Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Bill proposes ISPs, Wi-Fi keep logs for police | Politics and Law - CNET News. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Bill proposes ISPs, Wi-Fi keep logs for police | Politics and Law - CNET News
by Decius at 4:46 pm EST, Feb 22, 2009

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

Lamar Smith is at it again.

Opponents of the bill say it's an invasion of privacy, but that's not the case. The government can only access subscriber information as part of a criminal investigation.

Actually, all kinds of people can get access to the information in lots of difference contexts, and thats legally - nothing about breaches.

How many times have we seen TV detectives seek call logs of a suspect in order to determine who he has been talking to? What if the telephone companies simply said to the detectives, "Sorry, we get rid of that information after 24 hours?"

That would be called a payphone.

The police could constantly surveil everything that everyone ever does all the time so that in the event that a crime is committed they can find out what happened. They could require that tracking devices and surveillance systems be installed all over the place. This sort of data retention is a part of that puzzle. The advocates of this sort of practice constantly act as if the next piece of this total surviellance infrastructure that they want to erect is no big deal... It is a big deal and it is an invasion of privacy... in aggregate it is a huge deal and these people have absolutely no idea where they would draw the line.

Our society needs to have a reasonable conception of when it does and does not make sense for the government to force people to collect information specifically for the benefit of litigants. In my view it never makes sense. Litigants should be able to access, with lawful authorization, evidence that naturally exists, but the government should not force wholesale collection of new evidence, targeted at everyone in our society. That is the only reasonable place to draw a line.


 
RE: Bill proposes ISPs, Wi-Fi keep logs for police | Politics and Law - CNET News
by Rattle at 1:01 am EST, Feb 23, 2009

Decius wrote:
The police could constantly surveil everything that everyone ever does all the time so that in the event that a crime is committed they can find out what happened. They could require that tracking devices and surveillance systems be installed all over the place. This sort of data retention is a part of that puzzle. The advocates of this sort of practice constantly act as if the next piece of this total surviellance infrastructure that they want to erect is no big deal... It is a big deal and it is an invasion of privacy... in aggregate it is a huge deal and these people have absolutely no idea where they would draw the line.

For reference, this is the actual proposed amendment in the house and senate bills:

(h) Retention of Certain Records and Information- A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.

To make matters even more complex.. I'm not sure what this would actually achieve in the absence of additional data retention mandates. DHCP address on the resources mentioned are usually in rfc1918 space and s-nat'd or proxied out to the public Internet. Without retention of logs at the gateway, the dhcp logs this would mandate the retention of would be mostly useless. You would get a record of what hardware mac addresses were present at the time in question, but not necessarily be able to connect then to a specific set of IP transactions..

The way I read this, an individual running a public wifi network that wasn't retaining DHCP logs could wind up in prison for up to 20 years if someone did some evil while using it. Even though if the individual did had the logs, it still wouldn't be possible to connect a transaction to a specific machine without the presence of gateway traffic logs, which there is no mandate to retain... And even if those logs were present too, you still couldn't connect the network transaction to an individual without requiring entities offering public network services to verify identities of users before enabling them the ability to access the public Internet..

That's not reasonable.


  
RE: Bill proposes ISPs, Wi-Fi keep logs for police | Politics and Law - CNET News
by Decius at 7:44 am EST, Feb 23, 2009

Rattle wrote:
For reference, this is the actual proposed amendment in the house and senate bills:

(h) Retention of Certain Records and Information- A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.

DHCP address on the resources mentioned are usually in rfc1918 space and s-nat'd or proxied out to the public Internet.

I'd guess that people who are using NAT are usually not authenticating access or not correlating IP addresses with identity. How will this law be interpreted in the case where no information pertaining to the identity of a user is available to retain? Are people required to have it? Does this law ban anonymous use of open wireless access points? Must coffee shops start photocopying people's drivers licenses before giving them a one time use web surfing password? The last time I worked on a project that attempted to correlate DHCP addresses with domain credentials it failed because the software products involved did not actually work in practice.

In regard to all the other logs that would need to be retained, the law is technology agnostic. If the logs "pertain to the identity of a user" they would need to be retained, regardless of whether they are DHCP logs or gateway logs.

Regardless, the text of this bill is not well thought out. The people who crafted this did not consult with people who actually understand how computer networks work, which is simply unprofessional. The bill should die for that reason. Go back to the drawing board and come back with something that is actually practical in this universe and then we'll discuss the civil liberties issues.

I suspect they will, and I suspect that when they finally get it right, it will pass. The ship has already sailed on the question of whether or not its reasonable for the government to collect evidence about everyone all the time so that it can be used against them in court if someone accuses them of a crime or civil tort. This is just another brick in the wall.

Data Retention: You have the right to remain silent, and everything you say or do on the Internet can and will be used against you in a court of law.


 
 
Powered By Industrial Memetics