Support for U.S. Mandatory Data Retention Laws 264
chill wrote to mention a C|Net article about an upswell in support for a mandatory data retention policy here in the U.S. From the article: "Top Bush administration officials have endorsed the concept, and some members of the U.S. Congress have said federal legislation is needed to aid law enforcement investigations into child pornography. A bill is already pending in the Colorado State Senate. Mandatory data retention requirements worry privacy advocates because they permit police to obtain records of e-mail chatter, Web browsing or chat-room activity that normally would have been discarded after a few months."
Quick easy solution (Score:5, Interesting)
Then tell all the privacy watchdogs to go back and chew their bones.
Downward spiral (Score:5, Interesting)
How long till the US goverment mandates that all data, whether from phonelines, email, searches, etc, has to be maintained on government servers for safe storage. I'm being totally serious. First they use child porn and incidents on myspace to scare people... then once they get their foot in the door, its just a matter of time. It truly is scary. Wheneve I talk of stuff like this I am deemed a conspiracy nut or something similiar.
http://religiousfreaks.com/ [religiousfreaks.com]Why Not Get Homeland Security Involved? (Score:2, Interesting)
Re:It's always the children, isn't it? (Score:5, Interesting)
Child Porn is the root password to the US Constitution.
Re:It's always the children, isn't it? (Score:4, Interesting)
Re:Downward spiral (Score:3, Interesting)
I find it highly unlikely that they will mandate transmission of such data to government servers: the bandwidth requirements alone would be staggering. They'll just do what East Germany^H^H^H^H^H^H^H^H^H^H the European Union is doing: require ISPs to log everything and keep it forever and forget about that whole "judicial oversight" thing. What this does mean, depending upon what information your ISP happens to log, that you may someday find yourself arrested or be the subject of a lawsuit for something you might or might not have done years earlier. I'm sure the RIAA is going to just love this. I can see it now: "don't download anything illegal because we can come after you forever."
One of these days we're all going to wake up in a cramped, dark space moving at tremendous speed, getting warmer by the minute. We'll peer outside, and ask ourselves, "where are we going? And why are we in this handbasket?"
Re:Make this as broad as possible (Score:2, Interesting)
secondly, lets just pretend your idea would work. you may disagree with the law, but is this the way to go about it? try fixing it from the inside, rather than directly opposing it. I don't think making law enforcement's job harder and making Al-Qaeda's job easier is going to result in much benefit for society at large. if anything, they would just say the idea did not work as expected and therefore we need EVEN MORE DRACONIAN laws that take away more rights in order to accomplish the objective.
thats what would happen if you're idea was a good one, which it isn't. by taking these actions you aren't creating the change you are looking for, but are instead making the potential problem worse.
The Cost in general (Score:1, Interesting)
What this has to do with the article is that there has been changes in the way files are kept. Just last month they (I still don't know who "they" are) came out with a decision that says:
"Retain until 6 years after case closed, or 0 after any minor client attains age 21, whichever is later. Subsequent to this period, the file must continue to be maintained until death of the client concerned, 80 years after the date of birth of the client concerned, or the client concerned provides instructions on disposition of the file, whichever is earlier."
So we have to either get each client to agree that we can destroy their file (something very few of them will agree to), keep tabs on each client to see if they die, or hold each file until the client turns 80 years old. Worst case senario we have to hold these boxes for 64 years (16 year old + 64 years = 80 year old). We don't file by client age and we will not start to, so we have to file each box for 64 years just to be safe! 64 years x 11,000 = 704,000 files, or a metric fuck-load of files. I have no idea where we are going to find a warehouse large enough and cheap enough to hold these files for 64 years. Not to mention the taxpayers pay for this stuff, and I can't see them paying to hold 60 year old Indecent Exposure files for some guy who died 30 years ago.
Moral of the story: Ideas like these get floated around from time to time but they never pan out when we realize the cost associated with them. My problem with our situation is this: Why aren't the rights of 81 year olds protected? What happens at the age of 80 that makes it so you no longer need your file?
Re: Maybe it's just me, and I'm being insensitive. (Score:5, Interesting)
Not by a long shot. Child porn is a gross violation of the rights of the child being used to make it. The violation continues through the continued proliferation of the materials.
Is it rampant? No one knows. For all we know, there could simply be a pool of say, 1000, images that are simply being recycled via digital copying over and over. No one has any hard data on this. We know nothing, yet laws are being drafted, essentially on the basis of rhetoric.
Is it that big of a concern? Well, for the person directly involved, it may become the biggest concern in their entire lives, and possibly the biggest concern in the lives of their loved ones too. They are still being violated in a very real sense. Depending on the circumstances, some might be able to cope with this others might not.
Is it that big of a concern for the rest of society? Well, yes. I am personally offended that people's rights are violated in this way. Those responsible deserve to face justice and the judgement of their peers under the law. Like all sex crimes, everyone can agree something needs to be done.
But should everyone elses rights be violated in order to "do something"? Will this even work? Should more people suffer because of what has been done to the victims? I, and most Slashdotters, realise that we should have our rights forsaken or violated in response to the violation of others. Rather, we should use the law as it surrently stands to both protect people and bring the guilty to justice. It is up to the task.
I would like to think victims of sex abuse would agree with my sentiment that the rights of everyone shouldn't have to be lost or violated in response the the violation of the rights of the victims. But I don't know that this is the case. I would like to hear the opinions of an actual victim of either child sex abuse or child pornography, on all of this. What do the people for whom these laws are suppossedly made for actually think about them?
In all this, I don't think I've ever even heard the voice of the victim. Even once.
Re:Law Enforcement (Score:3, Interesting)
Data retention and maintaining of backups is very expensive. There is no real industry standard but in some cases - say in the health care industry - there are legal requirements for how long data must be retained. Usually, if you formulate a logical data retention policy and apply it consistently then you are safe if you get hauled into court. If you can show that you had good reasons for your policies and that you followed them strictly, then the fact that you got rid of data after a period of time is entirely defensible. Its when you have policies and you fail to apply them consistently, or when you don't have policies that you seem to get into trouble in the courts. Just saying keep the email for 30/60/90 days is not a policy generally speaking.
The problem is that not all emails are of value, so you can't generally just delete them based on how much time has passed. Each email needs to be examined and sorted according to its importance, or you keep all of it according to the length of time you need to preserve the most important stuff. I am sure that few companies do this adequately, and its a big issue in the corporate world at the moment. The Sarbanes-Oxley act has caused a massive stir in business circles, and while email is the big focus point for many people at the moment, things like Instant Messaging and even Blogs are becoming relevant too. If I send you an email and we agree to do business in that email exchange, that exchange is now a legal record - and may even constitute a contract (IANAL so thats not something I can comment on). In many cases that may be the only record of us reaching an agreement to do business. As such its a business record and needs to be preserved for the same period of time as say a written contract I would expect.
Having a logical data retention policy and following it consistently is the most important defense a company or organization can raise in court from what I have seen. That way when you are called to court you can say: "Why can't you produce this email? Well, because its more than 5 years old and we have a policy of deleting all emails after a period of 5 years. As you can see we have followed that policy for the past 8 years consistently. Preserving that email as backup tapes for longer than that period has proven to be prohibitively expensive, and so we formulated this policy as a business decision and have continued to follow it for this entire period". The courts do not expect you to keep everything because thats unreasonable (and searching it would be extremely costly and time consuming as well), but they do expect you to formulate a plan and stick to it. Most companies that get in trouble seem to have formulated a plan and not followed it (or applied it unevenly), or to have suddenly decided to apply it when a lawsuit looked likely (which is seen as covering up evidence by a court in many cases).
As well you need an effective Hold Order system - so that if you get taken to court for some reason, you can immediately inform all personnel that *nothing* gets deleted while the lawsuit is ongoing. All records are retained, no email is deleted etc, so that it can all be produced upon demand. This ought to include things like IM traffic logs etc.
Now as for the legislation to mandate retaining data for a fixed minimum period, well thats probably not that unreasonable. There are laws which prevent that data being turned over for unreasonable reasons, and they *ought* to be enough. I am sure a lot of this legislation is driven by a desire to prevent problems like Enron from occuring again.
I am not a lawyer but I have read a lot about data retention as part of a project I have been working on. Its a dark and murky world and few organizations seem to be spending the amount of time and effort that is required to safeguard their butts should they be required to produce their records in court at some future point.
If you really need to know, then try to send someone to this conference: