U.S. Pressures ISPs on Data Retention

packetmon writes "According to Wired's Declan McCullagh 'In a private meeting with industry representatives, Gonzales, Mueller and other senior members of the Justice Department said Internet service providers should retain subscriber information and network data for two years ... A more extensive mandate would require companies to keep track of e-mail messages sent, Web pages visited and perhaps even instant-messaging correspondents.'"

wow

[joe 155]

that's a lot of data... I wonder how many hard drives it would take to keep that much. besides, it would be so much data that it would be really had to sort through it all in order to try and prevent any crimes (I'm assuming this is an anti-terrorist thing - as most crazy freedom reducing laws these days are)... all this would do is after someone had blown themselves up and you knew who they were you could say "so in this instance "flower" meant bomb... but because of the cellular nature of these groups we're no closer to stopping any other attack"

Why not just follow the formula in 1984?

[Mostly a lurker]

Rather than put all of the onus on spying on the population on third parties, such as telcos, credit card companies, ISPs and airlines, why not just implement the solution in 1984. You just install two-way TVs in everyone's homes and offices. That way you can efficiently monitor what everyone is doing in a centralised fashion. The data would be recorded for later playback if needed. As a safeguard, officials would only be able to examine the recordings if they obtained a court order (unless, of course, the President decided it was necessary to the fight against terror to waive the requirement for a court order). After all, if you are not doing anything wrong, why object to such a system?

conflicting goals

[runlevel 5]

FTA

"I will reach out personally to the CEOs of the leading service providers and to other industry leaders," Gonzales said. "Record retention by Internet service providers consistent with the legitimate privacy rights of Americans is an issue that must be addressed."

Privacy rights and citizen-snooping mix worse than water and oil.

Re:Why not just follow the formula in 1984?

[BobSutan]

Why not? Because they haven't boiled the frog slowly enough yet to get away with it.

Re:Do they realize the scope?

[Mostly a lurker]

I will just add that one of the most important uses of the information will be to go after those who "put national security at risk" by revealing illegal actions by the security services.

Re:wow

[jacksonj04]

If yuo run a mid-sized network just get your router/firewall to log everything that goes past to gat an actual idea of how much this is. I tried it a while back on my home network (3 users, slightly above average on each) and got some stupidly large volume of data.

Data Storage

[LordLucless]

I'm sure the ISPs wouldn't mind - as long as the government provides the data storage center and pipe to the same. I just don't want to be the poor sucker that's expected to develop an algorithm to efficiently search the steaming pile of crap that results from that sort of requirement.

Private Meeting?

[badlikeacobra]

I wonder if they have some privacy issues about the content of their private meetings showing up on the internet?

Distraction?

[m1ndrape]

are we sure this story isn't just to distract us from the AT&T + NSA snooping headlines? if they need to ask ISP's to retain all this data, then surely the NSA isn't doing what everything thinks they are doing.

There's no difference.

[twitter]

They are talking about taking Carnivore out of the secret room. The "records" of everything you do will be available without warrent already. New laws will do away those pesky constitutional concerns. Sooner or later the collection machinery will be specified and owned by the feds, though still payed for by the ISP. The "evidence" will stand up better in court when someone decides to dissapear you with kiddie porn or some other disgraceful crime. The currently proposed system will eliminate the "stove pipes" in the current corporate owned spy network. You private papers and personal effects are owned more effectively than Eric Blair imagined they would be.

Freedom and Cost

[Sqreater]

The cost of freedom and rights is paid not just on the battlefields of the wars we fight, but in our everyday lives. When we become so weak that we cannot accept that cost, then we cannot have rights and freedoms.

In Massachusetts, USA, we now have State Police on television, threatening the citizens of the State over seatbelt use. In the mad desire to save the last life, our government and police oppress and threaten not murderers or rapists, not armed robbers or burglars, but citizens commuting to work, mothers doing shopping, and old people on the way to bingo.

You can be sure that the requirement to hold all ISP information on individuals will extend from 2 years to 5 to 10. Then there will be a lifetime requirement on all communication by an individual.

They justify these incroachments on rights and freedoms by saying they are fighting crime and saving lives. We have to be strong enough to accept the consequences of our freedom to chose in our lives and tell them we are not mere cells in the body of society. We must tell them that we are not all "uncaught criminals" who must be monitored and spied upon by the government for our own good. We must tell them to go to hell.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Constitutional Amendments?

[Bobzibub]

Happily, I'm not American. = )

But I do live in the US. From what I can gather, they want to create big nets or maps of people. Who contacts whom. They don't particularly care what people say initially. That comes later if something strikes their fancy. There was a story once where they ID'd some 911 people on a big chart using this info, but they did not keep the info; the military was not allowed. Now the legislation is catching up with the technology...Nevermind that the 911 person was only fingered along with a gazillion others....This story is the driving motivator, I'd bet.

Encryption will not help you here because an encrypted email still fingers your pals as pals of you. Probably not triangle boy either because they will have info on both ends, as long as the communication is domestic to the US.

You might be able to network directly with the peers on your subnet and "distribute" before your ISP gets the info? The ISP would have to sniff every subnet. Might as well make 'em work for their data eh!

The ISPs they're talking to are major companies. And as we know, the lobbyist's lawyers write the legislation. So it will actually happen if the ISPs can get someone else to pay for it. Watch the money. Mean time, support your local yokel ISP, the ones who cannot possibly have the resources to do this. Or start your own.

I agree on the "get a system up and running" part. 96 bits for two IPs and a date stamp? We can do better! Really, one needs to consider a distributed network where all the major protocols are mimicked. One "FTP" packet there. One "HTTP" packet there. One "telnet" packet there. Couple of fake "ssh" packets over there. This way we could make the amount of data to be retained extremely expensive, because you don't get a single couplet of points for a whole tcp stream. Also, with data jumbled, assembly will require actual CPU power, not just DMA transfers from NIC to hard drive. And if we could get that module into the kernel to do some opportunistic distributedness.. That would be ideal.

I dunno. It is unfortunate to watch what can happen in five short years. You should start putting your foot down Yanks. Don't count on me: if the #@*($& hits the fan, I'm outa here.
= )

Cheers,
-b

Who moderated the real American a troll?

[frogstar_robot]

The parent poster is dead correct. Not being spied on and continually asked "Your papers comrade" was supposed to be one of the touchstones of American citizenship. When I was growing up, I was often told that not enduring such things and NOT TOLERATING them was one of the many things that made us better than the Russians. People used to care enough about that citizenship to even brook contemplating the traitorous ideas Gonzales and the rest of the Bush administration keep coming up with.

The people in charge right now really suck. But the lack of spine being showed by the People means they suck worse. We should be howling for these clowns' heads on platters.

More correctly, I'm sure AT&T wouldn't mind

[usurper_ii]

They are already doing it, and they know how many small ISPs would have to shut down because of the cost and complexity of doing something on this scale, if it became law. Big monopolistic-type businesses loves big government, because it puts up a large barrier for entry into the market.

Usurper_ii

Re:wow

[Cicero382]

Well, I can't speak for "them", but our firewall saves *every* packet that passes through it for security reasons (don't ask - it's a client thing). It's mirrored, but I dug my heels in when they wanted backups.. Why?

We ran a trial period to look at the issues (who wouldn't?) What we found was this:
(Hops over to firewall to get the stats..)

Over the 4 week trial period we captured 521Gb of data. Since we had only allocated 500Gb for the whole thing - this was worrying.

BTW - we use a full-duplex satellite link 'cos DSL isn't available in this part of Italy and also it has a *ridiculously* wide bandwith. We don't really care about latency. Well, some of my staff who would rather be playing Quake probably mind..

Sorry - I digress.

My point is: We are a company which is geared towards storing and processing very large amounts of data (>120 Tb). We use the internet to access various DBs for our work. We're not what one would call a large organisation. But there are plenty like us and many more even *bigger*! And this is just corporate use.

So, how the hell is *any* ISP expected to store even the most trivial details of IP transactions run through it? Just "FTP from here to there"? What use is that?

If we're struggling to deal with saving this type of transaction data for ourselves (with our storage capacity) I can guarantee that the "powers-that-be" haven't got a snowball in hell's chance of retaining anything useful.

Even if the collection of the data was justified.

Even if there was any way they could process it.

Laugh

[Mark_MF-WN]

I swear, it's a laugh a day with the Americans. Never was there a people more accepting of their oppression. Even Iranians stage riots. What's America got? Disgruntled forum posts.

Admittedly it would be a lot funnier if I didn't live a stone's throw from the US (I checked once, and the local transit system goes to within 300 metres of the US border... although there is no border crossing at that location). It would be funnier still if I wasn't aware that Canada's latest batch of census data is being processed by a US business, and is therefore considered property of the US government. Oh well, c'est la vie, long live rock, and all that.

Re:Freedom and Cost

[cliffski]

people *do* value money over their own safety, because 99.9% of people dont have a grip on probability. Thats why people play roulette and buy lottery tickets. People never think a car crash will happen to them.
I wouldnt drem of driving a car without a seatbelt, I simply wouldn't feel safe doing that. For the same reason, I wouldnt ride a motorbike without a crash helmet. Is that a freedom issue too?
I was part of a 4 car shunt once (i was stationary, some drunken loon went into the car behind me). Without a seatbelt, I'd have gone through the windscreen, might have even died. I guess I'd have died for freedom?

Re:Freedom and Cost

[the eric conspiracy]

The seatbelt legislation is to save the insurance companies money.

On what basis can you make such a statement? Surely the insurance companies just pass their costs on to the policy holders. The costs of not wearing seatbelts is much more widespread than just the insurance companies (which is unlikely anyway). It drives up everyone's insurance rates. For children it is surely a case of parental neglect to put them in a car unrestrained. There is also a societal cost associated with carnage on the highways. One of the best functions of the insurance industry is that they work to reduce their loss rates so that they can offer lower rates to their customers. Surely seatbelt legislation is a worthy expression of this.

Mandatory seatbelts is a freedom issue, but what kind of freedom is it? It is a freedom to play Russian roulette with your and your children's lives, and make everyone else on the highway and for that matter in the rest of society pay for it. If it didn't affect anyone else nobody would care if you felt like competing for a Darwin Award whenever you got in a car. But life is more interrelated than all that.

Join the fight

[Anonymous Coward]

Join the fight against an orwellian government. Encryption is still legal. Use it. Pay for email service in countries that remain neutral and free and support SSL encryption to/from their mail servers. Use desktop email encryption to protect the content of your messages and start requiring others to do so as well. Use anonymizing network tools and support their creators by donating money. Use encryption tools on your local system to encrypt entire filesystems such as TrueCrypt.

The US government needs to understand that we won't tolerate this. They need to understand that terrorists aren't idiots, and that there are plenty of ways to bypass the ISP altogether, and they will use it.

If we make their attempts to monitor the activities of the average citizen useless, they will realize that communication is a freedom that deserves the right to privacy. Our government has no business having access to our personal records and communications. This is a fight they won't win. Our government has been overrun by those who would throw out our constitution and remake it to their own liking. This being the case, we are in a civil war. You just don't realize it yet.

Re:Distraction?

[rbarreira]

if they need to ask ISP's to retain all this data, then surely the NSA isn't doing what everything thinks they are doing.

From what I remember this isn't quite true... The NSA + AT&T case is about real time data mining, not blind storage of details of every connection made by an user. The case presented in this article enables investigators to get data about the past, even if nothing suspicious was detected at that time.

Re:Whos going to pay for this dumb idea?

[TubeSteak]

Until Gonzales' speech, the Bush administration had generally opposed laws requiring data retention, saying it had "serious reservations" (click for PDF) about them. But after the European Parliament last December approved such a requirement for Internet, telephone and voice over Internet Protocol providers, top [American] administration officials began talking about the practice more favorably.

I hate to say "I told you so," but this is just another example of legal harmonization.

Push push push for laws in another country, then once it gets passed, you push to amend your laws.

All in the name of international harmony.

It's a complete short cut through the legislative process. It's the political equivalent of saying "well so and so did it too".

Don't think the process doesn't works both ways. The Europeans are on the recieving end of American patent/copyright laws, amongst other things.