U.S. Pressures ISPs on Data Retention

packetmon writes "According to Wired's Declan McCullagh 'In a private meeting with industry representatives, Gonzales, Mueller and other senior members of the Justice Department said Internet service providers should retain subscriber information and network data for two years ... A more extensive mandate would require companies to keep track of e-mail messages sent, Web pages visited and perhaps even instant-messaging correspondents.'"

wow

that's a lot of data... I wonder how many hard drives it would take to keep that much. besides, it would be so much data that it would be really had to sort through it all in order to try and prevent any crimes (I'm assuming this is an anti-terrorist thing - as most crazy freedom reducing laws these days are)... all this would do is after someone had blown themselves up and you knew who they were you could say "so in this instance "flower" meant bomb... but because of the cellular nature of these groups we're no closer to stopping any other attack"

Re:wow

If yuo run a mid-sized network just get your router/firewall to log everything that goes past to gat an actual idea of how much this is. I tried it a while back on my home network (3 users, slightly above average on each) and got some stupidly large volume

Preserving ALL of your data IS possible

I've worked at one startup which actually WILL preserve all of your data. You are misleading people by thinking that there's just too much data to capture. It just isn't so. Furthermore, the technology is here right now to report, in real time, what you are doing.

If you don't believe me, just look at the technical specs of the device which AT&T is using for the NSA. Also look at packetmotion.com. And, from looking at the job openings at dice.com, there's at least another startup on it's way to do the same thing in this market.

Right now, they can't keep all of your packet data for two years. But they CAN keep all of your connection data, and tell not only what sites you are connecting to, but also what type of connections you have. It's pretty useful for identifying Kazaa (et. al.) types of connections.

If you don't believe me, just ask the IT staff at UC Berkeley. They actively pursue this type of snooping on both faculty and students. They, and other Universities, are a preferred testing ground, since they throw such a load at the devices.

Now, why Universities encourage outside spying on the faculty and students is beyond me. But yes, this stuff is happening right now.

The current goal for all of these companies is to preserve ALL data for at least two years. They aren't there yet, as the disk space required is extensive. But they CAN do it for shorter periods of time, if one spends the money on filers.

What's more, it will only be a matter of time before they can preserve this data for at least two years, and longer. There are companies which make use of cheap fast SATA storage for about 1/5 the cost of a NetApp filer. 50 Terabytes is affordable; in 5 years, you're looking at affordable Petabyte storage.

The point here is that the Government is ahead of the curve, as they know it's only a matter of time before the disk storage required to keep all data is afforable. So they want this snooping in there now, as it will be a lot easiler to mandate that ISP's keep ALL data once they have these hooks in place.

So please quit misleading people into thinking that there's too much data. Snooping, reporting and storing this stuff is possible now, and is only going to get easier and cheaper in the near future.

Re:wow

The UK (and now the EU, thanks T. Blair!) have data retention already in law (though not yet implemented AFAIK).

They don't retain the data: the volume would be far too high (as you say). They just (!!) track who mails who, who IMs with whom, and the web

Re:wow

The thing that scares me about the car logging isn't so much the logging (which is worrisome on its own), but the plan to automatically correlate that data with the movement of cars found to be involved in terrorist incidents after the fact. So if your car

Just keep thinking that buddy...

"(I'm assuming this is an anti-terrorist thing - as most crazy freedom reducing laws these days are)"

Honestly, how many terrorists are they going to catch? How many have they caught so far? How long do you think it will take them to find other uses for y

Hard Drives? Bah!

If they want that data, each packet should be printed out and mailed to them!

Why not just follow the formula in 1984?

Rather than put all of the onus on spying on the population on third parties, such as telcos, credit card companies, ISPs and airlines, why not just implement the solution in 1984. You just install two-way TVs in everyone's homes and offices. That way you can efficiently monitor what everyone is doing in a centralised fashion. The data would be recorded for later playback if needed. As a safeguard, officials would only be able to examine the recordings if they obtained a court order (unless, of course, the President decided it was necessary to the fight against terror to waive the requirement for a court order). After all, if you are not doing anything wrong, why object to such a system?

Re:Why not just follow the formula in 1984?

Why not? Because they haven't boiled the frog slowly enough yet to get away with it.

Laugh

I swear, it's a laugh a day with the Americans. Never was there a people more accepting of their oppression. Even Iranians stage riots. What's America got? Disgruntled forum posts.

Admittedly it would be a lot funnier if I didn't live a stone's throw

There's no difference.

They are talking about taking Carnivore out of the secret room. The "records" of everything you do will be available without warrent already. New laws will do away those pesky constitutional concerns. Sooner or later the collection machinery will be specified and owned by the feds, though still payed for by the ISP. The "evidence" will stand up better in court when someone decides to dissapear you with kiddie porn or some other disgraceful crime. The currently proposed system will eliminate the "stove pipes" in the current corporate owned spy network. You private papers and personal effects are owned more effectively than Eric Blair imagined they would be.

Do they realize the scope?

Considering that more email is generated every year then snail mail; nevermind that just logs alone can overflow hard drives (happened to quite a few systems I encountered). Not even counting the privacy considerations this will create traffic jams and increased costs for internet usage (The extra hard drive space has to come from somewhere).

Not to mention that all that extra has to be pored through. The FBI had gotten information on a case from homeland security, unfortunately they did not parse it down and the FBI agents lamented that they spent a majority of time chasing down pizza deliverys instead of spending more time on the actual case.

Image the uproar when (not if) a cracker gets into the database and abuses all that information.

The information gathered from users can also be used(abused) for blackmailing.

You might be asked to testify against someone, if not then well your employer and spouse might accidently find out about your surfing habits.

All in all, this sounds like a lose-lose situation for almost all involved.

Re:Do they realize the scope?

I will just add that one of the most important uses of the information will be to go after those who "put national security at risk" by revealing illegal actions by the security services.

Re:Do they realize the scope?

Even if they implemented the system, and figured they did have enough space to store it all, couldn't everybody just start sending and receiving garbage 24 hours a day in order to clog the system. Some kind of P2P clog the log system?

conflicting goals

FTA

"I will reach out personally to the CEOs of the leading service providers and to other industry leaders," Gonzales said. "Record retention by Internet service providers consistent with the legitimate privacy rights of Americans is an issue that must be addressed."

Privacy rights and citizen-snooping mix worse than water and oil.

Simple Solution

Is this not exactly the sort of problem public key cryptography is well-suited to combatting?

Re:Simple Solution

Do you want to explain to me exactly how you encrypt an http GET command? They're talking about tracking what sites you visit - just like China. At least we know they can count on Google for help.

Re:Simple Solution

Maybe you could use a new technology called HTTPS to ecrypt your HTTP Get command. Sure they could track which server you connect to, but not which pages are requested, nor the data that is sent back. A proxy system that did the requests for you would hi

Re:Simple Solution

No. They talk about the information. e.g. that I connected to http://politics.slashdot.org/ [slashdot.org] not the fact that I actually wrote this.

Compare it to the fact that phone companies keep records of whom you called when. Not what you said on that phonecall.

That is another department. Oh and no matter if it is the ISP or the governement who is paying, you are going to pay for it. Either by taxes or by price increase.

Re:Simple Solution

No. They talk about the information. e.g. that I connected to http://politics.slashdot.org/ [slashdot.org] not the fact that I actually wrote this.

So you are a politically interested terrorist^Wcitizen, hmss? Slashdot... give us the user id corresponding to IP address

Re:Simple Solution

You're incorrect about what they actually want... The government hasn't made clear what information they want retained. They're not sure if they want entire sessions of just session information. I wonder if the government is going to subsidize monies for c

Not So Simple Solution

While it may seem to be the solution, how long before companies are pressured to place something on the operating system level, say a keylogger? Wouldn't be the first time the government went this route (Google FBI +Magic Lantern). As a whole I would think

Constitutional Amendments?

Sadly I'm not American, but this seems like the sort of thing that would be pretty early on in the list of rights you guys have - freedom of speech, not incriminate yourselfs in court etc - so is there any possibility that you could have a new amendment - the right to have private communication with people without having to tell - or without the carrier having to tell - the government? It sounds a bit much to me.

Also, from a technical point of view, why isn't Linux and other Open Source software using encryption by default? If emails are hard to encrypt as a matter of course, perhaps it's time for another system which handles messages strongly encrypted. I've heard about TOR from the EFF, and I remember the short-lived Triangle Boy system - it really sounds like this sort of thing needs to be made up and running sooner rather than later.

Re:Constitutional Amendments?

Happily, I'm not American. = )

But I do live in the US. From what I can gather, they want to create big nets or maps of people. Who contacts whom. They don't particularly care what people say initially. That comes later if something strikes their fancy

instant-messaging correspondents?

It's lifted from the TFA but I guess this is supposed to mean 'instant messaging correspondence' (...in addition to logging the correspondents)?

log size

Based on logs i've seen of similar information 2 years of logs would easilly be 26 gbs for a single person. That's just a conservitive number for the types that check their email a few times a week and look at the Lost forums every now and then.

Multiply that by 100s of thousands of users and you're looking at warehouses full of tapes and/or hard drives. That's if you're conservitive.

Log size and a full time person to manage it

I work at a small WISP. Wireless Internet is secondary to our primary business, so anything to do with the Internet gets put on hold when a primary job comes up. The practical result of that is, we barely have a spare minute to work on the network side of

Data Storage

I'm sure the ISPs wouldn't mind - as long as the government provides the data storage center and pipe to the same. I just don't want to be the poor sucker that's expected to develop an algorithm to efficiently search the steaming pile of crap that results from that sort of requirement.

Re:Data Storage

Enter google.gov

i'm scared.

More correctly, I'm sure AT&T wouldn't mind

They are already doing it, and they know how many small ISPs would have to shut down because of the cost and complexity of doing something on this scale, if it became law. Big monopolistic-type businesses loves big government, because it puts up a large ba

Private Meeting?

I wonder if they have some privacy issues about the content of their private meetings showing up on the internet?

Distraction?

are we sure this story isn't just to distract us from the AT&T + NSA snooping headlines? if they need to ask ISP's to retain all this data, then surely the NSA isn't doing what everything thinks they are doing.

Re:Distraction?

if they need to ask ISP's to retain all this data, then surely the NSA isn't doing what everything thinks they are doing.

From what I remember this isn't quite true... The NSA + AT&T case is about real time data mining, not blind storage of details of e

Freedom and Cost

The cost of freedom and rights is paid not just on the battlefields of the wars we fight, but in our everyday lives. When we become so weak that we cannot accept that cost, then we cannot have rights and freedoms.

In Massachusetts, USA, we now have State Police on television, threatening the citizens of the State over seatbelt use. In the mad desire to save the last life, our government and police oppress and threaten not murderers or rapists, not armed robbers or burglars, but citizens commuting to work, mothers doing shopping, and old people on the way to bingo.

You can be sure that the requirement to hold all ISP information on individuals will extend from 2 years to 5 to 10. Then there will be a lifetime requirement on all communication by an individual.

They justify these incroachments on rights and freedoms by saying they are fighting crime and saving lives. We have to be strong enough to accept the consequences of our freedom to chose in our lives and tell them we are not mere cells in the body of society. We must tell them that we are not all "uncaught criminals" who must be monitored and spied upon by the government for our own good. We must tell them to go to hell.

Who moderated the real American a troll?

The parent poster is dead correct. Not being spied on and continually asked "Your papers comrade" was supposed to be one of the touchstones of American citizenship. When I was growing up, I was often told that not enduring such things and NOT TOLERATING t

In Connecticut non-seat-belt-use is just cause.

If you don't wear it, the cops have a legit reason to pull you over.

Your argument that this law is just because I can negatively affect others through non-use of a seatbelt is a bit reaching, don't you think?

Re:In Connecticut non-seat-belt-use is just cause.

At least he didn't trot out the "your injuries will raise my health insurance premiums and the government will have to care for you or your widow" argument. Seatbelt and helmet laws are just one symptom of the outrageous disregard for freedom that allows t

Re:In Connecticut non-seat-belt-use is just cause.

Seatbelt and helmet laws are just one symptom of the outrageous disregard for freedom that allows this once great country to stomach the passage of laws regulating conduct that affects only oneself.

Natural selection of idiots who don't wear seatbelts shoul

Re:Freedom and Cost

By wearing your seatbelt, you drive more safely and in control and you are performing a public good

How does this make any sense? I would think that someone who is more likely to be injured in a crash, to drive more safely. If there is a 100% chance th

Re:Freedom and Cost

people *do* value money over their own safety, because 99.9% of people dont have a grip on probability. Thats why people play roulette and buy lottery tickets. People never think a car crash will happen to them.
I wouldnt drem of driving a car without a sea

Re:Freedom and Cost

The seatbelt legislation is to save the insurance companies money.

On what basis can you make such a statement? Surely the insurance companies just pass their costs on to the policy holders. The costs of not wearing seatbelts is much more widespread than ju

And in a separate meeting...

...between ISPs and their users, the users said they would jump ship the moment they thought their ISPs were helping to spy/keep tabs on them. The users also read a statement into the record proposing that the Justice Department, quote, "go fuck themselve

we analyzed your e-behavior...

...and we found a probability of > .5 that you have engaged in illegal activity in the past two years.
How do you plea?

Time to buy shares in...

... harddisk and other mass storage companies.

If nobody listens when we object on privacy grounds, at least object on environmental grounds... how many kw is it going to take to power the systems to record this data?

Oh well... at least somebody is backing

My Contribution

I get 3 million trackback spams a month. They can have those if they want them.

How you can you not think Bush is Evil?

This administration is doing everything it can to erode our privacy rights, take away due process and legal protections, increase governmental secrecy and decrease governmental accountability. All this ironically in the name of our saftey and freedom.
        The Bush administration is eroding our privacy rights through warantless wiretapping of American Citizens phone calls, and we dont know if its only international phone calls because there has been no investigation of this, we only have the people who are violating the FISA statue's word on this. FISA was set up for exactly this purpose. Not only that, they have a database of nearly every phonecall made in America, and they are using it to monitor phonecalls made by reporters to find leaks in their own administration without warrants.
http://www.thenation.com/blogs/thebeat?pid=83880 [thenation.com]
      As for our legal protections, this administration wants to be able to detain indefinitely without trial anyone suspected of terrorism, Jose Paddilla is a American born citizen and though he will now be tried as a criminal due to the threat of his case going to the supreme court. This administration wished to detain him indefinitely without trial prior to that threat. That is scary and unprecedented. Were not talking about legal resident aliens, or people who illegal gained entry into the country, this guy was born here as a citizen and under the constitution he deserves a trial, every citizen deserves a trial, thats a fundamental right.
        As for increased government secrecy and decreased accountability we have documents being reclassified under the freedom of information act, and non-compliance for freedom of informaiton act requests. Its not just security related concerns, but corrupt things like whether a power plant is up to code and is likely to have an accident, hand outs to his industrialist buddies. Another nice tidbit hidden from the public for a long time by Bush's rewritting of the Freedom of Information act is a memo from Exxon mobil to the Bush white house demonstrating the influence of oil companies on this administration's global warming policy's. All of this having nothing to do with national security but being withheld from the public just because it protects monied interests or can embarrass elected officials.

Watch For Follow-Up Laws To Ban Things Like...

..Anonym.OS http://kaos.to/cms/content/view/14/32/ [kaos.to]

Until then, consider contributing to these kinds of projects, as they soon may be the only things standing between you and governments being able to track and parse every communication you make.

Does anyone else find it ironic that some of the most "free" countries are some of the former Soviet Unions' 'client' states?

Cheers!

Strat

Re:Whos going to pay for this dumb idea?

They're actually trying this in the EU, where it has already been agreed that data retention should be implemented for at least 6 months or so.

Personally I don't see little that can be really achieved with this approach to actually prevent terrorist, sin

Re:Whos going to pay for this dumb idea?

Until Gonzales' speech, the Bush administration had generally opposed laws requiring data retention, saying it had "serious reservations" (click for PDF) about them. But after the European Parliament last December approved such a requirement for Internet,

Re:If they want this...

So you want to pay for it? Even if you dont use a spying ISP?

Goverment rips all that money in the form of taxes... everyone pays.

If ISPs paid for this themselves, then only the customers of those ISPs would pay.