Re: Republicans propose data retention laws targeting ISPs, home WiFi users

[David Farber <dave () farber net>]

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: February 20, 2009 12:00:55 PM EST
To: David Farber <dave () farber net>
Subject: Re: [IP] Republicans propose data retention laws targeting  
ISPs, home WiFi users


Dave,

A few points on this:

Note that the proposed law is being (as usual) phrased in terms of
protecting children, but of course is not being limited to that
purpose.  This has become the standard "hook" now in all such
legislative efforts, it seems.

Many commodity wireless routers do not have the technical ability to
keep logs of DHCP (dynamic address) assignments in a form that can be
easily downloaded and preserved (or in some cases, in any form at
all).  This makes logging for home users with current equipment
entirely problematic.

While a broadband ISP can identify the endpoint (which, we must be
careful to note, is *not* necessarily the same as the end user!) for a
wired broadband DHCP circuit (and of course static circuits), wireless
access points not requiring login will typically only have a MAC
address to work with, which can usually be changed in software.  So a
McDonalds' forced to turn over WiFi records would likely have nothing
more than times and MAC addresses, with the latter being unreliable.
Unless there are plans to require showing ID or using a credit card to
buy a Big Mac, it's not clear that many law enforcement aims will be
satisfied in such a case.

Perhaps an even more interesting question is how long dynamic IP data
is being retained by ISPs *now*.  I have anecdotal evidence that it
can be a very long time.  And then there are DHCP assignments that
could just as well be static.  I have one DHCP-based circuit that
hasn't changed its address (despite resets, power failures, "reassign
DHCP address requests" -- and so on), since it was installed over a
year ago.

And again as I noted above, there's a big difference between knowing
DHCP address assignments and knowing *who* was using the associated
computer -- just ask any drive-by unprotected WiFi access point user!

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
  - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com

- - -

On 02/20 03:37, David Farber wrote:
> Begin forwarded message:
>
> From: Declan McCullagh <declan () well com>
> Date: February 20, 2009 2:09:30 AM EST
> To: dave () farber net
> Subject: Republicans propose data retention laws targeting ISPs, home
> WiFi users
>
> Dave,
>
> IPers may be interested in my article from this evening:
>
> http://news.cnet.com/8301-13578_3-10168114-38.html
> Republican politicians on Thursday called for a sweeping new federal  
> law
> that would require all Internet providers and operators of millions of
> WiFi access points, even hotels, local coffeeshops, and home users, to
> keep records about users for two years to aid police investigations...
> Translated, the Internet SAFETY Act applies not just to AT&T, Comcast,
> Verizon, and so on -- but also to the tens of millions of homes with  
> WiFi
> access points that use the standard method of dynamically assigning
> temporary addresses.
>
> The relevant bills:
> http://thomas.loc.gov/cgi-bin/bdquery/z?d111:s.00436:
> http://thomas.loc.gov/cgi-bin/bdquery/z?d111:h.r.01076:
>
> It's unclear why Sen. Cornyn and Rep. Smith want to target home WiFi
> users (plus companies, universities, schools, libraries). Smith has  
> been
> at this data retention thing for over two years now, so he's had  
> time to
> get it exactly right:
> http://news.cnet.com/2100-1028_3-6156948.html
>
> Before Democrats start bemoaning how censorial the Republicans are,
> let's remember affection for data retention laws is a bipartisan
> sentiment. The first politician in the U.S. Congress to draft such
> legislation was a Democrat (Diana DeGette).
>
> And the current attorney general, Eric Holder, said this when he was
> previously at DOJ: "Certain data must be retained by ISPs for  
> reasonable
> periods of time so that it can be accessible to law enforcement."
> (http://www.usdoj.gov/criminal/cybercrime/dagceos.html)
>
> -Declan
>
>
>
>
>
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com