Followup: [RE: DOJ proposes US data-rentention law.]

Trei, Peter ptrei at rsasecurity.com
Fri Jun 21 09:53:29 EDT 2002 

Two points:

1. According to Poulson, the DOJ proposal never 
discussed just what would be logged. Poulson 
compared it to the European Big Brother legislation, 
which required storage to Web browsing 
histories and email header data.

2. After I posted the same info to /.
http://slashdot.org/articles/02/06/19/1724216.shtml?tid=103
(I'm the 'Anonymous Coward' in this case), Kevin updated
his article. The new version may be found at:
http://online.securityfocus.com/news/489

The relevant portions read:

- start quote -

U.S. Denies Data Retention Plans

The Justice Department disputes claims that Internet service 
providers could be forced to spy on their customers as part 
of the U.S. strategy for securing cyberspace.
By Kevin Poulsen, Jun 19 2002 12:24PM

[...]

But a Justice Department source said Wednesday that data 
retention is mentioned in the strategy only as an industry 
concern -- ISPs and telecom companies oppose the costly idea -- 
and does not reflect any plan by the department or the White 
House to push for a U.S. law. 

[...]

- end quote -

Peter Trei


> ----------
> From: 	David G. Koontz[SMTP:koontz at ariolimax.com]
> Sent: 	Thursday, June 20, 2002 10:57 AM
> To: 	cypherpunks at lne.com
> Cc: 	'cryptography at wasabisystems.com'; 'cypherpunks at lne.com'
> Subject: 	Re: DOJ proposes US data-rentention law.
> 
> Trei, Peter wrote:
> > - start quote -
> > 
> > Cyber Security Plan Contemplates U.S. Data Retention Law
> > http://online.securityfocus.com/news/486
> > 
> > Internet service providers may be forced into wholesale spying 
> > on their customers as part of the White House's strategy for 
> > securing cyberspace.
> > 
> > By Kevin Poulsen, Jun 18 2002 3:46PM
> > 
> > An early draft of the White House's National Strategy to Secure 
> > Cyberspace envisions the same kind of mandatory customer data 
> > collection and retention by U.S. Internet service providers as was
> > recently enacted in Europe, according to sources who have reviewed 
> > portions of the plan. 
> > 
> > In recent weeks, the administration has begun doling out bits and 
> > pieces of a draft of the strategy to technology industry members 
> > and advocacy groups. A federal data retention law is suggested
> > briefly in a section drafted in part by the U.S. Justice Department. 
> > 
> 
> If the U.S. wasn't in an undeclared 'war', this would be considered
> an unfunded mandate.  Does anyone realize the cost involved?  Think
> of all the spam that needs to be recorded for posterity.  ISPs don't
> currently record the type of information that this is talking about.
> What customer data backup is being performed by ISPs is by and large
> done by disk mirroring and is not kept permanently.
> 
> I did a bit of back of the envelope calculation and the cost in the
> U.S. approaches half a billion dollars a year in additional backup
> costs a year without any CALEA type impact to make it easy for law
> enforcment to do data mining.  The estimate could easily be low by a
> factor of 5-10.  AOL of course would be hit by 40 percent of this
> though, not to mention a nice tax on MSN.  Call it ten cents a day
> per customer in fee increases to record all that spam for review by
> big brother.  I feel safer already.
> 
> Whats next, censorship?
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list