Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: osed data retention law WAS Republicans propose data retention laws etc

From: David Farber <dave () farber net>
Date: Sun, 22 Feb 2009 13:09:23 -0500


Begin forwarded message:

From: Richard Forno <rforno () infowarrior org>
Date: February 22, 2009 12:49:28 PM EST
To: dave () farber net
Subject: Re: [IP] Re: Proposed data retention law WAS Republicans propose data retention laws etc
So is every home wifi user going to be trained (at taxpayer expense) on how to set up logging on their wifi devices? Not to mention, most home-use wifi devices/access points don't have the storage capability to support such prolonged data retention.
IMHO this is more idiotic politicians blathering about something they know nothing about --- and again, wrap their delusions up in a kitzhy acroym designed to make it sound feel-good and effective -- The "Internet Safety Act" --- AKA, the "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act" 

Same stuff, different year.

-rf


On Feb 21, 2009, at 16:36 , David Farber wrote:




Begin forwarded message:

From: Phil Karn Jr KA9Q <karn () philkarn net>
Date: February 20, 2009 5:15:42 PM EST
To: dave () farber net
Subject: Re: [IP] Re: Proposed data retention law WAS Republicans propose data retention laws etc 
Reply-To: karn () ka9q net
If you're asking about this and similar DR legislation, the answer is yes. DR was part of what the House Republicans called their "law and order agenda" that was introduced as a bill in February 2007. 

This is very, very worrisome. Can anything be done about it?
Some people have beaten me to listing some of the things wrong with it. Let's see if I can summarize: 

The invasion of privacy is staggering.
IPv6 uses stateless autoconfiguration, not DHCP. (Well, it allows DHCP, but nobody uses it). As Steve pointed out, you can even generate the host part of your address randomly. It doesn't have to be your MAC address, which in any case is easily changed.
Users of public access points, in fact EVERY Internet user, would have to provide some sort of personal identification. What would that be, a credit card? Drivers' license number? Social security number? How would the individual operator of a free open access point verify that identification? Would they all have to become credit card merchants? Would you want to give your credit card number, D/L number or SSN to some random person for free WiFi? And what if you don't have a credit card or D/L?
Rampant viruses and worms have already organized millions of computers into botnets. The primary purpose of a botnet is to conceal the identities of those doing especially nefarious deeds such as sending spam or conducting denial of service attacks. Sadly, they continue to be quite effective.
Anonymity networks such as TOR are specifically designed to dissociate IP addresses from user identity for consensually anonymous communications (as opposed to botnets, which are designed for non-consensual, abusive communications). This legislation might effectively outlaw TOR in the United States, but what about TOR nodes overseas? Indeed, what about ISPs overseas, including email providers?
This is another example of technically ignorant politicians proposing what to them sounds like a simple motherhood and apple pie ("protect the children") measure but is actually technically extremely difficult or impossible to implement in any meaningful way. What do we do about it? Is the IAB going to get involved? 

Phil










-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: