Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DOJ Seeks Mandatory Data Retention For ISPs

timothy posted more than 3 years ago | from the we're-from-the-govt-and-we're-here-to-snoop dept.

Government 247

Hugh Pickens writes "Computerworld reports that in testimony before Congress the US Department of Justice renewed its call for legislation mandating Internet Service Providers (ISP) retain customer usage data for up to two years because law enforcement authorities are coming up empty-handed in their efforts to go after online predators and other criminals because of the unavailability of data relating to their online activities. 'There is no doubt among public safety officials that the gaps between providers' retention policies and law enforcement agencies' needs, can be extremely harmful to the agencies' investigations,' says Jason Weinstein, deputy assistant attorney general at the Justice Department, adding that data retention is crucial to fighting Internet crimes (PDF), especially online child pornography. Weinstein admits that a data retention policy raises valid privacy concerns however, saying such concerns need to be addressed and balanced against the need for law enforcement to have access to the data. 'Denying law enforcement that evidence prevents law enforcement from identifying those who victimize others online,' concludes Weinstein." Think about how much evidence is denied to law enforcement by envelopes, opaque concrete, and criminals' failure to shout.

cancel ×

247 comments

Another unfunded mandate (5, Insightful)

snobody (990539) | more than 3 years ago | (#35007532)

So, now ISPs all have to buy terabytes of hard disk space to store all of those log files just in case some nosy prosecutor comes a callin'? ISPs might be better off threatening to just shut down operations and leave their customers disconnected to get the point across to the lawyers in congress that they need to consult with the people they're trying to regulate before throwing impractical solutions at them.

Re:Another unfunded mandate (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35007618)

As an unfunded mandate it would effectively be a stealth tax. Either the firm eats the cost and lowers returns or they raise prices. No matter what the firm does someone will pay (either investors or customers). I doubt the politicians will support an effective tax increase in the current environment, especially given that it would not help with the deficit.

Re:Another unfunded mandate (5, Insightful)

stonewallred (1465497) | more than 3 years ago | (#35007846)

How about passing a law that states no one may sweep, mop, dust or clean any building because of possible evidence? And don't forget to make it illegal to wash or destroy any clothing because it may contain evidence to a possible crime. Not to be an ass, but catch them in the act, catch them through stings or give the fuck up. Ain't no business of the government what I am looking at on line, and the fact they want to hold those records, forcing the ISPs to pay for it (which in turn forces me to pay for it) is fucking retarded just like GWB and Obama's love child would be.

Re:Another unfunded mandate (2)

JBL2 (994604) | more than 3 years ago | (#35007622)

Why not send the data to "law enforcement" in real-time, and let them worry about storing it?

Re:Another unfunded mandate (1)

olsmeister (1488789) | more than 3 years ago | (#35007824)

Why not send to /DEV/NULL? I think the real issue here is the fact that the information is being kept, and not necessarily the mechanics of how it is done.

Re:Another unfunded mandate (5, Funny)

Chrisq (894406) | more than 3 years ago | (#35008130)

Why not send to /DEV/NULL? I

because my system is case sensitive and you would fill up the hard disk very quickly.

Re:Another unfunded mandate (2)

enaso1970 (759924) | more than 3 years ago | (#35007924)

The NSA will help - they need something to put on that 150 yottabyte system they're thinking about. Or are they planning the world's greatest porn repository ever in a socialist takeover of another great American business. In which case they may need more space soon.

Re:Another unfunded mandate (1)

Charliemopps (1157495) | more than 3 years ago | (#35008148)

Speaking from experience an ISP with a couple of million customers keeping DHCP log files for all of them, stored in flat text files, come to about 1-2gig per day. Stored in a proper database, they are <100mb per day. That's all I've seen Law Enforcement ever ask for "Who does was using this IP address on this date?" and the DHCP logs cover that.

The problem isn't the storage. The problem is the retrieval. You've got to remember DHCP logs go by mac address. Finding out which customer was on a paticular piece of equipments MAC address 2 years ago is virtually impossible. Equipment moves, people move, things break and new stuff gets bought.

There are other solutions, PPOE for example... but that would require a lot of ISPs to make some huge changes to their infrastructure.

Basically, what I'm saying is, 2yrs of log files wont do them a whole lot of good in most cases.

Re:Another unfunded mandate (1)

Danathar (267989) | more than 3 years ago | (#35008366)

Is it 2Gigs after compression?

Re:Another unfunded mandate (1)

lamber45 (658956) | more than 3 years ago | (#35008698)

Postgres has data-types for storing MAC addresses and IP addresses: manual section 8.8. Now the only other thing you need is a table of equipment by MAC address and time-range... although maintaining that table would be a big unfunded mandate if you don't do it already.

Re:Another unfunded mandate (2)

bleh-of-the-huns (17740) | more than 3 years ago | (#35008720)

More so, logging via MAC address, which is a modifiable identifier is a moot point. For example, I have FIOS, I have long since replaced my actiontec router (three times actually), and use an openbsd box as my primary gateway/firewall, for the DHCP to function, I had to forge the mac address of the actiontec on the openbsd box.. easy enough to reset, and when they show up, the actiontec router I have will have a different mac address. Obviously, this will not remove all suspicion since the MAC is associated with my account, but it could introduce enough doubt to screw with court orders and potential lawsuits..

Re:Another unfunded mandate (1)

commodore6502 (1981532) | more than 3 years ago | (#35008164)

1) This new interface sucks. First my classic, text-only settings have disappeared which slows donw loading a LOT. Second the Menus and "reply" buttons do not appear on Mozilla Seamonkey or Opera. I have to set the "mask as internet explorer" flag to trick slashdot into believing Mozilla/Opera are IE. Bogus.

2) Back to topic:

I suspect the monopolies like Verizon, Comcast, Cox, Cablevision, Time-warner, and so forth can easily afford the extra burden. Who the unfunded mandates will hurt are small time companies like Mom&Pop ISP or Glendive Montana ISP.

And where the heck if the plain text format option? I want paragraphs, not one giant runon sentence. (sigh) Insert break; insert break; insert bold; insert break.... feels like I've taken a step back to the old pre-windows word processors where you needed to use codes to format. Bogus squared.

Devils advocate - I do understand the cops (2, Interesting)

h00manist (800926) | more than 3 years ago | (#35008370)

I do understand the cops. There is a lot of crime, and there is data available to catch crime, without having to resort to infiltrating organized gangs and risking the life of an investigator. Access to that data that could save a lot of lives and abuse and trouble, but such data collection is prohibited under privacy laws. Now, they must understand the public position if they want data to be able to do their jobs better. Allowing data to be collected is a serious invasion of privacy, basically amounts to strongly reducing rights of privacy, secrecy and anonymity. And the data will certainly leak in lots of ways. So, if they want data on people, they have to give up data on themselves. There is also a lot of crime and abuse that happens within police, government, legal offices, government offices, and corporate offices. The public needs that investigated too. Data can be collected in those places too. Equal rights. Certified collection, storage and authenticity of behavior data on everyone, on all levels, accessible to everyone, on all levels, on equal condition, or no data for anybody. That included everyone. Lawyers, justices, policemen, security officials, corporate employees, executives, their families, dogs, everyone. If you have privacy, I have privacy, if you have data, I have data. If you can read my writing, my reading, and my mind, I can read your writing, your reading, and your mind. And we all want full system auditing rights, too.

Re:Another unfunded mandate (0)

Anonymous Coward | more than 3 years ago | (#35008574)

How secure would these logs be ? Are ISP's going to have to treat these logs like crime scenes to prevent tampering etc.? Adhere to evidence standards? Are they going to have to provide redundant copies in case of hardware failure ? Provide audit information of any users who may have been able to update or view logs ?

I think there are more potential expenses besides storage space.

How useful would two year old logs be anyway?

Re:Another unfunded mandate (-1)

Anonymous Coward | more than 3 years ago | (#35008618)

The title should say: Department of JEWS Seeks Mandatory Data Retention For ISPs...

As obviously we can't have people telling the truth about Jews (in other words, "saying bad things about them"...)

And how nice to see that the cretins at Slashdot have made things even GREYER. How very original! Why, I can hardly read the text below me - 'dark' grey text on a light grey background - sheer genius! I'm sure it really conforms to the W3C's minimum contrast standards (and common sense), and is nothing to do with huge egos and blind stupidity.

FIX IT YOU CRETINS. Here's a hint:
color: #000;

floooiirst prost (1)

Larry The Black Fag (812280) | more than 3 years ago | (#35007540)

haha yes in your face mom!

This'll end well... (3)

Onuma (947856) | more than 3 years ago | (#35007544)

The government basically has the ability to snoop into about any portion of your life, and some people want to INCREASE that ability? No thank you. He who sacrifices freedom for security deserves neither.

Re:This'll end well... (1)

h00manist (800926) | more than 3 years ago | (#35007706)

Just link the monitoring of the public to the monitoring of the government.

Warrant? (3, Funny)

sureshot007 (1406703) | more than 3 years ago | (#35007552)

I think as long as they have strict rules for the burden of evidence for a warrant to see these records, I wouldn't be opposed to it. I don't think that police should have free range over all of this data though. I think this data should be used to help convict people, not discover them in the first place.

Re:Warrant? (5, Insightful)

characterZer0 (138196) | more than 3 years ago | (#35007668)

I have a problem with it. The want to demand that my ISP increases their costs (which naturally will be passed on to me) to store data to be used against me, despite that I have done nothing illegal. And it will do nothing to catch criminals, because they can just pass all their data through an encrypted tunnel to a VPN provider in another country. Waste of my money.

Re:Warrant? (1)

SuricouRaven (1897204) | more than 3 years ago | (#35007720)

It'll help catch the stupid criminals, at least. Why go after the smart ones when the convictions-per-dollar rate is so much better catching the dumb ones?

Re:Warrant? (2)

thejynxed (831517) | more than 3 years ago | (#35007972)

They already catch the stupid criminals without this.

This is nothing but security theater, just like it is over in Europe.

Oh wait, it's the 10 year anniversary of 9/11 this year, coincidence? I think not.

Re:Warrant? (0)

Anonymous Coward | more than 3 years ago | (#35008270)

There are a lot of logs that help catch the dumb ones; we do not need more stuff that almost never would be used for legit law enforcement, but likely just sit there and be a fat, juicy target for civil cases and blackhats wanting to virtually "case a joint" before attacking it.

Against the dumb thieves, we already have Apache logs, IIS logs, Exchange mail logs, system logs, router packet logs, firewall logs, application level logs, database level logs, pretty much everything up and down the stack. The low hanging fruit also get nailed through VPNs, such as the guy who got into Palin's account. Yes, he was using a VPN, but the VPN just turned over the IP to IP matches.

LEOs are seriously shooting themselves in their own foot with this proposal. In reality, what will happen is that the dumb crooks will get smarter and start using VPN services, likely offshore, likely in countries that do not give a rat's ass about US law of any kind. Then, instead of passive monitoring and intel gathering, the game jumps to either hijacking endpoints, or actively stepping in and forcing ISPs to block VPN services.

Forcing ISPs to block VPN services will result in a cat and mouse game.

IMHO, I say leave the status quo the way it is. Most dumb people don't even care about HTTP versus HTTPS, but if it becomes commonplace that ISPs are actively eavesdropping and handing the logs over, they will start covering their tracks, making it far harder for LEOs to present a case in court other than the "he uses encryption, he must be guilty!" type of debate.

Bad idea all around. Yes, the CP guys should be dealt with in ways unprintable, but forcing ISPs to save all traffic is just going to make it harder in the long run.

Let them give the example, and record themselves. (2)

h00manist (800926) | more than 3 years ago | (#35008494)

If they want individual behavior data records to audit misbehaving people, let them produce it on themselves first and give the example. When we see a serious increase in the levels of sentencing, not just arrests, of public and corporate officials and law enforcement for pedophilia, involvement in drug trafficking, blackmailing, illegal espionage, corruption, and so on, then we'll discuss allowing it for the rest of the population.

Re:Warrant? (4, Interesting)

cold fjord (826450) | more than 3 years ago | (#35008126)

Most things that the government requires add costs: various forms of record keeping, emission controls on automobiles, workplace safety devices, etc.

Substitute accountant for ISP and you could make the same argument, including most of the "clever criminals can outsmart law enforcement" argument.

How is this really different?

Re:Warrant? (1)

Anonymous Coward | more than 3 years ago | (#35008402)

no different. no constitutional authority for any of it.

Re:Warrant? (1)

blueg3 (192743) | more than 3 years ago | (#35008314)

And it will do nothing to catch criminals, because they can just pass all their data through an encrypted tunnel to a VPN provider in another country.

This argument isn't correct. You assume that every criminal will circumvent this measure. That ignores all the criminals who don't (obviously). Given that there are a ton of great ways out there already to avoid getting caught doing bad things on the Internet and lots of criminals don't bother with any of them, it seems likely that lots of criminals also won't bother circumventing ISP logs.

Re:Warrant? (0, Insightful)

Anonymous Coward | more than 3 years ago | (#35007748)

I think as long as they have strict rules for the burden of evidence for a warrant to see these records, I wouldn't be opposed to it. I don't think that police should have free range over all of this data though. I think this data should be used to help convict people, not discover them in the first place.

Do you honestly think law enforcement would use that kind of restraint? I know that some prosecutor, looking to build his political career (think gubernatorial "law and order" candidate ), will troll the logs after getting them for some vague "tracking down a 'predator'" reason and he'll be looking at anything and everything.

Oh, read an article about pot. Gotta look at him closer!

Ooooooo! This guy looked at "teen porn"! Let's see if any of that "teen" porn went below 18....

And this guy looking up guns that have magazines larger than the state law allows, let's have a look around his house.

And THIS guy is buying Halide lights supposedly for his reef tank. I wonder if his reef tank is really a reefer garden in his basement.

It goes on. It has happened. Whenever law enforcement gets powers or gadgets (infrared cameras for example) they'll abuse it. And if they find nothing, Oh well! Move along citizen or "you'll be in BIG trouble!"

Re:Warrant? (3, Interesting)

SuricouRaven (1897204) | more than 3 years ago | (#35007802)

We had a recent incident in the UK where a full armed assault team were sent in to raid a guina-pig hut. The high-powered heaters used to keep the pets warm in the winter made the hut glow in infrared, and a building that hot usually means a small pot farm. So in go the SWAT team, only to find out with great embarassment that there were no drugs to be found. Just comfortably warm guina-pigs. It ended up with the department head having to go to visit the family and give his personal apology for the mistake.

Re:Warrant? (3, Insightful)

Anonymous Coward | more than 3 years ago | (#35007996)

That would never happen here in the US!

(In the US, the family would have been forced to watch as the police killed the guina-pig (because it tried to bite one of the officers), and then been forced to stand outside in the cold while the police tore the house apart looking for anything illegal. And when it was all over, there would definitely not have been any apology, and the family would be left needing a new door.)

Re:And then... (1)

Isaac Remuant (1891806) | more than 3 years ago | (#35008446)

Fox News would point out the guinea pigs obvious connections to Al Qaeda mentioning the word Islam and terrorists together at least a dozen times for good measure.

Re:Warrant? (2, Insightful)

commodore6502 (1981532) | more than 3 years ago | (#35008290)

>>>Move along citizen or "you'll be in BIG trouble!"

Just because a cop orders you to do something, does not mean you have to comply:

"Open your trunk!"
No.
"Let us in your house!"
No.
"Stop camcording me!"
No.
"Let me search your bags and stick my hand on your breast!"
No.

Learn to say no to unconstitutional orders from the jackbooted officers. And if the cops lose control and beat you, well you just won a multi-million dollar lottery. Celebrate.

Requiring warrants are not a guarantee of anything (4, Insightful)

h00manist (800926) | more than 3 years ago | (#35007818)

Requiring warrants doesn't make conditions equal. Once data exists, it leaks, via legal, semi-legal, and extra-legal routes. There's no denying it happens. So if data exists on the public, data should exist on the officials. More so perhaps, as their positions require us to trust them for our basic rights to exist, but they don't need to trust us for their rights to exist. Records on citizens are usually used to prosecute criminals and/or abuse citizens rights. Records on public officials can be manipulated and forged to fake legitimacy. It'll be rare to have it leaked or released for evidence of abusive behavior. So the balance of power the records will supply has to be equalized somehow.

Re:Requiring warrants are not a guarantee of anyth (5, Insightful)

Anonymous Coward | more than 3 years ago | (#35008340)

It's not going to be just the police. If the data is there it will be available to civil suits. Things like showing your ex-spouse visits porn sites and is clearly not a suitable parent.

Re:Warrant? (2)

intheshelter (906917) | more than 3 years ago | (#35008000)

Because they adhere to the strict letter of the law as it is, right? Warrantless wiretaps? Secretly funnelling all telecom traffic to the NSA? Bypassing FISA courts?

Seriously? You actually trust the government to adhere to the law?

Re:Warrant? (0)

Anonymous Coward | more than 3 years ago | (#35008452)

wrong. very wrong. as an example. there is a database of known child porn - images which have been verified and attached to specific persons (victims). these images are hashed and the larger isps are able to report directly to the NCMEC when one of these images is found. So in effect they are sniffing your traffic with no warrant prior to you taking posession of said data. There was a long article on this technology which I can't quite keyword out of google - I believe it was by a researcher in vermont.

Now you say to yourself.. oh its just kiddie porn they deserve what they get. Thats very short sighted. Any file can be tagged and claimed by the governemnt to be child porn thus resulting in a report to the national data center. Once there, the agency in question (cia? nsa? fbi? dos? etc) is able to track who has certain documents and where they are getting them. No warrants, no nothing. One can only imagine the databases that will be developed against 'enemies' of certain politics/policies/programs.

Re:Warrant? (0)

Anonymous Coward | more than 3 years ago | (#35008762)

I think as long as they have strict rules for the burden of evidence for a warrant to see these records, I wouldn't be opposed to it. I don't think that police should have free range over all of this data though. I think this data should be used to help convict people, not discover them in the first place.

Right. Because AT&T (and others?) asked for warrants when the set up the illegal wiretapping "Spy Room" infrastructure that the NSA asked them to.

It's like a having a large standing army (which the US Founding Fathers were against IIRC): if it's there you'll be tempted to use it. If it's not there, you have to justify getting it up and running.

Better to have a moderate speed bump and hassle of needing a justification. Remember, police work is only easy in a police state.

The big problem is... (0)

Anonymous Coward | more than 3 years ago | (#35008786)

...that next, the police will demand new laws that you must equip your homes, cars, and businesses with full-coverage 24x7x365 video surveillance at your expense, and keep all recordings for a very long time just in case any crime ever occurs there. According to your opinion, the police won't have "free range" over all this recorded data, only whatever they're entitled to by a warrant. But still you'll have to bear the cost to make their jobs easier. Failure to comply will, of course, become a crime itself.

Now do you see the problem?

News for nerds? (-1)

Anonymous Coward | more than 3 years ago | (#35007558)

What happened to the slogan?

Re:News for nerds? (-1)

Anonymous Coward | more than 3 years ago | (#35007694)

Its still a site for nerds, the news part is gone tho.

What a surprise (0)

Anonymous Coward | more than 3 years ago | (#35007606)

And the business of government swells even bigger, with yet even more power and revenue for the elite at the top of the pyramid to leverage for their own benefit. It's beyond the point where the claim "government for the people, by the people" should be answered with laughter -- it should be answered with anger. The cold hard truth is that a government without strict limits on power and revenue WILL grow bigger and bigger until the dam finally bursts. And when it does, who do you think will suffer the most? I'll give you one hint: it sure as hell won't be the executives who control the business of government.

OK. You can record me if I can record you. (5, Insightful)

h00manist (800926) | more than 3 years ago | (#35007616)

If records of my activities are recorded and available for investigation, and I have equal rights, those of all people should be too. Given that home users are directly linked to an ISP and all their activities can be directly monitored with a very high likelyhood of locating and monitoring the proper suspect in an investigation, they are at a distinct disadvantage when compared to others who can mix their activities with many other users in a large office or government division by hiding behind a corporate firewall, who can then respond to investigators with strong legal and technical protections as well. So all government offices and corporations should have their records kept by third parties as well, installed on equipment directly linked to their switches within their environments, and revealed to the public under FOIA and/or judicial order. In fact, for certain positions requiring high public confidence, such as public representatives, publicly traded companies, or groups managing public resources, connection of their own computers and that of their staff should be monitored and records kept for possible future breach of public trust investigations.

Re:OK. You can record me if I can record you. (5, Insightful)

dkleinsc (563838) | more than 3 years ago | (#35007842)

See, you don't understand the rules right now. In the post-9/11 world, you have to remember that any attempt by the government to record you is justified until the crisis is over because it is needed to defend your freedom, and any attempt of you to record the government is serious espionage that will result in being locked up for months in solitary confinement without trial [wikipedia.org] until you turn on somebody else that the government wants to prosecute but doesn't have any evidence on.

Now, please show us your papers.

Re:OK. You can record me if I can record you. (4, Informative)

jimbolauski (882977) | more than 3 years ago | (#35007950)

Or you could just use an out of country VPN to hide yourself and if your super paranoid multiple VPNs. The best part is that the pedophiles all ready do this so it won't even help the children, and will probably hurt them because more people will turn to VPN's so the traffic will be even harder to trace.

publicly traded companies? (4, Insightful)

tacokill (531275) | more than 3 years ago | (#35007976)

You do realize that publicly traded companies aren't "public" like the government, right?

Despite the misnomer, publicly traded companies are still private entities owned by individuals (or groups of individuals). What the heck gives you the right to see ANYTHING they are doing, aside from normal regulatory compliance?

Re:publicly traded companies? (1)

GrantRobertson (973370) | more than 3 years ago | (#35008330)

Publicly traded companies have a fiduciary duty to behave responsibly with the money their stockholders have entrusted to them. Even though they are owned by a relatively small portion of the public, any member of the public could be an owner or be considering becoming an owner. Therefore, the public has a right to know what is going on inside of that company. That is the concession the company makes in order to be allowed to sell stock on the publicly traded markets. That is why publicly traded companies are required to file corporate reports. Unfortunately, many publicly traded companies have learned how to hide their activities from the very people they are asking to invest in them - the public. Therefore, even more transparency is likely needed in order to protect the public.

Re:publicly traded companies? (1)

h00manist (800926) | more than 3 years ago | (#35008590)

The stockholders have the legitimate rights to inspect their corporate representatives. They need access to reliable data on abuse of power. Also, given that many of these executives hold vast power over matters of great public influence, public infrastructure, services, etc, such as the military, security, health care, education, telecommunications, and transportation, in many cases members of the public and law enforcement need evidence of criminal activity in case there is any. There is often suspicion or criminal activity and the need to investigate and collect evidence. just as anyone else.

Re:OK. You can record me if I can record you. (1)

elrous0 (869638) | more than 3 years ago | (#35008034)

Oh, but law enforcement is above the law, of course. You ever seen a cop get pulled over for speeding?

Re:OK. You can record me if I can record you. (1)

h00manist (800926) | more than 3 years ago | (#35008634)

Oh, but law enforcement is above the law, of course. You ever seen a cop get pulled over for speeding?

Right. So public vehicles must have GPS trackers with code analyzing abuses such as speed, slacking off, use for private purposes, etc. The public has a right to it.

Hello CP card... (0)

Anonymous Coward | more than 3 years ago | (#35007640)

It has been used to push similar laws through the legislature in Europe and its member states. Next stop on the "CP enables surveillance states" world tour: USA.

Yes, let's collect evidence of crime at all levels (1, Insightful)

h00manist (800926) | more than 3 years ago | (#35007654)

The public has a right to have evidence of crime collected and available for investigation in Washington.

Re:Yes, let's collect evidence of crime at all lev (1)

schmidt349 (690948) | more than 3 years ago | (#35007726)

Only if you want DC-area bathrooms to be flooded with, er, wide-stanced Republican congressmen.

panic stations (-1)

Anonymous Coward | more than 3 years ago | (#35007666)

And of course, if you dont agree to having any government department, lobbyist or just nosey person looking at your data, then you must be a paedophile. It reminds me of this....

The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation.

* Mein Kampf - Adolf Hitler

Re:panic stations (1)

Vectormatic (1759674) | more than 3 years ago | (#35007772)

man, i've seen people say "1984 is not a manual" in their sigs, you yanks* must have read that and thought "Fine, we'll use mein kampf instead"

*the govern-mental types anyway

But good god, that is fucking scary right there...

envelopes (3, Interesting)

UnderCoverPenguin (1001627) | more than 3 years ago | (#35007676)

,quote> Think about how much evidence is denied to law enforcement by envelopes, opaque concrete, and criminals' failure to shout.

I remember reading (several years ago) about a chemical that can supposedly make paper temporarily transparent .Also, seems to me that graphite and even pen ink might show up on an MRI scan. As for concrete, a portable neutron scanner should be useful to get some idea of what is inside. (No idea if such a scanner would be affordable to any but the very most important cases any time soon.)

Re:envelopes (1)

SuricouRaven (1897204) | more than 3 years ago | (#35007746)

Old ink, of the type used in some historical documents, can show up on an xray. That's one way of recovering data from such documents when they are too old to read by conventional means. It wouldn't work on modern biro ink though.

Re:envelopes (1)

thejynxed (831517) | more than 3 years ago | (#35008134)

This is because the old ink that can be x-rayed is Iron Gall and the new stuff is made out of various plant dyes coupled with petroleum byproducts and peanut oil extracts (which is why acetone and hairspray are quite good at removing/dissolving the new style inks).

Since there is metal compound (FeSO4 to be precise) in the old style ink, the x-ray obviously will pick that up.

Monitoring capability is here. It will be used. (1)

h00manist (800926) | more than 3 years ago | (#35007956)

There was no technical ability to monitor before, by government or by people or by random groups. Concrete walls, paper envelopes and quiet conversations were all reasonable guarantees of privacy by nature, there was no way to record them. Now everything can become data and be recorded and transmitted. The cost is going down and the abilities expanding. It will be done undercover, and sold on a black or gray market, legal or not, in dozens of ways. As we are all seeing. Universal monitoring capability is here, there is no putting the genie back in the bottle. I believe there is no solution. Either the people monitor all their officials and powers-that-be, or the people become monitored one-way - legally or not.

THIS BOARD OFFICIALY SUCKS !! (-1)

Anonymous Coward | more than 3 years ago | (#35007712)

God damn you know how to fuck things up beyond all recognition, motherfucka !!

Re:THIS BOARD OFFICIALY SUCKS !! (1)

intheshelter (906917) | more than 3 years ago | (#35008048)

You coarse commentary has been deemed harmful to children and it has been recorded and forwarded to law enforcement. Hope you like Cuban food . . . .

Alternative... (1)

RussellSHarris (1385323) | more than 3 years ago | (#35007716)

Instead of telling ISPs that they need to start keeping tons of information for ridiculous lengths of time so that they can produce it if they get subpoenaed, why don't they focus on making the legal system work quickly enough that it doesn't TAKE two years to ask for it? (Then again... nah, that's crazy talk. It could never happen.)

There should not be a record, anywhere, of exactly who had which IP address when, accurate to the last IP address, person, and second, TWO YEARS AGO. Period.

Re:Alternative... (1)

betterunixthanunix (980855) | more than 3 years ago | (#35007812)

Making the legal system work faster? We have too many laws for that. Ironically, it seems that the police want this mandatory retention so that they can better prosecute people for breaking the very same laws that are responsible for our judicial slow down.

Don't Forget! (1)

Anonymous Coward | more than 3 years ago | (#35007732)

This is OBAMA's "Justice" Department.

What a bunch of AssHats.

Re:Don't Forget! (1)

bughunter (10093) | more than 3 years ago | (#35008010)

Which behaves just like BushCheney's "justice" department, which acted just like Clinton's "Justice" department, which acted just like Bush40's "Justice" Department, which acted just like....

The DOJ stopped 'belonging' to a president long, long ago.

Require data retention for supply stores also (1)

mysidia (191772) | more than 3 years ago | (#35007752)

Shall we require walmart to stamp every inch of duct tape with a serial number, and retain records for every single customer of all items purchased, so we can map the unique id to a customer?

Are we forgetting the real concern here? Privacy is a concern for end users. But for large ISPs, a problem is cost and technical capability of storing precise information.

And the fact that tracking by ISPs is easily circumvented by tunnelling, proxying, and wireless.

Due to widespread NAT, a single IP address doesn't even map to an individual user, and the collection of usage data by the ISP for any significant amount of time is basically useless.

Since a reliable trace/track can only be performed for a short time. Once a few hours have passed, the 'tracked' computer can easily be moved. It may not even belong to the subscriber; particularly in WiFi, public place, and various other scenarios.

Balanced? (1)

Anonymous Coward | more than 3 years ago | (#35007756)

"saying such concerns need to be addressed and balanced against the need for law enforcement to have access to the data"

What does "addressed and balanced" mean other than "paid lip service to and ignored"? If police get the data, where is the balance?

The good old "child porn" excuse (5, Insightful)

dkleinsc (563838) | more than 3 years ago | (#35007766)

especially online child pornography

There are 3 targets for every government intrusion on civil liberties:
1. Terrorists
2. Child porn
3. Drugs

The law enforcement agencies have determined that those are the issues that can be used to push absolutely anything through. For instance, trying to catch terrorists allows them to grope everybody with absolutely no suspicion of wrongdoing. Drugs allow them to break down your door at 2 AM, guns drawn, without identifying themselves as the government, and in some cases killing people. And of course child porn and terrorism allows them to watch absolutely everything you do online. That these are plainly illegal doesn't matter, because anybody who disagrees with them must be a terrorist, child pornographer, or junkie.

That doesn't mean those threats don't exist, but if they were serious about addressing the real risks around us they'd be focused on more mundane issues like traffic violations.

Re:The good old "child porn" excuse (1)

enaso1970 (759924) | more than 3 years ago | (#35007868)

And if they break down your door at 2am, grope you, then take your computer...it's not going to turn into a good dream.

Re:The good old "child porn" excuse (4, Insightful)

inthealpine (1337881) | more than 3 years ago | (#35008062)

You may have a point. I always found it interesting how the government flips shit about child porn pictures, yet we hear very little of actually catching the people who make the child pornography. I mean, how many people have the feds arrested for having child pornography where the result of that arrest ended with the subject child being rescued from whomever was taking the pictures? It's not like I feel bad for the scum bags being arrested, but if we are doing this ''for the children'', are we actually directly saving any children?

Re:The good old "child porn" excuse (2)

silas_moeckel (234313) | more than 3 years ago | (#35008404)

I work in the hosting business and can tell you flat out they only care about the low hanging fruit. If they were commercial and took CC payments in any way they were all over it as it was straight forward we hand them the evidence from the site (site contents logs etc) they got the info on everybody that paid them and arrested them all. I do not think they ever got the site owners they generally came in from countries (or were proxied in) that were not to friendly to the US. Ok fine and dandy they got the idiots paying for child porn (make you want to puke not she might be 17) but hand them people uploading pictures etc and they do not care.

Re:The good old "child porn" excuse (3, Interesting)

melikamp (631205) | more than 3 years ago | (#35008778)

Child abuse and child pornography have very little in common. If you are a child pornographer, it is virtually impossible for you to be also a child abuser: child abuse is already against the law in every jurisdiction in the world, and if you put pictures of your wrongdoing online, it's like turning yourself in. We all guess that nearly all child abuse is done by parents, who do it without any kind of incentive besides the abuse itself. They don't do it for money, they don't do it to brag. Only the stupidest of them actually take pictures, and the insane ones share them, and it stands to reason that they are also the ones who tend to get caught (another case for non-commercial distribution being legal). We can all also guess that almost all child porn that's out there is done by Russian cyber-criminals, who don't abuse any children themselves, but rather push around badly-cut RARs with compilations of 30 year old photos of children abused by someone else in the past. Of course there must be exceptions, and there are gray areas having to do with the exact legal age, but when it comes to having 8-year-olds participating in sexual acts, the picture is just as above. IMHO, it is a lie that non-commercial distribution of child porn hurts children (abusing children hurts children, and so does child porn production, as so does commercial distribution, and people who engage in any of these should be in jail), and it is true that modern child porn laws are characteristic of a police state.

Maybe the threat is exaggerated? (1)

elsurexiste (1758620) | more than 3 years ago | (#35007798)

I wonder if the "unavailability of data" and "returning empty-handed" are related to an exaggeration of the current level of threat, rather than varying ISP policies. The article suggests that a lead may be useless after the logs have expired, so why are they taking so much time to find and pursue such leads, if they are so many to mandate full logging from everyone? The article doesn't say...

Child Pornography (3)

Tuan121 (1715852) | more than 3 years ago | (#35007804)

adding that data retention is crucial to fighting Internet crimes (PDF), especially online child pornography.

Sorry, but what is this obsession with child pornography? I don't care that someone is looking at it. Sure I care that someone took the pictures / did whatever, but so what if people are looking at it. You can call them sick or whatever you want, but there is a huge difference between some perverse fantasy and acting on it. Have you been arrested for the random dream of killing your boss? I don't think so.

On this subject, is there anything else that is illegal to simply have possession of that can absolutely do no harm just by itself?

Re:Child Pornography (4, Informative)

SuricouRaven (1897204) | more than 3 years ago | (#35008136)

Originally, just sexual abuse of children was illegal. Then it became child pornography, on the grounds that demand for it created an incentive to abuse children. After that though, it just got sillier and sillier. It's a ratchett effect - any politician can gain by tightening or extending the law in this area, but to so much as suggest weakening it would open one up to accusations of not careing about protecting children. So the laws can only ever get broader, never narrower.

Fixed IP(v6) addresses and end-to-end encryption (2)

cpghost (719344) | more than 3 years ago | (#35007810)

All this data retention crap w.r.t. recording IP addresses is a moot issue, when the ISPs will move to IPv6. Everyone will have a (set of) fixed IP addresses anyway; just like our currently fixed phone numbers. For everything else, we'll have to develop or use an already existing end-to-end encrypted layer on top of IP, so that ISPs as men in the middle won't have anything to record and report to our big brother governments.

Re:Fixed IP(v6) addresses and end-to-end encryptio (1)

mysidia (191772) | more than 3 years ago | (#35007906)

fixed IP addresses anyway; just like our currently fixed phone numbers

IP addresses are a characteristic of the network equipment is plugged into, not a characteristic of the equipment itself.

If you take your laptop to a coffee shop and plug in, your IP address will change, even with IPv6. (Unless you tunnel to a machine with a fixed IP)

You can always tunnel to a machine outside jurisdictions that require retention.

Though I suppose it won't be too long before governments require ISPs to wiretap your connection and make records about which subscribers are using encrypted tunnels and how often/when/where/etc

Re:Fixed IP(v6) addresses and end-to-end encryptio (1)

SuricouRaven (1897204) | more than 3 years ago | (#35008156)

End-to-end encryption is awkward, though. It's doable, yes, but it takes some level of skill to impliment still - and most people, having nothing to hide, just don't care about privacy that much. Just look at how many people use Facebook.

Phone numbers aren't fixed... (0)

Anonymous Coward | more than 3 years ago | (#35008612)

Phone numbers aren't fixed ... to the technically savvy. Bouncing a phone between countries has never been easier due to SIP and Skype. There are also completely encrypted point-to-point free SIP solutions. You need to care enough to setup the software on both ends, since the encryption is not portable across all SIP solutions.

Your concern over IPv6 is real for most people. It also provides IPSec tunnels for everyone, which can be useful. I'm worried that some IPv6 implementations may prevent the random change to the MAC address so your specific hardware isn't tracked.

It may be time for a federation of secure service providers with IPSec tunnels around the world. Basically, paid TOR tunnels, but for all traffic until the endpoint to keep this away from prying government and other eyes.

This could be a drinking game (1)

Ltap (1572175) | more than 3 years ago | (#35007830)

"For the children" excuse, data retention, "cracking down", child molesters . . . Although I think almost all of these stories have the same elements, we would need new livers soon enough.

Draconian laws and how they are done (0)

Anonymous Coward | more than 3 years ago | (#35007886)

Whatever draconian laws USoA implements, they europeans want to implement pointing fingers at USoA and the need of such laws. Whatever draconian laws Europe implements, they americans want to implement pointing fingers at Europe and the need of such laws. Ah, conspiracies!

So, I'm curious... (2)

Akratist (1080775) | more than 3 years ago | (#35007894)

Given that it seems like quite a few cases of people who have illegal porn on their computers are caught when they take their computer in for service, why don't we just pass a law requiring that everyone has to take their computers in for random checks? Really, absurdity doesn't play a role in these decisions, does it?

Next, record all phone calls. (2)

inthealpine (1337881) | more than 3 years ago | (#35007930)

This would be like saying that all phone providers need to record all Americans phone call 'content', just in case the government wanted to investigate you for something at a later date.

Just Get it Over With (0)

Anonymous Coward | more than 3 years ago | (#35008018)

The gap between people's data retention and law enforcement needs is high. People who don't log where they were every minute of the day are really hampering police investigations when they can't figure out what a suspect has been up to. The FBI would like Congress to authorize each person in the United States to be followed by a police officer or other agent so that their location at all times can be monitored and logged.

I like how they... (0)

Anonymous Coward | more than 3 years ago | (#35008076)

pretend that the NSA isn't slurping up every last bit of real time data that flows over the Internet backbones in them AT&T beam-splitter closets and storing it somewhere deep and secret.

Alls they need to do is access that planet-sized repository and they can drink themselves giddy in the avalanche of human "criminal" activity.

maybe.. (1)

LoganDzwon (1170459) | more than 3 years ago | (#35008088)

I think this could actually be a good thing. Lets figure out exactly what ISP should retain and what would be available for law enforcement with and which without a warrant. For example, I do not have a problem with ISP keeping track of what subscriber had what IP address for the last two years. However, I find requiring an ISP to keep a copy of my IMs or browsing history without a signed warrant simply unacceptable. If we could come to something reasonable this data would not be unreasonably large. Users with DSL/cable often have a simi-static IP anyway now.. We'd also set terms so after, (lets say two years,) an ISP would purge the data for fear of being sued for privacy invasion.

Stop "Cooperating" With Law Enforcement (3, Insightful)

chill (34294) | more than 3 years ago | (#35008096)

Provide the information they seek ONLY when they provide a valid warrant. ISPs should not "informally" cooperate with law enforcement. If there is reasonable suspicion of a crime, the law enforcement agency should be able to convince a judge of that and obtain a warrant. Checks and balances.

I have said it before and I will say it again... (2)

jonwil (467024) | more than 3 years ago | (#35008102)

Even if it was Osama Bin Laden brutally raping and murdering little kids and posting footage of same on YouTube it doesn't justify giving the government ANY right whatsoever to do wholesale data collection of telephone calls, bank account data, retail purchases, library borrowings or (as in this case) internet data (emails, web access etc).

I have no problem whatsoever with the FBI/cops/etc going to an ISP and saying "we have x IP address at y time, please find out which customer that was and set up a tap/trace on that customer so we can bust the guy" but wholesale data gathering is something I will NEVER support.

What we need is for someone to come up with something that shows why continued erosion of civil liberties is bad and wont do a thing to stop criminals (including Child Pornographers) or terrorists (including Osama Bin Laden). Something that even the most clueless person can understand.

If you can show people that what their government wants to do wont actually stop whatever criminal activity people want the government to stop (and more to the point, suggest an alternative that will be more effective in stopping the criminal activity in question) people might just listen.

Re:I have said it before and I will say it again.. (2)

blueg3 (192743) | more than 3 years ago | (#35008412)

All they ask for in this statement is exactly what you said you have no problem with: a reverse mapping of (IP address, time) to customer and customer information (e.g., address).

The problem, they claim, is that ISPs only store this data for short periods of time, which is insufficient. They specifically mention that they are not requesting that ISPs start storing data that they do not already store.

Re:I have said it before and I will say it again.. (1)

VortexCortex (1117377) | more than 3 years ago | (#35008690)

If you can show people that what their government wants to do wont actually stop whatever criminal activity people want the government to stop (and more to the point, suggest an alternative that will be more effective in stopping the criminal activity in question) people might just listen.

Your assumption is wrong: The Onion Router provides the proof you seek. [torproject.org]

You see, no matter how blatant, commonplace or accessible the proof is people just won't listen; People are stupid -- It's the Wizard's First Rule: Some people will believe anything if they fear it to be true.

You know why they really want it. (1)

JustAnotherIdiot (1980292) | more than 3 years ago | (#35008194)

Apparently there's enough political figures that are into child porn, so they want to obtain it without causing any alarm.

Wow .... (4, Insightful)

gstoddart (321705) | more than 3 years ago | (#35008216)

So, we should monitor everybody so that if in the future we need to monitor a specific person, we'll already have the data. Brilliant!

Welcome to the surveillance society. Wouldn't this run afoul of the whole "unreasonable search and seizure"? Hell, keep everybody's web history long enough and you'll likely find something you could use against them.

I completely disagree that ISPs should just track everything in case law-enforcement wants it at some point. It's a little Orwellian, and I fear that it is only going to get worse -- in their zeal, governments are really going overboard. This is just depressing.

Re:Wow .... (2)

blueg3 (192743) | more than 3 years ago | (#35008456)

All they're asking for is for ISPs to retain DHCP logs longer.

Re:Wow .... (3, Insightful)

gstoddart (321705) | more than 3 years ago | (#35008678)

All they're asking for is for ISPs to retain DHCP logs longer.

For now. But this snippet from the linked PDF is kind of scary:

Federal law permits the government only to request that providers preserve particular records relevant to a particular case while investigators work on getting the proper court order, subpoena, or search warrant to obtain those records.

This approach has had its limitations.

Basically, "we find it inconvenient that by law we're only allowed to ask for specific information based on an on-going investigation, we would like some blanket powers so we don't need to bother with this".

Hell, in my book, anybody who is quoting Alberto Gonzales is not to be trusted ... Gonzales routinely made awful decisions like "it's legal because we say so" and "who needs habeus corpus?". From the PDF again ... "Former Attorney General Gonzales similarly testified about “investigations where the evidence is no longer available because there's no requirement to retain the data.”"

Looking at this section:

In some ways, the problem of investigations being stymied by a lack of data retention is growing worse. One mid-size cell phone company does not retain any records, and others are moving in that direction. A cable Internet provider does not keep track of the Internet protocol addresses it assigns to customers, at all. Another keeps them for only seven days—often, citizens don’t even bring an Internet crime to law enforcement’s attention that quickly. These practices thwart law enforcement’s ability to protect the public. When investigators need records to investigate a drug dealer’s communications, or to investigate a harassing phone call, records are simply unavailable.

they're pulling out pretty much all of the bogey-men to say "we need to be able to monitor everything just in case". They cite child abuse, drugs, terrorism ... harassing calls. While these are legitimate law enforcement targets, it's definitely stating the case that they'd really like to be able to monitor everything.

Hell, even the wording they use is charged "Most responsible providers are already collecting the data that is most relevant to criminal and national security-related investigations." ... meaning those who aren't actively helping the government monitor everything are irresponsible and therefore evil.

This just sets them up for way too many fishing trips as far as I'm concerned. You can't just simply apply surveillance and monitoring against an entire society "just in case". This is just plain bad, and it's more like something Iran or Stalinist Russia would do.

I watched this...and it was a travesty (1)

Anonymous Coward | more than 3 years ago | (#35008252)

I watched the recording of Mr. Weinstein's testimony, among others, last night at work. Under questioning by the members of the House Judiciary Subcommittee on Crime, Terrorism and Homeland Security, he admitted that although the primary purpose of the database was to requisition information on the exploitation of children, the Justice Department would be stupid not to let all that information "go to waste". The onus of creating and maintaining the databases will be on the service providers, and Rep. Sensenbrenner (head of the subcommittee), flat out told the witness from the U.S. Internet Service Provider Association (Ms. Dean) that no matter what, this WILL be legislation and that the ISPs should get behind the movement or be forced to.

We all know the real target (1)

Riceballsan (816702) | more than 3 years ago | (#35008268)

Yeah, terrorists, sexual preditors etc.... are on the face of the bill. But 20 bucks says RIAA and MPAA are the funders (of the lawyers and politicians of course, we will still be paying for the storage space etc...)

Wil Amazon have to record everything as well? (1)

Anonymous Coward | more than 3 years ago | (#35008272)

SSH tunnel from my ddwrt router so that all home traffic is encrypted as it passed through my ISP.
Yeh, my throughput drops and ping times go to hell, but with some shaping, that can be fixed with certain traffic sent SSH and others (like hulu or netflix) not rerouted (not sent SSH to the ec2 instance).
From my throughput tests, I get about 4.5 Mbps (I have 8Mbps via comcast) and ping times in the 200 to 300 ms times.

Oh, and three cheers for Obama, the constitutional scholar who was going to stand up for civil liberties.

Time Warner (5, Interesting)

inthealpine (1337881) | more than 3 years ago | (#35008318)

I was a stand in security and abuse coordinator for a little less than a year at Time Warner Cable. All it took was a subpoena faxed to the office for us to hand over any data request. A lot of times cops would get pissed because a police letterhead fax wasn't enough, but it takes no time to get a subpoena. Police would try to say they were afraid the data could get purged if they didn't get it now, versus a few hours from now which is BS. I would tell them I already pulled the requested data and had it right in front of me so no worries about it being purged, they were not amused.

If any expansion of power is needed it should be the ability to have a request to hold data while a subpoena is processed. That is a simple answer, but the government isn't interested in simple answers its intent is to chip away at privacy so it can do whatever it wants whenever it wants.

Why single out internet traffic? (0)

Anonymous Coward | more than 3 years ago | (#35008632)

What is it about the internet that makes it a target? Why not keep records of every phone call ever made to any number at any time? Why not keep a mandatory record of book purchases? Magazine subscriptions? Why not mandate that all travel plans must be sent ahead of time to a central data base that will keep the records just in case?

Record voice calls too (0)

Anonymous Coward | more than 3 years ago | (#35008704)

Telco's should record all phone calls as well since there must be volumes of incriminating evidence being sent via voice.

1984 wasn't wrong in principle. It just got the date wrong.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...