Slashdot Mirror
DOJ Seeks Mandatory Data Retention For ISPs
Hugh Pickens writes "Computerworld reports that in testimony before Congress the US Department of Justice renewed its call for legislation mandating Internet Service Providers (ISP) retain customer usage data for up to two years because law enforcement authorities are coming up empty-handed in their efforts to go after online predators and other criminals because of the unavailability of data relating to their online activities. 'There is no doubt among public safety officials that the gaps between providers' retention policies and law enforcement agencies' needs, can be extremely harmful to the agencies' investigations,' says Jason Weinstein, deputy assistant attorney general at the Justice Department, adding that data retention is crucial to fighting Internet crimes (PDF), especially online child pornography. Weinstein admits that a data retention policy raises valid privacy concerns however, saying such concerns need to be addressed and balanced against the need for law enforcement to have access to the data. 'Denying law enforcement that evidence prevents law enforcement from identifying those who victimize others online,' concludes Weinstein." Think about how much evidence is denied to law enforcement by envelopes, opaque concrete, and criminals' failure to shout.
So, now ISPs all have to buy terabytes of hard disk space to store all of those log files just in case some nosy prosecutor comes a callin'? ISPs might be better off threatening to just shut down operations and leave their customers disconnected to get the point across to the lawyers in congress that they need to consult with the people they're trying to regulate before throwing impractical solutions at them.
The government basically has the ability to snoop into about any portion of your life, and some people want to INCREASE that ability? No thank you. He who sacrifices freedom for security deserves neither.
What else can happen when an unstoppable force collides with an immovable object?
I think as long as they have strict rules for the burden of evidence for a warrant to see these records, I wouldn't be opposed to it. I don't think that police should have free range over all of this data though. I think this data should be used to help convict people, not discover them in the first place.
If records of my activities are recorded and available for investigation, and I have equal rights, those of all people should be too. Given that home users are directly linked to an ISP and all their activities can be directly monitored with a very high likelyhood of locating and monitoring the proper suspect in an investigation, they are at a distinct disadvantage when compared to others who can mix their activities with many other users in a large office or government division by hiding behind a corporate firewall, who can then respond to investigators with strong legal and technical protections as well. So all government offices and corporations should have their records kept by third parties as well, installed on equipment directly linked to their switches within their environments, and revealed to the public under FOIA and/or judicial order. In fact, for certain positions requiring high public confidence, such as public representatives, publicly traded companies, or groups managing public resources, connection of their own computers and that of their staff should be monitored and records kept for possible future breach of public trust investigations.
Build your own energy sources from scratch. http://otherpower.com/
,quote> Think about how much evidence is denied to law enforcement by envelopes, opaque concrete, and criminals' failure to shout.
I remember reading (several years ago) about a chemical that can supposedly make paper temporarily transparent .Also, seems to me that graphite and even pen ink might show up on an MRI scan. As for concrete, a portable neutron scanner should be useful to get some idea of what is inside. (No idea if such a scanner would be affordable to any but the very most important cases any time soon.)
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
especially online child pornography
There are 3 targets for every government intrusion on civil liberties:
1. Terrorists
2. Child porn
3. Drugs
The law enforcement agencies have determined that those are the issues that can be used to push absolutely anything through. For instance, trying to catch terrorists allows them to grope everybody with absolutely no suspicion of wrongdoing. Drugs allow them to break down your door at 2 AM, guns drawn, without identifying themselves as the government, and in some cases killing people. And of course child porn and terrorism allows them to watch absolutely everything you do online. That these are plainly illegal doesn't matter, because anybody who disagrees with them must be a terrorist, child pornographer, or junkie.
That doesn't mean those threats don't exist, but if they were serious about addressing the real risks around us they'd be focused on more mundane issues like traffic violations.
I am officially gone from
adding that data retention is crucial to fighting Internet crimes (PDF), especially online child pornography.
Sorry, but what is this obsession with child pornography? I don't care that someone is looking at it. Sure I care that someone took the pictures / did whatever, but so what if people are looking at it. You can call them sick or whatever you want, but there is a huge difference between some perverse fantasy and acting on it. Have you been arrested for the random dream of killing your boss? I don't think so.
On this subject, is there anything else that is illegal to simply have possession of that can absolutely do no harm just by itself?
All this data retention crap w.r.t. recording IP addresses is a moot issue, when the ISPs will move to IPv6. Everyone will have a (set of) fixed IP addresses anyway; just like our currently fixed phone numbers. For everything else, we'll have to develop or use an already existing end-to-end encrypted layer on top of IP, so that ISPs as men in the middle won't have anything to record and report to our big brother governments.
cpghost at Cordula's Web.
Requiring warrants doesn't make conditions equal. Once data exists, it leaks, via legal, semi-legal, and extra-legal routes. There's no denying it happens. So if data exists on the public, data should exist on the officials. More so perhaps, as their positions require us to trust them for our basic rights to exist, but they don't need to trust us for their rights to exist. Records on citizens are usually used to prosecute criminals and/or abuse citizens rights. Records on public officials can be manipulated and forged to fake legitimacy. It'll be rare to have it leaked or released for evidence of abusive behavior. So the balance of power the records will supply has to be equalized somehow.
Build your own energy sources from scratch. http://otherpower.com/
Given that it seems like quite a few cases of people who have illegal porn on their computers are caught when they take their computer in for service, why don't we just pass a law requiring that everyone has to take their computers in for random checks? Really, absurdity doesn't play a role in these decisions, does it?
This would be like saying that all phone providers need to record all Americans phone call 'content', just in case the government wanted to investigate you for something at a later date.
"In God We Trust, All Others Pay Cash"
You do realize that publicly traded companies aren't "public" like the government, right?
Despite the misnomer, publicly traded companies are still private entities owned by individuals (or groups of individuals). What the heck gives you the right to see ANYTHING they are doing, aside from normal regulatory compliance?
Provide the information they seek ONLY when they provide a valid warrant. ISPs should not "informally" cooperate with law enforcement. If there is reasonable suspicion of a crime, the law enforcement agency should be able to convince a judge of that and obtain a warrant. Checks and balances.
Learning HOW to think is more important than learning WHAT to think.
Even if it was Osama Bin Laden brutally raping and murdering little kids and posting footage of same on YouTube it doesn't justify giving the government ANY right whatsoever to do wholesale data collection of telephone calls, bank account data, retail purchases, library borrowings or (as in this case) internet data (emails, web access etc).
I have no problem whatsoever with the FBI/cops/etc going to an ISP and saying "we have x IP address at y time, please find out which customer that was and set up a tap/trace on that customer so we can bust the guy" but wholesale data gathering is something I will NEVER support.
What we need is for someone to come up with something that shows why continued erosion of civil liberties is bad and wont do a thing to stop criminals (including Child Pornographers) or terrorists (including Osama Bin Laden). Something that even the most clueless person can understand.
If you can show people that what their government wants to do wont actually stop whatever criminal activity people want the government to stop (and more to the point, suggest an alternative that will be more effective in stopping the criminal activity in question) people might just listen.
So, we should monitor everybody so that if in the future we need to monitor a specific person, we'll already have the data. Brilliant!
Welcome to the surveillance society. Wouldn't this run afoul of the whole "unreasonable search and seizure"? Hell, keep everybody's web history long enough and you'll likely find something you could use against them.
I completely disagree that ISPs should just track everything in case law-enforcement wants it at some point. It's a little Orwellian, and I fear that it is only going to get worse -- in their zeal, governments are really going overboard. This is just depressing.
Lost at C:>. Found at C.
I was a stand in security and abuse coordinator for a little less than a year at Time Warner Cable. All it took was a subpoena faxed to the office for us to hand over any data request. A lot of times cops would get pissed because a police letterhead fax wasn't enough, but it takes no time to get a subpoena. Police would try to say they were afraid the data could get purged if they didn't get it now, versus a few hours from now which is BS. I would tell them I already pulled the requested data and had it right in front of me so no worries about it being purged, they were not amused.
If any expansion of power is needed it should be the ability to have a request to hold data while a subpoena is processed. That is a simple answer, but the government isn't interested in simple answers its intent is to chip away at privacy so it can do whatever it wants whenever it wants.
"In God We Trust, All Others Pay Cash"
It's not going to be just the police. If the data is there it will be available to civil suits. Things like showing your ex-spouse visits porn sites and is clearly not a suitable parent.
I do understand the cops. There is a lot of crime, and there is data available to catch crime, without having to resort to infiltrating organized gangs and risking the life of an investigator. Access to that data that could save a lot of lives and abuse and trouble, but such data collection is prohibited under privacy laws. Now, they must understand the public position if they want data to be able to do their jobs better. Allowing data to be collected is a serious invasion of privacy, basically amounts to strongly reducing rights of privacy, secrecy and anonymity. And the data will certainly leak in lots of ways. So, if they want data on people, they have to give up data on themselves. There is also a lot of crime and abuse that happens within police, government, legal offices, government offices, and corporate offices. The public needs that investigated too. Data can be collected in those places too. Equal rights. Certified collection, storage and authenticity of behavior data on everyone, on all levels, accessible to everyone, on all levels, on equal condition, or no data for anybody. That included everyone. Lawyers, justices, policemen, security officials, corporate employees, executives, their families, dogs, everyone. If you have privacy, I have privacy, if you have data, I have data. If you can read my writing, my reading, and my mind, I can read your writing, your reading, and your mind. And we all want full system auditing rights, too.
Build your own energy sources from scratch. http://otherpower.com/
All they ask for in this statement is exactly what you said you have no problem with: a reverse mapping of (IP address, time) to customer and customer information (e.g., address).
The problem, they claim, is that ISPs only store this data for short periods of time, which is insufficient. They specifically mention that they are not requesting that ISPs start storing data that they do not already store.
If they want individual behavior data records to audit misbehaving people, let them produce it on themselves first and give the example. When we see a serious increase in the levels of sentencing, not just arrests, of public and corporate officials and law enforcement for pedophilia, involvement in drug trafficking, blackmailing, illegal espionage, corruption, and so on, then we'll discuss allowing it for the rest of the population.
Build your own energy sources from scratch. http://otherpower.com/
Actually there is no way in hell they'll do that because last time they tried tracing child porn it led them to the Pentagon! That's right boys and girls, your tax dollars at work, as they had the giant brass balls to actually buy and download CP while sitting there at work in the Pentagon.
And why wouldn't they? Because unlike those poor peasants where they are guilty until proven innocent the prosecutor declined to file charges in nearly all the cases!
So if they want to pass this I think we should start with a five year "zero tolerance" policy for government officials of ALL branches. How much you want to bet they'd be all for privacy then? Sadly this will never be, instead it'll be another case where the law doesn't apply to them, just to everyone else.
ACs don't waste your time replying, your posts are never seen by me.
My sense is that the "need" for ISPs to do their work for them indicates that law enforcement could better utilize their limited resources.
Maybe spend fewer resources on enforcing, say, drug laws, marijuana specifically, and more time and resources on other crimes that actually hurt people?
And I don't necessarily mean physical crimes (assault, murder) -- how about simple burglary or breaking and entering?
A neighbor's house got broken into; the daughter's laptop was stolen and the window to her room was damaged beyond repair. She needed a laptop for school and, obviously, the window needed replacement. So they're out $3k they don't necessarily have and/or she falls behind in school or they can't close the window to her room, none of which are very palatable choices, especially in a Minnesota winter.
Yet, when they called the cops they got two nice guys who gave them a case number and took the laptop S/N "on the very slim chance it turns up."
So, basically there's no resources to do extra patrols or extra investigators but plenty of guys to take down pot dealers. Yay.
This is about as useful as a tank of gas with no car. Especially since courts have already determined that an IP address does not identify a person, rather a machine (pc, router, etc). As evidenced in articles such as these: http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=109242 ; http://yro.slashdot.org/story/09/07/08/1522247/Judge-Rules-IP-Addresses-Not-Personally-Identifiable?from=rss & http://www.techdirt.com/articles/20090708/1323075488.shtml I am sure there is more out there, but if we can't identify a person by IP, then why should I have to keep records of IP traffic for up to 2 years?
--- haasta IT consultant | Web Programmer
We need mandatory data retention for bars and restaurants. Bars and restaurants should be required to retain audio and video surveillance data for six months, in case it's needed by law enforcement.
Implementation should begin with Washington, D.C., to retain evidence of political corruption.
they dont care abought those things. they will just use it to go after movie pirates and music pirates.
If you can show people that what their government wants to do wont actually stop whatever criminal activity people want the government to stop (and more to the point, suggest an alternative that will be more effective in stopping the criminal activity in question) people might just listen.
I admire your optimism, but my experience suggests otherwise. When you bring someone face-to-face with an unpleasant truth, the tendency is to pull a Miracle Max (you know, fingers in their ears while loudly repeating, "nobody's hearing nothing, la la la la"). Why? Because people are generally lazy, and forcing the government to change requires effort. Typically, people are unwilling to expend that effort until things get so bad that they can no longer pretend not to see what's happening around them, and by then, it's usually too late.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?