DOJ proposes US data-rentention law.
Steve Fulton
steve at esoteric.ca
Sat Jun 22 18:38:07 EDT 2002
At 17:37 22/06/2002 -0400, geer at world.std.com wrote:
>Not arguing, but the hardware cost curve for storage has a shorter
>halving time than the cost curve for CPU (Moore's Law) and the
>corresponding halving time for bandwidth is shorter still.
You've got a point. Storage is becoming less and less expensive per
gigabyte, especially for IDE drives. If you're using a RAID set up, IDE
doesn't cut it, SCSI is the way to go (for now). SCSI is a lot cheaper
than it used to be, but it's still over $1000 for a single 70gig drive in
Canada. For maximum redundancy in one rack-mount server, RAID 10 is the
way to go. That means for every 1 drive, there must be an an exact
duplicate. Costs can increase exponentially.
That said, storage isn't the only expense when creating a large, fast and
redundant file server (especially for caching). The fastest way to get
data from a computer to the file server is via fibre channel. And fibre
channel hardware isn't cheap. Last time I looked, a DIY RAID 10 system
with 15 drives (1 hot-standby), case and fibre channel capability was ~
$30-35k. For each workstation that connects to it, there is a ~1k charge
for the fibre channel client card. Don't even go near a fibre channel
switch, they run $10-15k apiece, and don't handle more than 10-15
connections. Plus cabling.
See, it adds up -- and that's just for one unit. To do the kind of data
retention proposed in th EU, that is the kind of hardware that would be
necessary. Plus a rack of tape backup drives running 24x7. Perhaps this
sounds extreme, and it very well could be. My concern isn't so much based
on what the law says must be retained, the penalties if the data isn't
retained are what worry me.
Could a system or network administrator be charged if the data is
unavailable? What if their is a plausible reason (ie. hardware failed a
year ago, fire)? What if the company cannot afford it? What charges are
brought against the company? These questions are the reality for sysadmins
in the EU. If Canada implemented a data retention law, I would be
extremely concerned about my personal liability as well as corporate --
Canada already can charge a network administrator who the police believe is
negligent in blocking (and removing) copyrighted software from computers
he/she is responsible. It has happened. My understanding it has to do
with an RCMP settlement over the PROMIS software scandal, but that's
another topic.
-- Steve
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list