U.S. Pressures ISPs on Data Retention

packetmon writes "According to Wired's Declan McCullagh 'In a private meeting with industry representatives, Gonzales, Mueller and other senior members of the Justice Department said Internet service providers should retain subscriber information and network data for two years ... A more extensive mandate would require companies to keep track of e-mail messages sent, Web pages visited and perhaps even instant-messaging correspondents.'"

Simple Solution

[massivefoot]

Is this not exactly the sort of problem public key cryptography is well-suited to combatting?

Re:Whos going to pay for this dumb idea?

[Anonymous Coward]

They're actually trying this in the EU, where it has already been agreed that data retention should be implemented for at least 6 months or so.

Personally I don't see little that can be really achieved with this approach to actually prevent terrorist, since there are dozens of ways that can be used to circumvent this data mining approach.. and even a 12-year old can think of them.

I think one might only be able to do something with when something has actually happened, parsing these amounts of data in real-time andextracting something you didn't know from it is extremly hard.

Note number 1: The famous Dutch ISP xs4all has started a counter [xs4all.nl] in the beginning of september 2005, giving an indication of how much cd's one would need to store only their traffic (~6% market share AFAIK). As I write this, the counter approaches 62 million cd's.

Note number 2: I once saw someone make a small calculation on the back of an envelope about how much physical space would be needed to store all this information using hard disks.. and how many disks would fail every day given their MTBF of such a large 'warehouse filled with disks'. IIRC, one would need about 10 FTE only to replace the failing disks..

Note number 3: It's obvious that these ideas are not made up by people with technical expertise

Note number 4: perhaps it's not a bad idea to start buying shares of companies that provide storage solutions ;O

Note number 5: I'm really wondering how this whole non-sense would hold up against the 'innocent until proven guilty' idea. If I'm innocent, why am I being tracked?!?

Re:wow

[jcupitt65]

The UK (and now the EU, thanks T. Blair!) have data retention already in law (though not yet implemented AFAIK).

They don't retain the data: the volume would be far too high (as you say). They just (!!) track who mails who, who IMs with whom, and the websites you visit. Just liike an itemised phone bill, but covering the internet. The websites thing is unclear: I don't know if they're planning to just keep www.mybank.com, or whether the whole mybank.com/transaction.php?cardno=2345876349583498 will be retained.

Anyway, data volume isn't a particular problem, and I imagine the US is planning the same idea.

Preserving ALL of your data IS possible

[Anonymous Coward]

I've worked at one startup which actually WILL preserve all of your data. You are misleading people by thinking that there's just too much data to capture. It just isn't so. Furthermore, the technology is here right now to report, in real time, what you are doing.

If you don't believe me, just look at the technical specs of the device which AT&T is using for the NSA. Also look at packetmotion.com. And, from looking at the job openings at dice.com, there's at least another startup on it's way to do the same thing in this market.

Right now, they can't keep all of your packet data for two years. But they CAN keep all of your connection data, and tell not only what sites you are connecting to, but also what type of connections you have. It's pretty useful for identifying Kazaa (et. al.) types of connections.

If you don't believe me, just ask the IT staff at UC Berkeley. They actively pursue this type of snooping on both faculty and students. They, and other Universities, are a preferred testing ground, since they throw such a load at the devices.

Now, why Universities encourage outside spying on the faculty and students is beyond me. But yes, this stuff is happening right now.

The current goal for all of these companies is to preserve ALL data for at least two years. They aren't there yet, as the disk space required is extensive. But they CAN do it for shorter periods of time, if one spends the money on filers.

What's more, it will only be a matter of time before they can preserve this data for at least two years, and longer. There are companies which make use of cheap fast SATA storage for about 1/5 the cost of a NetApp filer. 50 Terabytes is affordable; in 5 years, you're looking at affordable Petabyte storage.

The point here is that the Government is ahead of the curve, as they know it's only a matter of time before the disk storage required to keep all data is afforable. So they want this snooping in there now, as it will be a lot easiler to mandate that ISP's keep ALL data once they have these hooks in place.

So please quit misleading people into thinking that there's too much data. Snooping, reporting and storing this stuff is possible now, and is only going to get easier and cheaper in the near future.

Re:wow

[TheGavster]

The thing that scares me about the car logging isn't so much the logging (which is worrisome on its own), but the plan to automatically correlate that data with the movement of cars found to be involved in terrorist incidents after the fact. So if your car was near the terrorist car for 50 miles leading up to the attack, now you're a person of interest, all because you kept to the right and didn't pass.

JAP Project

[cyberkid81]

While still in its early stages, wouldn't something like the JAP Anonymity project undermind the entire purpose and usability of data retention? http://anon.inf.tu-dresden.de/index_en.html [tu-dresden.de]

Re:TAX AND SPEND TAX AND SPEND!!!

[WilliamSChips]

The Republicans aren't tax and spend. That would be far too nice of them. The Republicans are borrow and spend. At least with tax and spend it doesn't fuck up the children by putting the burden of the debt on them.