In message <3D11ED40.9040403@ariolimax.com>, "David G. Koontz" writes:
Trei, Peter wrote:
- start quote -
Cyber Security Plan Contemplates U.S. Data Retention Law http://online.securityfocus.com/news/486
Internet service providers may be forced into wholesale spying on their customers as part of the White House's strategy for securing cyberspace.
By Kevin Poulsen, Jun 18 2002 3:46PM
An early draft of the White House's National Strategy to Secure Cyberspace envisions the same kind of mandatory customer data collection and retention by U.S. Internet service providers as was recently enacted in Europe, according to sources who have reviewed portions of the plan.
...
If the U.S. wasn't in an undeclared 'war', this would be considered an unfunded mandate. Does anyone realize the cost involved? Think of all the spam that needs to be recorded for posterity. ISPs don't currently record the type of information that this is talking about. What customer data backup is being performed by ISPs is by and large done by disk mirroring and is not kept permanently.
This isn't clear. The proposals I've seen call for recording "transaction data" -- i.e., the SMTP "envelope" information, plus maybe the From: line. It does not call for retention of content. Apart from practicality, there are constitutional issues. Envelope data is "given" to the ISP in typical client/server email scenarios, while content is end-to-end, in that it's not processed by the ISP. A different type of warrant is therefore needed to retrieve the latter. The former falls under the "pen register" law (as amended by the Patriot Act), and requires a really cheap warrant. Email content is considered a full-fledged wiretap, and requires a hard-to-get court order, with lots of notice requirements, etc. Mandating that a third party record email in this situation, in the absence of a pre-existing warrant citing probable cause, would be very chancy. I don't think even the current Supreme Court would buy it. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com