DOJ Can't Get Net Firms To Agree On Data Retention; Expect Legislation
from the making-things-worse dept
All week long there’s been talk about how Attorney General Alberto Gonzalez wants internet companies to retain user data for two years, for purposes of government investigation. Europe recently put similar requirements in place, ignoring the serious questions about costs (leading some to suggest now might be a good time to invest in storage companies). Not surprisingly, the talk from earlier this week wasn’t just talk, but a preamble to a supposedly secret meeting today that resulted in no actual agreement (doesn’t seem very secretive does it?). Of course, for years, we’ve been repeating the reasons why data retention makes things worse. It adds more data, but makes it much harder to find the useful data. At the same time, there’s a very high likelihood that if the data is available, it will be misused. And, that, of course, doesn’t even touch on the question of how this probably violates the 4th Amendment. However, now that the meeting hasn’t resulted in “voluntary” data retention rules, it’s probably only a matter of time until someone introduces legislation to require such retention — despite the fact it’s unlikely to help, extremely expensive and most likely unconstitutional.
Comments on “DOJ Can't Get Net Firms To Agree On Data Retention; Expect Legislation”
Is there any talks on government reimbursement for the additional costs for the various communication companies the DOJ has been attacking? Not only do they take our rights away, they attack big business also. Should this not upset both ends of the political spectrum?
Data retention is a red herring
“Is there any talks on government reimbursement for the additional costs for the various communication companies the DOJ has been attacking?”
No. We’ve had DR for some time now. They got away with rubber stamping the legislation without any consultancy here in the UK, but then you can count the number of ISPs on one hand over here. They just had to suck it up. In theory anyway, because I wonder how many are complying. Those I know who work for ISPs quietly smile when I mention the subject – basically they are dragging their heels and piping most of it to /dev/null. When the authorities come knocking and asking for records the story is going to be “Oh we don’t seem to have that tape, it falls into a period when the system wasn’t implemented” In the end it’s better to face the music on a case by case basis than bankrupt yourself rolling out a new 1 petabyte storage system. Have you any idea how much reliable offsite storage costs? Not to mention the bandwidth shifting all that crap over. Basically they can legislate all they like but if governments want this for real they’re going to have to implement it themselves. And frankly, they don’t have the manpower or knowledge to do it.
In any case, a thoughtful analysis of DR reveals it for what it is. It’s absolutely USELESS for preventing “terrorism” (the cliche excuse). It’s entirely retospective. Insert parable involving stable, horse, door, bolted.
In short, it’s an ill thought out reactionary kneejerk by frightened luddite quasi-fascist nosey bastards who are probably under the thumb of marketing lobbyists. If collected this data *WILL* be sold to the highest bidder, no question about it.
Lastly, I’ll say it again… the intelligence services and law enforcement are completely lost on this issue. They are harking back to cold war Stasi methods hoping to throw out a dragnet. We had one very bright chief of intelligence here once, she understood the issue I am talking about. Stella Rimington called this behaviour (I paraphrase) “useless and counterproductive”. It ties up resources and money better spent on good old fashioned psychology, infiltration and human observation where you can target the use of technology preemptively against well selected suspects.
1. DR doesn’t automatically = violation of 4th amendment rights. Just because a company is regulated to keep records for X amount of time doesn’t mean the government should be able to see it without a warrant, just as the law is written now (although the present administration seems to have a “flawed” interpretation of these laws)
2. You’re framing this like there is no precedent for DR in todays society already. Telephone companies are required to retain records for a certain amount of time, you employer is required to keep certain records, banks and credit card companies are required to keep records for a period of time, I bet you could still find your elementary school records if you tried! Again, the issue isn’t DR in and of itself, its proper regulation of how the government can and can not get at the information.
3. The cost. The current cost of a gig of hard drive storage is less than a dollar! I don’t see how having to store transaction information is going to kill a company monetarily (and they probably do it anyway to track searches and figure out what ads to serve you). That primarily depends on what information they want to place into DR I guess, but I can’t see why the government has to subsidize this effort, it doesn’t for the other myrad of industries forced to implement DR. Sorry to say it but the internet isn’t a bunch of mavericks doing as they please, anymore, it’s quickly becoming a mainstream utility like phone service, and you have to expect the government to apply similar types of “overlegislation” to it.
In summary, I think having a reasonable DR program for web searches and such could be useful in the investigation of crime, or in litigation activities in general. The information could also be applied to future infrastructure planning, identifying potential areas of investment in the internet (this company or service gets lots of traffic that can be verified independently). The key, again,is that the proper application of the 4th amendment (ie judicious warrant use and monitoring government activity more closely)
You state that hard drive space is cheap. Maybe it is. It is still a cost that the ISP must (if passed) pay. This means higer prices to the customer.
The logs? They don’t get smaller over time, they continue to grow. I work for a small ISP that keeps 4 days with of email server logs. These logs do not contain any form of content of the emails, just who it is to, who it was from, and some routing information, along with antispam tracking. The log file rotates daily, and comsume 2+ GigaBytes of space. Over a year you are talking over 700GB, and that is for one of the 2 email servers. Assume some growth, and the increase in email traffic that goes with it, the increase in spam, and the possability of having to add yet another email server… you are talking multi-tarabytes per year, of just email logs.
The Dialup/DSL connection logs (who is on what IP when) will consume yet another milti-tarabyte per year.
Add in the requirement that the data must be accessable (with a warrent) means that backups of such data must also be maintained. That just doubled the space requirement, if not tripled it. The only reason this space is needed is because some politician thinks it is necessary. The information is not usable by normal law enforcement. It won’t stop a terrorist. It only serves to go after somone who may have comitten a civil, not criminal, crime. The time it takes for law enforcement to get enough informtion together for a warrent makes it worthless.
I can attest that in the few cases the FBI has contacted us for records, which we complied with once a warrent was properly served, the information they needed was useless by the time they requested it. Yes, we can, and did, tell the FBI that ‘John Doe #1234’ was online at this time, on this IP, and what their real name/address were. We cannot, however, state in court beyond a reasonable doubt that it was the actual user. Anyone can steal access and look like someone else. We have had it happen. More often than not, we catch it, long before the Government can, and we only keep 3 months of dialup/DSL logs currently. Without backups.
We can’t afford to store more without raising rates. Instead of “Think of the children” in this case it should be “Think of the small businesses.”
There must be DR
Gigabyte of storage costs no more than 80 cents now . DR can help alot tracking down criminals (don’t give me “too much data”crap .too much better than none) , and it is done in almost every other aspect of citizen’s lives . Phones , banks , travel , credit cards , shopping .
Internet usage DR can actually save other companies from having to keep records .
Even if there is legislation and by some miracle it passes BOTH houses and is signed BEFORE Bush(Republican) leaves office in a couple of years…
The ACLU will bring the matter to the Surpreme Court…as it has done will many constitutional violations…
and a new generation of Ultra Hi tech proxies will be developed – offering services from different nations to foil this
In terms of the US, when the govt. requires wiretaps, they do pay the telecom companies for the expense. I can’t imagine that this wouldn’t apply to any kind of internet monitoring or recording.
Oh, one other point. If it would do absolutly nothing to stop crime or terrorism because of the volume of data, why would it cause any privacy issues? Wouldn’t that be as useless also?
Sure, it may be retrospective, but it might come in handy in actually convicting someone of a crime.
All the freaky people make the beauty of the world
“Oh, one other point. If it would do absolutly nothing to stop crime or terrorism because of the volume of data, why would it cause any privacy issues? Wouldn’t that be as useless also?”
The fact it wouldn’t help stop crime or terrorism is unrelated to it causing privacy issues as is the amount of data. It’s everyone’s data that they’re collecting, not just a criminal’s and that data is all the sites that everyone has visited at any point in time for ANY reason. I’ve had incredibly retarded “friends” who have sent links to questionable sites, I may have “visited” but I definitely didn’t get excited by having done so but this would make available that I had visited them at one time whether it was my intention or not. Now, the fun part is that the ISP’s that host those websites would have to have said data retention to and if they get busted, I would be a suspect over having visited ONCE. So even if I wasn’t being monitored from *my* ISP, I would be monitored by someone else’s.
And that’s just the tip of the iceberg.
Outside the US
What about ppl who do not live in the USA, but are visiting sites hosted in the US. there will be a huge number of records in the database, and some form of bot, similar to a DDoS bot, could make hundreds of connections to a huge list of questionable sites, even if the infected computers did not actually download the data, but simply requested it an left a random IP address. I don’t know exactly how this could work, but it would mean huge amounts of extra work for the DoJ.
1.) You’re presuming that information such as telephone and ISP records are currently being obtained via warrant. I’m not sure if you’re aware of this little piece of documentation called the Patriot Act but it essentially allows the federal goverment to obtain any record they want without the use of traditional subpoena; e.g. they do *not* need to obtain a Judge (or other means of Arbitration)’s authority in order to issue a subpoena for records, which in essence means that a little thing called probable cause is thrown to the wind. If they really wanted to they could use the Patriot Act under the phallacy of “National Security” to obtain ISP records of every Muslim in America, oh wait, they already have.
2.) Okay, so the cost of 1 GB of disk space is roughly 50¢, lets see 1,000 GB = 1 TB and 1,000 TB = 1 PB. Presuming that only a single Petabyte would be sufficient for a major ISP such as ATT/Comcast, Bellsouth, or SBC, you’re looking at a rough cost of $500,000 per Petabyte, and that’s using IDE lets not even get into the cost of reliable SCSI or SATA disk space. So at the rough cost of a half million per ISP per Petabyte, and presuming that there are only 6 ISPs (despite the fact that there are dozens in the U.S. not including Dial-Up services) you’re looking at roughly three million dollars just for DR. What should be stored btw? Do you just want ARP/DHCP tables or do you want every single IP address that was visited by subnet as well as the information they searched for and/or cookie/temp file information? Anything more than vague DHCP and ARP tables a Petabyte per ISP isn’t nearly enough and even then what good is establishing who had what IP at what time?
The whole thing smells of abbusive control. It’s just something else that the federal government can use against its people in order to maintain draconic like control over the populace.
So exactly WHAT do these asshats have to do before we get off our lazy butts and vote them out of office? It’s hardly rocket science: be an idiot->lose your seat to a new face.
This legislation will not protect minors, but it will continue to erode their (and our) freedoms. There are so many amazing things that teens do with social technologies. To lose all of this because of the culture of fear is terrifying to me. I found out about my alma mater talking to strangers online in the 90s. I learned about what it means to be queer, how to have confidence in myself and had so many engaging conversations. Sure, i found some sketchy people too, but i learned to ignore them just as i learned to ignore the guys who whistled and honked from their cars when i walked to the movie theater with my best friend. We need to give youth the knowledge to know the risks of their actions, the structures to be able to come to us when something goes wrong and the opportunity to grow up and connect to their peers. Eliminating cultural artifacts because we don’t understand them does not make our lives any safer, but it does obliterate so many positive interactions.
one other point. If it would do absolutly nothing to stop crime or terrorism because of the volume of data, why would it cause any privacy issues? Wouldn’t that be as useless also?
Thanks for your collection, it is an easy way to get an overview. Usefull for everyone who has to work around with different languages. Go on working in 2007 and all the best for you an your visitors here .