Big Brother Awards
quintessenz search  /  subscribe  /  upload  /  contact  
/q/depesche *
RSS-Feed Depeschen RSS
Hosted by NESSUS
<<   ^   >>
Date: 2007-01-25

US: Data Retention kommt - erst jetzt

Bisher waren sie im Ratzenrennen um die Überwachung aller Netze stets die Getriebenen gewesen, nun treiben es die Europäer selber an. In puncto Einführung von Datenzwangs/verhaltung hat man die USA bereits um ein Jahr abgehängt.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

post/scrypt: Verdanken tun wir das einer Allianz von völlig durchgeknallten Innen- und Justizministern vornehmlich aus dem Wilden Westen der europäischen Überwachungsunion.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
The Bush administration has made it entirely clear that new laws forcing Internet service providers to save certain customer records for police convenience will be a priority this year. The concept is called data retention (also known as treating all Americans as suspects).

This is not entirely new. The Bush Justice Department has been quietly shopping it around since at least mid-2005; I wrote about it at the time:

But bureaucracies take a while to really get organized, and it wasn't until last year that Gonzales and Mueller got their talking points lined up and found some uncritical sympathizers in the U.S. Congress to carry their water for them. Here's a timeline:

This brings us to the key questions: What's the scope? Who will have to comply, and what type of data will be forcibly retained?

Certainly broadband Internet service providers will be regulated. But how about coffee shops, bookstores, companies (like CNET) that provide free open wireless points, or even private individuals who do? Will they have to keep logs of who connects and what their users do? FBI and DOJ have also talked about search engines being forced to comply:

This may not be a big deal for Google, which seems to want to retain all user search data until the heat death of the universe, but it does limit the valuable competition over privacy-friendly practices that's taking place among search engines. AOL says it deletes personally identifiable search data after 30 days (and does not keep backups), and is trying to differentiate itself from its rivals by embracing what its CEO told me was "the privacy cause":

Domain name registrars have also been mentioned as targets of regulation. Rep. Bart Stupak, a privacy-impaired Democrat now in a position to make some mischief as chairman of an oversight subcommittee, said in September that: "If we do compel data retention, is there any reason Web hosting sites should be treated differently than ISPs?" See:

GoDaddy's general counsel was on the panel and, unfortunately for the well-being of thousands of her customers, chose to curry favor by agreeing with this constitutionally-challenged politico rather than standing on principle. She allowed that such a law would be "productive" for law enforcement but should not include the content of communications.

Unfortunately, in the realpolitik of Washington, that's tantamount to an enthusiastic endorsement. And Gonzales has already signaled that he's interested in more than just what IP address was assigned to what user. That's defined as non-content data, and it's readily accessible to Joe Local Cop (not to mention an FBI agent) armed with a simple subpoena, no judge's signature required.

But last week (and nobody really noticed this), Gonzales suggested he wants to force data retention laws on ISPs for data that "could be accessed with a court order." See:

By talking about a court order instead of a subpoena, Gonzales seemed to be implying content data instead of just IP addresses. A subpoena is merely a request for documents signed by a lawyer; a court order is signed by a judge and compliance isn't exactly optional. Federal law draws a distinction:

I admit my interpretation relies on Gonzales being precise with his words (though the alternative is realizing our nation's top law enforcement officer knows less about court practices than a first year law student). If I'm right, Gonzales is contemplating the content of email you send, the content of web pages you visit, the content of IMs you send, the content of VoIP calls you -- all recorded, or some subset recorded, for future police convenience.

Earlier today, Eric Wenger, a trial attorney with the Justice Department's computer crime unit, showed up at a bar association meeting and said the DOJ does not have a position on "what records would have to be retained":

One last thought: If all ISPs must keep track of what their users are doing, then criminals, terrorists, First Amendment supporters and all other miscreants would be more likely to use anonymizing proxies like Tor or If the DOJ is serious about this anti-privacy campaign, banning the use or operation of anonymizing services might be a next step (after all, data retention probably doesn't help track someone if he's using Tor).

Unlikely? Probably. But not impossible. Remember, back in 1997, one House of Representatives committee voted to ban all encryption without backdoors for the DOJ, a step that made about as much sense as today's data retention mandates:

Source: Declan McCullaghs Mailing List Politech

- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by Harkank
published on: 2007-01-25
comments to
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<   ^   >>
Druck mich


Eintritt zur Gala
sichern ...

25. Oktober 2023
Big Brother Awards Austria
 related topiqs
 related kampaigns
q/Talk 1.Juli: The Danger of Software Users Don't Control
Dr.h.c. Richard Stallman live in Wien, dem Begründer der GPL und des Free-Software-Movements