DOJ Can't Get Net Firms To Agree On Data Retention; Expect Legislation
from the making-things-worse dept
All week long there's been talk about how Attorney General Alberto Gonzalez wants internet companies to retain user data for two years, for purposes of government investigation. Europe recently put similar requirements in place, ignoring the serious questions about costs (leading some to suggest now might be a good time to invest in storage companies). Not surprisingly, the talk from earlier this week wasn't just talk, but a preamble to a supposedly secret meeting today that resulted in no actual agreement (doesn't seem very secretive does it?). Of course, for years, we've been repeating the reasons why data retention makes things worse. It adds more data, but makes it much harder to find the useful data. At the same time, there's a very high likelihood that if the data is available, it will be misused. And, that, of course, doesn't even touch on the question of how this probably violates the 4th Amendment. However, now that the meeting hasn't resulted in "voluntary" data retention rules, it's probably only a matter of time until someone introduces legislation to require such retention -- despite the fact it's unlikely to help, extremely expensive and most likely unconstitutional.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Data retention is a red herring
No. We've had DR for some time now. They got away with rubber stamping the legislation without any consultancy here in the UK, but then you can count the number of ISPs on one hand over here. They just had to suck it up. In theory anyway, because I wonder how many are complying. Those I know who work for ISPs quietly smile when I mention the subject - basically they are dragging their heels and piping most of it to /dev/null. When the authorities come knocking and asking for records the story is going to be "Oh we don't seem to have that tape, it falls into a period when the system wasn't implemented" In the end it's better to face the music on a case by case basis than bankrupt yourself rolling out a new 1 petabyte storage system. Have you any idea how much reliable offsite storage costs? Not to mention the bandwidth shifting all that crap over. Basically they can legislate all they like but if governments want this for real they're going to have to implement it themselves. And frankly, they don't have the manpower or knowledge to do it.
In any case, a thoughtful analysis of DR reveals it for what it is. It's absolutely USELESS for preventing "terrorism" (the cliche excuse). It's entirely retospective. Insert parable involving stable, horse, door, bolted.
In short, it's an ill thought out reactionary kneejerk by frightened luddite quasi-fascist nosey bastards who are probably under the thumb of marketing lobbyists. If collected this data *WILL* be sold to the highest bidder, no question about it.
Lastly, I'll say it again... the intelligence services and law enforcement are completely lost on this issue. They are harking back to cold war Stasi methods hoping to throw out a dragnet. We had one very bright chief of intelligence here once, she understood the issue I am talking about. Stella Rimington called this behaviour (I paraphrase) "useless and counterproductive". It ties up resources and money better spent on good old fashioned psychology, infiltration and human observation where you can target the use of technology preemptively against well selected suspects.
[ link to this | view in thread ]
but...
2. You're framing this like there is no precedent for DR in todays society already. Telephone companies are required to retain records for a certain amount of time, you employer is required to keep certain records, banks and credit card companies are required to keep records for a period of time, I bet you could still find your elementary school records if you tried! Again, the issue isn't DR in and of itself, its proper regulation of how the government can and can not get at the information.
3. The cost. The current cost of a gig of hard drive storage is less than a dollar! I don't see how having to store transaction information is going to kill a company monetarily (and they probably do it anyway to track searches and figure out what ads to serve you). That primarily depends on what information they want to place into DR I guess, but I can't see why the government has to subsidize this effort, it doesn't for the other myrad of industries forced to implement DR. Sorry to say it but the internet isn't a bunch of mavericks doing as they please, anymore, it's quickly becoming a mainstream utility like phone service, and you have to expect the government to apply similar types of "overlegislation" to it.
In summary, I think having a reasonable DR program for web searches and such could be useful in the investigation of crime, or in litigation activities in general. The information could also be applied to future infrastructure planning, identifying potential areas of investment in the internet (this company or service gets lots of traffic that can be verified independently). The key, again,is that the proper application of the 4th amendment (ie judicious warrant use and monitoring government activity more closely)
[ link to this | view in thread ]
There must be DR
Internet usage DR can actually save other companies from having to keep records .
[ link to this | view in thread ]
ACLU
The ACLU will bring the matter to the Surpreme Court...as it has done will many constitutional violations...
and a new generation of Ultra Hi tech proxies will be developed - offering services from different nations to foil this
[ link to this | view in thread ]
Re: but...
The logs? They don't get smaller over time, they continue to grow. I work for a small ISP that keeps 4 days with of email server logs. These logs do not contain any form of content of the emails, just who it is to, who it was from, and some routing information, along with antispam tracking. The log file rotates daily, and comsume 2+ GigaBytes of space. Over a year you are talking over 700GB, and that is for one of the 2 email servers. Assume some growth, and the increase in email traffic that goes with it, the increase in spam, and the possability of having to add yet another email server... you are talking multi-tarabytes per year, of just email logs.
The Dialup/DSL connection logs (who is on what IP when) will consume yet another milti-tarabyte per year.
Add in the requirement that the data must be accessable (with a warrent) means that backups of such data must also be maintained. That just doubled the space requirement, if not tripled it. The only reason this space is needed is because some politician thinks it is necessary. The information is not usable by normal law enforcement. It won't stop a terrorist. It only serves to go after somone who may have comitten a civil, not criminal, crime. The time it takes for law enforcement to get enough informtion together for a warrent makes it worthless.
I can attest that in the few cases the FBI has contacted us for records, which we complied with once a warrent was properly served, the information they needed was useless by the time they requested it. Yes, we can, and did, tell the FBI that 'John Doe #1234' was online at this time, on this IP, and what their real name/address were. We cannot, however, state in court beyond a reasonable doubt that it was the actual user. Anyone can steal access and look like someone else. We have had it happen. More often than not, we catch it, long before the Government can, and we only keep 3 months of dialup/DSL logs currently. Without backups.
We can't afford to store more without raising rates. Instead of "Think of the children" in this case it should be "Think of the small businesses."
[ link to this | view in thread ]
Oh, one other point. If it would do absolutly nothing to stop crime or terrorism because of the volume of data, why would it cause any privacy issues? Wouldn't that be as useless also?
Sure, it may be retrospective, but it might come in handy in actually convicting someone of a crime.
[ link to this | view in thread ]
Potame
[ link to this | view in thread ]
The fact it wouldn't help stop crime or terrorism is unrelated to it causing privacy issues as is the amount of data. It's everyone's data that they're collecting, not just a criminal's and that data is all the sites that everyone has visited at any point in time for ANY reason. I've had incredibly retarded "friends" who have sent links to questionable sites, I may have "visited" but I definitely didn't get excited by having done so but this would make available that I had visited them at one time whether it was my intention or not. Now, the fun part is that the ISP's that host those websites would have to have said data retention to and if they get busted, I would be a suspect over having visited ONCE. So even if I wasn't being monitored from *my* ISP, I would be monitored by someone else's.
And that's just the tip of the iceberg.
[ link to this | view in thread ]
Outside the US
[ link to this | view in thread ]
Re: Tyshaun
2.) Okay, so the cost of 1 GB of disk space is roughly 50¢, lets see 1,000 GB = 1 TB and 1,000 TB = 1 PB. Presuming that only a single Petabyte would be sufficient for a major ISP such as ATT/Comcast, Bellsouth, or SBC, you're looking at a rough cost of $500,000 per Petabyte, and that's using IDE lets not even get into the cost of reliable SCSI or SATA disk space. So at the rough cost of a half million per ISP per Petabyte, and presuming that there are only 6 ISPs (despite the fact that there are dozens in the U.S. not including Dial-Up services) you're looking at roughly three million dollars just for DR. What should be stored btw? Do you just want ARP/DHCP tables or do you want every single IP address that was visited by subnet as well as the information they searched for and/or cookie/temp file information? Anything more than vague DHCP and ARP tables a Petabyte per ISP isn't nearly enough and even then what good is establishing who had what IP at what time?
The whole thing smells of abbusive control. It's just something else that the federal government can use against its people in order to maintain draconic like control over the populace.
[ link to this | view in thread ]
Yeesh!
[ link to this | view in thread ]
Expect Legislation
[ link to this | view in thread ]
Anonymous Coward
[ link to this | view in thread ]
cool^
[ link to this | view in thread ]