Security management Toolkit 
Story: America debates data retention
Posted by: Arthur B. (Thursday 20 April 2006, 11:53 PM)
Data retention laws may be the wet dream of people sitting behind a desk running their part of the world on paper but in reality it's nothing but a burden that's begging for misuse and abuse by white board criminals and won't stand in the way of professional criminals and illegal "underground" activities it's intented to stop.
The signs are all there. It looks good on paper. It gives more power to those that already have power. It's an excuse why those in power failed to produce meaningfull results so far. Positive results underlining the succes of the project can be generated at will with no real way to proof or disproof such claims. Visa versa, claims from opponents that it isn't working can be waived away because hard evidence is lacking or very limited. And it's backed up by political correct statements the average person will agree to.
In reality however various safety guards are missing. I'm not buying the 'innocents have nothing to fear' retoric because the only way to be innocent nowedays is by a judge ruling. And that's after the investigations and trials. Until then the only thing standing between beeing "uninvestigated" and beeing "under investigation" is one memo from some ill advised or fanatic burocrat who has had some crash cources before becoming the "expert". And that's excluding possible hidden or personal agenda's.
Or did governments suddenly acquire a few thousand electronic forensic veterans overnight to research all those logs and come to the right conclusions? Or are we to believe that all the extra burdens that do not come cheap must be done to make life easier for a handfull of experts that maybe handle a few hundred cases each year?
And how exactly will log tampering be prevented? It's all electronic you see. Manipulated in the right way and a log will tell whatever a real expert wants it to say. Incriminating a person could become as easy as running a query or a script. Or installing a tailormade backdoor. Or high-jacking his/her cell phone. Not to mention the possibilities of finding out some of the more juicy details about someone's behavioural private life and using that to your own advantage. What's next? Retrain all IT administrators to become police agents working for the goverment? Or upload in real-time every log event everywhere to some centralized government data center? Or maybe take a deep breath, take a step back and rethink this data retention thing over?
Full Talkback thread
Story: America debates data retention
-
Data retention laws may be the wet dream of people... Arthur B. -
It is abhorrent that we allow our politicians, sup... Chris Goodman
Back to: America debates data retention
