U.S. Government Demands ISP Data Retention

dlc3007 writes to mention an article in the New York Times discussing data privacy. The article expands on the U.S. Government's 'request' last Friday at a meeting between Robert S. Mueller III, Attorney General Alberto R. Gonzales, and the executives of several Internet Service Providers. The ISPs were required to retain data on users, for trials if subpoenaed. Right now they're asking companies to do this. The threat is that, if they don't comply, legislation will follow. From the article: "The Justice Department is not asking the Internet companies to give it data about users, but rather to retain information that could be subpoenaed through existing laws and procedures, Mr. Roehrkasse said. While initial proposals were vague, executives from companies that attended the meeting said they gathered that the department was interested in records that would allow them to identify which individuals visited certain Web sites and possibly conducted searches using certain terms." We originally covered this last Sunday, but more details have been released on the meeting since then.

Make it hard for them

[EBFoxbat]

What can I do in my dad-to-day browsing to make it hard for the NSA/CIA/ect ? Does going through proxies help anything?

Retention is ok if lawmakers agree to scrutiny

[postbigbang]

We should be able to keep track of lawmakers, where they go, who's buying dinner (or whatever is spent), which people they're with, whether they used condoms, and their cell phone records.... with reverse # lookups.

Then we can let ISPs retain the records of where we surf.

Egads:

Amendment 1:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Amendment 4:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The all powerful ISPs

[usurper_ii]

Of course, log files can be manipulated and faked. ISPs will have the power to exonerate or destroy people (maybe a new revenue stream for the ISPs???).

If this does become law, soon it will be required that the ISPs use only "approved" monitoring software, perhaps software that will digitally sign the log files. And then, since they still can't be trusted, the log files will have to be kept in a central location of some government office.

How much will this "approved" monitoring software cost?

Usurper_ii

Harmonization

[chill]

The concept of "harmonization" has been used to justify lengthening copyright terms around the globe. If a major area has a longer term, it is easier to convince everyone to bump up to that than have the term lowered. Governments almost never give back power or revenue willingly.

In this case, Europe was used as a trial balloon by the U.S. While the data retention laws were discussed and debated in Europe, the U.S. policy makers publically commented about the dangers of this sort of thing and how it could lead to a totalitarian "big brother" mentality. All the while they were telling people in the U.S. how much of a breach of privacy this is and how it will never happen here, the back-channels to Europe were doing nothing but supporting the push for mandatory retention and gauging the reaction -- and attention levels -- of the peoples.

Once the E.U. backdoor hammered thru a mandatory data retention law, the U.S. changed its tune. Newly appointed Attorney General Alberto Gonzalez and staff started talking up data retention in the U.S. and pointing to Europe as leading the way. We are now well down this path. For those of you hoping to stall for two more years until there is a change in administration (aka "regeime change"), don't get your hopes up because the Democrats are just as bad. They'll still fuck you over but will be telling you how much they love you and how it is for your own good. (The Republicans just leave out the "but we love you" part. It is still for your own good.)

While Europeans love to preach to Americans about how much more privacy aware they are, and how they have Constitutional guarantees and strong laws protecting their privacy and data use, they miss a fundamental difference.

In Europe, the concept of privacy doesn't include the government. Yes, they have strong laws dictating how data is used, kept, stored and brokered so as to prevent misuse by third parties, individuals and corporations. But, they have no real protections about government access and use to all that data. All in the name of paternalistic government, enacted thru "anti-terror", "anti-drug" and "immigration control" laws the gov'ts of Europe have no privacy when it comes to bureaucratic eyes.

In the U.S. the concept of privacy really means just you. It is *your* data and *your* information and privacy means ONLY YOU get to determine where it goes and how it is used. The government is NOT (in theory) given a free pass or exemption to use, store or broker your data. For the longest time the U.S. Social Security numbers had printed on the issued cards "not to be used as I.D." so great was the fear of a "national I.D.". Of course, this is offset by most American's apathy towards anything to do with government. As long as they can afford their beers, pay the bills and watch their idiot box most of them will be complacent about damn near anything that doesn't interfere with any of that.

Don't believe me? How about his for a statistic: more people voted in the last American Idol episode of that television show than did in the last Presidential Election.

Re:Appeals to Emotion.

[b0s0z0ku]

They're asking this data be retained so that **IF A COURT ORDERED SUBPOENA IS ISSUED** the information will be available. Worried by that? It's quite simple, really. Don't prey on children and don't plan terrorist acts and you'll be fine.

Gov't gets a tip that a terrorist attack might be planned in the Raleigh, NC area. All ISP records from that area are subpoenaed. An automated search is run. Everyone who searched on information about, say, chemistry, nuclear reactors, and uranium (as I have in the past) even out of innocent reasons gets a visit from the neighborhood Gestapo. Maybe even a few of them end up in jail until they can exonerate themselves - after all, a judge/grand jury will be hard-pressed not to charge people with *something* if it's a "national security" issue.

And the real terrorists will be laughing their heads off, since they have already had their training in their camp in Pakistan.

-b.

https:// wanted

[crow]

This is another good reason to use https instead of http. Unfortunately, most web sites will only use https for commerce. If Google used https by default, then the government would have to subpoena them directly to find out what a particular user searched for. Likewise, if Slashdot used https by default, then the government would have a lot more trouble figuring out who an anonymous coward was.

Re:Harmonization

[Red Flayer]

"Don't believe me? How about his for a statistic: more people voted in the last American Idol episode of that television show than did in the last Presidential Election."

Not true. More votes were cast -- but many people voted multiple times in the American Idol final. Only in a couple districts[1] did a significant number of people vote more than once (or have their vote counted more than once) in the last presidential election. Plus, you're leaving out the people who voted but weren't tabulated in the presidential election -- I heard there were a couple[2] of those in OH and FL.

[1] A small town in New England (NH?) had more votes tabulated than they had registered voters.

[2] where 'couple' = thousands.

Swamp Them

[airship]

We need to find out what sites they're monitoring, and develop scripts that will continually access those sites all day long, from millions of computers.

If the system is swamped, there is no way this data can be useful to them.

I hate to even suggest this, but a virus that does this from every infected machine would also be useful in this endeavor. Or maybe a 'false virus' you could place on your own machine that would do nothing, but which could be pointed to as a defense tactic if you were ever arrested under these pretenses.

Re:https:// wanted

[aldheorte]

Just a quick note that yes, this would protect the query string parameters that make up the search, but the ISPs could still technically log your DNS queries and destination IP address of any request packets, so they would know the domains and IPs you visited, if not that particular locations on those domains.

why need spying while others do fine without?

[Anonymous Coward]

I wonder how U.S. will rank in the Worldwide Press Freedom Index [rsf.org] after this.. We already rank in the bottom of developed countries, at 44th.

Contrary to what some supporters claim, there are only several places where such degree of Internet survaillance is enforced, most notably China. And interestingly, China is relatively transparent - their employees speak rather openly about their jobs and Chinese government definitely doesn't lie to their citizens - again, a scary, stark contrast to how things are handled here "we don't spy" --> "ok, we spy but not so much" --> "ok, all your information belongs to us, but it's for your best!" --> "hey, we were finally thinking to work on our budget deficit, could we outsource our $3 billion survaillance backups to ISPs?". In U.S., we pour who knows how many billions of dollars in NSA and other entities that are heavily protected from any scrunity and can be above any laws without white house or press ever hearing anything (just how long they have succesfully operated black sites in Egypt and elsewhere before anyone heard about their existence? and what the white house did when we heard? "i guess they are not big problems, uh?"). In European Union, UK succesfully lobbed for legislation that requires companies to store dialed numbers, etc. That has been done in U.S. for the past 30 years or so, and not merely just dialed numbers, but the content as well [privacyinternational.org]. For comparison, except for perhaps UK, there is not a single country in European Union which engages in any kind of content survaillence (in France, courts can intervene in Nazi movements if someone blames, but they have never considered survaillance). And no, they don't have big problems with "terrorism" or "child predators". Are we Americans so much more evil that we need all this "protection"?

And no, their economies don't suffer because they lack a national industrial policy integrated with goverment intelligence [cato.org]. Do we really need to protect Halliburton and other 'nice companies' from free markets?

This new bill is just a precautionary development in case mainstream companies such as Google would introduce heavily encrypted versions. They know that the public will yell if encryption weakening or data mining software is implemented on user side (i.e. a deal with microsoft), but hardly anyone yells if anything is done on server side (as it seems, a mandatory data access/transfer to survaillance officials). If you want to provide encrypted freedom to your users, locate your servers in countries like Netherlands.

Re:How do you log web usage in the first place?

[kbuckalo]

The Feds use a couple of logs. First, the Apache access log which says which file was requested from what IP over the web. They get this from the site hosting the content. Then, they check the IP against the ARIN database, and contact the ISP who provides Internet access with that IP, and request the name of the person who "leased" the IP at the the time of access.

The subpoenas which come to use are generally for data about which of our customers was using a given IP at a given time. They're not obligated to tell us any info about the case, but one subpeona was related to a murder in Idaho (according to the agent) and a couple others were related to child porn (according to the agent).

I figure whatever the agents say may or may not be true, they may be spinning to get better results. As long as a judge signs off on the subpoena, we follow the law. (unfortunately, this administration seems to be trying to get around judicial oversite...)

Re:Appeals to Emotion.

[killjoe]

No the solution is to impeach this pig. That might teach future pigs a lesson.