Slashdot Mirror
Law Enforcement Still Wants Mandatory ISP Log Retention
schwit1 writes with this snippet from CNet: "Law enforcement representatives are planning to endorse a proposed federal law that would require Internet service providers to store logs about their customers for 18 months. ... Michael Brown, sheriff in Bedford County, Va., and a board member and executive committee member of the National Sheriffs' Association, is planning to argue that a new law is necessary because Internet providers do not store customer records long enough. 'The limited data retention time and lack of uniformity among retention from company to company significantly hinders law enforcement's ability to identify predators when they come across child pornography,' according to a copy of Brown's remarks. Any stored logs could, however, be used to prosecute any type of crime."
hinders law enforcement's ability to identify predators when they come across child pornography
The root password to the Constitution.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Why don't they mandate the city keep garbage for 6 months, so it can be used to prosecute poeple?
Would you want the government following you everywhere, taking notes of everything you do, all with the intent that they can later prosecute you for pretty much anything that they can come up with? And this extends to private companies and interests who should never have access to such data (RIAA, MPAA) now able to get it through the courts because it now exists in the first place? That's what this is all about.
It becomes an argument for anonymous browsing on everything you do, until they figure out how to either track, or ban, that too.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Every time there is a push to reduce our privacy rights online, it's ALWAYS in the guise of child pornography. I mean seriously, how serious of a problem is it? Why does law enforcement need to know I go to slashdot.com daily or watch porn every other day? Why don't they just store data for child pornography sites?
Just because the U.S. is a republic does not mean it is not a democracy. Democracy/republic are not mutually exclusive.
1. All speed traps are video recorded and offer the ability to clock the car with a stopwatch to verify it was actually speeding. Sort of like reverse VASCAR.
2. Every interaction with a police officer will be recorded with video and audio--they're doing this in Burnsville, MN. Thing is we need to have these videos recorded to WORM discs and those need to be made available to the public in every single situation without charge.
3. Anytime a law enforcement officer tells a lie to scare someone they can be sued.
---
I could continue but it's pointless. It's easier for the ISPs to simply tell them 'no'.
Any security claim that is solely motivated by child pornography I regard as bogus. Been to that well a few too many times.
Is there anything stopping potential criminals from just popping down to the local library or internet cafe?
Hell, whenever I would pull a practical joke on a friend back in college, I never logged into a machine from the computer in my dorm - made it too easy for them to find out who'd been messing with their account. I'd just go down to the local computer lab and do it from there.
Or does this law mandate that every computer require a valid driver's license to be swiped before logging on?
how about people scared to go out in the world just stay home instead of everyone give up their freedoms.
I wonder if this is going to affect the price of space on server farms? And then we will need more officers to read the growing data. Sounds like inflation.
Gently reply
it's there job. It's our job to fight thay don't get it. The best way is through codified rules.
The Kruger Dunning explains most post on
Law Enforcement Still Wants Mandatory ISP Log Retention
Yeah? And I still want every law enforcement officer perpetually monitored and recorded to prevent abuse of power ect. Yet, they're still fighting simply being recorded.
What kind of logging are they going to expect to come from all the VPS's out there? I have two VPS's, each of which I use for two different domains I own. I also manage a third VPS for a non-profit group. Unless the ISP starts to log every single bit of data that comes into and out of my VPS this law is going to be absolutely useless to dealing with traffic that goes through a VPS.
There's no way in hell I'm going to forward the syslogs, mail logs, etc. of my linux hosts to an ISP for them to archive for an arbitrary amount of time. I'll simply pay a little bit more to use a VPS provided by a foreign provider that's outside of the reach of US laws.
And even if they did somehow manage to force VPS users to forward logs to the ISP for storage, how would they know that what I'm sending them is everything? I'm a pretty decent professional linux systems administrator. It wouldn't be all that hard to filter out some stuff and only send the ISP's log server what I want them to see.
Once again we see an excellent of an example of a proposed law that only makes things more difficult for the innocent and ignorant, and will have little effect on those who have the knowledge and desire to avoid it.
Mandatory data retention is a current issue in Europe, too. There's a EU directive that requires member countries to implement data retention laws. It's one the biggest public issues in German telecommunication politics (way bigger than net neutrality, for example) and one of the biggest public issues in the overall field of privacy.
More info if anybody is interested: http://www.vorratsdatenspeicherung.de/content/view/46/42/lang,en/
And an article from the Irish Times titled "German evidence shows no justification for data retention": http://www.irishtimes.com/newspaper/finance/2011/0617/1224299068085.html
Switch back to Slashdot's D1 system.
I read this as a government request to gather evidence in advance of a crime being committed. Is there any precedence for this?
I realize that many companies have security camera recordings and other records that could later used as evidence after a crime has been detected. But those are not government mandated.
Its always about the kids, as we give up our freedoms with fanfare and waiving flags.
This is how democracy dies.
---- Booth was a patriot ----
when this law comes in it'll be way more profitable to set up backdoors and use other peoples computers to visit specially set up child porn sites so that the ISP keep the logs and then sends them a nice message that say they $50K or you get reported for visiting child porn site.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
But if we only made drug & CP possession only a misdemeanor with maybe some mandatory *Anonymous counseling or something, the prisons would suddenly stop overflowing. Then again, nearly half of the FBI agents would be out of a job. I suppose those jobs are more important than getting real help to people...
In the black and white world of "you're either with us or against us", you are either for this bill and against child pornography or you are against this bill and for child pornography. If you try bringing some sanity into it, they will pound that point and make it seem you're eluding it.
Previously, the big excuse for surveillance was "terrorism". Now that a SEAL team not only killed bin Laden, but captured all his records, it's clear that he hadn't been accomplishing much besides hiding out for years. So the surveillance lobby has to fall back on kiddie porn again.
The biggest current threats to the United States are the Mississippi River system, the Federal deficit, and white-collar crime in the financial sector.
Of course law enforcement wants yet another invasion on the public's rights!
If law enforcement had its way every person would have a surgically attached collar with GPS, microphones and cameras, and tampering it would trigger explosives (which could also be set off remotely at any time--without a judge's order, of course--by any LEO).
Then again, it worked for the Barast...
No need to worry. Obama would surely veto such a law if passed by Congress. He said we didn't need to make a false choice between our security and our liberty.
This is a really bad idea. A data breach WILL happen, i can gaurantee it. In fact, some with sinister motives will want to get that data, those of major corporations may want to get information on people who are trying to form a union, for instance, or a corrupt government official may want to get information on people critical of him.
What also concerns me is how this sort of thing will likely simply destroy privacy altogether and as well the system of search warrants may be rendered ineffective. Search warrants really need to be about particular people. Therefore you have to know who those people are already. If you ask for a search warrant for all who looked at a website, you dont know who those people are already, its basically just a blanket thing that pulls in massive amounts of data and allows massive survellance. It is indeed unconstitutional, of course. This is a very dangerous tendancy, and tis even possible they make up pages specifically for the purpose of people accidentily looking at the page, perhaps even, for instance, to develop a page about communism and then place a little bit of what is considered illegal somewhere on there, and viola, you get to arrest a bunch of communists.
The element that makes an individual's actions the actions of government is duty. If you have a duty to take a governmental action, and you're in good faith performance of that duty, your actions are the actions of government. So you don't have to be a government employee to be an agent of government. You could be a government contractor (duty incurred by contract), a volunteer with the consent of government (duty incurred by less formal agreement) or even a conscript, forced to take a government action against your will, as in this case.
If ISPs are forced to retain these logs, that force would impose a duty to take a government action. They'd get in trouble if they didn't do it. That makes their actions the actions of government. And that means that the action has to obey the Constitution. In other words, it becomes a government search without probable cause that a crime has been committed. And that makes it subject to the Exclusionary Rule and the Doctrine of the Fruits of the Poisoned Tree.
The government cannot force you to do something that the government itself is not constitutionally allowed to do. Any attempt to do so by legislation would be unconstitutional, not a law, never was, IMVHO.
Bitchin' on Slashdot is fun, but ....
If you really care, write these clowns who introduce nonsense legislation and your own Senator/Congressman/woman.
Congressman Lamar Smith
Washington D.C. Office
2409 Rayburn House Office Building
Washington, DC 20515
202-225-4236 202-225-8628 fax
Hours: 8:30am - 6:00pm EST, Monday - Friday
San Antonio Office
1100 NE Loop 410 Suite 640
San Antonio, TX 78209
210-821-5024 210-821-5947 fax
Hours: 8am - 5pm CST, Monday - Friday
Washington, DC Office
Debbie Wasserman Schultz 118 Cannon HOB
Washington, D.C. 20515
Phone: (202) 225-7931
Fax: (202) 226-2052
Aventura, FL Office
Debbie Wasserman Schultz 19200 West Country Club Drive, 3rd Floor
Aventura, FL 33180
Phone: (305) 936-5724
Fax: (305) 932-9664
Pembroke Pines, FL Office
Debbie Wasserman Schultz 10100 Pines Blvd.
Pembroke Pines, FL 33026
Phone: (954) 437-3936
Fax: (954) 437-4776
once they have 18 months they'll say it's not long enough and they need 36 months. Rinse and repeat until logs are retained for the lifetime of the customer plus 70 years.
from a related TFA:
A Republican aide to the House Judiciary committee, who did not want to be identified, said the bill exempts wireless providers because their networks are designed in such a way that IP addresses are assigned to multiple users or accounts and they are "not technologically capable of retaining the type of data that law enforcement needs because that's not how their system works."
(emph mine).
so....
the ones they most want to catch will probably be aware of what avoidance tactics to take - and will migrate to where its 'safe'!
you've just dragnetted the whole population and missed who you SAY you are after.
of course, its a ruse. you are after US, not the bad guys, but the good guys, mostly. you want to be able to pull up dirt on anyone, on command, to use as it suits you.
pathetic what passes for 'law enforcement' these days.
--
"It is now safe to switch off your computer."
The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation.
--Adolf Hitler, Mein Kampf
Child porn is one of those things that can make someone who is otherwise reasonably logical go in to total witch hunt mode. So if you go to them and say "We want your ISP to log everything you do so that we can examine it if we think you've committed any crime, drug use, tax evasion, etc." The person says "Hell no! You don't need that kind of access." However when they say "We want your ISP to log everything you do so that we can catch people who look at child porn," and the person says "Ya! Burn the pedos! I'll give up any rights to stop them!"
It is something that law enforcement has discovered is a great way to get normal people to just stop thinking and give them what they want. They use it to shut down argument because if someone argues against it they pull out the "So you don't care about children?" card and people get all witch-hunty and don't listen to arguments.
It is just one of those things that is extremely effective in America (terrorism is nearly as effective). You claim that you need to do X to prevent child pornography and people will give up rights that they wouldn't if you claim it is needed to prevent other kinds of crimes.
It's one thing for the guy running a web server to keep logs for 18 months. That's probably easy given cheap disk and compression. But the web site host is not an ISP. They could be anybody, and they're probably not going to record logs if they have material they want to hide.
It would be impossible for an ISP to record all traffic though. I have a 100 Mbit/s connection to the internet now. Can they possible write a record to disk of every connection I make over HTTP? How about NNTP, SMTP, etc. Then, multiply that across tens of thousands of users at today's broadband speeds. It just can't be done!
For an analogy, have someone hop on a subway train and record in a notebook every time one person speaks to another person. Then, assume there are 200 people on each subway car, multiplied by 200 cars, multiplied by hundreds of cities... You'd exhaust the worlds paper supply in a week!
At best, they should be able to give a warrant to an ISP to record a specific IP address for a period of time just like a normal wire tap would happen.
I am surprised that there are not many comments about the amount of storage that would need. If EVERY packet that [asses through an ISP in the US was kept for 18 months. How many storage would be needed. Of course, the ISP would pass that extra cost on to the consumer. Internet connections in the US are expensive enough without adding the cost of that.
By the way, It is my opinion you can't convince the "think of the children" crowd on legal matters. They don't care if a proposed law might be unconstitutional, they will try to pass it anyways . If you mention how expensive the proposed law would be, there might be a chance of torpedoing the proposed law.
The ISP's should just say "yes" and then send them a bill for the data retention. Watch how fast it gets retracted when local voters have to foot the bill through taxes and etc.
C|N>K
not just control freaks. They are fattening their wallet while on their job.
http://news.yahoo.com/arizona-town-disarray-mayor-alleges-corruption-012411346.html
http://www.youtube.com/watch?v=YPY3BIsVQq8
http://www.youtube.com/watch?v=8C6uQ1O6dTk
Welcome to USSA!
New Economic Perspectives
Assuming a 2 hour lease time, and 5000 customers, that is 60000 lines a day. That times 20 characters per line, is 1,200,000 bytes. Roughly 1 meg per day. So, 500 meg for the period in question.
Yeah, I was hoping too, but no dice here.
No, my DHCP server is getting a wifi card!
if law enforcement can do their job in a timely manner then they wont need this level of logging.
if they cannot then perhaps we need better people in law enforcement.
the system serves the people, not the other way around.
Anons need not reply. Questions end with a question mark.
If you read the articles, they're really just talking about storing the dynamic IP address (DHCP) assignment records, showing when each customer was handed a particular IP to use, and when they stopped using it. So perhaps 1-2 records per week per customer, or less -- I still have the same "dynamic" IP from my cablemodem provider as when I first signed up a year ago. To oversimplify, it's the difference between asking a hotel to put a camera in every room versus just keeping a register of who has received a key and whether they've checked out yet. And this law lets the wireless carriers keep running their no-tell motel operation.
I do not deploy Linux. Ever.
As far as I'm concerned it's very clear who the real 'predators' are in this scenario. That sort of ridiculous macho bullshit deprieves their claims of any credibility.
The Pope is catholic, Water is wet, and stock in Hard Drive manufacturers is climbing
Really, I'm surprised they're not going for 24 or even 48 months. Of course law enforcement wants logs. (much easier to request than active taps/trace/wiretaps) and they can go back in time effectively.
my concern isn't primarily with law enforcement having access to logs that far back, but with 2 things
1) selling them for profit (see recent Supreme court case about dr.'s prescribing habits)
2) use in civil cases.
I will not give in to the terrorists. I will not become fearful.
they also want an exemption from this Panopticon for law enforcement officers and their families. Another one for lawmakers and their staff will be added during legislation. Pigs.
The fact that the government did something doesn't mean that they're allowed to do it. The biggest problem is that people simply except BS.
Is monitoring the communications of a doctor a violation of doctor patient confidentiality rules? What about the clergy? If it is then becoming a priest of FSM should be a simple way to ensure no logging.
Terrorism, drugs, and "piracy" (copyright, not Somalia coastline) are sometimes used to justify new freedom-killing laws without even a mention of photos of children in adult situations.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This is unreasonable search and seizure by proxy.
To require retention for periods longer than needed
by the ISP is seizure of all our internet history.
Clearly to me ALL is unreasonable.
And while the data size is astounding it
is yet another liability that the ISP must
manage. For example the whitehouse.gov
ISP must retain this info for 18 months.
This gives hackers 18 months to hack the
data and punt it to an iranianwikileaker
or perhaps a koreanwikileaker...
Or perhaps this is a conspiracy by archive
media companies and data mining companies.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
https://btjunkie.org/torrent/Witch-Hunt-2008-DvDrip-English-Documentary-FxW/435873065e140ccdacc35c3ebb5c40bb81c27163dea7
Thank you, Edward Snowden.
"Arguments from authority are worthless." —Carl Sagan
No snowflake in an avalanche has ever looked back and said, "Look what I did!"