Re: Jonathan Zittrain on data retention, an "awful idea"

6 Jul 2002

      Sigh.  Back when the US Feds were still trying to push Key Escrow on the
National Information Infrastructure, I started research for an April 1 RFC
for the National Information Infrastructure Data Entry Escrow Protocol, 
NIIDEEP,
and proposed NIIDEEP Information Network Protocol Implementation Government
Standard, NIIDEEPINPIGS.  (Didn't get it finished by April 1 :-)

Because after all, there's no sense escrowing our crypto keys if you
don't also escrow the cyphertext - some of Eric Hughes's talks on
Message Escrow and Data Retention Policies were excellent explanations
of why those was the critical issues.

If the US Feds and Eurocrats would like us to provide them with all of our 
data,
the existing internet would need to double in size to transport all of it
to the appropriate government data storage facilities, or more than double
if separate copies need to be provided to multiple national governments,
or much more if local governments such as city trade commissions need copies.
Since this is clearly unrealistic, even with the demise of the E-Bone,
transmission will require the use of off-line data transmission technology.
Waiting for approval of new government standards would take too long, and
lose access to valuable data because of the resulting delay of several years,
but there are several existing standards for data storage that can be applies.

My long-lost research had the FIPS (US Federal Information Processing 
Standards)
references for several of them, but the current environment requires
the corresponding European standards as well, and I'll need assistance.
But there's also been progress!  RFC 1149 (Avian Carriers) has been 
implemented,
though scalable implementation and dual-source requirements may require
genetic reconstruction of the Passenger Pigeon to supplement current 
carrier species.
Modular methods uses standard data storage formats and separate transmission.
Standards widely supported in the US include Hollerith cards,
1600 bpi 9-track tapes with EBCDIC character sets and fixed block sizes and 
LRECLs,
and ASCII-format punch tape (with country-specific standards for recycled 
paper content.)
8-inch floppy disks have also been widely used, and support both
CP/M and RT11 file system formats.
Are there corresponding European standards for data storage?
Transmission methods for data storage media include International
Postal Union standards for link layer and addressing formats and pricing,
though I'm not directly familiar with standards for shipping containers
where data encapsulation is required.

                 Thanks;  Bill Stewart, bill.stewart@pobox.com
...
From: Jon Zittrain 
Subject: Re: FC: "Data retention" scheme marches forward in European 
Parliament
I've written something opposing this at 
http://www.forbes.com/forbes/2002/0708/062.html.
....
Consider the range of proposals for unobtrusive but sweeping Internet 
monitoring. Most of them are doable as a technical matter, and all of them 
would be unnoticeable to us as we surf. Forbes columnist Peter Huber's 
idea is perhaps the most distilled version. Call it the return of the lock 
box. He asks for massive government data vaults, routinely receiving 
copies of all Internet traffic--e-mails, Web pages, chats, mouse clicks, 
shopping, pirated music--for later retrieval should the government decide 
it needs more information to solve a heinous crime. (See the Nov. 12 
column at forbes.com/huber.)
The idea might sound innocuous because the data collected would remain 
unseen by prying eyes until a later search, commenced only after legal 
process, is thought to require it. Make no mistake, however: The idealized 
digital lock box and many sibling proposals are fundamentally terrible 
ideas. Why?
....
Jonathan Zittrain, Harvard law professor; codirector, Berkman Center for 
Internet & Society.