Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

Inside Comcast's Surveillance Policies 134

Monk writes "The Federation of American Scientists has obtained a recently disclosed Comcast Handbook for Law Enforcement which details its policies for divulging its customers' personal information. (Here's the handbook itself in PDF form.) All of Comcast's policies seem to follow the letter of the law, and seem to weigh customer privacy with law enforcement's requests. This is in apparent contrast to AT&T and a number of other telecommunication companies, which have been only too happy to give over subscriber records. According to the handbook, Comcast keeps logs for up to 180 days on IP address allocation, and they do not keep all of your e-mails forever (45 days at most). VoIP phone records are stored for 2 years, and cable records can only be retrieved upon a court order. The document even details how much it costs law enforcement to get access to personal data (data for child exploitation cases is free of charge)."
This discussion has been archived. No new comments can be posted.

Inside Comcast's Surveillance Policies

Comments Filter:
  • Secure your email (Score:3, Informative)

    by MacDork ( 560499 ) on Monday October 15, 2007 @10:27PM (#20990973) Journal
    I'll trot this pony out one more time:

    (Mac OS X 10.3+) http://www.joar.com/certificates/ [joar.com]
    (Windows) http://www.marknoble.com/tutorial/smime/smime.aspx [marknoble.com]
    • by waa ( 159514 )
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      re: http://www.joar.com/certificates/ [joar.com]

      I read your MAC OSX article/how-to.

      What? Not one mention or link to information on GPG http://www.gnupg.com/ [gnupg.com]

      and/or PGP???

      http://www.pgp.com/ [pgp.com]

      I support and use the former and recommend the latter to my Microsoft locked-in friends.

      What about enigmail http://enigmail.mozdev.org/for [mozdev.org] Thunderbird

      or firegpg http://firegpg.tuxfamily.org/ [tuxfamily.org] for firefox?

      Open your mind. .mac is not the end-all and be-all...

      P.S. Note that this post is signed
      • Re:Secure your email (Score:4, Interesting)

        by Kadin2048 ( 468275 ) * <slashdot...kadin@@@xoxy...net> on Monday October 15, 2007 @11:13PM (#20991273) Homepage Journal
        I have the capability of using both S/MIME and GPG for email (using Apple Mail, it's a matter of installing gpg, getting the Sente Software gpg addon for Mail [sente.ch], and getting a S/MIME certificate to activate the built-in S/MIME support), but overall I think S/MIME is probably better positioned to succeed in the marketplace. It's more idiotproof.

        As much as I really despise the centralized philosophy behind S/MIME and x.509, there's something to be said for avoiding the 'web of trust' models that lie underneath GPG as its currently used, because most users just don't want to have to deal with it.

        Getting people to use encryption is always a tough sell, because most people, to be perfectly frank, lead lives that are so completely boring that nobody would ever want to read their mail, and they know it. Therefore, they're not going to expend much effort getting it working. Either it works all automagically, or they don't use it at all.

        I've yet to see a GPG implementation that comes as close to being foolproof as some S/MIME implementations (like Apple's), once you get the certificates set up. Once you've received a signed message from someone, you have their public key. Once you have that, the encryption button is magically enabled, and you can send encrypted stuff to them. Even Sente's Mail frontend to GPG isn't that easy to use.
        • by shmlco ( 594907 ) on Tuesday October 16, 2007 @01:49AM (#20992083) Homepage
          "Getting people to use encryption is always a tough sell, because most people, to be perfectly frank, lead lives that are so completely boring that nobody would ever want to read their mail, and they know it."

          Or the flip side of the equation. Many are already placing already anything and everything about themselves on MySpace and Facebook. With so much information already public and available, what's to hide?
        • Getting people to use encryption is always a tough sell, because most people, to be perfectly frank, lead lives that are so completely boring that nobody would ever want to read their mail, and they know it

          Just because you think its boring doesn't mean the powers that be don't. (Your employer, random stalker, marketing company, and of course the government)

          Its usually the mundane stuff that they could use against you ambiguously. Everyone breaks the law one way or another due to the nature of our complex le
      • wtf? GPG works just fine with Outlook. See http://www.gpg4win.org/ [gpg4win.org]
      • -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        I wanna like PGP, I really do... but tell me this comment isn't ugly. OK, now stop lying. Every time I see a PGP signed message I can't help but think how aweful it looks. What is the average user gonna wanna put up with that. Sure, you have the right software/plugins/whatever, it can be made to look better and be non-obtrusive, but the fact of the matter is, but default it's ugly.

        IMHO, the biggest problem with X.509 certificates is cost. Sure, you can get a free
    • Re: (Score:2, Interesting)

      by ArcherB ( 796902 ) *
      I'll trot this pony out one more time:

      (Mac OS X 10.3+) http://www.joar.com/certificates/ [joar.com]
      (Windows) http://www.marknoble.com/tutorial/smime/smime.aspx [marknoble.com]


      While I appreciate the idea and all, why? It's really not worth the time to encrypt my email. Do you think that if the feds are monitoring your line, they are just going to say, "Damn! He's encrypted. Let's move on to the next." I'm going to guess not. If anything, seeing that you email is encrypted might be enough to peak their interest to make you MORE
      • Re: (Score:3, Insightful)

        by waa ( 159514 )
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        Nothing incriminating in your email? Not worried about 'them' monitoring your emails? Think again.

        "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety"
        Ben Franklin

        And BTW, encrypting email only takes a few minutes to set up and no (perceptible) time when signing/encrypting a message.

        - --
        Bill Arlofski

        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v1.4.7 (GNU/Linux)
        Comment: 'email gpgpublickey@revpol.com
        • by ArcherB ( 796902 ) *
          Nothing incriminating in your email? Not worried about 'them' monitoring your emails? Think again.

          "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety"
          Ben Franklin

          And BTW, encrypting email only takes a few minutes to set up and no (perceptible) time when signing/encrypting a message.


          Uh, do you have something better than an overused Ben Franklin quote from over 200 years ago? How about something a bit more current, from someone who understands
          • by marmoset ( 3738 )
            To be fair, if his wife is using the same mailer he is, then there literally isn't anything to set up -- when she receives an email from him, she sees an extra checkmark and the word "signed". If he's taken the 10 or so minutes it takes to set her up the same way, it's literally only one extra click for her to encrypt her emails to him. Though Mail.app is far from a great mailer, the way it handles S/MIME is truly as transparent as it could ever possibly be.
        • by Ucklak ( 755284 ) on Monday October 15, 2007 @11:24PM (#20991333)
          Do I have anything incriminating in my email?
          No

          Do I care if they snoop in my email?
          Yes

          Will I encrypt my email because they're snooping?
          No - in the case of confidential messages, they have always been dealt with cryptically.

          Can I do anything about them snooping in my email - regardless if it's encrypted or not?
          Absolutely not

          Can we do anything about them snooping in my email?
          We can try

          I am such a low priority for them that as long as it doesn't disturb my day to day routine, I really don't worry about it. I don't even notice if they are even sniffing my packets.

          It's like being robbed in your home when you're out. It doesn't matter if you have an alarm system or not, if someone wants property of yours, they will get it.
          You can double lock your doors, put bars on the windows, pay for a monitoring service, or whatever, it will not stop a determined person from getting whatever they want to get.

          That hassle of behavior is not worth it to me. Supporting a group or honest politician to stop the snooping is worth the hassle.

          I'm not going to go downtown and walk across the street out of my way just to avoid the town crier (you know, every town has one, a crazy coot parked in the center of town that says the end of the world is coming). I will confront him if he confronts me.

          • Re:Secure your email (Score:4, Interesting)

            by Kadin2048 ( 468275 ) * <slashdot...kadin@@@xoxy...net> on Tuesday October 16, 2007 @10:23AM (#20996241) Homepage Journal

            Can I do anything about them snooping in my email - regardless if it's encrypted or not?
            This is where I think you are wrong. There is strong evidence to suggest that modern, widely-available encryption techniques provide a substantial barrier to snooping, and make the process of snooping far more difficult than it would otherwise be. It's certainly possible that someone has the capability of decrypting 2048-bit ElGamal or other modern PK encryption, if they do it's a closely guarded secret, unavailable to the vast majority of would-be snoopers. (I.e., if the NSA does have some unimaginably powerful quantum computer in its basement, which I frankly don't think they do, they're only going to use it on very high-value targets; anything more risks revealing their capability. It's not a tool you could use for the most oppressive kinds of mass surveillance.)

            Therefore the aggregate effect of large numbers of people using encryption would be to render large-scale electronic surveillance systems useless, since they are only practical for plaintext traffic. (In fact, you don't really even need to be using state-of-the-art crypto; if everyone were using even keys that took a few days to break on a supercomputer, it would prevent most types of high-speed/real-time analysis and force authorities to take much more fine-grained, targeted approaches.

            Your argument against taking an individual step to prohibit mass surveillance is the same argument that many people make against voting: your action, taken singularly, has virtually no effect. It is only as part of a group that it is significant. But just as many people deciding to vote the same way can change a government, a large number of people deciding to make the snoopers' jobs (even slightly more) difficult would quickly outpace their resources available for the task.

            I don't think the solution is either-or, personally. As concerned citizens, we need to vote. As people with technological knowledge and capabilities, we have a responsibility to not make it easy for those in power to abuse it, through our passivity.
          • Re: (Score:3, Interesting)

            by vertinox ( 846076 )
            It's like being robbed in your home when you're out. It doesn't matter if you have an alarm system or not, if someone wants property of yours, they will get it.
            You can double lock your doors, put bars on the windows, pay for a monitoring service, or whatever, it will not stop a determined person from getting whatever they want to get.


            But in this instance it is like having someone in your house at all times who is allowed to go through your stuff at any given time for any particular reason. They aren't suppo
      • by spud603 ( 832173 ) on Monday October 15, 2007 @11:06PM (#20991223)
        There's a strong argument to be made to encrypt specifically because you have nothing to hide.
        This is similar to the idea that you should not let the cops search your home without a warrant even though you don't have anything illegal inside. The more it becomes assumed that only the "bad guys" that are asserting their rights and/or privacy, the more likely such assertions will be thought of as indicative of bad behavior in and of themselves. If the feds assume I'm a criminal simply because I encrypt my email, then they are not doing their job effectively.
        • by waa ( 159514 )
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA1

          I agree completely. Excellent point...

          -----BEGIN PGP SIGNATURE-----
          Version: GnuPG v1.4.7 (GNU/Linux)
          Comment: 'email gpgpublickey@revpol.com for my public key'

          iD8DBQFHFDmYcBKMMWOpTtwRAq7UAKCwK8z82/ZijTot5Vr3Fjd6TUa4aQCgrvvK
          5KnXXA9BewVkH+F7J4Voy8g=
          =T/fD
          -----END PGP SIGNATURE-----
        • by ArcherB ( 796902 ) * on Monday October 15, 2007 @11:28PM (#20991359) Journal
          There's a strong argument to be made to encrypt specifically because you have nothing to hide.
          This is similar to the idea that you should not let the cops search your home without a warrant even though you don't have anything illegal inside. The more it becomes assumed that only the "bad guys" that are asserting their rights and/or privacy, the more likely such assertions will be thought of as indicative of bad behavior in and of themselves. If the feds assume I'm a criminal simply because I encrypt my email, then they are not doing their job effectively.


          Sure, but that is because having the police enter my house is intrusive. They track mud in, can drop anything anywhere and say that they found it there. That can't be done with email. Also, a warrant specifies exactly what they are looking for. Finally, items found in a house search is enough for prosecution. A quote from an email is not. Besides, these guys are not looking for prosecution, they are looking to identify and bust terrorism cells. They are looking to stop the next terrorist attack. They are looking to intercept supplies such as bomb making materials and replace them with something inert. Yes, an email will be evidence, but when it comes to terrorism, they require a open and shut case with multiple arrests. They don't want to pop you for looking for weed.

          If the feds assume I'm a criminal simply because I encrypt my email, then they are not doing their job effectively.

          I never said that. I said they would take a close look, wasting their time and doing MORE of what you didn't want them to do in the first place. If they can't get your email, they may listen to your phone calls. They may start tailing you. They may start investigating the people you email. Why? Because you thought it would be super cool spy stuff to encrypt your email to keep the evil G-Men out.

          Besides, even the SS didn't really need to evesdrop. If they wanted information, they'd kick down your door, torture your little girl until YOU cracked, and put you on a train somewhere with a bunch of people with stars sewn into their clothing.

          • Re: (Score:3, Interesting)

            I trot out this old quote from the postal museum in Washington, D.C.

            At the beginning of the new America, nearly all the news came by mail. When the Constitution was signed, it was rushed by post riders to every town that had a printing press. And that's how the newspapers were able to bring the resounding news of how we were to govern ourselves. The newspapers knew of it first by mail.

            In England, for centuries, the mail was frequently scrutinized by agents of the Crown or of the Parliament. It cou

            • Re: (Score:3, Insightful)

              by ArcherB ( 796902 ) *
              And this part is the key:
              It could be worth your life to write a letter that might be seen as having the seeds of treason.

              George Bush is not going to have you executed if you look like you may be "seeding the seeds of treason". Hell, if that were the case, all he'd have to do is show up at a anti-war rally and shot the people carrying the signs calling for revolution! Why bother paying Comcast? The King of England read mail to keep himself in power. The feds read mail to prevent a terrorist from killing
              • How's the brigade doing these days? It's been so long since I left, but I'd quite like to hear back from some of you guys. Wanna get together for a pint or something sometime, revisit the old days, go on a three-day binge like we used to?
              • Comment removed based on user account deletion
          • Re:Secure your email (Score:4, Informative)

            by greg_barton ( 5551 ) * <greg_barton&yahoo,com> on Tuesday October 16, 2007 @12:22AM (#20991655) Homepage Journal

            They track mud in, can drop anything anywhere and say that they found it there. That can't be done with email.

            You're kidding, right?
          • I'm afraid thats a little naive. Terrorism laws have been used quite frequently to prosecute ordinary crime. So you might not be building a bomb, but have you been downloading copyrighted material without the permission of the copyright holders? That might also be of note at some point to someone that may believe they own said copyright. I don't like terrorism, and I disagree with many people here about the ethics of downloading music, movies and tv shows with out explicit permission of the copyright holder
            • by ArcherB ( 796902 ) *
              Terrorism laws have been used quite frequently to prosecute ordinary crime.

              And that I disagree with 100%! Fortunately, I have not heard of a case where terrorism laws have been used to prosecute non-terror related crime. The second that they are, the prosecutor should be tossed out on his ass, not the laws. Punish those that abuse the tools, not the tools themselves.

              As for copyright, do you think that its right that the RIAA has more power to spy on you than the federal government? At least the governme
              • by shawb ( 16347 )

                And the bill gives law enforcement new tools to combat threats to our citizens from international terrorists to local drug dealers." -- President George W. Bush - March 9, 2006, regarding USA PATRIOT Improvement and Reauthorization Act

                The Patriot Act Reauthorization Includes The Combat Methamphetamine Epidemic Act Of 2005. This bill introduces commonsense safeguards that will make many ingredients used in methamphetamine manufacturing more difficult to obtain in bulk and easier for law enforcement to tr

          • by Jah-Wren Ryel ( 80510 ) on Tuesday October 16, 2007 @01:49AM (#20992081)

            Besides, these guys are not looking for prosecution, they are looking to identify and bust terrorism cells. They are looking to stop the next terrorist attack. They are looking to intercept supplies such as bomb making materials and replace them with something inert. Yes, an email will be evidence, but when it comes to terrorism, they require a open and shut case with multiple arrests. They don't want to pop you for looking for weed.
            Could you be any more naive?

            Just how many terrorists attacks have we had in the US? Why are you still knee-jerking on a crime that kills less people world-wide (including Israel) than drown in bath-tubs?

            As for "they require a open and shut case with multiple arrests" WTF are you talking about? Do you know how many people in Guantanamo are part of "open and shut cases?" NONE. Do you know how many were even "picked up on the battlefield?" Hardly more than 5%.

            How about the thousands arrested in NYC during the republican convention who were then just conveniently released without charges?

            Recent history is chock-a-block full of cases where OUR government abused civil rights - when they couldn't find something legit to bust someone for, they stretched to find anything to pin on them - like popping you for looking for weed.

            I never said that. I said they would take a close look, wasting their time and doing MORE of what you didn't want them to do in the first place. If they can't get your email, they may listen to your phone calls. They may start tailing you. They may start investigating the people you email. Why? Because you thought it would be super cool spy stuff to encrypt your email to keep the evil G-Men out.
            Yeah, and if enough people do it then this goddamn fear-mongering will have to end because there won't be enough people in the world to take it to the next level for every one of them.

            Besides, even the SS didn't really need to evesdrop. If they wanted information, they'd kick down your door, torture your little girl until YOU cracked, and put you on a train somewhere with a bunch of people with stars sewn into their clothing.
            You make that statement as if it is some kind of justification to bow down to the man because he'll do whatever he wants anyway. You have got to be trolling, either that are you are some kind of Martin Niemöller [wikipedia.org] wannabe.
          • by Zardus ( 464755 )
            They track mud in, can drop anything anywhere and say that they found it there. That can't be done with email.

            Sure they can. They just create a nice real-looking email and paste it into their log. Maybe fix a few TCP sequence numbers and all set. On the other hand, if you encrypted your email, they wouldn't be able to do that without the key, which presumably you would only be forced to hand over once all the evidence was already on the table (ie, by a judge).

            Finally, items found in a house search is enough
          • 'Sure, but that is because having the police enter my house is intrusive. They track mud in, can drop anything anywhere and say that they found it there.'

            The same is true of tapping my phone lines, it requires a warrant and for good reason. The same is true of requesting my DNA. You do not give the police or any investigating authority any intelligence voluntarily because when they are investigating you they are your enemy. It is estimated based on after the fact DNA testing that 30% of the people in prison
            • by ArcherB ( 796902 ) *
              The same is true of tapping my phone lines, it requires a warrant and for good reason. The same is true of requesting my DNA. You do not give the police or any investigating authority any intelligence voluntarily because when they are investigating you they are your enemy. It is estimated based on after the fact DNA testing that 30% of the people in prison are innocent, think about that.

              I remember a quote from a police officer who was giving a speech to us soldiers at Ft. Hood about the dangers of drunk dri
              • This is the laugher of the day! Why would the feds go through all the expense and hassle of reading your email looking for political dissidents when they could just go to the nearest Code Pink rally or raid the offices of MoveOn.org!!!

                You cannot possibly be so naive as to actually believe that. [homelandstupidity.us]

                And that's just one incident. HE PERSONALLY has experienced and documented dozens more. You really don't see what's right in front of your face, do you?

                It is common knowledge that they used the FBI to dig up dirt

              • 'However, I am worried if we have another Clinton presidency. It is common knowledge that they used the FBI to dig up dirt on political opponents. Now it is coming to light the they intercepted wireless phone calls of political opponents to listen in. At least this administration lets you know they are doing it.'

                I highly doubt there has been an administration that hasn't done it to be honest. But there was a time when they did so in shadows afraid of the power wielded by the people. Bush and company have ju
      • by Technician ( 215283 ) on Monday October 15, 2007 @11:46PM (#20991459)
        There is nothing incriminating in my email beyond sending stupid YouTube links to a buddy or bitching to the wife about who chooses whats for dinner.

        My stock trades are not incriminating either, but they are not sent plaintext. They are also not sent on my ISP mail servers. Sometimes data security is simply data security to prevent mis-use in the wrong hands. There is nothing incriminating, but my credit card order details is not to be made public.

        There is a reason to encrypt some sensitive data. ID theft of credit card information is just one of the many reasons.
        • by ArcherB ( 796902 ) *
          y stock trades are not incriminating either, but they are not sent plaintext. They are also not sent on my ISP mail servers. Sometimes data security is simply data security to prevent mis-use in the wrong hands. There is nothing incriminating, but my credit card order details is not to be made public.

          There is a reason to encrypt some sensitive data. ID theft of credit card information is just one of the many reasons.


          Very well put. Personally, I can't say my rights are being violated when nothing in my life
          • But these are different than encrypting your email because you think the Feds might be watching.

            How is the feds going to know any different? Often the only clue is the reciepent is orders@ameritrade.com or Ghadactv8st@gmail.com
            • by ArcherB ( 796902 ) *
              How is the feds going to know any different? Often the only clue is the reciepent is orders@ameritrade.com or Ghadactv8st@gmail.com

              The GGP was stating that he would encrypt his email because the gov't may be listening. I said that was a stupid reason and actually counter productive.

              Besides, I think the address is a pretty good clue! Also, I think the physical location of the recipient, say, Tora Bora Afghanistan, would be another pretty good clue to go on.
          • by Brikus ( 670587 )
            Yeah, if you don't have anything to hide, then why would you mind people snooping in your things. Your next post should include your entire medical history, credit card and bank statements with full account numbers, and your last seven tax returns.

            Alright, that's a big extreme, but according the the current U.S. constitution, we still have a right to privacy and protection from unwarranted searches. Just because I don't feel like airing my dirty laundry doesn't mean that I'm one of the terrorists. There
      • by MacDork ( 560499 )

        It's really not worth the time to encrypt my email.

        It's free. It takes less time to get a key than it took you to respond to my post. Once you have a key, the email client encrypts for you automatically. Your time argument is extremely weak.

        If anything, seeing that you email is encrypted might be enough to peak their interest to make you MORE watched, not less.

        Terrorist this, al Qaeda that... you're using extremely tortured logic. (Pun intended)

        1. They aren't supposed to be looking at my email un
      • 'Do you think that if the feds are monitoring your line, they are just going to say, "Damn! He's encrypted. Let's move on to the next." I'm going to guess not. If anything, seeing that you email is encrypted might be enough to peak their interest to make you MORE watched, not less.'

        You are probably right, IF you have been tagged by authorities and they have reason to believe you've committed a crime or great reason to want to snoop in on you then they will probably scrutinize you more closely if you have en
    • If you have OS X 10.4, you can make your own certificates [afp548.com].
      • If you have OS X 10.4, you can make your own certificates [afp548.com].

        Yes, you can do this. However, it's a pretty poor idea.

        S/MIME is designed to work with centralized Certificate Authorities. If you roll your own CA and issue yourself a self-signed certificate, you'll be able to sign stuff, but people who receive your messages will get a big "BAD SIGNATURE" error or warning, because they won't have your CA in their trusted chain. In order to get it to work, you'd need to get them the CA certificate, and they'd need to import it into their trusted root database. (Which is a

        • S/MIME is designed to work with centralized Certificate Authorities. If you roll your own CA and issue yourself a self-signed certificate, you'll be able to sign stuff, but people who receive your messages will get a big "BAD SIGNATURE" error or warning, because they won't have your CA in their trusted chain. In order to get it to work, you'd need to get them the CA certificate, and they'd need to import it into their trusted root database. (Which is a security risk -- you do not want to encourage clueless

          • Yes, you can do this. (And in fact, I think this is the way to go on a lot of crypto, e.g., PGPfone or OTR Messaging's fingerprint-verification systems that don't require any PKI.)

            However, for email, you may and probably do want to talk to a lot of people that you may never meet in person or communicate with any other way. This makes verifying a lot of individual fingerprints cumbersome -- but if you don't have any other method for proving authenticity, you create a massive security hole for MITM attacks.

            So
    • by Lumpy ( 12016 )
      I'll add one more thing.

      If you bittorrent, use a client that encrypts. and force it to only accept encrypted. Comcast techs are usually way way behind the ball and are easily fooled if you do a few things to protect yourself. Also, if you are not running it, get a copy of peer guardian and install it. every little bit helps. Their Internet Security goons are typically Ex-Cops first and IT people last.

      another way to limit P2P detection, set your download and upload to be near identical. Yes it takes longe
  • How much it costs? (Score:4, Interesting)

    by aeschenkarnos ( 517917 ) on Monday October 15, 2007 @10:31PM (#20991003)
    That's odd. I'd have thought it cost "do it or be fined/arrested".
    • I found that interesting as well. What if the law enforcement agency can't afford it?
      • What if the law enforcement agency can't afford it?

        They'll just ask for a bigger budget next year.
      • Re: (Score:3, Informative)

        Most law enforcement budgets have a clause for "emergency funding for investigative purposes"

        Comcast's charges don't seem unreasonable either, considering the amount of data they'll have to sift through to provide the information.
        • by nateb ( 59324 )
          paying a guy for a week to come up with a webpage that aggregates a bunch of selects and some greps doesn't seem like that much to me. oh and better pay a support guy or ten to answer the phone.
      • What if the law enforcement agency can't afford it?

        That's why they always say it's for a child exploitation case.

    • Re: (Score:3, Informative)

      by Burdell ( 228580 )
      IIRC, when a subpoena is issued for information from a third party, that party can charge a fee to cover the costs of gathering the requested information.
  • Misleading article (Score:5, Interesting)

    by Anonymous Coward on Monday October 15, 2007 @10:38PM (#20991047)
    Complying with requests from "Law Enforcement" is quite a bit different from complying with requests to assist a US government agency with an anti-terror program. Local law enforcement is far removed from the latter.

    Is this an attempt to improve Comcat's poor reputation among /.'ers? They still haven't changed thier undocumented policies related to bandwidth limitations on "unlimited bandwidth" accounts.
    • ill take sane customer privacy action over limiting my bandwidth to a somewhat vague and mildly unreasonable policy that wouldnt potentially land me in jail if i violated it.

      seriously, if this is the case i hate comcast quite a bit less. i just sort of assumed they were doing the same thing as att and verizon and rolling over for uncle sam.
    • by bakana ( 918482 )
      There are no such things are unlimited bandwidth accounts. There has not been any commercials that state unlimited bandwidth for accounts. This is made up by consumers such as yourself. The document has not recently been updated, that has been comcast policy for a long time. Before you write something, get your facts right.
    • Local law enforcement is far removed from the latter.

      While there is some truth to the common perception of local (eg, Middle-of-Nowhereville, MT) law enforcement having more in common with the Keystone Kops [wikipedia.org] than the Feds, the majority of urban police departments are quite professional and will continue to evolve.

      They still haven't changed thier undocumented policies related to bandwidth limitations on "unlimited bandwidth" accounts.

      As someone who lives in fear of the dreaded call [dslreports.com], the policies and procedures described in the handbook didn't even raise an eyebrow. It all seemed rather, well, mundane. The frontpage of /. elicited more of a reponse, for me.

      btw - How would we know

  • by gadzook33 ( 740455 ) on Monday October 15, 2007 @10:54PM (#20991181)
    Internet, Voice, TV. All on one subpoena.
    • I think its funny and very telling about americans that you can get voip, email, and IP records but they say hell no to your tv watching habits. Incredible.
  • by value_added ( 719364 ) on Monday October 15, 2007 @11:25PM (#20991339)

    Interesting read, especially considering the "Comcast Confidential" footer at the bottom of every page. That said, it's informative only insofar as it states there's laws to be considered, and makes clear the folks at Comcast insist on following them. Nothing in that document is very different than a typical publically-available TOS. Here's an excerpt:

    Generally, the following information, when available to Comcast, can be
    supplied in response to the types of requests listed below. Each request
    is evaluated and reviewed on a case by case basis in light of any
    special procedural or legal requirements and applicable laws. The
    following examples are for illustration only.
     
    - Grand Jury, Trial, or Statutorily Authorized Administrative Subpoena
    - Judicial Summons
    - Court Order
    - Search Warrant
    - Preservation Request/ Backup Preservation Request
    - Pen Register / Trap and Trace Device
    - Foreign Intelligent Surveillance Act of 1978
    - National Security Letter
    - Child Abuse
    - Emergency Disclosure

    As for the email policies referred to in the summary, Comcast does not store emails any longer than the subscriber chooses keeps them.

    Comcast's Webmail service permits customers to change their email
    deletion policies, but the current default settings are described below.
     
    - Inbox (Read Mail No automatic deletion policy)
                        (Unread Mail 45 day retention period)
    - Trash (Read Mail 1 day retention period)
                        (Unread Mail 1 day retention period)
    - Sent Mail (Read Mail 30 day retention period)
                        (Unread Mail 30 day retention period)
    - Screened Mail (Read Mail 3 day retention period)
                        (Unread Mail 3 day retention period)
    - Personal Folders (Read/Unread No deletion policy)
    - Popped Mail (Deleted immediately from web mail servers)

    Put another way, Comcast doesn't store your emails. You do.

    • Comcast does not store emails any longer than the subscriber chooses keeps them.


      You left out the part where a subscriber may elect to not use Comcast mail at all and elect to use another providers service such as Hotmail or Yahoo mail. Comcast does not have any record of these. It's hard to retrieve records that don't exist. I fall in that catagory. I don't use my ISP's email at all.

      Quick and dirty is if you receive all services from Comcast. However if you only subscribed to Internet and used Broadvoi
  • Yay for Viral PR (Score:2, Interesting)

    by vprasad ( 533778 )
    Yay for viral PR provided by Comcast... nice handbook... how much different is it from the "real" handbook?
  • If you've been paying attention to the news, the service providers simply cave into the government's demands for personal information then cry for legislation to retroactively exonerate them when they're caught breaking the law. Policies, legally-binding agreements, and laws mean jack in the current environment.
  • Cox (Score:2, Informative)

    by DanielBoz ( 991592 )
    For any interested here is the equivalent info on Cox Communications: http://www.cox.com/policy/leainformation/default.asp [cox.com] http://www.cox.com/policy/leainformation/CoxLawfulInterceptWorksheet.pdf [cox.com]
  • by shaitand ( 626655 ) on Tuesday October 16, 2007 @05:05AM (#20992949) Journal
    'and cable records can only be retrieved upon a court order'

    Are they saying that comcast will hand over identity and ip records WITHOUT a court order? The only 'balanced' policy would be to turn over nothing to law enforcement without a court order and even then to oppose the order if possible.

  • by dpbsmith ( 263124 ) on Tuesday October 16, 2007 @08:47AM (#20994641) Homepage
    "All of Comcast's policies seem to follow the letter of the law, and seem to weigh customer privacy with law enforcement's requests. This is in apparent contrast to AT&T and a number of other telecommunication companies, which have been only too happy to give over subscriber records."

    Apples and oranges. "Monk" is comparing Comcast's words to AT&T's actions..

    It's nice to know that Comcast is able to write a policy manual that follows the law, but surely a written policy telling employees to break the law would trigger a minor scandal.

    Anyone who's ever been in a large organization is familiar with lip-service CYA written policies.

    How seriously does Comcast take this policy? Do they give training sessions to the people who need to implement it? Do they back up or undercut the people who go "by the book?"
  • Verification (Score:1, Informative)

    by Anonymous Coward
    I was told more-or-less the same thing when I interviewed at comcast earlier this year.
    They also do not monitor outbound traffic at all unless for diagnostic purposes or because of a warrant. I was told, point blank, that they simply 'do not want to know' what is going on with their subscribers.

    And to be frank, I can't say that I blame them. Collecting subscriber usage data is more of a liability than anything else these days.
  • Where did they obtain this allegedly confidential document? If it was leaked, could it have been done exactly for this kind of publicity on internet message boards? And, even if it is authentic, just because these are their policies does not mean that this is how things are handled within the company. Also, it disturbs me that Comcast, an ISP, would use pixelated graphics for its in-house confidential handbooks. Also also, to wit, hiding in anonymity (as other posters have suggested) can only work for so

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...