[Paleopsych] CNET: Your ISP as Net watchdog
Premise Checker
checker at panix.com
Wed Jun 22 19:42:30 UTC 2005
Your ISP as Net watchdog
http://news.com.com/2102-1028_3-5748649.html?tag=st.util.print
Your ISP as Net watchdog
By Declan McCullagh
Story last modified Thu Jun 16 04:00:00 PDT 2005
The U.S. Department of Justice is quietly shopping around the
explosive idea of requiring Internet service providers to retain
records of their customers' online activities.
Data retention [5]rules could permit police to obtain records of
e-mail chatter, Web browsing or chat-room activity months after
Internet providers ordinarily would have deleted the logs--that is, if
logs were ever kept in the first place. No U.S. law currently mandates
that such logs be kept.
In theory, at least, data retention could permit successful criminal
and terrorism prosecutions that otherwise would have failed because of
insufficient evidence. But privacy worries and questions about the
practicality of assembling massive databases of customer behavior have
caused a similar proposal to stall in Europe and could engender stiff
opposition domestically.
What's new:
The U.S. Department of Justice is mulling data retention rules that
could permit police to obtain records of e-mail, browsing or chat-room
activity months after ISPs ordinarily would have deleted the logs--if
they were ever kept in the first place.
Bottom line:
Data retention could aid criminal and terrorism
prosecutions, but privacy worries and questions about the practicality
of assembling massive databases of customer behavior could engender
stiff opposition to the proposal.
[6]More stories on this topic
In Europe, the Council of Justice and Home Affairs ministers say logs
must be kept for between one and three years. One U.S. industry
representative, who spoke on condition of anonymity, said the Justice
Department is interested in at least a two-month requirement.
Justice Department officials endorsed the concept at a private meeting
with Internet service providers and the National Center for Missing
and Exploited Children, according to interviews with multiple people
who were present. The meeting took place on April 27 at the Holiday
Inn Select in Alexandria, Va.
"It was raised not once but several times in the meeting, very
emphatically," said Dave McClure, president of the [7]U.S. Internet
Industry Association, which represents small to midsize companies. "We
were told, 'You're going to have to start thinking about data
retention if you don't want people to think you're soft on child
porn.'"
McClure said that while the Justice Department representatives argued
that Internet service providers should cooperate voluntarily, they
also raised the "possibility that we should create by law a standard
period of data retention." McClure added that "my sense was that this
is something that they've been working on for a long time."
This represents an abrupt shift in the Justice Department's long-held
position that data retention is unnecessary and imposes an
unacceptable burden on Internet providers. In 2001, the Bush
administration [8]expressed "serious reservations about broad
mandatory data retention regimes."
The current proposal appears to originate with the Justice
Department's [9]Child Exploitation and Obscenity Section, which
enforces federal child pornography laws. But once mandated by law, the
logs likely would be mined during terrorism, copyright infringement
and even routine criminal investigations. (The Justice Department did
not respond to a request for comment on Wednesday.)
"Preservation" vs. "Retention"
At the moment, Internet service providers typically discard any log
file that's no longer required for business reasons such as network
monitoring, fraud prevention or billing disputes. Companies do,
however, alter that general rule when contacted by police performing
an investigation--a practice called data preservation.
A 1996 [10]federal law called the Electronic Communication
Transactional Records Act regulates data preservation. It [11]requires
Internet providers to retain any "record" in their possession for 90
days "upon the request of a governmental entity."
"We were told, 'You're going to have to start thinking about data
retention if you don't want people to think you're soft on child
porn.'"
--Dave McClure, president, U.S. Internet Industry Association
Child protection advocates say that this process can lead police to
dead ends if they don't move quickly enough and log files are
discarded automatically. Also, many Internet service providers don't
record information about instant-messaging conversations or Web sites
visited--data that would prove vital to an investigation.
"Law enforcement agencies are often having 20 reports referred to them
a week by the National Center," said Michelle Collins, director of the
exploited child unit for the [12]National Center for Missing and
Exploited Children. "By the time legal process is drafted, it could be
10, 15, 20 days. They're completely dependent on information from the
ISPs to trace back an individual offender."
Collins, who participated in the April meeting, said that she had not
reached a conclusion about how long log files should be retained.
"There are so many various business models...I don't know that there's
going to be a clear-cut answer to what would be the optimum amount of
time for a company to maintain information," she said.
McClure, from the U.S. Internet Industry Association, said he
counter-proposed the idea of police agencies establishing their own
guidelines that would require them to seek logs soon after receiving
tips.
Marc Rotenberg, director of the [13]Electronic Privacy Information
Center, compared the Justice Department's idea to the since-abandoned
[14]Clipper Chip, a brainchild of the Clinton and first Bush White
House. Initially the Clipper Chip--an encryption system with a
backdoor for the federal government--was supposed to be voluntary, but
declassified documents show that backdoors were supposed to become
mandatory.
"Even if your concern is chasing after child pornographers, the
packets don't come pre-labeled that way," Rotenberg said. "What
effectively happens is that all ISP customers, when that data is
presented to the government, become potential targets of subsequent
investigations."
A divided Europe
The Justice Department's proposal could import a debate that's been
simmering in Europe for years.
In Europe, a data retention proposal prepared by four nations said
that all telecommunications providers must retain generalized logs of
phone calls, SMS messages, e-mail communications and other "Internet
protocols" for at least one year. Logs would include the addresses of
Internet sites and identities of the correspondents but not
necessarily the full content of the communication.
Even after the Sept. 11, 2001, terrorist attacks, the Bush
administration criticized that approach. In November 2001, Mark
Richard from the Justice Department's criminal division [23]said in a
speech in Brussels, Belgium, that the U.S. method offers Internet
providers the flexibility "to retain or destroy the records they
generate based upon individual assessments of resources, architectural
limitations, security and other business needs."
France, the United Kingdom, Ireland and Sweden jointly submitted their
data retention proposal to the European Parliament in April 2004. Such
mandatory logging was necessary, they argued, "for the purpose of
prevention, investigation, detection and prosecution of crime or
criminal offenses including terrorism."
But a [24]report prepared this year by Alexander Alvaro on behalf of
the Parliament's civil liberties and home affairs committee slammed
the idea, saying it may violate the European Convention on Human
Rights.
Also, Alvaro wrote: "Given the volume of data to be retained,
particularly Internet data, it is unlikely that an appropriate
analysis of the data will be at all possible. Individuals involved in
organized crime and terrorism will easily find a way to prevent their
data from being traced." He calculated that if an Internet provider
were to retain all traffic data, the database would swell to a size of
20,000 to 40,000 terabytes--too large to search using existing
technology.
On June 7, the European Parliament [25]voted by a show of hands to
adopt Alvaro's report and effectively snub the mandatory data
retention plan. But the vote may turn out to have been largely
symbolic: The Council of Justice and Home Affairs ministers have vowed
to press ahead with their [26]data retention requirement.
References
5.
http://news.com.com/U.K.s+data-retention+proposal+dealt+blow/2110-1017_3-958132.html?tag=nl
6. http://news.search.com/search?q=ISPs+logs
7.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.usiia.org%2F&siteId=3&oId=/U.K.s+data-retention+proposal+dealt+blow/2110-1017_3-958132.html&ontId=1023&lop=nl.ex
8.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.usdoj.gov%2Fcriminal%2Fcybercrime%2Fintl%2FUSComments_CyberCom_final.pdf&siteId=3&oId=/U.K.s+data-retention+proposal+dealt+blow/2110-1017_3-958132.html&ontId=1023&lop=nl.ex
9.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.usdoj.gov%2Fcriminal%2Fceos%2F&siteId=3&oId=/U.K.s+data-retention+proposal+dealt+blow/2110-1017_3-958132.html&ontId=1023&lop=nl.ex
10.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.usdoj.gov%2Fcriminal%2Fcybercrime%2F2703_CSEA.htm&siteId=3&oId=/U.K.s+data-retention+proposal+dealt+blow/2110-1017_3-958132.html&ontId=1023&lop=nl.ex
11.
http://news.com.com/My+brief+career+as+an+ISP/2010-7355_3-5089267.html?tag=nl
12.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.missingkids.com%2F&siteId=3&oId=/My+brief+career+as+an+ISP/2010-7355_3-5089267.html&ontId=1023&lop=nl.ex
13.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.epic.org%2F&siteId=3&oId=/My+brief+career+as+an+ISP/2010-7355_3-5089267.html&ontId=1023&lop=nl.ex
14.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.epic.org%2Fcrypto%2Fclipper%2F&siteId=3&oId=/My+brief+career+as+an+ISP/2010-7355_3-5089267.html&ontId=1023&lop=nl.ex
15.
http://news.com.com/Video+content+set+free+on+Web/2100-1025_3-5746034.html?tag=nl.caro
16.
http://news.com.com/Microsoft+looks+to+extinguish+LAMP/2100-1012_3-5746549.html?tag=nl.caro
17.
http://news.com.com/Microsoft+meets+the+hackers/2009-1002_3-5747813.html?tag=nl.caro
18.
http://news.com.com/Your+ISP+as+Net+watchdog/2100-1028_3-5748649.html?tag=nl.caro
19.
http://news.com.com/Open-source+maneuvers+for+Sun%2C+Microsoft/2009-7344_3-5748223.html?tag=nl.caro
20.
http://news.com.com/Will+computing+flow+like+electricity/2100-1011_3-5749968.html?tag=nl.caro
23.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.usdoj.gov%2Fcriminal%2Fcybercrime%2Fintl%2FMMR_Nov01_Forum.doc&siteId=3&oId=/My+brief+career+as+an+ISP/2010-7355_3-5089267.html&ontId=1023&lop=nl.ex
24.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.statewatch.org%2Fnews%2F2005%2Fmay%2Fep-data-ret-alvaro-report.pdf&siteId=3&oId=/My+brief+career+as+an+ISP/2010-7355_3-5089267.html&ontId=1023&lop=nl.ex
25.
http://news.com.com/Europe+to+push+ahead+with+ISP+snooping+law/2100-1028_3-5739292.html?tag=nl
26.
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.eu2005.lu%2Fen%2Factualites%2Fcommuniques%2F2005%2F06%2F02jai-comm%2Findex.html&siteId=3&oId=/Europe+to+push+ahead+with+ISP+snooping+law/2100-1028_3-5739292.html&ontId=1023&lop=nl.ex
27. http://www.cnet.com/aboutcnet/0-13611-7-811029.html?tag=ft
More information about the paleopsych
mailing list