ZDNet UK / News and Analysis / Security / Security Management

America debates data retention

By Declan McCullagh, CNET News, 18 April, 2006 18:00

Topics

Compliance, Data retention

ANALYSIS

The explosive idea of forcing ISPs to record their customers' online activities for future police access is gaining ground in US state capitols and in Washington DC.

Top Bush administration officials have endorsed the concept, and some members of the US Congress have said federal legislation is needed to aid law enforcement investigations into child pornography. A bill is already pending in the Colorado State Senate.

Mandatory data retention requirements worry privacy advocates because they permit police to obtain records of email chatter, Web browsing or chat-room activity that normally would have been discarded after a few months. And some proposals would require providers to retain data that ordinarily never would have been kept at all.

ZDNet UK sister site CNET News.com was the first to report last June that the US Department of Justice was quietly shopping around the idea of legally required data retention. But it was the European Parliament's vote in December for a data retention requirement that seems to have attracted broader interest inside the United States.

At a hearing last week, Congressman Ed Whitfield, a Kentucky Republican who heads a House oversight and investigations subcommittee, suggested that data retention laws would be useful to police investigating crimes against children.

"I absolutely think that that is an idea that is worth pursuing," an aide to Whitfield said in an interview on Thursday. "If those files were retained for a longer period of time, it would help in the uncovering and prosecution of these crimes." Another hearing is planned for 27 April.

Internet providers generally offer three reasons why they are sceptical of mandatory data retention: first, it is not clear who will be able to access records of someone's online behaviour; second, it's not clear who will pay for the data warehouses to be constructed; and third, it's not clear that police are hindered by current law as long as they move swiftly in investigations.

"What we haven't seen is any evidence where the data would have been helpful, where the problem was not caused by law enforcement taking too long when they knew a problem existed," said Dave McClure, president of the US Internet Industry Association, which SMEs.

McClure said that while data retention aficionados cite child pornography, the stored data would be open to any type of investigation — including, for instance, those focused on drug crimes, tax fraud, or terrorism prosecutions. "The agenda behind this doesn't appear to be legitimate," he said.

Proposals for mandatory data retention tend to adhere to one of two models: Address storage or some kind of content storage. In the first model, businesses must record only which Internet address is assigned to a customer at a specific time. In the second, which is closer to what Europe adopted, more types of information must be retained — including telephone numbers dialled, contents of Web pages visited, recipients of email messages and so on.

Without saying what model he favoured, Homeland Security secretary Michael Chertoff broadly endorsed data retention at a meeting of a departmental privacy panel last month. In response to a question, Chertoff said that federal police should be permitted to run queries against data repositories created and maintained by businesses for a set time.

"That might be a model for some kind of data retention issue," Chertoff said. "It might be one that would say the government, instead of holding the data itself, will allow it to remain in the private sector, provided the private sector retains it for a period of time so we can ping against it."

FBI director Robert Mueller was more blunt. He was quoted by the Financial Times  in January as saying: "There can be standardised regulations and rules relating to data retention and secondly a mechanism for the swift exchange of information." The remarks, made at...

Related stories

Internet industry slams villainous data retention

EC rubberstamps data retention directive

Sony and the EC vie for Internet Villain award

Home Secretary to push ahead with data retention law

On the merits of data retention

Talkback

Data retention laws may be the wet dream of people sitting behind a desk running their part of the world on paper but in reality it's nothing but a burden that's begging for misuse and abuse by white board criminals and won't stand in the way of professional criminals and illegal "underground" activities it's intented to stop.

The signs are all there. It looks good on paper. It gives more power to those that already have power. It's an excuse why those in power failed to produce meaningfull results so far. Positive results underlining the succes of the project can be generated at will with no real way to proof or disproof such claims. Visa versa, claims from opponents that it isn't working can be waived away because hard evidence is lacking or very limited. And it's backed up by political correct statements the average person will agree to.

In reality however various safety guards are missing. I'm not buying the 'innocents have nothing to fear' retoric because the only way to be innocent nowedays is by a judge ruling. And that's after the investigations and trials. Until then the only thing standing between beeing "uninvestigated" and beeing "under investigation" is one memo from some ill advised or fanatic burocrat who has had some crash cources before becoming the "expert". And that's excluding possible hidden or personal agenda's.
Or did governments suddenly acquire a few thousand electronic forensic veterans overnight to research all those logs and come to the right conclusions? Or are we to believe that all the extra burdens that do not come cheap must be done to make life easier for a handfull of experts that maybe handle a few hundred cases each year?
And how exactly will log tampering be prevented? It's all electronic you see. Manipulated in the right way and a log will tell whatever a real expert wants it to say. Incriminating a person could become as easy as running a query or a script. Or installing a tailormade backdoor. Or high-jacking his/her cell phone. Not to mention the possibilities of finding out some of the more juicy details about someone's behavioural private life and using that to your own advantage. What's next? Retrain all IT administrators to become police agents working for the goverment? Or upload in real-time every log event everywhere to some centralized government data center? Or maybe take a deep breath, take a step back and rethink this data retention thing over?

20 April, 2006 23:53 Reply

It is abhorrent that we allow our politicians, supposedly there to serve us and paid by us, to set their employees to spy on the activities of the rest of us.
Where there is already evidence of criminal activity then the present UK system of a surveillance warrant being authorised by a magistrate is perfectly adequate.
It is when those highly paid politicians introduce such as this that I start to consider civil disobedience and anarchy are becoming not only justified but necessary.
But how can it be civil disobedience when we decide to disobey those we pay to serve us when they exceed themselves?

9 May, 2006 14:35 Reply

Post your comment

In order to post a comment you need to be registered and logged in

Log in or create your ZDNet UK account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

ZDNet UK Live

Kan.Ramachandran

Easiest and fastest windows only in the world

1 hour ago by Kan.Ramachandran on Ubuntu 10.10 arrives in beta
SndpNkum

RT @ZDNetUK_News: Ubuntu 10.10 arrives in beta: The Maverick Meerkat edition of the Linux distribution has come to beta slightly ahe... http://bit.ly/bwVooB

SndpNkum

RT @ZDNetUK_News: Microsofts updates Windows application protection tool: The company has added two new features to its Enhanced Mit... http://bit.ly/cbYYtX

1van6arcia

RT @mark_want: IBM prepare to ship superfast mainframe: By Jack Clark, ZDNet UK, 3 September, 2010 16:51 IBM unveiled the mainfra... http://bit.ly/c9NQvD

PhilipCohen

eBay’s many problems are hardly worth discussing any more. Clearly, the headless turkeys have taken over the eBay farmyard and in particular...

5 hours ago by PhilipCohen on Finalists announced for eBay modular datacentre
BrownieBoy

Loathe as I am to admit it, I'm afraid Jack's got a point: the versions of Linux on the early netbooks were pretty awful, and too fragmented....

6 hours ago by BrownieBoy on While PC shipments will grow to a million per day, netbooks are in decline
intrahostfeed

Google puts open-source Wave in a 'box' - ZDNet UK - Dedicated ...: Find and compare the best UK Dedicated Server ... http://bit.ly/bdxDnm

josephmenn

On the arguably weightier topic #cyberwar, what someone else wrote on the UN's ITU chief's problems getting a treaty http://bit.ly/aXVXOd

Tezzer

The whole idea is a train wreck waiting to happen. These things dump crap over huge swathes of the radio spectrum, and are already causing problems...

12 hours ago by Tezzer on High-speed powerline networking
markteratlarge

Finalists announced for eBay modular datacentre http://bit.ly/ch5Kzm

CareerAndBizOps

New iPods, revamped Apple TV arrive: ZDNet UKCompany CEO Steve Jobs presented three new iPods: a Shuffle, a Nano a... http://bit.ly/ahinqZ

Droid_Phone

New iPods, revamped Apple TV make their debut http://bit.ly/9XIfCE | #Droid #Android

ProtegoSS

Microsofts updates Windows application protection tool http://bit.ly/cQBji5

mikemcsharry

samsung android tablet announced in some detail http://bit.ly/bfTqLq

rbconsulting

RT @ZDNetUK_News Google puts open-source Wave in a 'box': The company will open-source more of its Wave protocols http://bit.ly/97tik3

kpdavis

#ITU head states that #cyberwar could be "worse than a tsunami". And me without my floaty - http://bit.ly/dngpT1

ComputerDoctor

Although most of your comments are based on user preferences or have a slight amount of merit to them... but Google Chrome???? Ok, so Google has...

16 hours ago by ComputerDoctor on Ten criticisms of Ubuntu 10.04
superglaze

How much should we fear cyberwar? http://bit.ly/bhgmAp

qbspchelp

A close look at the Android-based Galaxy Tab - http://bit.ly/bS6GjP

HenkvanRoest

India demands data from Google and Skype http://bit.ly/bVpgp4

Latest in Security Management

India demands data from Google and Skype

RIM wins reprieve on India BlackBerry ban

Hacker crash reports send code to Microsoft

Featured white papers

SunGard Aquires Hosting 365

A synopsis of SunGard's acquisition of 365 Hosting Limited, a Dublin, Ireland-based cloud computing and data centre services company..

Download now

HP Managed Print Services deal yields 40 percentcost saving at Merck Sharp & Dohme Italia SpA

Merck Sharp & Dohme Italia SpA wanted to consolidate its ageing, unmanaged print, copy and fax fleet and introduce a Managed Print Service (MPS) solution to drive down costs.

Download now

Real-Time Protection for Hyper-V

Server virtualization is a hot topic in the IT world because of the potential for providing serious cost savings for customers.

Download now

Inside ZDNet UK

Broadband Speed Test

How fast is your broadband?

Join ZDNet UK on Facebook

Join ZDNet UK on Facebook

White Papers

Free technology white papers

Downloads

Browse our free downloads

Jobs

Search for a new job

Hot Topics

ZDNet UK hot topics

Storage Resource Centre

Storage Resource Centre