Re: Jonathan Zittrain on data retention, an "awful idea"
Sigh. Back when the US Feds were still trying to push Key Escrow on the National Information Infrastructure, I started research for an April 1 RFC for the National Information Infrastructure Data Entry Escrow Protocol, NIIDEEP, and proposed NIIDEEP Information Network Protocol Implementation Government Standard, NIIDEEPINPIGS. (Didn't get it finished by April 1 :-) Because after all, there's no sense escrowing our crypto keys if you don't also escrow the cyphertext - some of Eric Hughes's talks on Message Escrow and Data Retention Policies were excellent explanations of why those was the critical issues. If the US Feds and Eurocrats would like us to provide them with all of our data, the existing internet would need to double in size to transport all of it to the appropriate government data storage facilities, or more than double if separate copies need to be provided to multiple national governments, or much more if local governments such as city trade commissions need copies. Since this is clearly unrealistic, even with the demise of the E-Bone, transmission will require the use of off-line data transmission technology. Waiting for approval of new government standards would take too long, and lose access to valuable data because of the resulting delay of several years, but there are several existing standards for data storage that can be applies. My long-lost research had the FIPS (US Federal Information Processing Standards) references for several of them, but the current environment requires the corresponding European standards as well, and I'll need assistance. But there's also been progress! RFC 1149 (Avian Carriers) has been implemented, though scalable implementation and dual-source requirements may require genetic reconstruction of the Passenger Pigeon to supplement current carrier species. Modular methods uses standard data storage formats and separate transmission. Standards widely supported in the US include Hollerith cards, 1600 bpi 9-track tapes with EBCDIC character sets and fixed block sizes and LRECLs, and ASCII-format punch tape (with country-specific standards for recycled paper content.) 8-inch floppy disks have also been widely used, and support both CP/M and RT11 file system formats. Are there corresponding European standards for data storage? Transmission methods for data storage media include International Postal Union standards for link layer and addressing formats and pricing, though I'm not directly familiar with standards for shipping containers where data encapsulation is required. Thanks; Bill Stewart, bill.stewart@pobox.com
From: Jon Zittrain <zittrain@cyber.law.harvard.edu> Subject: Re: FC: "Data retention" scheme marches forward in European Parliament
I've written something opposing this at <http://www.forbes.com/forbes/2002/0708/062.html>. .... Consider the range of proposals for unobtrusive but sweeping Internet monitoring. Most of them are doable as a technical matter, and all of them would be unnoticeable to us as we surf. Forbes columnist Peter Huber's idea is perhaps the most distilled version. Call it the return of the lock box. He asks for massive government data vaults, routinely receiving copies of all Internet traffic--e-mails, Web pages, chats, mouse clicks, shopping, pirated music--for later retrieval should the government decide it needs more information to solve a heinous crime. (See the Nov. 12 column at forbes.com/huber.)
The idea might sound innocuous because the data collected would remain unseen by prying eyes until a later search, commenced only after legal process, is thought to require it. Make no mistake, however: The idealized digital lock box and many sibling proposals are fundamentally terrible ideas. Why? ....
Jonathan Zittrain, Harvard law professor; codirector, Berkman Center for Internet & Society.
participants (1)
-
Bill Stewart