ISP "Data Retention" - what exactly are they retaining? - Technology Law & Politics

Author	All Replies
Authority Obama Biden '12 join:2000-03-29 Woodland Hills, CA	ISP "Data Retention" - what exactly are they retaining? There's something I'm not understanding about the whole ISP data retention debate. What EXACTLY are they being asked to retain? I don't use my ISP for e-mail. I don't use my ISP for DNS. I'm wondering what then they could actually retain about me? -- Economically, militarily, politically, and culturally irrelevant… Canada!
	to forum · permalink · 2007-01-19 13:43:50 · (locked)
spy1 Welcome to Amerika Premium join:2002-06-24 Charlotte, NC	»news.com.com/2102-1028_3-5748649···il.print
	to forum · permalink · 2007-01-19 13:56:50 · (locked)
Authority Obama Biden '12 join:2000-03-29 Woodland Hills, CA	said by spy1: »news.com.com/2102-1028_3-5748649···il.print Thanks, I use Google too, but I don't see where that indicates what or HOW they save anything? If I'm not using their DNS, how can they see what I'm doing? I understand they're still carrying the traffic but then it goes more to actually snooping than simple retention. -- Economically, militarily, politically, and culturally irrelevant… Canada!
	to forum · permalink · 2007-01-19 14:08:45 · (locked)
tschmidt Premium,MVM join:2000-11-12 Milford, NH kudos:8 Reviews: ·G4 Communications ·Fairpoint Commun.. ·Hollis Hosting	My understanding it what the DOJ is asking for is much the same as has been done in the telephone industry - "pen records." Basically capture source/destination address and time but not the actual message. The civil liberties objection to this is that in the digital world "pen records" reveal much more information then in telephone world. Instead of knowing that phone # A called B at a certain time and the call lasted for x minutes IP session typically access a large number of different addresses so just by knowing the address law enforcement is able to recreate in great detail the "conversation" even though that was not captured. In addition in most cases the remote end of the connection is public, whereas in a phone conversation both ends are private, so even though they only have access to the addresses law enforcement can often recreate the session. Not sure what that legislation currently stand. /Tom
	to forum · permalink · 2007-01-20 09:41:57 · (locked)
Authority Obama Biden '12 join:2000-03-29 Woodland Hills, CA 1 edit	said by tschmidt: Basically capture source/destination address and time but not the actual message. If they were asking (requiring) providers to retain records of IP assignments or mail that would make sense, they have that info anyway and save it for their own abuse departments. If on the other hand they're asking for DNS or source/destination records it's no longer a simple matter of retention. An ISP to my knowledge doesn't have these kinds of records to begin with so it's not a simple matter of retention (keeping them longer). If what you're saying is true, they're actually asking the ISP to create a method to collect and store massive amounts of mostly useless data. Most importantly it's extremely easy to evade these attempts at monitoring using encryption along with third party mail, DNS, proxy, and/or VPN services that make it impossible for the ISP to see anything. I guess the logic is "just because some crooks wear gloves doesn't mean we'll stop looking for finger prints" but it seems like an awfully big burden to put on providers, and an invasion of privacy for the average America, just to catch the odd terrorist that's not covering his tracks. Maybe I'm just giving the terrorists too much credit? -- Economically, militarily, politically, and culturally irrelevant… Canada!
	to forum · permalink · 2007-01-20 14:32:58 · (locked)
tschmidt Premium,MVM join:2000-11-12 Milford, NH kudos:8 Reviews: ·G4 Communications ·Fairpoint Commun.. ·Hollis Hosting 1 edit	said by Authority: If on the other hand they're asking for DNS or source/destinationrecords it's no longer a matter of retention. An ISP to my knowledge doesn't have these kinds of records to begin with so it's not a simple matter of keeping them longer. Of course the ISP knows source/destination IP addresses otherwise it would not be able to route packets. You are correct that typically ISPs do not log and maintain this information. The requirement to do so is rather onerous because of the huge volume. Ask anyone who has to evaluate SysLog entries. If you are using a proxy all the ISP would see is the destination of the proxy and the customer's source address. That in and of itself may be of interest to law enforcement even if the ultimate destination was not known. Browser requests include the URL in addition to IP address. If it do not virtual web servers would not be possible. A virtual web server is where several domains share the same IP address. Some low cost personal hosting services take advantage of this to minimize cost. Eliminates need to assign a unique IP address to each web site. /Tom
	to forum · permalink · 2007-01-20 15:04:50 · (locked)
Authority Obama Biden '12 join:2000-03-29 Woodland Hills, CA 1 edit	said by tschmidt: If you are using a proxy all the ISP would see is the destination of the proxy and the customer's source address. That in and of itself may be of interest to law enforcement even if the ultimate destination was not known. I'm not sure what you mean... are you saying that anyone using a proxy or VPN is inherently suspicious? It's ironic that the same technologies we use to protect our personal data from criminals are the ones that can protect us from our government. For example »www.jwire.com offers a VPN service for $25 a year: »www.jiwire.com/hotspot-helper.htm While I don't think their intent was to evade government snooping it would certainly have that effect. An off shore provider of a similar service would be even better (if not both). -- Economically, militarily, politically, and culturally irrelevant… Canada!
	to forum · permalink · 2007-01-20 15:18:35 · (locked)

tschmidt Premium,MVM join:2000-11-12 Milford, NH kudos:8 Reviews: ·G4 Communications ·Fairpoint Commun.. ·Hollis Hosting	said by Authority: I'm not sure what you mean... are you saying that anyone using a proxy or VPN is inherently suspicious? In your initial post you asked what ISPs were being asked to retain. I was trying to explain what information that information is and how is could be used by law enforcement. Whether or not it is useful to law enforcement would obviously depend on the specific case. Perhaps I misunderstood your question. /tom
	to forum · permalink · 2007-01-20 15:55:40 · (locked)
Authority Obama Biden '12 join:2000-03-29 Woodland Hills, CA 1 edit	said by tschmidt: That in and of itself may be of interest to law enforcement even if the ultimate destination was not known. The part I didn't understand is your comment about using a proxy - "That in and of itself may be of interest to law enforcement even if the ultimate destination was not known." Are you suggesting that using a proxy or VPN implies illegal activity? -- Economically, militarily, politically, and culturally irrelevant… Canada!
	to forum · permalink · 2007-01-20 16:01:36 · (locked)
tschmidt Premium,MVM join:2000-11-12 Milford, NH kudos:8 Reviews: ·G4 Communications ·Fairpoint Commun.. ·Hollis Hosting	If law enforcement obtained a warrant to obtain ISPs records any activity is potentially of interest. Seeing use of proxy or encryption may very well get their attention. None of this information can be released without a warrant which requires probable cause. If they had some idea of what sites that person might be accessing it is not all that difficult, with enough raw data, to correlate access even though a proxy was used. /Tom
	to forum · permalink · 2007-01-20 16:10:16 · (locked)
Authority Obama Biden '12 join:2000-03-29 Woodland Hills, CA	said by tschmidt: Seeing use of proxy or encryption may very well get their attention. Why would that get their attention? Any prudent technical person will encrypt as much of their traffic as they can as a matter of course. It's interesting that you think that would imply anything or "get their attention". -- Economically, militarily, politically, and culturally irrelevant… Canada!
	to forum · permalink · 2007-01-20 16:17:28 · (locked)
NetWatchMan Premium,VIP join:2001-03-13 Alpharetta, GA 1 edit	reply to tschmidt quote: Of course the ISP knows source/destination IP addresses otherwise it would not be able to route packets. You are correct that typically ISPs do not log and maintain this information. The requirement to do so is rather onerous because of the huge volume. Exactly...for those that want to understand this better, Google 'Cisco Netflow'...it essentially enables a provider to audit and log ALL user traffic at an IP and TCP HEADER** level* (e.g. srcIP, srcPort, dstIP, dstPort, IP protocol, tcp flags, bytescount, packetcount..and a few more tidbits). In uncompressed form the above information consists of 47 bytes per "flow" Note: a single flow event record can actually be used to summarize thousands of packets related to a single connection over many minutes...thus there is a fair amount of aggregation going on. Nevertheless, netflow results in MASSIVE amounts of data...for example a single GigaBit Ethernet connection (which is barely utilized) is currently generating 5-10GB of flow data per DAY. For a provider like Comcast to store just one day of flow data from their entire network would probably take terabytes....which is why it's not generally done. Trying to archive full payload (which I believe would be considered an illegal wiretap anyway) would probably require 1000 to 10000 the amount of disk space as just doing Netflow...plus you'd need double the network capacity, as you'd have to use half of it for logging purposes. -- Lawrence Baldwin myNetWatchman The Internet Neighborhood Watch
	to forum · permalink · 2007-01-20 19:20:59 · (locked)
Tikker_LoS join:2004-04-29 Regina, SK	reply to Authority said by Authority: said by tschmidt: Seeing use of proxy or encryption may very well get their attention. Why would that get their attention? Any prudent technical person will encrypt as much of their traffic as they can as a matter of course. It's interesting that you think that would imply anything or "get their attention". you're missing his point they're only going to look into your interwebz activities if they're already suspicious of you to start with. seeing one more indicator of trying to hide something would just be a prompt to dig deeper
	to forum · permalink · 2007-01-24 16:04:42 · (locked)
Authority Obama Biden '12 join:2000-03-29 Woodland Hills, CA	reply to NetWatchMan said by NetWatchMan: Nevertheless, netflow results in MASSIVE amounts of data...for example a single GigaBit Ethernet connection (which is barely utilized) is currently generating 5-10GB of flow data per DAY. For a provider like Comcast to store just one day of flow data from their entire network would probably take terabytes....which is why it's not generally done.= Thanks for jumping in LB. My question is what exactly do the proposed laws require providers to retain, and what would that tell them? I don't believe they're asking for as much as in your example... I think it's just email and maybe DNS requests, in which case they get nothing off anyone use a different mail and DNS provider. Am I wrong?
	to forum · permalink · 2007-01-24 17:49:34 · (locked)

The Site > Old Forums > Technology Law & Politics > ISP "Data Retention" - what exactly are they retaining?

ISP "Data Retention" - what exactly are they retaining?