[ga] Re: [Politech] Data retention: Not just ISPs, but Google, domain registrars, and more? [priv]

[Jeff Williams <jwkckid1@xxxxxxxxxxxxx>]

Declan and all,

  It would seem to all of our members, most domain name registrants,
and many if not most internet users that this sort of intrusion into
individuals and personnel information is unwanted and not necessary
as well as posing a potential security threat.

Declan McCullagh wrote:

> The Bush administration has made it entirely clear that new laws forcing
> Internet service providers to save certain customer records for police
> convenience will be a priority this year. The concept is called data
> retention (also known as treating all Americans as suspects).
>
> This is not entirely new. The Bush Justice Department has been quietly
> shopping it around since at least mid-2005; I wrote about it at the time:
> http://news.com.com/Your+ISP+as+Net+watchdog/2100-1028_3-5748649.html
>
> But bureaucracies take a while to really get organized, and it wasn't
> until last year that Gonzales and Mueller got their talking points lined
> up and found some uncritical sympathizers in the U.S. Congress to carry
> their water for them. Here's a timeline:
> http://news.com.com/2100-1028_3-6118283.html
>
> This brings us to the key questions: What's the scope? Who will have to
> comply, and what type of data will be forcibly retained?
>
> Certainly broadband Internet service providers will be regulated. But
> how about coffee shops, bookstores, companies (like CNET) that provide
> free open wireless points, or even private individuals who do? Will they
> have to keep logs of who connects and what their users do? FBI and DOJ
> have also talked about search engines being forced to comply:
> http://news.com.com/2100-7348_3-6126877.html
>
> This may not be a big deal for Google, which seems to want to retain all
> user search data until the heat death of the universe, but it does limit
> the valuable competition over privacy-friendly practices that's taking
> place among search engines. AOL says it deletes personally identifiable
> search data after 30 days (and does not keep backups), and Ixquick.com
> is trying to differentiate itself from its rivals by embracing what its
> CEO told me was "the privacy cause":
> http://news.com.com/2100-1025_3-6034626.html
> http://news.com.com/2100-1025_3-6103486.html
>
> Domain name registrars have also been mentioned as targets of
> regulation. Rep. Bart Stupak, a privacy-impaired Democrat now in a
> position to make some mischief as chairman of an oversight subcommittee,
> said in September that: "If we do compel data retention, is there any
> reason Web hosting sites should be treated differently than ISPs?" See:
> http://energycommerce.house.gov/Subcommittees/ovin.shtml
> http://news.com.com/2100-1028_3-6119878.html
>
> GoDaddy's general counsel was on the panel and, unfortunately for the
> well-being of thousands of her customers, chose to curry favor by
> agreeing with this constitutionally-challenged politico rather than
> standing on principle. She allowed that such a law would be "productive"
> for law enforcement but should not include the content of communications.
>
> Unfortunately, in the realpolitik of Washington, that's tantamount to an
> enthusiastic endorsement. And Gonzales has already signaled that he's
> interested in more than just what IP address was assigned to what user.
> That's defined as non-content data, and it's readily accessible to Joe
> Local Cop (not to mention an FBI agent) armed with a simple subpoena, no
> judge's signature required.
>
> But last week (and nobody really noticed this), Gonzales suggested he
> wants to force data retention laws on ISPs for data that "could be
> accessed with a court order." See:
> http://news.com.com/2100-1036_3-6151325.html
>
> By talking about a court order instead of a subpoena, Gonzales seemed to
> be implying content data instead of just IP addresses. A subpoena is
> merely a request for documents signed by a lawyer; a court order is
> signed by a judge and compliance isn't exactly optional. Federal law
> draws a distinction:
> http://www4.law.cornell.edu/uscode/html/uscode42/usc_sec_42_00002000--aa000-.html
>
> I admit my interpretation relies on Gonzales being precise with his
> words (though the alternative is realizing our nation's top law
> enforcement officer knows less about court practices than a first year
> law student). If I'm right, Gonzales is contemplating the content of
> email you send, the content of web pages you visit, the content of IMs
> you send, the content of VoIP calls you -- all recorded, or some subset
> recorded, for future police convenience.
>
> Earlier today, Eric Wenger, a trial attorney with the Justice
> Department's computer crime unit, showed up at a bar association meeting
> and said the DOJ does not have a position on "what records would have to
> be retained":
> http://news.com.com/2100-1028_3-6152598.html
>
> One last thought: If all ISPs must keep track of what their users are
> doing, then criminals, terrorists, First Amendment supporters and all
> other miscreants would be more likely to use anonymizing proxies like
> Tor or anonymizer.com. If the DOJ is serious about this anti-privacy
> campaign, banning the use or operation of anonymizing services might be
> a next step (after all, data retention probably doesn't help track
> someone if he's using Tor).
>
> Unlikely? Probably. But not impossible. Remember, back in 1997, one
> House of Representatives committee voted to ban all encryption without
> backdoors for the DOJ, a step that made about as much sense as today's
> data retention mandates:
> http://news.com.com/2100-1023-961969.html
>
> -Declan
> _______________________________________________
> Politech mailing list
> Archived at http://www.politechbot.com/
> Moderated by Declan McCullagh (http://www.mccullagh.org/)

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827