DOJ proposes US data-rentention law.
Steven M. Bellovin
smb at research.att.com
Thu Jun 20 12:19:08 PDT 2002
In message <3D11ED40.9040403 at ariolimax.com>, "David G. Koontz" writes:
>Trei, Peter wrote:
>> - start quote -
>>
>> Cyber Security Plan Contemplates U.S. Data Retention Law
>> http://online.securityfocus.com/news/486
>>
>> Internet service providers may be forced into wholesale spying
>> on their customers as part of the White House's strategy for
>> securing cyberspace.
>>
>> By Kevin Poulsen, Jun 18 2002 3:46PM
>>
>> An early draft of the White House's National Strategy to Secure
>> Cyberspace envisions the same kind of mandatory customer data
>> collection and retention by U.S. Internet service providers as was
>> recently enacted in Europe, according to sources who have reviewed
>> portions of the plan.
>>
...
>
>If the U.S. wasn't in an undeclared 'war', this would be considered
>an unfunded mandate. Does anyone realize the cost involved? Think
>of all the spam that needs to be recorded for posterity. ISPs don't
>currently record the type of information that this is talking about.
>What customer data backup is being performed by ISPs is by and large
>done by disk mirroring and is not kept permanently.
This isn't clear. The proposals I've seen call for recording "transaction
data" -- i.e., the SMTP "envelope" information, plus maybe the From:
line. It does not call for retention of content.
Apart from practicality, there are constitutional issues. Envelope
data is "given" to the ISP in typical client/server email scenarios,
while content is end-to-end, in that it's not processed by the ISP. A
different type of warrant is therefore needed to retrieve the latter.
The former falls under the "pen register" law (as amended by the
Patriot Act), and requires a really cheap warrant. Email content is
considered a full-fledged wiretap, and requires a hard-to-get court
order, with lots of notice requirements, etc. Mandating that a third
party record email in this situation, in the absence of a pre-existing
warrant citing probable cause, would be very chancy. I don't think
even the current Supreme Court would buy it.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list