DOJ Seeks Mandatory Data Retention For ISPs

← Back to Stories (view on slashdot.org)

DOJ Seeks Mandatory Data Retention For ISPs

Posted by timothy on Wednesday January 26, 2011 @01:20AM from the we're-from-the-govt-and-we're-here-to-snoop dept.

Hugh Pickens writes "Computerworld reports that in testimony before Congress the US Department of Justice renewed its call for legislation mandating Internet Service Providers (ISP) retain customer usage data for up to two years because law enforcement authorities are coming up empty-handed in their efforts to go after online predators and other criminals because of the unavailability of data relating to their online activities. 'There is no doubt among public safety officials that the gaps between providers' retention policies and law enforcement agencies' needs, can be extremely harmful to the agencies' investigations,' says Jason Weinstein, deputy assistant attorney general at the Justice Department, adding that data retention is crucial to fighting Internet crimes (PDF), especially online child pornography. Weinstein admits that a data retention policy raises valid privacy concerns however, saying such concerns need to be addressed and balanced against the need for law enforcement to have access to the data. 'Denying law enforcement that evidence prevents law enforcement from identifying those who victimize others online,' concludes Weinstein." Think about how much evidence is denied to law enforcement by envelopes, opaque concrete, and criminals' failure to shout.

28 of 247 comments (clear)

Min score:

Reason:

Sort:

Another unfunded mandate by snobody · 2011-01-26 01:24 · Score: 5, Insightful

So, now ISPs all have to buy terabytes of hard disk space to store all of those log files just in case some nosy prosecutor comes a callin'? ISPs might be better off threatening to just shut down operations and leave their customers disconnected to get the point across to the lawyers in congress that they need to consult with the people they're trying to regulate before throwing impractical solutions at them.
1. Re:Another unfunded mandate by stonewallred · 2011-01-26 01:54 · Score: 5, Insightful
  
  How about passing a law that states no one may sweep, mop, dust or clean any building because of possible evidence? And don't forget to make it illegal to wash or destroy any clothing because it may contain evidence to a possible crime. Not to be an ass, but catch them in the act, catch them through stings or give the fuck up. Ain't no business of the government what I am looking at on line, and the fact they want to hold those records, forcing the ISPs to pay for it (which in turn forces me to pay for it) is fucking retarded just like GWB and Obama's love child would be.
2. Re:Another unfunded mandate by Chrisq · 2011-01-26 02:18 · Score: 5, Funny
  
  Why not send to /DEV/NULL? I
  because my system is case sensitive and you would fill up the hard disk very quickly.
This'll end well... by Onuma · 2011-01-26 01:25 · Score: 3

The government basically has the ability to snoop into about any portion of your life, and some people want to INCREASE that ability? No thank you. He who sacrifices freedom for security deserves neither.

--
What else can happen when an unstoppable force collides with an immovable object?
Warrant? by sureshot007 · 2011-01-26 01:26 · Score: 3, Funny

I think as long as they have strict rules for the burden of evidence for a warrant to see these records, I wouldn't be opposed to it. I don't think that police should have free range over all of this data though. I think this data should be used to help convict people, not discover them in the first place.
1. Re:Warrant? by characterZer0 · 2011-01-26 01:40 · Score: 5, Insightful
  
  I have a problem with it. The want to demand that my ISP increases their costs (which naturally will be passed on to me) to store data to be used against me, despite that I have done nothing illegal. And it will do nothing to catch criminals, because they can just pass all their data through an encrypted tunnel to a VPN provider in another country. Waste of my money.
  
  --
  Go green: turn off your refrigerator.
2. Re:Warrant? by SuricouRaven · 2011-01-26 01:51 · Score: 3, Interesting
  
  We had a recent incident in the UK where a full armed assault team were sent in to raid a guina-pig hut. The high-powered heaters used to keep the pets warm in the winter made the hut glow in infrared, and a building that hot usually means a small pot farm. So in go the SWAT team, only to find out with great embarassment that there were no drugs to be found. Just comfortably warm guina-pigs. It ended up with the department head having to go to visit the family and give his personal apology for the mistake.
3. Re:Warrant? by Anonymous Coward · 2011-01-26 02:08 · Score: 3, Insightful
  
  That would never happen here in the US!
  (In the US, the family would have been forced to watch as the police killed the guina-pig (because it tried to bite one of the officers), and then been forced to stand outside in the cold while the police tore the house apart looking for anything illegal. And when it was all over, there would definitely not have been any apology, and the family would be left needing a new door.)
4. Re:Warrant? by cold+fjord · 2011-01-26 02:18 · Score: 4, Interesting
  
  Most things that the government requires add costs: various forms of record keeping, emission controls on automobiles, workplace safety devices, etc.
  Substitute accountant for ISP and you could make the same argument, including most of the "clever criminals can outsmart law enforcement" argument.
  How is this really different?
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
OK. You can record me if I can record you. by h00manist · 2011-01-26 01:33 · Score: 5, Insightful

If records of my activities are recorded and available for investigation, and I have equal rights, those of all people should be too. Given that home users are directly linked to an ISP and all their activities can be directly monitored with a very high likelyhood of locating and monitoring the proper suspect in an investigation, they are at a distinct disadvantage when compared to others who can mix their activities with many other users in a large office or government division by hiding behind a corporate firewall, who can then respond to investigators with strong legal and technical protections as well. So all government offices and corporations should have their records kept by third parties as well, installed on equipment directly linked to their switches within their environments, and revealed to the public under FOIA and/or judicial order. In fact, for certain positions requiring high public confidence, such as public representatives, publicly traded companies, or groups managing public resources, connection of their own computers and that of their staff should be monitored and records kept for possible future breach of public trust investigations.

--
Build your own energy sources from scratch. http://otherpower.com/
1. Re:OK. You can record me if I can record you. by dkleinsc · 2011-01-26 01:54 · Score: 5, Insightful
  
  See, you don't understand the rules right now. In the post-9/11 world, you have to remember that any attempt by the government to record you is justified until the crisis is over because it is needed to defend your freedom, and any attempt of you to record the government is serious espionage that will result in being locked up for months in solitary confinement without trial until you turn on somebody else that the government wants to prosecute but doesn't have any evidence on.
  Now, please show us your papers.
  
  --
  I am officially gone from /. Long live http://www.soylentnews.com/
2. Re:OK. You can record me if I can record you. by jimbolauski · 2011-01-26 02:03 · Score: 4, Informative
  
  Or you could just use an out of country VPN to hide yourself and if your super paranoid multiple VPNs. The best part is that the pedophiles all ready do this so it won't even help the children, and will probably hurt them because more people will turn to VPN's so the traffic will be even harder to trace.
  
  --
  Knowledge = Power
  P= W/t
  t=Money
  Money = Work/Knowledge so the less you know the more you make
envelopes by UnderCoverPenguin · 2011-01-26 01:41 · Score: 3, Interesting

,quote> Think about how much evidence is denied to law enforcement by envelopes, opaque concrete, and criminals' failure to shout.
I remember reading (several years ago) about a chemical that can supposedly make paper temporarily transparent .Also, seems to me that graphite and even pen ink might show up on an MRI scan. As for concrete, a portable neutron scanner should be useful to get some idea of what is inside. (No idea if such a scanner would be affordable to any but the very most important cases any time soon.)

--
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
The good old "child porn" excuse by dkleinsc · 2011-01-26 01:48 · Score: 5, Insightful

especially online child pornography
There are 3 targets for every government intrusion on civil liberties:
1. Terrorists
2. Child porn
3. Drugs
The law enforcement agencies have determined that those are the issues that can be used to push absolutely anything through. For instance, trying to catch terrorists allows them to grope everybody with absolutely no suspicion of wrongdoing. Drugs allow them to break down your door at 2 AM, guns drawn, without identifying themselves as the government, and in some cases killing people. And of course child porn and terrorism allows them to watch absolutely everything you do online. That these are plainly illegal doesn't matter, because anybody who disagrees with them must be a terrorist, child pornographer, or junkie.
That doesn't mean those threats don't exist, but if they were serious about addressing the real risks around us they'd be focused on more mundane issues like traffic violations.

--
I am officially gone from /. Long live http://www.soylentnews.com/
1. Re:The good old "child porn" excuse by inthealpine · 2011-01-26 02:13 · Score: 4, Insightful
  
  You may have a point. I always found it interesting how the government flips shit about child porn pictures, yet we hear very little of actually catching the people who make the child pornography. I mean, how many people have the feds arrested for having child pornography where the result of that arrest ended with the subject child being rescued from whomever was taking the pictures? It's not like I feel bad for the scum bags being arrested, but if we are doing this ''for the children'', are we actually directly saving any children?
  
  --
  "In God We Trust, All Others Pay Cash"
2. Re:The good old "child porn" excuse by melikamp · 2011-01-26 03:09 · Score: 3, Interesting
  
  Child abuse and child pornography have very little in common. If you are a child pornographer, it is virtually impossible for you to be also a child abuser: child abuse is already against the law in every jurisdiction in the world, and if you put pictures of your wrongdoing online, it's like turning yourself in. We all guess that nearly all child abuse is done by parents, who do it without any kind of incentive besides the abuse itself. They don't do it for money, they don't do it to brag. Only the stupidest of them actually take pictures, and the insane ones share them, and it stands to reason that they are also the ones who tend to get caught (another case for non-commercial distribution being legal). We can all also guess that almost all child porn that's out there is done by Russian cyber-criminals, who don't abuse any children themselves, but rather push around badly-cut RARs with compilations of 30 year old photos of children abused by someone else in the past. Of course there must be exceptions, and there are gray areas having to do with the exact legal age, but when it comes to having 8-year-olds participating in sexual acts, the picture is just as above. IMHO, it is a lie that non-commercial distribution of child porn hurts children (abusing children hurts children, and so does child porn production, as so does commercial distribution, and people who engage in any of these should be in jail), and it is true that modern child porn laws are characteristic of a police state.
Requiring warrants are not a guarantee of anything by h00manist · 2011-01-26 01:52 · Score: 4, Insightful

Requiring warrants doesn't make conditions equal. Once data exists, it leaks, via legal, semi-legal, and extra-legal routes. There's no denying it happens. So if data exists on the public, data should exist on the officials. More so perhaps, as their positions require us to trust them for our basic rights to exist, but they don't need to trust us for their rights to exist. Records on citizens are usually used to prosecute criminals and/or abuse citizens rights. Records on public officials can be manipulated and forged to fake legitimacy. It'll be rare to have it leaked or released for evidence of abusive behavior. So the balance of power the records will supply has to be equalized somehow.

--
Build your own energy sources from scratch. http://otherpower.com/
publicly traded companies? by tacokill · 2011-01-26 02:07 · Score: 4, Insightful

You do realize that publicly traded companies aren't "public" like the government, right?

Despite the misnomer, publicly traded companies are still private entities owned by individuals (or groups of individuals). What the heck gives you the right to see ANYTHING they are doing, aside from normal regulatory compliance?
Stop "Cooperating" With Law Enforcement by chill · 2011-01-26 02:16 · Score: 3, Insightful

Provide the information they seek ONLY when they provide a valid warrant. ISPs should not "informally" cooperate with law enforcement. If there is reasonable suspicion of a crime, the law enforcement agency should be able to convince a judge of that and obtain a warrant. Checks and balances.

--
Learning HOW to think is more important than learning WHAT to think.
1. Re:Stop "Cooperating" With Law Enforcement by PPH · 2011-01-26 03:39 · Score: 3, Interesting
  
  Remember how well this worked with the telcos? When the constitutionality of law enforcement's extra-judicial National Security Letter (NSL) program was called intto question and they (the telcos) were at risk of lawsuits for having turned over data, they went crying to Congress for amnesty. And they got it. So why shouldn't they cooperate? Their down side (pissing off dirty cops) is too great.
  The NSL program continues to this day unabated. And some of these letters and the subsequent data collection isn't in support of criminal investigations. Its for political or even industrial espionage. Want some info on a competitor (particularly if its foreign)? Got a buddy in the FBI? No problem. They'll tap their phone/-email for you.
  I say: All subjects (at least US persons) subject to monitoring shall be served with the warrant or NSL at some reasonable time following the investigation. And no amnesty for ISPs or telcos unless they can be forced to testify against corrupt law enforcement officials in court should those letters be abused by corrupt LE officials.
  
  --
  Have gnu, will travel.
Re:Child Pornography by SuricouRaven · 2011-01-26 02:18 · Score: 4, Informative

Originally, just sexual abuse of children was illegal. Then it became child pornography, on the grounds that demand for it created an incentive to abuse children. After that though, it just got sillier and sillier. It's a ratchett effect - any politician can gain by tightening or extending the law in this area, but to so much as suggest weakening it would open one up to accusations of not careing about protecting children. So the laws can only ever get broader, never narrower.
Wow .... by gstoddart · 2011-01-26 02:24 · Score: 4, Insightful

So, we should monitor everybody so that if in the future we need to monitor a specific person, we'll already have the data. Brilliant!
Welcome to the surveillance society. Wouldn't this run afoul of the whole "unreasonable search and seizure"? Hell, keep everybody's web history long enough and you'll likely find something you could use against them.
I completely disagree that ISPs should just track everything in case law-enforcement wants it at some point. It's a little Orwellian, and I fear that it is only going to get worse -- in their zeal, governments are really going overboard. This is just depressing.

--
Lost at C:>. Found at C.
1. Re:Wow .... by gstoddart · 2011-01-26 03:01 · Score: 3, Insightful
  
  All they're asking for is for ISPs to retain DHCP logs longer.
  For now. But this snippet from the linked PDF is kind of scary:
  
  Federal law permits the government only to request that providers preserve particular records relevant to a particular case while investigators work on getting the proper court order, subpoena, or search warrant to obtain those records.
  This approach has had its limitations.
  Basically, "we find it inconvenient that by law we're only allowed to ask for specific information based on an on-going investigation, we would like some blanket powers so we don't need to bother with this".
  Hell, in my book, anybody who is quoting Alberto Gonzales is not to be trusted ... Gonzales routinely made awful decisions like "it's legal because we say so" and "who needs habeus corpus?". From the PDF again ... "Former Attorney General Gonzales similarly testified about “investigations where the evidence is no longer available because there's no requirement to retain the data.”"
  Looking at this section:
  
  In some ways, the problem of investigations being stymied by a lack of data retention is growing worse. One mid-size cell phone company does not retain any records, and others are moving in that direction. A cable Internet provider does not keep track of the Internet protocol addresses it assigns to customers, at all. Another keeps them for only seven days—often, citizens don’t even bring an Internet crime to law enforcement’s attention that quickly. These practices thwart law enforcement’s ability to protect the public. When investigators need records to investigate a drug dealer’s communications, or to investigate a harassing phone call, records are simply unavailable.
  they're pulling out pretty much all of the bogey-men to say "we need to be able to monitor everything just in case". They cite child abuse, drugs, terrorism ... harassing calls. While these are legitimate law enforcement targets, it's definitely stating the case that they'd really like to be able to monitor everything.
  Hell, even the wording they use is charged "Most responsible providers are already collecting the data that is most relevant to criminal and national security-related investigations." ... meaning those who aren't actively helping the government monitor everything are irresponsible and therefore evil.
  This just sets them up for way too many fishing trips as far as I'm concerned. You can't just simply apply surveillance and monitoring against an entire society "just in case". This is just plain bad, and it's more like something Iran or Stalinist Russia would do.
  
  --
  Lost at C:>. Found at C.
Time Warner by inthealpine · 2011-01-26 02:30 · Score: 5, Interesting

I was a stand in security and abuse coordinator for a little less than a year at Time Warner Cable. All it took was a subpoena faxed to the office for us to hand over any data request. A lot of times cops would get pissed because a police letterhead fax wasn't enough, but it takes no time to get a subpoena. Police would try to say they were afraid the data could get purged if they didn't get it now, versus a few hours from now which is BS. I would tell them I already pulled the requested data and had it right in front of me so no worries about it being purged, they were not amused.

If any expansion of power is needed it should be the ability to have a request to hold data while a subpoena is processed. That is a simple answer, but the government isn't interested in simple answers its intent is to chip away at privacy so it can do whatever it wants whenever it wants.

--
"In God We Trust, All Others Pay Cash"
Re:Requiring warrants are not a guarantee of anyth by Anonymous Coward · 2011-01-26 02:32 · Score: 5, Insightful

It's not going to be just the police. If the data is there it will be available to civil suits. Things like showing your ex-spouse visits porn sites and is clearly not a suitable parent.
Re:Let them give the example, and record themselve by hairyfeet · 2011-01-26 03:14 · Score: 3, Informative

Actually there is no way in hell they'll do that because last time they tried tracing child porn it led them to the Pentagon! That's right boys and girls, your tax dollars at work, as they had the giant brass balls to actually buy and download CP while sitting there at work in the Pentagon.
And why wouldn't they? Because unlike those poor peasants where they are guilty until proven innocent the prosecutor declined to file charges in nearly all the cases!
So if they want to pass this I think we should start with a five year "zero tolerance" policy for government officials of ALL branches. How much you want to bet they'd be all for privacy then? Sadly this will never be, instead it'll be another case where the law doesn't apply to them, just to everyone else.

--
ACs don't waste your time replying, your posts are never seen by me.
How about law enforcement prioritization? by swb · 2011-01-26 03:22 · Score: 5, Insightful

My sense is that the "need" for ISPs to do their work for them indicates that law enforcement could better utilize their limited resources.
Maybe spend fewer resources on enforcing, say, drug laws, marijuana specifically, and more time and resources on other crimes that actually hurt people?
And I don't necessarily mean physical crimes (assault, murder) -- how about simple burglary or breaking and entering?
A neighbor's house got broken into; the daughter's laptop was stolen and the window to her room was damaged beyond repair. She needed a laptop for school and, obviously, the window needed replacement. So they're out $3k they don't necessarily have and/or she falls behind in school or they can't close the window to her room, none of which are very palatable choices, especially in a Minnesota winter.
Yet, when they called the cops they got two nice guys who gave them a case number and took the laptop S/N "on the very slim chance it turns up."
So, basically there's no resources to do extra patrols or extra investigators but plenty of guys to take down pot dealers. Yay.
Mandatory data retention for bars and restaurants by Animats · 2011-01-26 05:33 · Score: 3, Insightful

We need mandatory data retention for bars and restaurants. Bars and restaurants should be required to retain audio and video surveillance data for six months, in case it's needed by law enforcement.
Implementation should begin with Washington, D.C., to retain evidence of political corruption.