FBI calls for two year retention for ISP data
Origin and destination if you please sir
What you need to know about cloud backup
FBI director Robert Mueller is still keen to get US internet service providers to keep their customers' web logs for up to two years.
What is not clear is whether the director is talking about which websites are visited or the specific URL - which would require deep packet inspection and probably break US wiretap laws.
Greg Motta, boss of the FBI digital evidence section, said his director wanted "origin and destination information for non-content data", according to CNet.
Motta said the Feds simply want to keep powers they already have - since 1986 phone companies have been obliged to keep records of who makes calls, who they call, when they call and how long the call lasts. It's just that now, the Feds want to explicity include web activity as well. He said the FBI did not want to store the actual content of calls or emails.
Motta was speaking to the Online Safety and Technology Working Group.
It is not clear exactly what the Feds want; logging IP numbers or web hosts would be relatively simple for an ISP, while keeping track of exact URLs would be harder and more expensive.
The proposals will sound familiar to anyone familiar with the UK's Communications Capabilities Directorate - responsible for what was formerly known as the interception modernisation program. The UK approach has also sought to preserve existing spook powers, by extending them to cover any new comms capability that comes onto the market.®
COMMENTS
"It is not clear exactly what the Feds want;"
Oh no - what they *want* is perfectly clear - in the same manner as all such authorities, they *want* to log every single keystroke of everyone, the content of every mail, the content of every communication and identify every participant.
What they will get though might be somewhat short of this, but function-creep/trrrst attacks/Republicans wiping their arses with the Constitution/Wagging the dog will ensure they achieve their goal eventually. Luckily, it might be more difficult to achieve this than in the lickspittle UK.
What they want
What they really want, is the infrastructure of a system and devices in place that are capable of seeing everyone's traffic. Who holds the logs is immaterial, they can request whatever data they want during any investigation.
Once in place they can then do whatever they want and tweak the system to their larger agenda's needs at a later date.
Simples!
Internet Records are not the same as Phone Call Records
"Motta said the Feds simply want to keep powers they already have - since 1986 phone companies have been obliged to keep records of who makes calls, who they call, when they call and how long the call lasts. It's just that now, the Feds want to explicity include web activity as well. He said the FBI did not want to store the actual content of calls or emails."
The phone records that are being referred to are needed to bill for the use of the Telephone system (and thus the Feds are just asking for information that the Telco is creating for its own operation anyway). For a land line, there is tracking of out-of-area (ie: Long Distance) calls and possibly local calls (or there used to be when there was message-units/measured-service). With Cell Phones, EVERY Call is logged and reported on your monthly bill since you are charged for use.
In the case of the Internet sessions, there is no need for any records of USAGE/CONNECTIONS, only what IPN has been assigned (by a DHCP Server) to the customer's Modem (and when the IPN was assigned so it is know who address x.x.x.x was on such-and-such a Date and Time). Even if there is a cap on usage, all that is monitored is an aggregate amount of usage (ie: You downloaded/uploaded so much data) not a list of each session.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
