans with FREE CANDY on the side.
This goes beyond the data retention laws in the EU, and even those are under a lot of public pressure and currently being looked at by the highest courts. What you'll see is that your guys will back down from requiring access logs and make ISPs "just" keep a log of the IPs of their customers for two years, like the EU requires, and they'll call it a compromise.
If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant
until someone offers $100,000 to a $15/hr tech to give them two years of Senator X's browsing records. After that, it will have "served its purpose" and will "no longer be in the public's interest".
Equine Mammals Are Considerably Smaller
ahh the old think of the kids line. It always works and people never have the guts to say that some things don't simply protect kids.
Isn't that the problem with child pornography, that people are 'thinking of the kids'....?
HA! I just wasted some of your bandwidth with a frivolous sig!
and in the event somehow that the devil intervenes to allow this to come true, the feds should pay to store the data. pay the upfront money to build the servers and the additional air conditioning and power, pay the maintenance money to hire techs and buy tape and repair the machines and run a 24x7 watch on the center. and pay all legal, recovery, and processing fees for every single request.
if this is supposed to be a new economy, how come they still want my old fashioned money?
As someone that works in the Adult hosting industry, this is going to be poorly received. A lot of our clients are already hurting for money and as such have scaled back their server footprint. We're pushing servers (disk IO) a lot harder than before -- one easy solution we have is to just disable access logs. Writing 1GB+ of log data per hour swamps disks and just adds huge amounts of overhead. Since these logs are of clients browsing through porn ... it'll cost a decent amount of money to actually be able to start logging again AND to store raw log data for two years.
You left out "Family Guy". That show is child+animal+incest+homo porno. But obviously Americans love it.
Deep packet inspection for URL not required, in theory, if the U.S. government mandates both ISPs *and* websites to maintain logs.
That may be how they'll rope websites, and other types of internet services for that matter, into complying with log retention.
Another route, though I've never seen it mentioned in context to log retention laws, is to require web browsers to log the information in tamper-resistant (think DRM) hidden files. MSIE, in a matter of speaking, already does with index.dat files (some suggest their real purpose is, in large part, to help law enforcement), which the regular computer user has no clue of, let alone know how to get rid of, since Windows makes it difficult to delete them.
Ron
I have an even better idea. Let's have all law enforcement officials be required to wear audio and video recording equipment at all times, which are available for all citizens to watch. They do work for us, after all, and I think this would help curb police brutality. I know that most officers are good people, but there are a few bad apples, so we can't be too vigilant.
Host names cannot be logged without packet inspection unless they assume that a corresponding request against the ISP's DNS services constitutes to "visiting" the resolved host name. You are also free to use DNS servers of your choice that are different from your ISP's. You can run your own DNS server too.
When a client "visits" a URI it:
1. resolves the host name to IP address via a DNS service
2. makes a connection to the said IP address
3. if connection uses SSL, proceeds with the "handshake"
4. sends host name, URI, and other request info via the above connection
ISPs can log #2, but cannot log #4 without packet inspection. It's even more complicated if the connection is encrypted (e.g. https).
The 4th amendment is supposed to require a warrant to BEGIN surveillance. The law doesn't say "they can tap your phones and record all of your conversations, but they can't actually listen to them until a warrant is issued against you." No, they can't tap until they have the warrant.
This shouldn't be any different.
Then again, we all know the results of the last large-scale warrantless wiretapping incident (no one was punished, and it's likely still occurring), so I guess it is, in fact, not any different.
If we could just get some people to stop thinking of the children, there wouldn't be so much child porn in the first place!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
like destroying the meaning of privacy for all the users of internet?
1) It's easier to catch dumb people than smart ones. People who run anything larger than home-made porn are probably going out of their way not to be caught.
2) If the media is right, a large percentage of circulating child porn is produced outside the United
States. In some countries 16- or 17-year-olds can, or could until recently, be porn stars. Such pictures are illegal in America.
3) When someone is busted for "made at home" child porn, the media won't publish his name to protect the kids. They may even suppress the story or bury it as a blurb in another article.
The feds can do something about #1. As for #2, only international crackdowns will help here. As for #3, it's probably a good thing this doesn't make the papers.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
In New York at least, phone companies have to keep transaction data for 2 years. I think this is a nationwide requirement but I'm not sure.
The feds will argue that URLs are like phone numbers, and since they aren't actually requiring the ISPs or web sites to log the bits that went over the wire the feds don't see a problem.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Uh I thought the US Constitution had the concept that laws could not be retroactive.
Just sayin'
We have those log hard copies right here.
Dammit! Who forgot to put a new ink cartrige in the printer last year?
Have gnu, will travel.