About 5yr. log retention

older
RE: My plan to deal with subpoenas...

Jim Choate

5 Dec 2000 5 Dec '00

8:43 a.m.

There is an article over on Drudge's site. The quote with respect to 5 year retention was supposedly made by the US Justice Dept. Wonder what they were refering too... ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Show replies by date

John Young

5 Dec 5 Dec

9:27 a.m.

Here's the source for the data preservation requirement: http://www.usdoj.gov/criminal/cybercrime/COEFAQs.htm Preservation is not a new idea; it has been the law in the United States for nearly five years. 18 U.S.C. 2703(f) requires an electronic communications service provider to "take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process" upon "the request of a governmental entity." This applies in practice only to reasonably small amounts of specified data identified as relevant to a particular case where the service provider already has control over that data. Similarly, as with traditional subpoena powers, issuance of an order to an individual or corporation to produce specified data during the course of an investigation carries with it an obligation not to delete or destroy information falling within the scope of that order when that information is in the persons possession or control. -----

...

From the US Code via GPO Access:

Jim Choate

6:51 p.m.

Actually your cite is the wrong one. It has nothing to do with a court issuance. There has never been a question in that regard. As I said in a earlier note, destruction of evidence is a crime which is well covered. As soon as you have any reason to believe it's evidence (actually whether a cop or other agent advises you of such or not) it becomes illegal for you to alter or destroy it. Tampering with evidence is a crime and always has been. But back to the point, It's called CALEA. It's one of the requirement when one becomes a 'commen carrier'. It's also worth noting that it applies to network providers who provide 'significant' telephone services through their network (can you say PBX? I thought so). I'd send the actual page but Timmy might have a CVA. There's a reference to the CALEA standard at the bottem of the last URL I sent out. So, what we actually have is the DoJ participating in a strawman, basically saying that since they can require 'commen carriers' to keep logs then extending that to everyone isn't that big of a deal. It actually is. On Tue, 5 Dec 2000, John Young wrote:

...

Here's the source for the data preservation requirement:

http://www.usdoj.gov/criminal/cybercrime/COEFAQs.htm

Preservation is not a new idea; it has been the law in the United States for nearly five years. 18 U.S.C. 2703(f) requires an electronic communications service provider to "take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process" upon "the request of a governmental entity." This applies in practice only to reasonably small amounts of specified data identified as relevant to a particular case where the service provider already has control over that data. Similarly, as with traditional subpoena powers, issuance of an order to an individual or corporation to produce specified data during the course of an investigation carries with it an obligation not to delete or destroy information falling within the scope of that order when that information is in the person�s possession or control.

-----

...
From the US Code via GPO Access:

http://www.access.gpo.gov/su_docs/aces/aaces002.html

18 USC 2703(f)

(f) Requirement To Preserve Evidence.-- (1) In general.--A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process. (2) Period of retention.--Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity.

-----

____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

John Young

7:21 p.m.

Jim Choate wrote:

...

Actually your cite is the wrong one. It has nothing to do with a court issuance. There has never been a question in that regard. As I said in a earlier note, destruction of evidence is a crime which is well covered. As soon as you have any reason to believe it's evidence (actually whether a cop or other agent advises you of such or not) it becomes illegal for you to alter or destroy it. Tampering with evidence is a crime and always has been.

The citation was given as the basis of the news story. And it shows that there is no five year retention requirement, only that the law is five years old. But that is trivial compared to your claim that you decide what is evidence and that it then becomes illegal to alter or destroy it. That appears to be playing cop without the authority. Now, you've made no bones about doing that in the past, apparently to protect your own ass and your fragile operation. Maybe you are under threat to out cop the cops. Certainly, fruadulent operations have to worry about being exposed. And, no doubt there are many sys admins and operators worldwide who believe that it is their perogative to finger their customers to the fuzz -- as with the big ISPs around the world madly trying to please the authorities so their businesses will get favorable treatment, or at least not become a target for investigation. A local comic might say all such people need killing. The lilly-livered sys admins who betray people's trust in their systems are a plague on the Internet, all braying about the need to secure their systems from bad users, and all of them -- along with their bosses and investors who are rushing to kiss the authorities asses even when the authorities know what the cheaters fear -- need to be exposed and pilloried. You, Jim, have repeatedly confessed to being a law and order rat fink. But I understand, son, that's just good business for a crooked cop.

Greg Newby

7:28 p.m.

On Tue, Dec 05, 2000 at 07:05:37PM -0500, John Young wrote:

...

The lilly-livered sys admins who betray people's trust in their systems are a plague on the Internet, all braying about the need to secure their systems from bad users, and all of them -- along with their bosses and investors who are rushing to kiss the authorities asses even when the authorities know what the cheaters fear -- need to be exposed and pilloried.

Good comments, John. My 2 cents is that sysadmins' conservative organizations often force (or try to force) lilly-livered behavior. I've personal and 2nd hand stories about the legal counsel or upper management having a policy of blind cooperation with any law enforcement, sans warrant, for any request. Sometimes the sysadmin might choose to buck authority, but s/he does so at peril of losing cooperation or support from the higher-ups. So, regardless of whether the sysadmins are really lilly-livered, they might need to behave that way due to management or legal counsel who favors saving various legal expenses or hassles over taking the moral high road. Bottom line, as usual, is to trust no-one, including ISPs or sysadmins that have a strong privacy ethic. -- Greg

Mark Allyn

9:24 p.m.

Use PGP. If you want to blab without being traced, go to the local public library or netcafe. Some airports now have netcafe's that accept cash without ID. As a sysadmin, I often have to troubleshoot mail. That exposes me to email. I try only to look at headers and ignore bodies, but I am still exposed. I would much prefer to see PGP bodies. Mark

Jim Choate

9:31 p.m.

On Tue, 5 Dec 2000, Mark Allyn wrote:

...

Use PGP.

Which doesn't help, there are issues related to key control and exchange that are not resolved. It further can be used as evidence against you if you are committing a crime, it is used to raise the sentence. It may be possible that you simply exchanging email (encryption speaks to premeditation which also raises the stakes) with another party is enough to tie you to the crime and find you guilty on other grounds. I hope you enjoy cooked goose. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

David Honig

6 Dec 6 Dec

11:40 a.m.

At 09:17 PM 12/5/00 -0500, Mark Allyn wrote:

...

If you want to blab without being traced, go to the local public library or netcafe. Some airports now have netcafe's that accept cash without ID.

Watch out for surveillance cams (incl. on public streets) if you're really going to attract uniformed attention.

Jim Choate

8:21 p.m.

On Wed, 6 Dec 2000, David Honig wrote:

...

At 09:17 PM 12/5/00 -0500, Mark Allyn wrote:

...
If you want to blab without being traced, go to the local public library or netcafe. Some airports now have netcafe's that accept cash without ID.

Watch out for surveillance cams (incl. on public streets) if you're really going to attract uniformed attention.

It's also worth mentioning that many city police departments put IR and hi-res video around town. The Austin PD has several camera suites around town. One is on the top of the police station and monitors 6th Street (the major non-college hangout). Here in Austin we have bicycle cops who sit around using NVG's to catch people urinating in public and throwing up (public intoxication). There are at least a thousand video camera's on the major highways and a handful of primary intersections. Then there are private camera's as well. I have a friend who has 4 channels at 5fpm on a 'secret' webpage that surround his house. And just about every business you go into has video gear, some pointed out the door. It's amazing if you walk around looking for this stuff and keep a list. Anyone doing anything that might attract uniformed attention should be going the major Ninja route... ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Ken Brown

7 Dec 7 Dec

5:51 a.m.

Jim Choate wrote: [...]

...

And just about every business you go into has video gear, some pointed out the door. It's amazing if you walk around looking for this stuff and keep a list. Anyone doing anything that might attract uniformed attention should be going the major Ninja route...

I wonder what they think of Muslim women who go completely veiled? (I don't know if you have any in Austin but there are quite a few in London). Ken

Jim Choate

8:17 a.m.

On Thu, 7 Dec 2000, Ken Brown wrote:

...

I wonder what they think of Muslim women who go completely veiled? (I don't know if you have any in Austin but there are quite a few in London).

Can't say. Austin is a very! cosmopolitan town. We've got folks of just about every type. Is your assertion that veiled Muslim women are inherently criminal? Muslim dress isn't very 'ninja' if you think about it at all. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Ken Brown

10:40 a.m.

Jim Choate wrote:

...

Is your assertion that veiled Muslim women are inherently criminal?

No, just that you can't tell who is under the buibui by looking at the video. Ken

Declan McCullagh

6 Dec 6 Dec

12:17 p.m.

On Tue, Dec 05, 2000 at 07:22:30PM -0500, Greg Newby wrote:

...

Bottom line, as usual, is to trust no-one, including ISPs or sysadmins that have a strong privacy ethic.

On the web sites that I maintain, I have a stated policy that we intend to challenge subpoenas for our web logs and user database. Of course, talk is cheap, and I'd hope to find funding for lawyers or pro-bono work. Then again, it's a likely possibility: When I got a subpoena, I found pro bono counsel (and excellent one too). -Declan

Tim May

2:25 p.m.

New subject: My plan to deal with subpoenas to testify

At 12:17 PM -0500 12/6/00, Declan McCullagh wrote:

...

On Tue, Dec 05, 2000 at 07:22:30PM -0500, Greg Newby wrote:

...
Bottom line, as usual, is to trust no-one, including ISPs or sysadmins that have a strong privacy ethic.

On the web sites that I maintain, I have a stated policy that we intend to challenge subpoenas for our web logs and user database. Of course, talk is cheap, and I'd hope to find funding for lawyers or pro-bono work. Then again, it's a likely possibility: When I got a subpoena, I found pro bono counsel (and excellent one too).

I'll say what I expect to do. Partly to address some interesting issues about how witnesses may be compelled to travel long distances (beyond the usual countywide travel that noncyberspace cases typically involve). And partly to think aloud on my plans. As Declan says, "talk is cheap," so I may wimp-out, or think better of my plans, or get advice which changes my mind. But here goes: -- if and when I am called to testify in the Bell or Parker re-trials or re-re-trials, I expect to hire no damned shysters -- ditto for a subpoena...I'll try to read the subpoena and understand it as best I can and then comply with it as best I can. (Of course, _serving me_ is problematic. I had a process server make several trips out to my semi-rural hilltop home in 1995 before finally reaching me at home. And that was when I still answering the doorbell. These days I use my peephole, or a t.v. camera I sometimes have set up. I doubt a process server could get to me.) -- if the law is so confusing that I am expected to "retain counsel" to explain it to me, while his $400 an hour meter is running, then the law is an ass -- I was surprised to see so many "affidavits" and "interviews" and "pre-trial statements" from various witnesses in the Parker case. Surely these people must have known that though their presence could have been compelled in Washington state, that they had no obligation to sit down with Federal agents and give interviews! In a nutshell, this has been my plan for the past year or so (subject to modifications, as noted above): If subpoenaed, I'll expect them to provide _all_ transportation and lodging, in advance, in acceptable-quality hotels and with nice transportation. In advance. (I don't lend money to the government--see note below). I'll give no interviews prior to be seated in the witness box. While I can be compelled to testify in a courtroom, I find nothing in the Constitution which says I may be compelled to give pre-trial interviews. (From t.v. shows, I gather it is common for both sides to extensively interview witnesses, getting "depositions," etc. I figure it may be interesting to put this to a test: "Put me on the stand if you can. But you won't know what I'll say until then.") Oh, and no "swearing on a Bible," as I'm not a follower of He Whose Name May Not be Uttered, or whatever name they call their god by. If asked a question, I will take my time to consider my answer and then answer as simply as possible. If I believe the terms in the question are ambiguous, I will ask for them to be clarified. If I am jailed for contempt, for unacceptable reasons, then I expect to take appropriate actions against the kidnappers at a later time. (Note about expenses: I had heard during the Parker trial that various witnesses called to travel to Washington were to "submit travel expense receipts." Is this true? What part of the Constitution says citizens must lend money to the government and then petition to get some of it back later?) A bunch of my friends are involved in "pro se" court issues. While I hope to not waste valuable months of my life, as they have, coming up to speed on shyster jargon, I can't see the average lawyer picked out of a phone book knowing anything more about First and Fourth Amendment sorts of issues than I've picked up over the years. Most of the "court-appointed attorneys" seem to have been especially clueless in anything beyond pleading out a rapist. Anyway, I was not called to testify in the Parker case. In the latest Bell case, I don't know what will happen. --Tim May -- (This .sig file has not been significantly changed since 1992. As the election debacle unfolds, it is time to prepare a new one. Stay tuned.)

Declan McCullagh

4:26 p.m.

New subject: My plan to deal with subpoenas to testify

At 11:01 12/6/2000 -0800, Tim May wrote:

...

(Of course, _serving me_ is problematic. I had a process server make several trips out to my semi-rural hilltop home in 1995 before finally reaching me at home. And that was when I still answering the doorbell. These days I use my peephole, or a t.v. camera I sometimes have set up. I doubt a process server could get to me.)

When I was served with a subpoena in the CJ Parker trial, I had had a party the night before and let a friend of a friend sleep over in my living room. The process server showed up around 7:30 am the following morning and my houseguest let him into the foyer. Grr.

...

-- I was surprised to see so many "affidavits" and "interviews" and "pre-trial statements" from various witnesses in the Parker case. Surely these people must have known that though their presence could have been compelled in Washington state, that they had no obligation to sit down with Federal agents and give interviews!

When I was subpoenaed in the Parker trial, I did not give any pre trial statement or affidavits or whatnot. (There's no incentive for me to do so, and presumably little incentive for list members to do so, unless they see it as a way to avoid further involvement.) My lawyer was the person who had contact with DoJ.

...

(Note about expenses: I had heard during the Parker trial that various witnesses called to travel to Washington were to "submit travel expense receipts." Is this true? What part of the Constitution says citizens must

Yes. It's a standard government form. They also paid something like $25 a day while you waited outside the courtroom before being called to the stand, and $40 a day you actually testified. Yay. -Declan

Tim May

4:28 p.m.

New subject: My plan to deal with subpoenas to testify

At 3:52 PM -0500 12/6/00, Declan McCullagh wrote:

...

...
(Note about expenses: I had heard during the Parker trial that various witnesses called to travel to Washington were to "submit travel expense receipts." Is this true? What part of the Constitution says citizens must

Yes. It's a standard government form. They also paid something like $25 a day while you waited outside the courtroom before being called to the stand, and $40 a day you actually testified. Yay.

As I said, it's not my job to buy plane tickets, hotel rooms, etc. and then fill out a government form. Actually, I remember someone saying during the Parker case that a government travel office would make all travel and lodging arrangements. Not my job to lend money to the government. I'm watching a lawyer on the stand in the Seminole County part of the rolling trial say that he charges $500 an hour to testify in court cases. Sounds like a good fee for me to charge. --Tim May -- (This .sig file has not been significantly changed since 1992. As the election debacle unfolds, it is time to prepare a new one. Stay tuned.)

Tim May

4:34 p.m.

New subject: My plan to deal with subpoenas to testify

At 1:08 PM -0800 12/6/00, Tim May wrote:

...

At 3:52 PM -0500 12/6/00, Declan McCullagh wrote:

...
...
(Note about expenses: I had heard during the Parker trial that various witnesses called to travel to Washington were to "submit travel expense receipts." Is this true? What part of the Constitution says citizens must

Yes. It's a standard government form. They also paid something like $25 a day while you waited outside the courtroom before being called to the stand, and $40 a day you actually testified. Yay.

As I said, it's not my job to buy plane tickets, hotel rooms, etc. and then fill out a government form.

Actually, I remember someone saying during the Parker case that a government travel office would make all travel and lodging arrangements.

Not my job to lend money to the government.

I'm watching a lawyer on the stand in the Seminole County part of the rolling trial say that he charges $500 an hour to testify in court cases. Sounds like a good fee for me to charge.

I mis-spoke. He's not a lawyer...he's a statistics professor. Still, sounds like a good fee to charge for my "expert testimony" on Bell's scheme, should it come down to this. --Tim -- (This .sig file has not been significantly changed since 1992. As the election debacle unfolds, it is time to prepare a new one. Stay tuned.)

Declan McCullagh

10:31 p.m.

New subject: My plan to deal with subpoenas to testify

On Wed, Dec 06, 2000 at 01:08:13PM -0800, Tim May wrote:

...

Actually, I remember someone saying during the Parker case that a government travel office would make all travel and lodging arrangements.

My memory is hazy, but I believe this is correct. The form was for incidentals like cab fare, meals,etc. -Declan

Tim May

11:45 p.m.

New subject: Bill Clinton belatedly decides that pot smoking should not be criminal

Gee, Bill, you're only about 6-8 years too late: --excerpt-- Wednesday December 6 10:15 PM ET Clinton: Pot Smoking Should Not Be Prison Offense LOS ANGELES (Reuters) - President Clinton (news - web sites), who tried to avoid the stigma of smoking marijuana by saying he never ''inhaled,'' tells Rolling Stone magazine that people should not be jailed for using or selling small amounts of the drug. --end excerpt-- Instead of pushing for legislation in '93-94, Clinton is now opining that all of those hundreds of thousands of folks his Drug Warriors put in in prison maybe shouldn't be there. Something tells me the New Bill will soon be bashing Carnivore, CALEA, Clipper, Echelon, and all other things Janet Reno, Louis Freeh, Jamie Gorelick, and all of the other Drug Warriors and Ninja Raiders were pushing so hard. We may even see the New Bill say he was never in favor of burning 90 people alive in Waco for the sin of believing in a bizarre variant of Christianity. Of course, he probably did the RS interview when he thought Bush was going to win and his party would be the Disloyal Opposition, railing against Carnivore, no knock raids, sentencing enhancements, the persecution of Jim Bill, CALEA, and so on. The New Bill may have to modify his new radicalism in light of the possibility that Algore and his ZOG Veep may manage, through the cleverness of their shysters, to pull a victory out of the ashes. Revised version, in the December 23 "Letters to the Editor": "Actually, I was misquoted in that "Rolling Stone" article. What I actually said was that Sen. Clinton and I are both behind President Gore's Campaign to Save the Children Act. If those who traffic in the Evil Weed think they can hide behind the Constitution, they'd better watch out for the pre-dawn raids!" --Tim May -- (This .sig file has not been significantly changed since 1992. As the election debacle unfolds, it is time to prepare a new one. Stay tuned.)

Matthew Gaylor

7 Dec 7 Dec

6:36 a.m.

New subject: Bill Clinton belatedly decides that pot smoking should not be criminal

Tim May wrote:

...

Instead of pushing for legislation in '93-94, Clinton is now opining that all of those hundreds of thousands of folks his Drug Warriors put in in prison maybe shouldn't be there.

The US Corrections System currently has 458,000 Drug War Prisoners. Plus the number of people under some form of correctional supervision -- jail, prison, probation, or parole -- has reached a record 6.3 million. Go to the Department of Justice's Bureau of Justice Statistics (BJS) semiannual report on corrections. That report, as well as a treasure trove of related statistics is available online at http://www.ojp.usdoj.gov/bjs/correct.htm. Regards, Matt- ************************************************************************** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: freematt@coil.com with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per month) Matthew Gaylor, 1933 E. Dublin-Granville Rd., PMB 176, Columbus, OH 43229 (614) 313-5722 Archived at http://www.egroups.com/list/fa/ **************************************************************************

James A. Donald

12:15 p.m.

New subject: Bill Clinton belatedly decides that pot smoking should not be criminal

-- At 05:39 AM 12/7/2000 -0500, Matthew Gaylor wrote:

...

The US Corrections System currently has 458,000 Drug War Prisoners.

This figure may be a substantial under estimate, for it is fairly common practice in some courts, when someone is charged with a serious victimless illegal act, to offer a plea bargain where he pleads guilty to a crime that in theory supposedly has a victim, despite the absence of any complainant, a crime somehow connected to theft, guns and violence, despite the absence of any specific identifiable person robbed or threatened by these guns or violence. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG IMbO+yh1UkDtUkPKlB6E7DsnRwamnzIDr1j5upMw 4wsWH9+U/GwzrU3OioU3UGXbpCqEEXt4oiSwC3KLT

Jim Choate

6 Dec 6 Dec

8:45 p.m.

New subject: My plan to deal with subpoenas to testify

On Wed, 6 Dec 2000, Tim May wrote:

...

Oh, and no "swearing on a Bible," as I'm not a follower of He Whose

They don't do that anymore.

...

In the latest Bell case, I don't know what will happen.

Good luck if you need it. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Ken Brown

7 Dec 7 Dec

5:48 a.m.

New subject: My plan to deal with subpoenas to testify

Tim May wrote: [...]

...

(Note about expenses: I had heard during the Parker trial that various witnesses called to travel to Washington were to "submit travel expense receipts." Is this true? What part of the Constitution says citizens must lend money to the government and then petition to get some of it back later?)

The part that lets taxi drivers write you a 25 dollar receipt for a 10 dollar journey. [...] Ken

Jim Choate

5 Dec 5 Dec

7:32 p.m.

On Tue, 5 Dec 2000, John Young wrote:

...

The citation was given as the basis of the news story. And it shows that there is no five year retention requirement, only that the law is five years old.

What law? Actually if you go look at the bottem of that news piece you'll find a direct reference to CALEA (which I might add says nothing about log retention for 'commen carrier' or otherwise). I'd still like somebody to explain what law was in reference with respect to requiring log retention for any period, irrespective of how old the law is. Note, this has NOTHING to do with a court order or request from a LEA and at no point in that article was that claimed. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Declan McCullagh

6 Dec 6 Dec

12:35 p.m.

Might this be another crankish Jim Choate theory? I think the law is pretty clear: * For most ISPs and dot com sites, there is no general duty to preserve logs for five years, or for any time at all. Gramm-Leach-Bliley may change this when it take affect next year for sites dealing with cc#s; I haven't read up on the specifics. * Common carriers are regulated closely by the FCC and states. (Think: Approval required before raising prices.) ou don't want to be one. -Declan On Tue, Dec 05, 2000 at 06:28:39PM -0600, Jim Choate wrote:

...

On Tue, 5 Dec 2000, John Young wrote:

...
The citation was given as the basis of the news story. And it shows that there is no five year retention requirement, only that the law is five years old.

What law?

Actually if you go look at the bottem of that news piece you'll find a direct reference to CALEA (which I might add says nothing about log retention for 'commen carrier' or otherwise).

I'd still like somebody to explain what law was in reference with respect to requiring log retention for any period, irrespective of how old the law is.

Note, this has NOTHING to do with a court order or request from a LEA and at no point in that article was that claimed.

____________________________________________________________________

Before a larger group can see the virtue of an idea, a smaller group must first understand it.

"Stranger Suns" George Zebrowski

The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

David Honig

1:54 p.m.

At 12:09 PM 12/6/00 -0500, Declan McCullagh wrote:

...

* Common carriers are regulated closely by the FCC and states. (Think: Approval required before raising prices.) ou don't want to be one.

Yes, this was brought up recently when I mentioned common carrier protections for financial service providers, like the Texans. It should be possible to separate the non-responsibility-for-content from the *eminent-domain-derived* regulation of the copper-wire-plant monopoly. For instance, a contract printer is not (or should not be) held responsible for the content he prints, though his rates aren't regulated, because he doesn't use the "commons". You *do* want legal recognition of immunity for what clients use your service for, like a common carrier but without the FCC or PUC. Thanks for pointing out that "common carrier" is a tainted/burdened legal term. (I think they are separable functions: the telcos could still be held legally responsible for what you say even if their rates were unregulated.)

Jim Choate

8:41 p.m.

On Wed, 6 Dec 2000, David Honig wrote:

...

At 12:09 PM 12/6/00 -0500, Declan McCullagh wrote:

...
* Common carriers are regulated closely by the FCC and states. (Think: Approval required before raising prices.) ou don't want to be one.

Yes, this was brought up recently when I mentioned common carrier protections for financial service providers, like the Texans. It should be possible to separate the non-responsibility-for-content from the *eminent-domain-derived* regulation of the copper-wire-plant monopoly.

There are also issues of user rights. The 'common' means that it is a common resource for all in the community, shared. As a consequence any 'filtering' is highly injurious. Something to do with the 1st maybe?... But as a consequence it's other activities are regulated in the 'public interest'. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

John Young

1:04 p.m.

Jim Choate blindly wrote:

...

What law?

The law was quoted just below the citation we provided: 18 USC 2703(f). The news report quotation exactly matches what the law says about preservation. Not that you'll read it but here it is again: Here's the source for news story report about data preservation requirement: http://www.usdoj.gov/criminal/cybercrime/COEFAQs.htm Preservation is not a new idea; it has been the law in the United States for nearly five years. 18 U.S.C. 2703(f) requires an electronic communications service provider to "take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process" upon "the request of a governmental entity." This applies in practice only to reasonably small amounts of specified data identified as relevant to a particular case where the service provider already has control over that data. Similarly, as with traditional subpoena powers, issuance of an order to an individual or corporation to produce specified data during the course of an investigation carries with it an obligation not to delete or destroy information falling within the scope of that order when that information is in the persons possession or control. ----- And here is the law cited by the DoJ FAQ:

...

From the US Code via GPO Access:

http://www.access.gpo.gov/su_docs/aces/aaces002.html 18 USC 2703(f) (f) Requirement To Preserve Evidence.-- (1) In general.--A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process. (2) Period of retention.--Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity. ----- Now, remember, "evidence" is what law-industry promoters call what civilians call "information." Evidence is used to force subservience to the law-industry. Information is used to fight those narrow-mindfuckers. So, Jim, stop calling information evidence unless you're bragging about fucking your peabrain.

Jim Choate

8:35 p.m.

On Wed, 6 Dec 2000, John Young wrote:

...

Jim Choate blindly wrote:

...
What law?

The law was quoted just below the citation we provided: 18 USC 2703(f).

The news report quotation exactly matches what the law says about preservation. Not that you'll read it but here it is again:

Yeah, and it matches exactly what I said. It takes a court order, where is the law that doesn't take a court order, that makes this mandatory all the time?. This is what what the Europeans are talking about. They are talking about making it mandatory to keep all logs all the time. This is a big difference. The US representative is saying that the distinction between requiring me as a system operator to cooperate with the law via court orders and such or requiring me to keep my logs all the time is a small difference. Maybe you can't get it, but it is a HUGE!!!! difference. I'm telling you, dude, up the med's... ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Jim Choate

5 Dec 5 Dec

7:32 p.m.

On Tue, 5 Dec 2000, John Young wrote:

...

But that is trivial compared to your claim that you decide what is evidence and that it then becomes illegal to alter or destroy it. That appears to be playing cop without the authority.

No John, that is not my claim. You wish it were I bet. You need to adjust your meds again. The destruction of property or materials which are evidence of a crime is itself a crime if done intentionally to cover up that crime. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Riad S. Wahby

10:23 p.m.

Jim Choate wrote:

...

The destruction of property or materials which are evidence of a crime is itself a crime if done intentionally to cover up that crime.

I'm curious how many people would buy the story that the machine in question fell victim to hackers who erased logs and other files in order to cover their tracks. -- Riad Wahby rsw@mit.edu MIT VI-2/A 2002 5105

Jim Choate

10:50 p.m.

New subject: Destroying evidence (was "About 5yr. log retention")

On Tue, 5 Dec 2000, Riad S. Wahby wrote:

...

I'm curious how many people would buy the story that the machine in question fell victim to hackers who erased logs and other files in order to cover their tracks.

I think it would depend on circumstances. For something like this to be taken seriously there would have to be other evidence of hacking. In addition, remember that by now they've probably got your line tapped so they'd have a sniffer copy of the hackers attack (assuming there was one). Of course you could go otherwhere and attempt an attack yourself as an alibi. You could probably wrap strategies like this one inside the other. They would certainly tax patience and resources if done expertly. Especially if one had some anonymous remailer/proxies thrown in the mix. How I'd use this particular point would be from the police perspective. I'd turn an associate and have them send an incriminating email, testifying to same. Say wanting to buy a quantity of drugs. The LEA's would of course have a sniffer log of that packet going into your machine. When they arrested you they would then look in your machine and if it was gone they could then demonstrate you destroyed evidence. This of course also breaks the standard 'encrypt using PGP' point as well. In that case the exchange of keys would demonstrate intent. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Riad S. Wahby

6 Dec 6 Dec

8:26 a.m.

New subject: Destroying evidence (was "About 5yr. log retention")

Jim Choate wrote:

...

This of course also breaks the standard 'encrypt using PGP' point as well. In that case the exchange of keys would demonstrate intent.

Unless you and the person with whom you are commmunicating publish your public keys on a key server before any of the government action in question takes place. In that case, you wouldn't have to send your key to that person---they can access it via the keyserver. As to getting their key, it wouldn't be hard to have that person post a signed message to a public list to which you are subscribed, giving you demonstrable reason to download his/her public key. -- Riad Wahby rsw@mit.edu MIT VI-2/A 2002 5105

Jim Choate

8:25 a.m.

New subject: Destroying evidence (was "About 5yr. log retention")

On Wed, 6 Dec 2000, Riad S. Wahby wrote:

...

Unless you and the person with whom you are commmunicating publish your public keys on a key server before any of the government action in question takes place.

No, that won't work either. Simple publishing is no cover at all. Evidence doesn't have to be secret to be evidence. Even public statements (equivalent to publishing public keys) can be used against you. If there is an exchange of encrypted data, that in and of itself is sufficient to demonstrate communications. That is enough to demonstrate intent and cooperation. Further, since the public keys are useless in and of themselves for encryption without the private keys any exchange would demonstrate that each party had access to the relevent private keys mapped to the public keys. It's possession of the private keys that will roast your goose. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Sean R. Lynch

2:43 p.m.

New subject: Destroying evidence (was "About 5yr. log retention")

On Wed, Dec 06, 2000 at 07:19:13AM -0600, Jim Choate wrote: [...]

...

It's possession of the private keys that will roast your goose.

Fortunately the public key can be stored using steganography, or on some medium that can be physically destroyed, or whatever. Another option would be to use an elliptic curve scheme that generates the private key on the fly from a passphrase. Fortunately they can't read your mind yet, though keystroke readers could prove you knew the passphrase, but then again you might claim that since the cops (and anyone else reading your keystrokes) also knew the passphrase, that they had your private key as much as you did. And then there are ways to avoid having your keystrokes read. -- Sean R. Lynch KG6CVV http://www.literati.org/~seanl/ GPG/PGP signed/encrypted email preferred. Finger for public key. Key fingerprint = 540F 19F2 C416 847F 4832 B346 9AF3 E455 6E73 B691

Jim Choate

8:47 p.m.

New subject: Destroying evidence (was "About 5yr. log retention")

On Wed, 6 Dec 2000, Sean R. Lynch wrote:

...

On Wed, Dec 06, 2000 at 07:19:13AM -0600, Jim Choate wrote: [...]

...
It's possession of the private keys that will roast your goose.

Fortunately the public key can be stored using steganography, or on some medium that can be physically destroyed, or whatever.

That sort of destroys the 'public' part of that doesn't it? This takes us into the "if you've got a channel to send the code on how to decode the public key, why not send the public key privately? And if the channel is safe enough to send the key privately why not send the message itself? There is also the point that if there is a public key and you claim it valid then by assumption you're also claiming there is a private key. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Sean R. Lynch

7 Dec 7 Dec

12:26 p.m.

New subject: Destroying evidence (was "About 5yr. log retention")

On Wed, Dec 06, 2000 at 07:46:16PM -0600, Jim Choate wrote:

...

On Wed, 6 Dec 2000, Sean R. Lynch wrote:

...
On Wed, Dec 06, 2000 at 07:19:13AM -0600, Jim Choate wrote: [...]

...
It's possession of the private keys that will roast your goose.

Fortunately the public key can be stored using steganography, or on some medium that can be physically destroyed, or whatever.

That sort of destroys the 'public' part of that doesn't it? This takes us into the "if you've got a channel to send the code on how to decode the public key, why not send the public key privately? And if the channel is safe enough to send the key privately why not send the message itself?

There is also the point that if there is a public key and you claim it valid then by assumption you're also claiming there is a private key.

Eek. Sorry. I meant the private key could be stored steganographically. And the public key need only be attached to your nym. Now the trick is not leaving anything around that might be used to link you to your nym. -- Sean R. Lynch KG6CVV http://www.literati.org/users/seanl/ Key fingerprint = 540F 19F2 C416 847F 4832 B346 9AF3 E455 6E73 B691 GPG/PGP encrypted/signed email preferred.

Jim Choate

6:31 p.m.

New subject: Destroying evidence (was "About 5yr. log retention")

On Thu, 7 Dec 2000, Sean R. Lynch wrote:

...

Eek. Sorry. I meant the private key could be stored steganographically. And the public key need only be attached to your nym. Now the trick is not leaving anything around that might be used to link you to your nym.

Ah, that makes more sense. Your point is a valid one. I was thinking about this and the article about the RIP hack with these 'hidden' keys that supposedly can't be grabbed. If this works it might also resolve the CFS pass-phrase issue at reboots. This potentially opens up having a fully encrypted filesystem that could only be brute forced. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Alan Olsen

7:01 p.m.

New subject: Destroying evidence (was "About 5yr. log retention")

On Thu, 7 Dec 2000, Jim Choate wrote:

...

On Thu, 7 Dec 2000, Sean R. Lynch wrote:

...
Eek. Sorry. I meant the private key could be stored steganographically. And the public key need only be attached to your nym. Now the trick is not leaving anything around that might be used to link you to your nym.

Ah, that makes more sense. Your point is a valid one.

This is one of the big problems with PGP currently, BTW. I pointed out a number of years ago that you could get a complete list of all keys (and the nyms they were associated with) without any sort of passphrase. ("pgp -kvv" using the private keyring.) It was shrugged off as no big deal. (This was before Carl Johnson got busted and they used his private key ring to show nym association in just the fashion I described.) This could be prevented by encrypting the keyring, but unless it is built into PGP itself, it is going to make life hard for most people who use PGP front-ends. (I can modify such tools, but most people out there are not programmers.) As for the "concealing of evidence"... We are reaching a point where trying to protect ANYTHING from the prying eyes of the feds will be considered a "crime". Get used to it. You will probably have to break laws to retain any shread of privacy in the future. (Of course, the first rule of not being seen is "Don't Stand Up.".) The way that law enforcement has been approaching things is to look for exceptions where people are able to avoid their grasp and to make laws and/or regs to cover those "loopholes". ("Be thou the loophole in the law.") Any effort to exploit existing loopholes in the law will be seen as intent to break other existing laws. (In order to punish you more effectively.) So, in other words, "You are damned if you do and damned if you don't". alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys. "In the future, everything will have its 15 minutes of blame."

8717

Age (days ago)

8719

Last active (days ago)

List overview

Download

38 comments

15 participants

participants (15)

Alan Olsen
David Honig
Declan McCullagh
Greg Newby
James A. Donald
Jim Choate
Jim Choate
John Young
Ken Brown
Mark Allyn
Matthew Gaylor
Riad S. Wahby
Riad S. Wahby
Sean R. Lynch
Tim May