ISP Tracking Legislation Hits the House 332
cnet-declan writes "CNET News.com reports that Republicans in the U.S. House of Representatives announced yesterday legislation to force ISPs to keep track of what their users are doing. It's part of the Republicans 'law and order agenda,' with other components devoted to the death penalty, gangs, and terrorists. Attorney General Gonzales would be permitted to force Internet providers to keep logs of Web browsing, instant message exchanges, and e-mail conversations indefinitely. The draft bill is available online, and it also includes mandatory Web labeling for sexually explicit pages. The idea enjoys bipartisan support: a Colorado Democrat has been the most ardent supporter in the entire Congress."
Re:Option Labeling of Non-Sexual Content (Score:3, Informative)
Re:From the draft... (Score:1, Informative)
Yes. Electromagnetic Spectrum [wikipedia.org].
Actually (Score:3, Informative)
Re:Good luck (Score:5, Informative)
Here's what the bill says:
SEC. 6. RECORD RETENTION REQUIREMENTS FOR INTERNET SERVICE PROVIDERS.
(a) REGULATIONS.Not later than 90 days after the
date of the enactment of this section, the Attorney General
shall issue regulations governing the retention of records
by Internet Service Providers. Such regulations shall, at
a minimum, require retention of records, such as the name
and address of the subscriber or registered user to whom
an Internet Protocol address, user identification or telephone
number was assigned, in order to permit compliance
with court orders that may require production of such information.
First note that the information they are primarily interested in is being able to tie a user to an IP address. It is trivial for an ISP to keep this information, and any responsible ISP already does so that they can investigate fraud and abuse complaints.
Second, the regulations are to deal with record retention, not tracking. So, if an ISP currently tracks user activity, the AG could require the ISP to keep that information for x days. But this bill does not seem to give anyone the power to order ISPs to start tracking users in ways they aren't already.
Re:Useful only for abuse (Score:4, Informative)
I'm not quite sure you understand reality some ISP's delete customer login information hours after they are used, (which in reality may or may not be the truth as which information really gets destroyed diverges from the official company policy). It litterally takes days to weeks to months to track down a user to an originating IP who went through multiple servers in different countries, talking with different admins and end users who have a compromised box, working your way back to the source. The police don't have a movie style magic box, they can plugin that will tell them, hacker trying to break into bank , bounced through 10 different systems, 3 different countries but is actually sitting in Columbus, Ohio (of course as a proper nod to the movies, the hacker always knows they are onto him and disconnects right as the last line is being drawn to his house).
What I think it comes down to is there is such a wide varience to the rules, 8+ years ago when admined at an ISP we had conversations with FBI about retention policies: email, backup, authentication logs, etc. There statement to us was that we could do anything we wanted as long as the whole organization followed the same rules; if they would call up the secretary and she said that we never deleted backup tapes, and they call up the admin and he says they are deleted every days. That they would be flying in and getting all the equipment under court-order evidence protection (effectively putting us into a bind operationally having no equipment anymore).
You think this is bad! (Score:3, Informative)
Re:Good luck (Score:3, Informative)
reference to IM and chat records misleading (Score:3, Informative)
Re:Good luck (Score:5, Informative)
From TFA.
"Because there is no limit on how broad the rules can be, Gonzales would be permitted to force Internet providers to keep logs of Web browsing, instant message exchanges, or e-mail conversations indefinitely. (The bill does not, however, explicitly cover search engines or Web hosting companies, which officials have talked about before as targets of regulation.)
That broad wording also would permit the records to be obtained by private litigants in noncriminal cases, such as divorces and employment disputes. That raises additional privacy concerns, civil libertarians say. "
Re:Oh, Congress won't pay for it. (Score:3, Informative)
Re:Good luck (Score:4, Informative)
You underestimate the web pages you visit. I did an experiment a few weeks ago along these lines using Firefox's LiveHTTPHeaders. After hitting the front pages of Slashdot, MSN, Yahoo, and two other portal sites, I had 150 requests. That's 30 requests per page. Just now, loading yro.slashdot.org took over 50 requests.
People generate an enormous amount of web traffic without even thinking about it. To expect every ISP to archive that information just because is crazy. It's only really feasible for someone like Google, who is in the business of profiling potential customers (or AT&T, who is in the business of letting the Feds spy on you).
Re:You're thinking too hard (Score:3, Informative)
Re:My logs aren't going to be very interesting (Score:3, Informative)
Re:constitution (Score:2, Informative)
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
http://www.law.cornell.edu/constitution/constitut
So if the government can already get away with warrantless wiretaps, then the new records retention initiative will be just one more nail in the coffin of the Constitution.
An Affront On Privacy (Score:4, Informative)
Re:Good luck (Score:3, Informative)
Re:Good luck (Score:4, Informative)
Actually there is: Now, I suggest you go read Title 18, 2257:http://www4.law.cornell.edu/uscode/html/usco
Specifically this line:
"(g) The Attorney General shall issue appropriate regulations to carry out this section."
Now... go out and read about the "appropriate regulations" which have been issued by the Attorney General and their practical applications and implications. For example: Federal agents can enter a private home without warning nor warrant, and search through her computer files to check for compliance. Anything seen during that "visit"--regardless of whether or not it has anything to do with "porn", can be used as evidence of crime. By order of the AG, the 4th Amendment ceases to exist for cam girls (any "cam girl" who shows skin is considered a "producer of pornography" and her home is a "place of business").
As with 2257, this legislation clearly and specifically gives the Attorney General a blank check in writing rules--rules which are not debated before nor voted on by Congress, nor signed by the President, yet which hold the weight of law.
You can bet that the initial "attack" will be 2-pronged: Porn and Terrorism. Morality and Fear.
And let's be very clear about this: This will be done under the authority of a single, unelected man; a man who, in the current incarnation, wrote guidelines telling members of the current administration how to get away with torture.
While there are very few politicians that I trust, I do trust in the conflict of personal interests which pervades Congress to create a situation where there is at least some degree of valid debate and limit of authority.
Hah (Score:2, Informative)
And then it got revoked quietly and quickly, when ISPs made a united front... I mean, honestly, what would be the _costs_ alone to comply with it, I don't even NEED to mention privacy and other legal issues.
Basically, storing packets is already a pretty insurmountable burden (coupled with having to store them -indefinitely-), if you want to add analyzing packets for which ones are chat log, which web requests etc... why don't you become Google while you're at it then?