back to article FBI calls for two year retention for ISP data

FBI director Robert Mueller is still keen to get US internet service providers to keep their customers' web logs for up to two years. What is not clear is whether the director is talking about which websites are visited or the specific URL - which would require deep packet inspection and probably break US wiretap laws. Greg …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    What they want

    What they really want, is the infrastructure of a system and devices in place that are capable of seeing everyone's traffic. Who holds the logs is immaterial, they can request whatever data they want during any investigation.

    Once in place they can then do whatever they want and tweak the system to their larger agenda's needs at a later date.

    Simples!

  2. Steen Hive
    FAIL

    "It is not clear exactly what the Feds want;"

    Oh no - what they *want* is perfectly clear - in the same manner as all such authorities, they *want* to log every single keystroke of everyone, the content of every mail, the content of every communication and identify every participant.

    What they will get though might be somewhat short of this, but function-creep/trrrst attacks/Republicans wiping their arses with the Constitution/Wagging the dog will ensure they achieve their goal eventually. Luckily, it might be more difficult to achieve this than in the lickspittle UK.

  3. Anonymous Coward
    Anonymous Coward

    pretty

    Pretty useless data I'd have thought given the number of peer to peer apps there are out there. My computer talks to hundredsof other computers a week, if you turn on DHT and I expect you'll be talking to even more.

    If you were the hosts of a dodgy site and wanted your clients/members/fellow terrorists to be hidden just run a torrent box.

  4. Anonymous Coward
    Boffin

    All the more reason

    All the more reason to use Tor.

    1. Anonymous Coward
      Unhappy

      @AC: re: All the more reason

      >All the more reason to use Tor.<

      May I enquire if you're brave enough to run an exit node and which country you reside in?

      I guess it's not the UK - because assuming a judge and jury grasped the concept of an exit node one might avoid prison for kidnap_terror_xtreme_pron_hard_drugs.com having been accessed via your IP address. More's the pity you wouldn't have a job, family or reputation to go back to.

      My point is that if running an exit node will earn you the knock on the door from plod in jurisdictions of the New World Order, then no one will run exit nodes and there is no more Tor :-(

      Meanwhile the T&Cs of most commerical anonymiser services are explict they'll turn both you and you logs over to anyone who cries 'p$do'. Frankly I'm not optimistic.

      1. K. Adams
        Big Brother

        Or More Sinisterly...

        It could also be interpreted that running a Tor exit node makes you a "de facto" ISP (since you would ostensibly be providing an Internet-based packet routing service), meaning that **you** yourself would be required to keep source/destination info as well...

  5. Someone
    Boffin

    Technical inaccuracy in CNET article

    Only the origin and destination IP addresses are easy to log. If you want the host name, you have to look inside the HTTP stream for the Host header.

    You could also try logging all DNS requests, but that is fraught. The DNS request might come well before the HTTP request; might be sent to something like OpenDNS, requiring DPI anyway to look at those; or might not happen at all, being hard-wired into the requesting machine.

    Where an ISP uses intercepting web proxies, logs of URLs may already be available. The use of an intercepting proxy isn’t a violation of the Wiretap Act. The history of the Act means that courts have ruled it doesn’t extend to servers, and the proxy is an integral part of providing the service. While intercepting proxies are prevalent on mobile broadband, they have fallen out of use with fixed lines. They also tend to apply only to traffic on port 80.

    Our own Home Office Voluntary Code of Practice on Data Retention was written at a time when there was greater use of web proxies, and the Code of Practice asks that host names be briefly retained from these.

  6. Alan W. Rateliff, II
    Paris Hilton

    Could FBI director Mueller make a deal with Google?

    Feed this into the conspiracy machine.

    Google's own network carries 10% of Internet traffic (ElReg,) Eric Schmidt-head does not care about your privacy (ElReg, et al,) Obama's campaign CTO wanted to move all of the White House email functionality to Google (ElReg, I'm sure,) Google was originally tapped to spear-head the data back-end of a national smart-meter program.

    Google is a big company with to which the Administration holds obvious attraction.

    FBI director throws the whole data retention bit into the ring again. Small ISPs, webmail providers, hosting providers, and such ilk, cannot afford the required storage.

    Google is in a perfect position to step in and store the retention data for these providers, or even provide proxy services with the included retention storage, of course with the obvious lack of privacy guarantee (you shouldn't be doing it in the first place, right?) Google is in the perfect position to provide replacement services for companies which close shop in the face of conformance or fines. Google would also be perfectly placed to become the provider for a national broadband infrastructure build-out should it actually be pushed through (I seem to recall Google co-authored the report supporting the build-out.)

    I am not drawing any conclusions, just feeding in some data. Ignoring Google and considering the retention missive on its own is enough to conclude an anti-private business motive since, frankly, private business is a threat to security. Public sector is a threat to productivity, but we can deal with that later.

    Paris, a threat to pubic productivity.

  7. Inachu
    Headmaster

    Hey hey ho ho this bill has got to go!

    I am ok with the fed having access to the historical record of the sites I visit.

    Just as long as I am given a copy of those sites and have the list emailed to me.

    Would be a nice way to itemize and check where sometimes if my pc gets infected then I can apply a rule in my router to block what ever site is listed.

    A worthy endevour indeed! A customer should know their foot prints on the

    internet even if they are not the ones making the foot prints!

    This way security at home will be enahanced.

  8. Tricky Dicky
    Happy

    Lickspittle !!!!!!!!

    When was the UK promoted to "lickspittle" status, I thought we were only the US's arsewipe, sorry asswipe.

    1. Anonymous Coward
      Happy

      I can see the FoxNews headline ...

      Brits afraid of Multi-Tasking!!!

      This is what happens when you raise a People on a remote island sandwiched between France and Ireland on Monty Python instead of Rodney Dangerfield. Cancer? No Doc, I want a second opinion ... OK, you're ugly too.

  9. Dave Mundt
    FAIL

    Who pays for this?

    Greetings and Salutations.

    One thing that is often overlooked is the actual cost of this insane request. Access logs can take up huge amounts of space - up to Terabytes per DAY. This will cost huge amounts to retain this data for any amount of time, and, would be a terribly unfair burden for the consumers. I say the consumers, because of course, the ISPs are NOT going to eat these costs themselves but will pass the cost along to their subscribers.

    Another technical issue is that there is no way to filter the logs - so a DDOS attack can produce millions of valid-looking entries in very little time. Finding particular entries in this mass of data would be like finding a specific grain of sand on a beach. Not impossible, but, nearly so.

    regards

    dave mundt

  10. Robert A. Rosenberg
    Boffin

    Internet Records are not the same as Phone Call Records

    "Motta said the Feds simply want to keep powers they already have - since 1986 phone companies have been obliged to keep records of who makes calls, who they call, when they call and how long the call lasts. It's just that now, the Feds want to explicity include web activity as well. He said the FBI did not want to store the actual content of calls or emails."

    The phone records that are being referred to are needed to bill for the use of the Telephone system (and thus the Feds are just asking for information that the Telco is creating for its own operation anyway). For a land line, there is tracking of out-of-area (ie: Long Distance) calls and possibly local calls (or there used to be when there was message-units/measured-service). With Cell Phones, EVERY Call is logged and reported on your monthly bill since you are charged for use.

    In the case of the Internet sessions, there is no need for any records of USAGE/CONNECTIONS, only what IPN has been assigned (by a DHCP Server) to the customer's Modem (and when the IPN was assigned so it is know who address x.x.x.x was on such-and-such a Date and Time). Even if there is a cap on usage, all that is monitored is an aggregate amount of usage (ie: You downloaded/uploaded so much data) not a list of each session.

This topic is closed for new posts.

Other stories you might like