Jonathan Zittrain on data retention, an "awful idea"

Sat Jul 6 14:20:21 PDT 2002

Sigh.  Back when the US Feds were still trying to push Key Escrow on the
National Information Infrastructure, I started research for an April 1 RFC
for the National Information Infrastructure Data Entry Escrow Protocol, 
NIIDEEP,
and proposed NIIDEEP Information Network Protocol Implementation Government
Standard, NIIDEEPINPIGS.  (Didn't get it finished by April 1 :-)

Because after all, there's no sense escrowing our crypto keys if you
don't also escrow the cyphertext - some of Eric Hughes's talks on
Message Escrow and Data Retention Policies were excellent explanations
of why those was the critical issues.

If the US Feds and Eurocrats would like us to provide them with all of our 
data,
the existing internet would need to double in size to transport all of it
to the appropriate government data storage facilities, or more than double
if separate copies need to be provided to multiple national governments,
or much more if local governments such as city trade commissions need copies.
Since this is clearly unrealistic, even with the demise of the E-Bone,
transmission will require the use of off-line data transmission technology.
Waiting for approval of new government standards would take too long, and
lose access to valuable data because of the resulting delay of several years,
but there are several existing standards for data storage that can be applies.

My long-lost research had the FIPS (US Federal Information Processing 
Standards)
references for several of them, but the current environment requires
the corresponding European standards as well, and I'll need assistance.
But there's also been progress!  RFC 1149 (Avian Carriers) has been 
implemented,
though scalable implementation and dual-source requirements may require
genetic reconstruction of the Passenger Pigeon to supplement current 
carrier species.
Modular methods uses standard data storage formats and separate transmission.
Standards widely supported in the US include Hollerith cards,
1600 bpi 9-track tapes with EBCDIC character sets and fixed block sizes and 
LRECLs,
and ASCII-format punch tape (with country-specific standards for recycled 
paper content.)
8-inch floppy disks have also been widely used, and support both
CP/M and RT11 file system formats.
Are there corresponding European standards for data storage?
Transmission methods for data storage media include International
Postal Union standards for link layer and addressing formats and pricing,
though I'm not directly familiar with standards for shipping containers
where data encapsulation is required.

                 Thanks;  Bill Stewart, bill.stewart at pobox.com

>From: Jon Zittrain <zittrain at cyber.law.harvard.edu>
>Subject: Re: FC: "Data retention" scheme marches forward in European 
>Parliament
>
>I've written something opposing this at 
><http://www.forbes.com/forbes/2002/0708/062.html>.
>....
>Consider the range of proposals for unobtrusive but sweeping Internet 
>monitoring. Most of them are doable as a technical matter, and all of them 
>would be unnoticeable to us as we surf. Forbes columnist Peter Huber's 
>idea is perhaps the most distilled version. Call it the return of the lock 
>box. He asks for massive government data vaults, routinely receiving 
>copies of all Internet traffic--e-mails, Web pages, chats, mouse clicks, 
>shopping, pirated music--for later retrieval should the government decide 
>it needs more information to solve a heinous crime. (See the Nov. 12 
>column at forbes.com/huber.)
>
>The idea might sound innocuous because the data collected would remain 
>unseen by prying eyes until a later search, commenced only after legal 
>process, is thought to require it. Make no mistake, however: The idealized 
>digital lock box and many sibling proposals are fundamentally terrible 
>ideas. Why?
>....
>
>Jonathan Zittrain, Harvard law professor; codirector, Berkman Center for 
>Internet & Society.