portland independent media center  
images audio video
newswire article

Bush: All your bytes are belong to us!

Bush proposes data "retention" system.
US cyber security may draft ISPs in spy game
By Kevin Poulsen, SecurityFocus Online
An early draft of the White House's National Strategy to Secure Cyberspace envisions the same kind of mandatory customer data collection and retention by U.S. Internet service providers as was recently enacted in Europe, according to sources who have reviewed portions of the plan.

In recent weeks, the administration has begun doling out bits and pieces of a draft of the strategy to technology industry members and advocacy groups. A federal data retention law is suggested briefly in a section drafted in part by the U.S. Justice Department.

The comprehensive strategy is being assembled by the President's Critical Infrastructure Protection Board, headed by cyber security czar Richard Clarke, and is intended as a collaborative road map for further action by government agencies, private industry, and Congress.

While not binding, proposals that find their way into the final version of the National Strategy would likely have added weight in Congress, and could lead to legislation.

A controversial directive passed by the European Parliament last month allows the 15 European Union member countries to force ISPs to collect and keep detailed logs of each customer's traffic, so that law enforcement agencies could access it later.

Data to be gathered under the European plan includes the headers (from, to, cc and subject lines) of every e-mail each customer sends or receives, and every user's complete Web browsing history. The period of time that the data will have to be retained is up to each member country; specific legislative proposals range from 12 months to seven years, according to Cedric Laurant, a policy analyst at the Electronic Privacy Information Center (EPIC), which opposed the directive.

"Somebody could see their past for the last seven years be completely open," says Laurant, speaking of the European directive. "It violates freedom of speech and the basic principle of the presumption of innocence."

The draft of the U.S. plan does not specify how much data ISPs would be forced to collect, or how long they would have to store it. The White House did not return phone calls on the strategy, which is scheduled for release in September

homepage: homepage: http://www.theregister.co.uk/content/55/25781.html

black boxes 20.Jun.2002 12:51

the jheri curl kid

has anyone ever figured out (or leaked) how a Carnivore box works? you know, the boxes the FBI was successfully having set up at key ISPs and which can be efficiently placed on "Tier 1" internet servers.

i just assume that whatever nosey nazi fuck wants to spy has access to my data/info so i don't run--shucks, i'm not doing anything but saying how govt is evil (and looking at an occasional *dirty* picture).

as well, i keep in mind where it is i'm surfing to at all times and what's on my hard drives (and how my operating system *seems* to work).

Carnivore Info. 21.Jun.2002 03:48

John Doe

``i'm not doing anything but saying how govt is evil'' -- I'd say that's reason enough to fear, seeing as it is illegal and all. ;)

But seriously, you should check out  http://www.epic.org/privacy/carnivore/ EPIC's Carnivore page. It has all the Carnivore documentation from the FBI that EPIC got out of the so-called ``freedom of information act'' (FOIA). It's, not suprisingly, highly censored, but what is included is a lot of tehnical details. It also has some very scary test results. For example, a 300MHz PII running (*shudder* the scariest part of all) Win NT4 SP6, with 384MB RAM, 1.19GB HDD and both Zip and Jaz drives could ``reliably capture and archive all unfiltered traffic...'' (the rest of the paragraph appears to include the speed at which it can do this on each drive, filtered and unfiltered, but is too heavily censored to be sure). Also included is a pretty picture of the (``UNIX/Solaris''?) logon window, with a disclaimer that includes the ironic statment ``You have no expectation of privacy in [Carnivore's] use.''

Also check out  http://www.infowarrior.org/articles/carnivore.html (a URL which I found at  http://www.indymedia.org:8081/fbi/ IMC's ``legal'' page, with info on all the gov't agencies and their projects). It pretty much just details how Carnivore is no different than any other sniffer out there, with few exceptions. More importantly though, it covers the legal issues of Carnivore, and how that applies to it's sniffing, the more worrisome factor. Best of all, it includes some ways to protect yourself against Carnivore (although not to useful for general web browsing). It's just too bad I can't use PGP to post this message. ;)