Politicians defeat themselves through unabashed fear mongering.

” Can you point to someone that has done a credible analysis that has different conclusions?”

Most people tend to wait for actual laws before trying to draw conclusions. My point about the linked Geist post is that it is an opinion based on rumor and gossip, rather than reality.

The reality is that it is never a bad thing for companies to know who their customers are, and to at minimum be required to maintain a user / IP / date time relationship log to make sure that they are aware of who is where.

What is funny is that there are plenty of scare tactics out there. Consider this:

http://business.financialpost.com/2011/06/24/canadian-lawful-access-laws-come-at-too-high-a-price-critics-argue/

A great article, until you realize that they basically quoted only Geist and a guy from Openmedia. Not a single ISP was asked about it, and nobody seems to actually be pointing at the content of the law to show where all the so called spying would occur.

Worse yet, opposition MPs have taken it one step further, claiming it will allow authorities to have warrantless viewing of all online activity:

http://www.scribd.com/doc/58583715/Lawful-Access-NDP-MP-Charlie-Angus-Letter-to-Public-Safety-Minister-Vic-Toews

Yet again, nothing indicated has shown this to be true.

As for “different conclusion”, honestly there are a few people out there (particularly Geist and Open Media’s staff) that are so quick to be piling it on in the media that they have buried every other view.

Nobody (including the writer of this post) actually seems able to point at the sections of the law that create this new spying capability. It’s funny as heck to watch them all go around and spew the same talking points generated by a few people scared about having to identify themselves to sign onto the internet.

I am sorry to burst your bubble but…

it is very easy to make “one way” data loggers, machines that receive incoming data for storage, but are not themselves attached in any way to the internet. One of the major flaws of any argument against being aware of which customers are actually online, using a given IP is that most ISPs have to do it anyway. If anything, moving to a more secure “one way” system would effectively improve privacy over current systems.

No, they wouldn’t put it on a laptop (are you stupid?)

The rest of your rant is a rant. Congrats, really about 3/10

Wow, wtf? I’m from Texas and I am so embarrassed that Lamar “Fuck Face” Smith is from here. God, this idiot will not go away.
I agree, that the government/ISPs cannot protect such a lucrative storehouse of data. They can’t even keep their government websites from being taken down on a whim.
Who will pay to implement such a system? ISPs, who will then pass the cost on to the customer?
And what is the next step? Lamar Smith would want authorities to have unlimited access to these databases, but only when it is “absolutely necessary”. And by “absolutely necessary” I mean whenever his legacy industry masters need information on people that are possibly infringing on content. Lamar Smith may come at his and the RIAA/MPAA’s agenda at different angles, but the agenda remains the same.

These lists of information would also make very handy identifiers of “Intellectual Property Thieves”. The fact Smith is owned by hollywood is a total coincidence I’m sure.

Rich, let’s address you main point:

You say these laws will not stop illegal activity. Are you understanding that stopping it is not the point?

The point is in a room of 100 people, if you can identify the 97 who are completely innocent, you can spend your time looking at the last 3. Requiring ISPs to keep logs of customer logins, IPs, and simple stuff like that (not actual surfing history) is a step to help you know which of the 100 people are in the 97, and which are the last 3 you need to spend time looking at.

Further, by setting standards by which this data is collected and made available, the law makes the first step much easier on law enforcement, and would let them focus on the potential criminals instead of the truly innocent citizens. One less step to take to court for no reason (as the courts will almost always approve the request), and no more dealing with ISPs with incomplete records or who willfully do not collect such data.

When you eliminate all the non-criminals from their view, law enforcement can do a better job of looking at those who are actual potential criminals.

For me, it is no different than a license plate on a car. Clearly a car without a plate would stand out like a sore thumb, and makes it easy for law enforcement to focus on it. Combining the plate with a registry allows them to assure that your plate is up to date, that it is the right car, etc, and allows them to better track stolen cars and such.

It isn’t perfect – but again, it is a system that eliminated most of us from ever having to worry about getting randomly stopped to see our registration.

I cannot see any true expansion of scope, rather an attempt to make ISPs (in Canada) to work in a similar manner, and to make needed information available on a timely basis and in a manner that does not intentionally hide potential criminals.

Not getting it.

I knew that. That’s why I was being sarcastic.

Nothing is foolproof, nothing made by humans will be perfect. People working for ISP’s can be suborned or bribed for copies, protocols or tap feeds even to ‘one way’ data channels.

Sony’s PSP security failures & Data breaches of passwords and CC info should be a warning to anyone making this kind of call that it is a BAD idea.

*Rolls eyes*

Back to pirating, ‘eh?

The internet *IS* a right.

It’s a right to information. A right to keep informed.

And, as much as people like you don’t think so, it *IS* the way of life.

Tell me, do you use ATMs? Credit Cards? Debit Cards? EBT?

If yes, then you use the internet for a lot of stuff.

The internet is also used by Fed Ex, UPS, the USPS and other mail companies to track shipments.

Sad fact is, we’re ALL connected to the internet these days.

You don’t think that it’s a problem, having the government spying on us? Don’t give me that “if you’re doing nothing wrong, you got nothing to hide” BS.

There are people who do stuff that’s completely legal online, but wouldn’t want others to see what they’re doing.

I mean, hell, for all I know, you like watching hardcore BSDM smut. Is it wrong? No, it’s not. But people who aren’t into that would see that you like it and get the wrong impression about you.

THAT is the reason we’re against that sort of legislation.

Not because we’re doing something wrong…

But because other people get the wrong ideas about what we’re doing.

i am sorry to burst your bubble but should i remind you that sony was hacked and lots of information was stolen?

“Where is the huge data warehouse of private information?”

Right in the bill, moron.

“Section 4 would require providers to retain a log of customer IP addresses, linked to “corresponding customer or subscriber information” listed in subsection (c)(2) of 18 USC 2703, for at least a year.”

“This includes, but is not limited to forcing Internet service providers to keep track of and retain their customers’ information — including their name, address, phone number, credit card numbers and bank account numbers, which many do already as a business practice.”

Oh, gee, would you look at that? Something that states that information gets STORED and SENT TO THE GOVERNMENT by being FORCED to.

Wow, what a bunch of mis-statements.

What Geist did was publish a piece BEFORE the legislation was introduced, and claim a bunch of things that turned out not to be true (and he came back and corrected at least one of them, the data points collected).

Basically, it would have been better if he has waited for the law to be introduced, and then criticize it.

If you like drinking bleach, that is your problem. That isn’t the issue here.

You guys don’t get it – THE ISPs ARE ALREADY DOING THIS AS A NORMAL COURSE OF BUSINESS! That data is all there already.

You don’t think so? Ever looked at your account online? Changed your mailing address maybe, or added a new payment method? That data is “online”.

All the government is doing is requiring that the log information has a way to be linked to the customer list – nothing more.

So, I ask again:

So, where is the spying?

Where is the huge data warehouse of private information?

Did you just say that a law sponsored by Lamar Smith would be helpful? (..to some unsavory criminals). Just because a law outlines the conditions to avoid notice while providing a unprecidented service for free (well, if you have the abilities to access it), does not mean you given out a set conditions for a solution to avoiding notice on top of endangering the public. It’s math, it can’t be true.

it is very easy to make “one way” data loggers, machines that receive incoming data for storage, but are not themselves attached in any way to the internet.

First, if they’re not connected in some fashion — even via a serial port — then they are incapable of receiving incoming log data.

Second, most putatively one-way data logging systems aren’t.

Third, obviously someone would need to hold the decryption keys for these, else the information is forever useless. If it’s one key across all devices, then when (not if) that key is known, we’re looking at a class breach. If it’s many keys (say, one per device) then the holders of the keys have a key management problem that they are unlikely to solve adequately.

Fourth, there is no evidence that governments (or their contractors/vendors) can handle such information securely. In fact, we have a mountain of evidence suggesting that they cannot, including recent incidents involving Nortel, Symantec, Verisign, Stratfor…and oh, by the way, a bunch of US government agencies are still infested with DNSchanger. (Is there anyone foolish enough to think that this is the ONLY piece of malware running rampant through US government computers? Or that those of other governments are immune?)

And even if we presume — against everything history has taught us, against all the evidence stacked in front of us — that the data collection process is absolutely secure…someone, somewhere, somehow in a law enforcement role will need to decrypt it to actually use it. And it is at that point that it’s complete vulnerable.
And YES they are quite, quite stupid enough to put it on a laptop and lose it. Go google “government laptop lost” and “government laptop stolen” and start reading the entries. It’s a parade, and it’s ongoing. (If you don’t want to google, start with FBI lost 160 laptops in last 44 months and consider that it’s unlikely they even KNOW all the systems they’ve lost.

The point you’re missing is that while it may be preferable (to an attacker) to steal this information at the collection point (and it WILL be stolen there), it’s not necessary. It’s probably much easier to wait for a government agency to harvest it and then just steal it from them.

The government cannot be agile in such a situation regardless of the contents of this bill. Imagine trying to create a bloated, poor version of google, but instead of great potentials driving the development of the system, you have great burdens driving it. That will lead to ultimately a poor system and one where it will be attacked.

Of course the government doesn’t have to create the burdensome parts, they just have to require them from companies.

Still not seeing it.

An ISP should be able to prove who their customers are, and relate users to IPs at login. I don’t see any spying. They would need this information to even have a hope of justifying bandwidth use.

Would you care to try again?

Dear Anonymous Cowards,

I am merely one small cog in the government. But you are not anonymous to me. Some ISPs are beginning to collect info, but this would go way above and beyond this. I can compare your IP address and word style choice, or just ask your ISP, and now you are no longer anonymous to me. If I dislike you, I can publish your real life address, phone number, family connections, etc.

And don’t give me bullshit about hiding behind proxies, because all the proxies will be traced and recorded. In short, no more anonymity for you. I now know who you are and can expose you… everywhere you go online.

*Everywhere*

Everyone will know your hobbies, your deep, dark secrets. And if I am feeling particularly vengeful, I can modify your data, and presto! You’re now a pedophile, on the sex offender registry and the no fly list.

I can have your bank accounts frozen, your assets seized, and your name discredited.

And there isn’t a damn thin you can do about it, because I have access to ALL your information that the government is conveniently collecting for me.

Still feel good about all this? If you are, simply post a comment with your real name and address. After all, you seem to be comfortable with the idea that you can be identified and located easily, so I’m sure you’ll have no problems coming out into the open.

Oh wait, it says “Anonymous COWARD” for a reason.

Sneeje, let’s look at it.

A machine that is connected only to the secondary port of a server (not via the “hot” internet side), and which only accepts connections on a single given port, and only processes those requests on an incoming basis. No web server, no SSH connections, no http://FTP... with the data written to a completely offline data storage device, with no native ability for the logging machine to read it back.

It’s pretty basic.

Can it be “hacked”. Sure. Someone can walk up and steal the hard drives or the data storage device used.

Now, considering that all it would have on it would be a userID, login time, IP address, perhaps MAC address… and NOTHING ELSE, what is the issue?

Remember, your ISP already has your customer information in a database, and it is almost certainly online. What are we adding here, exactly, that has you so hyped up?

No, clearly Geist made mistakes in his article (he corrected one). In Canada, the “committee” deal isn’t binding like the US.

Perhaps you need to learn more about how their political and legislative system works.

What?

There is no indicated that the pieces of data need to be stored together in a manner that would let just anyone see them.

Holy crap.

You want to talk about baka… puk gai.

Where is the spying, lo mo?

“The reality is that it is never a bad thing for companies to know who their customers are”

Maybe not from the point of view of the company. From the customer’s point of view – sorry, your statement is patently false. There are companies that I trust to know stuff about me, and companies that can’t do business without knowing things about me, but the choice to give them that information should be mine.

I absolutely DO NOT want my grocery store to know who I am every time I show up. I CERTAINLY don’t want Target (for example) to know who I am. I put up with the fact that the pros of giving my e-mail to Google outweighs the cons, but the fact that they know a lot about me is NOT universally a good thing.

“It is regulated, and in those regulation, it can include provisions to mark, label, or have identification that can be used”

Incorrect. It is about to be regulated, and there are damn good reasons to allow anonymous access. That’s what this whole argument is about. Saying we should accept these regulations because the regulations are already there is ridiculous.

“an you show the EXACT provisions that suddenly create the widescale spying you seem to be implying is out there”

This sentence makes no sense. The spying is already out there – there’s no need for a law to require spying because it’s already happening. This isn’t paranoia. This story wouldn’t be a story if AT&T didn’t help the US government eavesdrop on every text and phone call their network carries: http://www.techdirt.com/articles/20120208/05014817703/canadian-muslim-who-sends-text-urging-his-employees-to-blow-away-competition-arrested-as-terror-suspect.shtml . This kind of mistake simply shouldn’t be able to happen, because private texts should be private. Period.

The situation as it stands – where most of the time personal information is handed over with no oversight – is bad enough. What we should really be lobbying for is to make sure that ISPs aren’t allowed to hand over personal information without a warrant.

The provisions that people are upset about are the ones that require information to be handed over without a warrant. Maybe that’s just symbolic because the information gets handed over most of the time anyway, but I’m damned if I’m going to let the problem get worse.

And you’ve shown nothing, the post was about US, Canada, and UK. Even if one grants the Canadian version is not a problem (I don’t), sounds like the US and UK versions are still problematic.

I love people like you that appear to assume that there are no unintended consequences of legislation–that it will be used exactly as intended. Sneeje was right–you’re one of the sheeple.

Lo mo, ISPs already need that information to be able to bill you for usage.

Where is the spying?

I am serious. I can see you have some pretty good conspiracy theory raving going on, but really: where is the spying?

“veryone will know your hobbies, your deep, dark secrets. And if I am feeling particularly vengeful, I can modify your data, and presto! You’re now a pedophile, on the sex offender registry and the no fly list.”

Again, where the heck in these laws do you see that?

It’s an amusing story, just not supported by reality.

As a side note, I have to wonder: Are you the same sort of smart guy who was against SOPA? I have to wonder what level of misinformation was used to derail that law.

It is remarkably basic. I was giving someone and example of what can be done to create very secure logging systems.

Now, the US law (and the canadian variation) appear only to require the ISPs to retain the types of information they should already been keeping, and to keep it in an organized in some sort of fashion that allows log in and log off times (and IPs) to be more easily related to actual customer accounts.

Heck, you could encrypt it all on the fly, with no issues. Without the key, even a hacker couldn’t do much with it.

Remember: your isp currently has your payment method on record. Is there a reason why it wasn’t hackable yesterday but is suddenly hackable today?

“Again, where the heck in these laws do you see that?

It’s an amusing story, just not supported by reality.”

You don’t really understand computers, do you? *NO* system is 100% secure. If it can be leaked, it WILL be leaked… especially if connected to the internet, and you can bet all this information database stuff will be.

“It could be someone parked outside your house, or across the street using your wifi. Especially if you have kids (a lot of handheld game systems use WEP which is easily cracked).

For the most part, it’s of very little to try to log more than what IP at a given time was assigned to which account…”

This is true, but doesn’t show the whole story, either. An IP address helps narrow down the physical location. Then you can simply watch who logs in and when to that access point, and/or snoop the packets that are flying around.

Bottom line is: you aren’t as anonymous as you might think you are. If someone wants to find you, and connect your comments to your real life persona, they will. Hell, the very times when you’re posting, can give them an idea of who is doing it.

And what this law does, is correlate ALL the information about you into one easily accessible place. It’s a one-stop shop for information thieves, or someone who develops a grudge against you.

From what I can see, the ideas of these laws is to assure that, in the case of criminal (or civil) investigations that the ISPs are required to maintain the data for long enough for that to happen, and that it should be done as part of the course of business.

Some ISPs may not be doing it, some may only do it for the current billing cycle, etc. The laws are being written to establish what is required for a more consistent system. As a side line, it will also eliminate the old “oh we don’t keep records” excuse that some ISPs seem willing to try in court.

I don’t think it has much to do with customer billing, and all to do with any legal action to be taken in regards to online activities.

It isn’t spying. It’s something that is pretty normal.

As a side note, I have to wonder: Are you the same sort of smart guy who was against SOPA? I have to wonder what level of misinformation was used to derail that law.

“And with that deal-breaking remark, AC#1 lost all credibility and respect within this comment section.

The end.”

you failed to explain how anything said here or on Mr. Geist’s post is inaccurate.

Ahem – that’s Dr. Geist. He didn’t go to medical school to be called “Mister”*

*(rebuttal: he’s not a medical doctor, he didn’t go to medical school at all!”)

(re-rebuttal: Right, that’s what I said – “he didn’t go to medical school!”)

it is very easy to make “one way” data loggers, machines that receive incoming data for storage, but are not themselves attached in any way to the internet.

But not nearly as easy as it is to just log it on a machine that *is* connected to the internet, especially when it turns out that in order to be useful, someone needs to actually access that machine.

No, they wouldn’t put it on a laptop (are you stupid?)

Why not? Considering that the law explicitly forgives any data breaches why wouldn’t they use the cheapest method they can?

Are *you* stupid?

Ok, I get that this is not meant seriously, but even reading it is creepy.

Because children don’t have the capacity to see all the choices in front of them the same way adults do.

Yes, there are exceptions, but that’s a general rule of thumb.

Why do you think if a child under the age of 7 commits a felony, the child is just sent home with a stern talking?

Their brains aren’t developed enough to know that stuff.

That might be so, but it’d be significantly costlier to build a robot that will print out all the data and put it in the appropriate filing cabinet. A database is one of the most cost effective ways to do it and ISPs probably already have some logging with a database in place for IP addresses and account numbers.

This isn’t the ISPs doing it, it is the government. Huge difference. Why do you think the government should be allowed access to this information? Why should they store it for an undetermined amount of time? If you’re going to argue against this, at least be honest and truthful about it. Saying it’s the ISP and not the government is dishonest.

Cable doesn’t require a login, but it requires a cable modem with a MAC address that they track through the provisioning process. They know when a certain customer is connected and not, so a login isn’t actually needed. Please try to understand the technology.

http://www.citypages.com/2012-02-22/news/is-anne-marie-rasmusson-too-hot-to-have-a-driver-s-license/

Right.. No one ever abuses databases do they *rolls eyes*

Politicians talk so much about movies that are starting to think they are inside one.

Most people tend to wait for actual laws before trying to draw conclusions.

Which is akin to jumping off a cliff and then start to figure out if was a good idea in the first place.

Since we aren’t changing anything, we aren’t making it any easier for them.

Not following the logic on this one. The information is already all there. Why are you so concerned all of a sudden?

“So, C30 proponent, what specific problem does this linking solve? Can you provide a specific example where this linking would have solved a crime, which wouldn’t have been solvable without the current laws in place.”

Well, let’s consider something. You have someone on a chat board, offering up the proverbial child porn images, and offering them now. You have a posting IP there. Then you contact them via email, and you have more information there. Finally, you get them to set up a private live video feed of the action. You contact the ISP with this information, get the billing address, and you go knock the door – perhaps interrupting a crime in progress.

Remember, all it is doing is giving police / authorities a way to get relevant information without first having to go through flaming hoops in court, specifically if the ISP decides to do the old “we won’t reveal confidential customer data” or “we purposely don’t keep records” excuses. It makes it mandatory, they need to keep the records, and they need to keep them in a manner that allows for quick and efficient review of them.

Consumers should be happy. For most users, it will mean that you have another source to fight that unjust billing or issue, and you have another source to show that you were not the one using a given IP at a given time when you fight your piracy case in court.

I just don’t see the negative here.

You dream fantasy of 1984 is not happening because there are real financial costs to that shit.
http://tech.slashdot.org/story/11/06/01/1434243/world-internet-traffic-to-top-966-exabytes-in-2015
1 petabyte = 2E+60(two to the power of sixty) in 2010 the total traffic was 250 petabytes.

That is 250 thousand $90 dollars 1TB HDDs, not to mention the electric bill and the cooling requirements for it all.

I want to see you wire 70 thousand motherboards holding 4 HDDs each with Km of cabling, just so you can freaking log that crap every year, and that is only for one year, the next year you have to build another datacenter to hold on to more data and will cost another billion dollars to do it.

“So what you are saying is that all billing systems used by ISPs are inaccurate and wrong, and they are incapable of the simpliest tasks of logging when you connect and when you disconnect from the internet, what MAC address asked for the IP, and what IP was used?”

Do you have an account with any type of caps in it?
If you are not watching what you use with what the company says you are using you probably are being robbed blind.

“Remember, all it is doing is giving police / authorities a way to get relevant information without first having to go through flaming hoops in court”

Yes. We know that. That’s why we’re upset: Those flaming hoops are there for a very good reason. Making surveillance easy and invisible is a path to abuse of power. Getting a warrant with court oversight is a key part of allowing the police to exercise the special powers that they need without permitting those powers to rise to the level of abuse. The legal limits regarding searches and warrants have been in place for a century or more. If we’re going to dismantle them now, there’d better be a damn good reason and a thorough debate about it.

I notice you’ve been ignoring the other posts I’ve made about this. Your silence speaks volumes.

In that case, you are talking about a person that committed several crimes. I didn’t see how that relates with anything of what the op said. I guess in the end, you too believe in thought crimes. So then why the fuss about copyright enforcement?

funny, above you posted that you agree with the ability of law enforcement to act on thought crime, and here you are saying the opposite.

Make up your damn mind.

Bullshit no new laws…. simple enlough?

We need secure cell any ideas

It’s obvious to me now that you’re being obtuse for no reason other than to be difficult.

It’s pointless to argue with you because you’re just a child going “why?” to every answer.

buncha scrubs.

FYI From Bill C-30, Section 33 allows the Minister to appoint anyone he/she pleases to be an “inspector”

Section 34 allows the inspector without warrant and at the pleasure of the Minister to copy any and all data held by a telecommunication provider (ISP/phone company) and send it to the Minister. The only “limitation” is that the data is to be used to ensure compliance with the act. Given the current government’s track record, there is little doubt in my mind that this information could be given to the RCMP or CSIS without a warrant to ensure “compliance” and if it just happens to fall onto someone’s desk who’d use the information for another purpose. oh well…

Further Section 17 allows a peace officer to intercept any communication without warrant if they think it’s necessary with no oversight.

So as it is currently written, Bill C-30 allows warrantless spying on Canadians for whatever nefarious purposes the government feels it needs.

One can now only hope that the Minister has now bothered to read his own legislation. http://bit.ly/wrHfDA

Its the new storage facility in Colorado/UTAH as well as in the George Bush centre for intelligence and is correlated through Fort Meade in the USA and GCHQ in the UK,I thought everyone knew this.