Adam Fields (weblog)

This blog is largely deprecated, but is being preserved here for historical interest. Check out my index page at adamfields.com for more up to date info. My main trade is technology strategy, process/project management, and performance optimization consulting, with a focus on enterprise and open source CMS and related technologies. More information. I write periodic long pieces here, shorter stuff goes on twitter or app.net.

4/30/2006

US Mandatory Data Retention laws are coming

Filed under: — adam @ 9:35 am

Remember the privacy implications of the government asking Google for search data? (http://www.aquick.org/blog/2006/01/19/doj-demands-large-chunk-of-google-data/)

It’s going to get worse before it gets better. No online service considers your IP address to be private information, and now they will be required to maintain logs mapping your IP address to real contact information, for a period of at least one year after your account is closed.

The only way to prevent this information from being misused is to not keep it, and now there won’t be any choice.

http://www.interesting-people.org/archives/interesting-people/200604/msg00176.html

I’ve discussed this before:

http://www.aquick.org/blog/2006/01/29/whats-the-big-fuss-about-ip-addresses/

Tags: , ,


2 Responses to “US Mandatory Data Retention laws are coming”

  1. Marty Says:

    Do you really think that “not keeping” the information will “prevent it from being misued?”

    That’s the gun control logic: the only way to prevent criminals from using guns is to ban them. In actuality,
    banning guns is the only way to ENSURE that only criminals use guns, leaving law abiding citizens at their mercy.

    I would suggest that keeping this information is crucial to valid law enforcement. Sure, it can be misused, but it can also
    be misused (or copied and then misused) before it is deleted. All deleting it will do is remove a perfectly valid law enforcement tool.

    Kinda like disarming law abiding citizens leaves them defenseless against criminals, and places an every larger burden on the police.

  2. adam Says:

    Do you really think that “not keeping” the information will “prevent it from being misued?”

    Yes. If it doesn’t exist, it can’t be released. We’re not necessarily talking abuse by the gatherers of the data in the first place, but third parties who may otherwise get their hands on it. This may include “legitimate” request by law enforcement, but it may also include people who break into these systems and simply steal it. It may also get out accidentally in the form of lost laptops and backup tapes. There’s no denying that this happens – there’s virtually a new one of these stories every week.

    That’s the gun control logic: the only way to prevent criminals from using guns is to ban them. In actuality, banning guns is the only way to ENSURE that only criminals use guns, leaving law abiding citizens at their mercy.

    I think this analogy is flawed, and I don’t see at all why you think this is the same situation. In fact, I would argue that the analogy that you’ve presented actually makes my case instead. In a world where access information is tracked and retained, anyone with something to hide will simply use actual anonymization tools to bypass it, and the only people who will end up being tracked are legitimate law abiding users. Moreover, the simple act of tracking the data will create chilling effects on legitimate uses that are borderline “suspicious” (according to the capricious decisions of those who make the decisions) but not illegal.

    I would suggest that keeping this information is crucial to valid law enforcement. Sure, it can be misused, but it can also be misused (or copied and then misused) before it is deleted. All deleting it will do is remove a perfectly valid law enforcement tool.

    I disagree. If the data is kept, the system for requesting it will inevitably be subject to mission creep. This information will NOT simply be used for law enforcment of actual crimes, it will be used for fishing expeditions, civil cases, etc… It will be leaked. It should not be maintained in the first place.

Powered by WordPress