FBI Pushing For 2-Year Retention of Web Traffic Logs 256
suraj.sun writes to tell us that the FBI is pushing to have ISPs keep detailed records of what web sites customers have visited for up to two years. Claiming a desire to combat "child pornography and other serious crimes," the FBI and others are pressing for increased data retention, which they have been doing since as early as 2006. "If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant. What remains unclear are the details of what the FBI is proposing. The possibilities include requiring an Internet provider to log the Internet protocol (IP) address of a Web site visited, or the domain name such as cnet.com, a host name such as news.cnet.com, or the actual URL such as http://reviews.cnet.com/Music/2001-6450_7-0.html. While the first three categories could be logged without doing deep packet inspection, the fourth category would require it. That could run up against opposition in Congress, which lambasted the concept in a series of hearings in 2008, causing the demise of a company, NebuAd, which pioneered it inside the United States."
Won't someone please think of the children (Score:5, Insightful)
It's getting so old.
Re:Won't someone please think of the children (Score:5, Funny)
I think the government should no longer be able to tax me, to help combat child pornography and other serious crimes.
Re:Won't someone please think of the children (Score:5, Interesting)
Seriously though, what happens when you don't use the dns provider of the ISP (either running your own, or using a 3pd DNS provider)? Would that make anyone running their own DNS server (or an alternate third party) a suspicious person? They would only be able to log IP addresses then, and given the proliferation of mass shared hosts, how is this helpful? If a child porn site was on a godaddy server, and you go to another site on the same server, would you have to prove you went to the other site? More guilty until proven innocent...
Re: (Score:2)
Re:Won't someone please think of the children (Score:4, Interesting)
And what about https? Or would it be mandatory for ISP's to do man-in-the-middle attack so they can store the data?
Re:Won't someone please think of the children (Score:4, Insightful)
"Won't Get Fooled Again"
We'll be fighting in the streets
With our children at our feet
And the morals that they worship will be gone
And the men who spurred us on
Sit in judgement of all wrong
They decide and the shotgun sings the song
I'll tip my hat to the new constitution
Take a bow for the new revolution
Smile and grin at the change all around
Pick up my guitar and play
Just like yesterday
Then I'll get on my knees and pray
We don't get fooled again
The change, it had to come
We knew it all along
We were liberated from the fold, that's all
And the world looks just the same
And history ain't changed
'Cause the banners, they are flown in the next war
I'll tip my hat to the new constitution
Take a bow for the new revolution
Smile and grin at the change all around
Pick up my guitar and play
Just like yesterday
Then I'll get on my knees and pray
We don't get fooled again
No, no!
I'll move myself and my family aside
If we happen to be left half alive
I'll get all my papers and smile at the sky
Though I know that the hypnotized never lie
Do ya?
Yeaaaaaaaaaaaaaaaaaaaaaaaaah!
There's nothing in the streets
Looks any different to me
And the slogans are replaced, by-the-bye
And the parting on the left
Are now parting on the right
And the beards have all grown longer overnight
I'll tip my hat to the new constitution
Take a bow for the new revolution
Smile and grin at the change all around
Pick up my guitar and play
Just like yesterday
Then I'll get on my knees and pray
We don't get fooled again
Don't get fooled again
No, no!
Yeaaaaaaaaaaaaaaaaaaaaaaaaah!
Meet the new boss
Same as the old boss
Re: (Score:2, Funny)
Funny Pete Townshend should come to mind when someone brings up CP.
Re:Won't someone please think of the children (Score:5, Insightful)
If child molestation is actually your concern, how come we don't see Bradley tanks knocking down Catholic churches?
~ Bill Hicks, 1993, referencing the Waco siege
Re:Won't someone please think of the children (Score:4, Interesting)
I'd expect the logs would require IP's and/or hostnames.
HTTP, it's trivial to sniff hostnames.
HTTPS, it's trivial to see the destination IP.
HTTPS only works one IP per host, so that gives a positive track to where they were going.
Of course, domains change ownership, and IP's change, so what an IP is today, could be anything else tomorrow.
I'm curious to if by "ISP", they mean the residential line providers, or both ends? At my old job, they'd end up with about 2Gb of log files per day per server. There were 15 redundant servers. That was just for one site. I don't even care to think about how much storage was required for all the logs across 150 servers. No, it didn't scale evenly. The web server logs were dumped every few hours, just so it didn't fill up the drives, but left enough for forensics, if we needed them.
(15 * 2) * 365 * 2 = 21,900Gb. I would love to still be there, and have them ask for 22Tb of logs. :) I was joking with someone about how to deliver those. I suggested burnt CD's. 14,500 CD's would be fun to offer up. We then thought a little harder, and though paper tape would be the way to go. :) I know there would be better methods, but we were looking for the entertainment value in it. :) I'd feel really sorry for the guy who had to feed 14,500 CD's into a machine to burn for the feds on demand. :)
Logistically, this would become a nightmare for almost any provider, except for mom & pop shops.
Re: (Score:3, Interesting)
Deep packet inspection can be a very, very resource intensive thing. I seriously doubt that any such laws will be likely to require deep packet inspection. For one, it would put quite a few smaller ISPs out of business for good.
I have a feeling I know why the FBI wants this. It used to be that all the traffic passed through telco routers owned by Verizon and AT&T. Nowadays, most traffic is being handled by companies like Level3 or UUNet. They had it easy with the telcos, who always had a close rela
Re:Won't someone please think of the children (Score:5, Informative)
Wrong about google. Google has said that they don't need a subpoena, just a belief that the cops *could* get a subpoena, and they'll roll over on you.
And google has a LOT of data on you.
Re: (Score:3, Funny)
I wonder if they will threaten to pull out of the United States like they did China.
Re:Won't someone please think of the children (Score:5, Insightful)
Seriously though, what happens when you don't use the dns provider of the ISP (either running your own, or using a 3pd DNS provider)?
I'm using Google's open DNS, but the ISP could still figure out where I was going. Which means the FBI can track anyone who doesn't know how to use TOR. And I'm guessing one of those three letter agencies figured out a man-in-middle type attack for that. So I guess that means you'll have to do the really nasty surfing at McDonald's, Starbucks or some other unsecured wi-fi connection.
Whew, that was tough. I'm sure some of you could come up with even better alternatives. And to put people through that meager effort they're going to require your ISP to keep massive volumes of individually identifiable information for two years.
Time for the FBI to face up to the fact they're only going to catch the stupid ones.
Comment removed (Score:4, Interesting)
Re: (Score:3, Insightful)
You're right on with the "Mom and Dad, watch your kids!" The responsibility lands with the parents, first and foremost.
Re: (Score:3, Insightful)
Re: (Score:2)
No, he just didn't get the chance for his loaf to go stale. He was in power for what? 12 years?
Re: (Score:2, Funny)
That gave me an idea for an album cover! This [wikipedia.org] [WARNING. Possibly NSFW: article includes an image of an album cover featuring a prepubescent girl, naked, in a vaguely suggestive pose.] isn't enough anymore. We need a picture of a naked child, drawn, not a photo of a real child, smoking pot, holding a stick of dynamite in one hand, and picture of Stalin in the other. The album title? How about "Censor This!"
Re: (Score:2, Insightful)
Re: (Score:3, Funny)
That and terrorism. TERRORISM!!! What about TERRORPORN! Naked children with BOMBS! Won't someone please think of the photographs?
Re: (Score:3, Informative)
Won't someone please think of the photographs?
In the UK they are the terrorists.
http://www.theregister.co.uk/2010/01/12/police_search_illegal/ [theregister.co.uk]
http://www.theregister.co.uk/2009/12/11/police_quiz_itn_reporter/ [theregister.co.uk]
http://www.theregister.co.uk/2009/11/26/kent_police_tall_explanation/ [theregister.co.uk]
Re:Won't someone please think of the children (Score:5, Funny)
No, but we're nowhere near the end of abuse of kiddie porn as a justification for invasion of privacy. I'm just waiting to see someone propose a law that requires children be photographed naked annually with the pictures stored in a national database so that they can more rapidly identify the victims of abuse. From a logical perspective, it's completely valid. From an ethical perspective, it's completely appalling.
Re: (Score:3, Interesting)
While they're at it, why not ask that vendors of red light cameras and security cameras keep 2 years of footage from every camera they install?
Enforcers are always wishing to be allowed to do things they think will make their jobs easier. One of those things is the Fishing Expedition. Two times in over 20 years I've been held up where the police erected a roadblock ostensibly to check for drunk drivers, a valid driver's license, current inspection sticker, and current insurance. They didn't try to get
Re: (Score:3, Funny)
From a pedophilia perspective, it's completely arousing.
Re:Won't someone please think of the children (Score:5, Insightful)
Seriously is child pornography going to be trotted out for EVERY encroachment on privacy that we have to endure year after year?
Yes, because it works so well. Just try passing "The Invasion of Privacy Act of 2010" and you'll get laughed off the Senate floor. Present the exact same bill, only change the title to "Child Protection Against Predators Act of 2010" and it'll pass easily. If you can link your bill to child porn, then everyone who even dares to say a word against it is instantly labeled as a supporter of the sexual abuse of children. This is because whenever you say anything about child porn or child predators, the entire electorate completely loses the ability to think rationally and responds in a completely emotionally reactionary way. Emotionally reactionary people are extremely easy to manipulate.
It's sort of funny how so many people who decry the loss of civil liberties in the name of "socialism" will gladly give up their civil liberties in the name of "protecting children".
Re: (Score:2)
Re: (Score:3, Interesting)
Good "think of the children" dilemma for Haiti:
Human trafficking, sex slavery, and other forms of abuse happen. When you start transporting large numbers of people over borders, it's pretty much inevitable that some are going to end up in a living hell.
OTOH, kids in Haiti have lost parents, government has pretty much collapsed, and there will probably be plenty of horror stories of infection, disease, and abuse for the kids stuck in Haiti...in other words, children denied the opportunity to get out of the
Re: (Score:2)
Re:Won't someone please think of the children (Score:4, Interesting)
Re:Won't someone please think of the children (Score:4, Interesting)
meaning that this technology is only effective against people who don't think they are doing anything wrong!
Which perfectly suits the needs of 'law enforcement' - we've got a long history of them going after the defenseless and ignorant - like civil forfeiture laws where the property is charged with a crime (literally, lawsuits are titled like US vs One Jeep Wrangler I think being non-sentient qualifies as being 100% defenseless) or even the child porn laws where they go after kids for sexting pictures of themselves rather than hunt down the people who actually abuse kids in the manufacturing of child porn.
Re:Won't someone please think of the children (Score:4, Insightful)
Re: (Score:2)
Don't forget "illegal aliens" boogeyman - for all the ID tracking crap and the suspicion-less stops up to 50 miles from any border.
Re: (Score:3, Informative)
Don't kid yourself, Most of Asia (and by that I mean China) is just as quick to "think of the children" as America.
Think of the kids (Score:3, Insightful)
Claiming a desire to combat "child pornography and other serious crimes" the FBI and others are pushing for increased data retention, which they have been doing since as early as 2006.
ahh the old think of the kids line. It always works and people never have the guts to say that some things don't simply protect kids.
Horrible humor (Score:5, Funny)
Isn't that the problem with child pornography, that people are 'thinking of the kids'....?
Re:Think of the kids (Score:4, Interesting)
It is much more rare that I see stories about the actual pornographers being caught and while the viewers are certainly depraved (and you can argue that by consuming the child porn, they encourage those who make it), aren't the pornographers the ones we would rather catch? It wouldn't surprise me if the amount of children actually being forced into child porn is VERY small since the already existing library of images probably contains enough to keep the perverts trading for a long time.
If that is true...then this definitely is an excuse to encroach on peoples rights and use the old "think of the children" excuse because if this much effort was really being put in to catching so few potential criminals...it would be a huge waste compared to what those officers could be doing elsewhere.
Re:Think of the kids (Score:5, Funny)
The thing is...for how much they go after the child pornography viewers...is it really that much of a problem?
It is much more rare that I see stories about the actual pornographers being caught and while the viewers are certainly depraved (and you can argue that by consuming the child porn, they encourage those who make it), aren't the pornographers the ones we would rather catch? It wouldn't surprise me if the amount of children actually being forced into child porn is VERY small since the already existing library of images probably contains enough to keep the perverts trading for a long time.
If that is true...then this definitely is an excuse to encroach on peoples rights and use the old "think of the children" excuse because if this much effort was really being put in to catching so few potential criminals...it would be a huge waste compared to what those officers could be doing elsewhere.
Agreed that the producers are much more of a problem. To that end, wouldn't a much better law be that all digital cameras have embedded 3g that transmits all taken images to the FBI directly?
Re: (Score:2)
If you make film and developing supplies illegal, only criminals will have film and developing supplies.
Re: (Score:2)
Re: (Score:2)
Nah, lets go a step further, run a screen cap on every computer in the world at 30fps (to catch the ones watching child porn movies) and just pipe it strait to the FBI servers...
The problem is jurisdiction, smarts, and privacy (Score:2, Interesting)
1) It's easier to catch dumb people than smart ones. People who run anything larger than home-made porn are probably going out of their way not to be caught.
2) If the media is right, a large percentage of circulating child porn is produced outside the United
States. In some countries 16- or 17-year-olds can, or could until recently, be porn stars. Such pictures are illegal in America.
3) When someone is busted for "made at home" child porn, the media won't publish his name to protect the kids. They may ev
Evidence Already? (Score:5, Insightful)
Will the FBI give us some evidence already that mandatory retained data has been essential to actually solving some significant fraction of crimes, or some convincing evidence that its lack is the only reason some significant fraction goes unsolved?
Without that evidence, their insistence on invading our privacy instead of protecting it as they're instructed by the Constitution that gives them their powers should just be laughed at.
Re: (Score:2)
They can argue that keeping their methods secret increases their chances of catching criminals.
Its a beautiful world we live in where the FBI can ask for more power without having to prove that it won't be abused.
Re:Evidence Already? (Score:5, Insightful)
That isn't an argument. That's a contradiction.
That's why we have to demand evidence. The more we let the police have power without evidence, the more our police state abuses our rights instead of protecting them. A faithy police state is precisely what the Qaeda wants. And exactly the opposite of the government our Constitution creates.
Re: (Score:2)
Fun thing is, the summary is wrong too.
Hostnames require DPI, thanks to http/1.1 - you can have (and do have) hosting companies out there with hundreds of thousands of hosts on a single IP address.
If they keep IP addresses or hostnames only, your likely to get lumped into all kinds of bad searches.
Re: (Score:3, Insightful)
I don't get your connection between Capone and convicted child porn consumers.
Capone actually committed lots of crimes. But getting evidence was difficult, because everyone involved was either scared Capone would kill their whole family etc, or was themself guilty of the crimes (and possibly getting rich from it), or both. Tax evasion required no witnesses, and only the evidence obtained in one raid of a double book accounting that showed Capone was earning lots of income - none of which was reported.
Child
Skewed rulings (Score:3, Interesting)
How many PB? (Score:2, Interesting)
Re: (Score:2)
Even better when people start using a program that for example does random searches on Google and does a request to every search result.
Re: (Score:3, Informative)
Even better when people start using a program that for example does random searches on Google and does a request to every search result.
What if one of those results happens to be an illegal Web page? Maybe you should call this program the Auto-Incriminator.
Chaff traffic may defeat human observers, but I doubt grep will bat an eye. And your ISP will pass the costs of tracking your chaff traffic on to you.
Re: (Score:2)
This just in: (Score:5, Insightful)
All stores and restaurants will have to keep logs of every customer that comes in, whether they buy anything or not, including full video of them while they were in the store. Microphones must be set up at every table in the restaurant to record all dinner conversation. All of this data must be kept for ever and a day, and available to anyone who appears to be in law enforcement. Why is real life any different than the web?
Re: (Score:2)
It would be unconscionable to miss this valuable peace of information in bringing them to justice.
Re: (Score:2)
Combine GPS with Google Maps (which includes details of millions of businesses) along with back-doors built into most, if not practically all, cell phones and the government can practically do this now on a selective basis.
And it's quite conceivable, that in such a situation, the government could utilize all cell phones in the near vicinity to eavesdrop too, so even if the target's phone was not responding / not picking up all the conversation / image detail, one or more other cell phones nearby possibly co
Re: (Score:2)
More to the point... how is it that my digital camera isn't required to keep a log of every image I take with it? Why isn't my camcorder sending samples of everything I tape? Why doesn't every teddy bear come with a GPS tracker and camera built in?
In short, how is it that none of the equipment required to actually make child porn is immune, yet I - who run a web site that has zero upload capacity - am in theory being required to keep its visitor logs?
Bite. Me.
Evidently the person who hacked my server and
Lollipop, Lollipop (Score:4, Funny)
We should log lollipop purchases, so we can crack down on those guys in big white vans with FREE CANDY on the side.
Re: (Score:2, Funny)
We should log lollipop purchases, so we can crack down on those guys in big white vans with FREE CANDY on the side.
You mean the white vans that have been following me with those guys in white coats actually pass out lollipops?
And here I thought it was because they were out to get me...
Re: (Score:3, Insightful)
Re: (Score:2)
Why? They haven't arrested Santa Claus, and we KNOW how perverted he is
Before someone says it (Score:5, Informative)
This goes beyond the data retention laws in the EU, and even those are under a lot of public pressure and currently being looked at by the highest courts. What you'll see is that your guys will back down from requiring access logs and make ISPs "just" keep a log of the IPs of their customers for two years, like the EU requires, and they'll call it a compromise.
Re: (Score:2)
One should note that EU data retention laws also require that the following is logged:
somehow i just don't believe this statement ... (Score:5, Insightful)
Re: (Score:3, Insightful)
What you quoted was not quoted nor cited in the article, just printed - it has no value other than being the opinion and/or understanding of the author of the article.
If the Feds can request phone records using a Post-It note, and web sites continue to say "we will hand over your data to the Feds in the course of investigating a crime", you can bet there will be serious problems *even if they stick to the letter of what you quoted*.
Feds can ask for anything they want, they just can't demand it. Service pro
Re:somehow i just don't believe this statement ... (Score:4, Insightful)
Yeah, I mean it's not like they'd invent some special subpoena [wikipedia.org] that doesn't require any sort of judicial oversight.
Re: (Score:2, Insightful)
This will be a good idea (Score:5, Insightful)
there is not enough storage in America for this. (Score:4, Insightful)
and in the event somehow that the devil intervenes to allow this to come true, the feds should pay to store the data. pay the upfront money to build the servers and the additional air conditioning and power, pay the maintenance money to hire techs and buy tape and repair the machines and run a 24x7 watch on the center. and pay all legal, recovery, and processing fees for every single request.
Re: (Score:2)
This is another good point. I guarantee you if this passes, the ISPs are going to pass on the rather significant bill to do this to their customers. They really can't stay in the business otherwise.
Re: (Score:2)
Re:there is not enough storage in America for this (Score:2)
If only that would punish the feds and not the people whose wallets that money comes from....
Re: (Score:2)
And pass on all that cost to the possibly-unwilling taxpayer? I think not.
Not going to happen anytime soon (Score:4, Interesting)
As someone that works in the Adult hosting industry, this is going to be poorly received. A lot of our clients are already hurting for money and as such have scaled back their server footprint. We're pushing servers (disk IO) a lot harder than before -- one easy solution we have is to just disable access logs. Writing 1GB+ of log data per hour swamps disks and just adds huge amounts of overhead. Since these logs are of clients browsing through porn ... it'll cost a decent amount of money to actually be able to start logging again AND to store raw log data for two years.
Re: (Score:2)
The hosting industry would just go somewhere else, and leave the bill to all the ISPs whose meatbag customers can't emigrate as easily.
Good luck if they are not in the US (Score:2)
Deep Packet Inspection for URL Not Required... (Score:3, Interesting)
Deep packet inspection for URL not required, in theory, if the U.S. government mandates both ISPs *and* websites to maintain logs.
That may be how they'll rope websites, and other types of internet services for that matter, into complying with log retention.
Another route, though I've never seen it mentioned in context to log retention laws, is to require web browsers to log the information in tamper-resistant (think DRM) hidden files. MSIE, in a matter of speaking, already does with index.dat files (some suggest their real purpose is, in large part, to help law enforcement), which the regular computer user has no clue of, let alone know how to get rid of, since Windows makes it difficult to delete them.
Ron
Re: (Score:2)
Re: (Score:2)
Excellent point.
However, the real purpose of the proposed log retention requirement, presumably, is to collect personal data of all kinds for various government uses; child porn is just a convenient, easy excuse to get it enacted.
Ron
Re: (Score:2)
Monitoring is good (Score:5, Insightful)
I have an even better idea. Let's have all law enforcement officials be required to wear audio and video recording equipment at all times, which are available for all citizens to watch. They do work for us, after all, and I think this would help curb police brutality. I know that most officers are good people, but there are a few bad apples, so we can't be too vigilant.
Host names (Score:3, Informative)
Host names cannot be logged without packet inspection unless they assume that a corresponding request against the ISP's DNS services constitutes to "visiting" the resolved host name. You are also free to use DNS servers of your choice that are different from your ISP's. You can run your own DNS server too.
When a client "visits" a URI it:
1. resolves the host name to IP address via a DNS service
2. makes a connection to the said IP address
3. if connection uses SSL, proceeds with the "handshake"
4. sends host name, URI, and other request info via the above connection
ISPs can log #2, but cannot log #4 without packet inspection. It's even more complicated if the connection is encrypted (e.g. https).
The 4th ammendment weeps. (Score:5, Insightful)
The 4th amendment is supposed to require a warrant to BEGIN surveillance. The law doesn't say "they can tap your phones and record all of your conversations, but they can't actually listen to them until a warrant is issued against you." No, they can't tap until they have the warrant.
This shouldn't be any different.
Then again, we all know the results of the last large-scale warrantless wiretapping incident (no one was punished, and it's likely still occurring), so I guess it is, in fact, not any different.
Think phone call logs (Score:2, Insightful)
In New York at least, phone companies have to keep transaction data for 2 years. I think this is a nationwide requirement but I'm not sure.
The feds will argue that URLs are like phone numbers, and since they aren't actually requiring the ISPs or web sites to log the bits that went over the wire the feds don't see a problem.
Re: (Score:3, Insightful)
There's a key difference, however.
Although both logs will reveal everywhere you've been, a phone record reveals ONLY that - who you called, not why.
URLs, on the other hand, usually include variables that reveal things such as exactly which articles you clicked, and exactly what you searched for. Even worse, they can easily be used to break post anonymity - all they have to see is that you loaded the post form, and upon submitting it we're directed to a post with ID X, and they know exactly what you posted b
Re: (Score:3, Insightful)
Other serious crimes--- (Score:4, Insightful)
"the Internet protocol (IP) address" (Score:2)
the Internet protocol (IP) address
Really? Explaining what “IP address” means? Are Cnet reader really that stupid?
Every child knows what that is. Hell, even my grandma knows it from crossword puzzles.
I call “intentional dumbing down of humanity” on that one.
Re: (Score:2)
It's called dumbening.
Server logs? (Score:2)
Just make it permanent (Score:2)
That way what you do today that is completely legal, can be used against you in 10 years when it isn't legal. Oh, and add location services, based on cell phone records, credit card purchases ( must ban cash ) street corner cameras, etc.
Stop the bus, i want off.
Re: (Score:3, Informative)
Uh I thought the US Constitution had the concept that laws could not be retroactive.
Just sayin'
Don't you need to log the data as well? (Score:2)
Protect yourself (Score:2)
ipredator [ipredator.se]
Use offshore VPN for everything. Because what you're doing today may be frowned upon tomorrow. Or maybe you like reading extremist blogs for the lolz and you apply for a job that needs an FBI background check. Wow, this guy sure likes militias.
VPN (Score:2)
Anyone here know of why a commercial VPN connection would be a way around this sort of thing? Would TOR work for this as well?
Yes officer (Score:4, Funny)
We have those log hard copies right here.
Dammit! Who forgot to put a new ink cartrige in the printer last year?
Re: (Score:2, Funny)
You left out "Family Guy". That show is child+animal+incest+homo porno. But obviously Americans love it.
Re: (Score:2)
Plausible deniability only works for the rich and powerful.
For the common man it is just yet another reason that they can get a warrant. They will find something to hang you with if they want to, even if they have to plant it themselves.
Re: (Score:2)
So run the server in another state in colo run the server there, and proxy all of your traffic through it.
Thats what I do...well partially. I am not actually paranoid enough to proxy all my traffic through it, and I mostly run a tor node because I get 600 GB/transfer included in my agreement and I, personally, use about 2 GB of it.... may as well put it to good use eh?
-Steve
Re: (Score:2)
The funny thing is, the post right before yours answers this...and the answer is no, they don't have it now:
I can think of some other services that I know of with similar issues. I know of one AD domain,
Re: (Score:3, Funny)
Re: (Score:2)