Re: DOJ proposes US data-rentention law.
At 06:38 PM 06/22/2002 -0400, Steve Fulton wrote: At 17:37 22/06/2002 -0400, [EMAIL PROTECTED] wrote: Not arguing, but the hardware cost curve for storage has a shorter halving time than the cost curve for CPU (Moore's Law) and the corresponding halving time for bandwidth is shorter still. You've got a point. Storage is becoming less and less expensive per gigabyte, especially for IDE drives. If you're using a RAID set up, IDE doesn't cut it, SCSI is the way to go (for now). SCSI is a lot cheaper than it used to be, but it's still over $1000 for a single 70gig drive in Canada. For maximum redundancy in one rack-mount server, RAID 10 is the way to go. That means for every 1 drive, there must be an an exact duplicate. Costs can increase exponentially. [more examples of expensiveness deleted; fibre channel, etc.] You're not making appropriate technology choices, so your costs are off by a factor of 5-10. IDE is just fine, especially in RAID configurations, because if you're making a scalable system, you can use as many spindles as you need, and you don't need to run fully mirrored systems - RAID5 is fine. Almost any technology you get can run 5MB/sec, which is T3 speeds, so that RAID5 system can keep up with an OC3 with no problem. Disk drive prices here in the US are about $1/GB for IDE. The problem is that's about 200 seconds of T3 time, so your 5 100GB drives will last about a day before you take them offline for tape backup. The real constraints become how fast you can copy to tape, i.e. how many tape drives you need to buy, and what fraction of data you keep. If it's 1%, you can afford it - adding $5/day = $150/month per T3 is just noise. Keeping 10% of the bits - $50/day = $1500/month/T3 - is a non-trivial fraction of your cost, so you have to go for tape. Fibre channels are useful for cutting-edge databases on mainframes, and have the entertaining property that they can go 10-20km, so you've got more choices for offsite backup, but GigE is fine here. Make sure you also keep a couple of legacy media devices so you can give the government the records they want in FIPS-specified formats, such as Hollerith cards and 9-track tape. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Secure mail relays [was:RE: DOJ proposes US data-rentention law. ]
John wrote quoting Lucky: Locate the button in your MUA that's labeled Use secure connection or something to that effect, search the docs for your MTA for the words STARTTLS, relaying, and potentially SASL, don't use your ISP's smtp server, encourage those that you are communicating with to do the same, and the email data retention laws will be of no bother to you. However, your ISP will cut you off for spamming, by which they mean sending emails toward their destination without going via the ISP's wiretap point, I mean mail relay machine. All you anti-spam bastards wanted ways to control what people are allowed to send you, regardless of the cost in broken protocols, savaged freedoms, and user inconvenience. OK, now you have a bunch of controls, stop whining when they are used to control YOU! (Of course, the spam hasn't stopped coming in anyway, so you get the worst of both worlds.) I share John's dislike for the (thoroughly ineffective, except in making the lives of legitimate users more difficult) anti-spam zealots and anybody else upstream from me that deems it necessary or even acceptable to do anything other than to forward raw IP packets addressed to my IP address unmodified. In fact, I cautioned various anti-spam activists back around 1994/95 where their objectives would lead, but it was to no avail. An experience that John is undoubtedly familiar with. Nonetheless, I would not run an open relay today simply due to the fact that I want the postmaster alias to remain useful for submitting reports of actual mail sub-system problems on my system. And, yes, because I would loath to see cypherpunks.to's very pleasing 100Mbps upstream connection cut. Fortunately, what I am suggesting can be accomplished without running an open relay on port 25, which /will/ cause you pain. I am limiting relaying on port 25 smtp to authorized users by using Cyrus-SASL, which integrates cleanly with postfix + TLS as the MTA. Since Outlook only provides the plaintext variant of SASL authentication, my MTA is configured to not offer smtp AUTH as an option until after the TLS connection has been established to prevent eavesdroppers from capturing the relaying authentication password. Since more and more misguided ISP's are flat out blocking outgoing connections to port 25 from inside their network, I have postfix listening at a higher port number in addition to port 25, just as many hosts today are running sshd on several ports to help compensate for similarly misguided corporate firewall policies. One probably could get away without using SASL just by running the smtpd on a non-standard port, since AFAIK spammers only try port 25, at least at the moment, but enabling SASL was so easy with postfix that I saw little reason not to do so. Besides, it was the more esthetically pleasing solution. John (off the Internet for months now, getting email via uucp, since Verio cut off my T1 for running an open relay, i.e. a box that would accept email like what Lucky proposes) UUCP, eh? Well, having just watched my ISP's primary upstream provider essentially melt down and the replacement likely to do so soon, I had myself briefly considered retrieving my old UUCP books from storage just in case the need should suddenly arise. :-) Hmm, I wonder where one gets an UUCP link nowadays. Guess I should take a look at the current maps. (The following offer is specifically for John: let me know if you'd like a relay and I'll gladly give you an UID/PW for my not-quite-open mail relay. I have little doubt that any and all traffic in and out of that particular machine has been logged since it first came online 7 years ago. I don't care, since any significant traffic is encrypted. YMMV. Oh, and yes, cypherpunks.to of course supports IPSec under both IPv4 and IPv6 in addition to higher-level encryption protocols such as smtp's STARTTLS). --Lucky strong crypto sure has become amazingly inexpensive and easy to use Green - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DOJ proposes US data-rentention law.
At 18:57 21/06/2002 -0700, John Young wrote: Data retention is being done now by programs and services which cache data to ease loading on servers and networks. [...] John, As a systems administrator @ an ISP, I can tell flat out that the software you describe has nothing to do with ISP services. The software provides caching services for telecom companies (ie. billing, WAP, voice mail alerts etc). I see nothing that mentions typical ISP services, like e-mail or web-browsing. It is software designed to impress the executive level with pie charts and promises of reduced hardware costs. No one likes spending $50k on a NAS or Fibre Channel / RAID 10 box. Next time John, I suggest you turn your sites on caching software like Squid. Know what? I'm not even afraid to provide the URL! http://www.squid-cache.org .. you may even discover it has US Intelligence Community(tm) links, dating back many years! Incredible, huh? ISP's like the one I work for use Squid to save on bandwidth costs by caching oft-visited websites. Unfortunately, we (like most if not all ISP's) cannot afford the massive disk arrays (or the space they would take up, even the electricity) that would be necessary to retain data *for one day*. Geez, I don't think the government gonna like that. That's doesn't even bring us to the technical abilities of all the different pieces of software that must be re-written (en masse) to satisfy government desires. For instance, let's try e-mail software.. There are numerous companies and individuals who offer their own versions of e-mail server software. Microsoft's Exchange and Ipswitch's IMail for the Windows crowd who like spending lots of money, or Qmail, Postfix, Exim and even Sendmail for the Unix crowd. There are dozen's more, but you get the point. All that software will need to be rewritten. Then all the e-mail servers will need to be upgraded and tested. THEN more disk space added just to handle all the extraneous information like from who and to, from where (say originating IP and from what server host and IP) etc etc etc ad nauseam. Whoops! Let's not forget tape backups! I'm buying 3M stock come Monday! But what happens if we have a disk failure and the logs are lost? Hmm... Anyway, that is just for e-mail.. Imagine what HTTP, or FTP, or whatever can't-live-without service someone invents in the future? Data retention is unworkable even to the biggest of companies. Even the NSA cannot store that kind of data without a significant (and secret) budget. The only ones deriving any benefit from this are law enforcement and computer hardware commercial software manufacturers. Maybe its an economic stimulus package in disguise? -- Steve. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DOJ proposes US data-rentention law.
Steve, Not arguing, but the hardware cost curve for storage has a shorter halving time than the cost curve for CPU (Moore's Law) and the corresponding halving time for bandwidth is shorter still. If that relationship holds up over a period of years, today's tradeoffs between cache, re-computation, and anticipatory transmission would presumably change in the direction the economics dictates. And of course, if I really care that a particular piece of data is non-discoverable I either have to encrypt it, never transmit it, or go on one whopping search mission. Or so I think. Does the world look different from your vantage? --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DOJ proposes US data-rentention law.
At 17:37 22/06/2002 -0400, [EMAIL PROTECTED] wrote: Not arguing, but the hardware cost curve for storage has a shorter halving time than the cost curve for CPU (Moore's Law) and the corresponding halving time for bandwidth is shorter still. You've got a point. Storage is becoming less and less expensive per gigabyte, especially for IDE drives. If you're using a RAID set up, IDE doesn't cut it, SCSI is the way to go (for now). SCSI is a lot cheaper than it used to be, but it's still over $1000 for a single 70gig drive in Canada. For maximum redundancy in one rack-mount server, RAID 10 is the way to go. That means for every 1 drive, there must be an an exact duplicate. Costs can increase exponentially. That said, storage isn't the only expense when creating a large, fast and redundant file server (especially for caching). The fastest way to get data from a computer to the file server is via fibre channel. And fibre channel hardware isn't cheap. Last time I looked, a DIY RAID 10 system with 15 drives (1 hot-standby), case and fibre channel capability was ~ $30-35k. For each workstation that connects to it, there is a ~1k charge for the fibre channel client card. Don't even go near a fibre channel switch, they run $10-15k apiece, and don't handle more than 10-15 connections. Plus cabling. See, it adds up -- and that's just for one unit. To do the kind of data retention proposed in th EU, that is the kind of hardware that would be necessary. Plus a rack of tape backup drives running 24x7. Perhaps this sounds extreme, and it very well could be. My concern isn't so much based on what the law says must be retained, the penalties if the data isn't retained are what worry me. Could a system or network administrator be charged if the data is unavailable? What if their is a plausible reason (ie. hardware failed a year ago, fire)? What if the company cannot afford it? What charges are brought against the company? These questions are the reality for sysadmins in the EU. If Canada implemented a data retention law, I would be extremely concerned about my personal liability as well as corporate -- Canada already can charge a network administrator who the police believe is negligent in blocking (and removing) copyrighted software from computers he/she is responsible. It has happened. My understanding it has to do with an RCMP settlement over the PROMIS software scandal, but that's another topic. -- Steve - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DOJ proposes US data-rentention law.
I appreciate what an honorable ISP admin will do to abide customer rights over intrusive snoopers and perhaps cooperative administrators above the pay grade of a sysadmin. Know that a decent sysadmin is on for about 1/3 of a weekday for 24x7 systems is a small comfort but leaves unanswered what can happen: 1. During that time when a hero is elsewhere. 2. Upstream of the ISP, the router of the ISP and the nodes serving routers, as well as at a variety of cache systems serving there various levels. 3. At major providers serving a slew of smaller ISPs. In this case I reported a while back of a sysadmin telling what my ISP, NTT/Verio, is doing at its major node in Dallas: allowing the FBI to freely scan everything that passes through the Verio system under an agreement reached with NTT when it bought Verio. No matter what a local sysadmin does with data, it remains very possible that data is scanned, stored and fucked with in nasty ways coming and going such that no single sysadmin can catch it. End to end crypt certainly could help but there is still a fair abount of TA that can be done unless packets are truly disintegrated and/or camouflaged at the source before data leaves the originating box. Pumping through anonymizers, inserting within onions, subdermal pigging back on innocuous wireless packets of the financial advisor door, multiple partial sends, stego-ing, data static and traffic salting, bouncing off the moon or windowpane, what else can you do when an eager beaver industry is racing to do whatever it takes to build markets among the data controllers breathing hot about threats to national security and handing out life-saving contracts to hard-up peddlers shocked out of their skivvies with digital downturn. No patriotic act is too sleazy these days that cannot be justified by terror of red ink and looming layoffs. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DOJ proposes US data-rentention law.
Under this proposed law, will ISPs have to scan *all* SMTP traffic and record the envelope, or only the traffic for which they actually do SMTP forwarding? If the latter is the case, we can simply go back to the original end-to-end SMTP delivery model; no POP/IMAP or any of that stuff. If the former is the case, well, so long as they don't outlaw crypto, ISPs can't sniff SMTP going over IPsec, now, can they? Of course, outlawing crypto or declaring that anyone who terminates an SMTP connection, including end-users, is considered an ISP for the purposes of the law solves their problem. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Followup: [RE: DOJ proposes US data-rentention law.]
Two points: 1. According to Poulson, the DOJ proposal never discussed just what would be logged. Poulson compared it to the European Big Brother legislation, which required storage to Web browsing histories and email header data. 2. After I posted the same info to /. http://slashdot.org/articles/02/06/19/1724216.shtml?tid=103 (I'm the 'Anonymous Coward' in this case), Kevin updated his article. The new version may be found at: http://online.securityfocus.com/news/489 The relevant portions read: - start quote - U.S. Denies Data Retention Plans The Justice Department disputes claims that Internet service providers could be forced to spy on their customers as part of the U.S. strategy for securing cyberspace. By Kevin Poulsen, Jun 19 2002 12:24PM [...] But a Justice Department source said Wednesday that data retention is mentioned in the strategy only as an industry concern -- ISPs and telecom companies oppose the costly idea -- and does not reflect any plan by the department or the White House to push for a U.S. law. [...] - end quote - Peter Trei -- From: David G. Koontz[SMTP:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 10:57 AM To: [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: Re: DOJ proposes US data-rentention law. Trei, Peter wrote: - start quote - Cyber Security Plan Contemplates U.S. Data Retention Law http://online.securityfocus.com/news/486 Internet service providers may be forced into wholesale spying on their customers as part of the White House's strategy for securing cyberspace. By Kevin Poulsen, Jun 18 2002 3:46PM An early draft of the White House's National Strategy to Secure Cyberspace envisions the same kind of mandatory customer data collection and retention by U.S. Internet service providers as was recently enacted in Europe, according to sources who have reviewed portions of the plan. In recent weeks, the administration has begun doling out bits and pieces of a draft of the strategy to technology industry members and advocacy groups. A federal data retention law is suggested briefly in a section drafted in part by the U.S. Justice Department. If the U.S. wasn't in an undeclared 'war', this would be considered an unfunded mandate. Does anyone realize the cost involved? Think of all the spam that needs to be recorded for posterity. ISPs don't currently record the type of information that this is talking about. What customer data backup is being performed by ISPs is by and large done by disk mirroring and is not kept permanently. I did a bit of back of the envelope calculation and the cost in the U.S. approaches half a billion dollars a year in additional backup costs a year without any CALEA type impact to make it easy for law enforcment to do data mining. The estimate could easily be low by a factor of 5-10. AOL of course would be hit by 40 percent of this though, not to mention a nice tax on MSN. Call it ten cents a day per customer in fee increases to record all that spam for review by big brother. I feel safer already. Whats next, censorship? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: DOJ proposes US data-rentention law.
ji wrote: Under this proposed law, will ISPs have to scan *all* SMTP traffic and record the envelope, or only the traffic for which they actually do SMTP forwarding? If the latter is the case, we can simply go back to the original end-to-end SMTP delivery model; no POP/IMAP or any of that stuff. If the former is the case, well, so long as they don't outlaw crypto, ISPs can't sniff SMTP going over IPsec, now, can they? IPSec is one solution, though I believe an easier way to deal with the recent email data retention proposals in the US (and already existing legislation in the EU) is the following: Locate the button in your MUA that's labeled Use secure connection or something to that effect, search the docs for your MTA for the words STARTTLS, relaying, and potentially SASL, don't use your ISP's smtp server, encourage those that you are communicating with to do the same, and the email data retention laws will be of no bother to you. Anybody that's using postfix as their MTA is welcome to contact me for more detailed instructions, though the above general instructions will work for any decent modern MUA/MTA. Check my mail headers for an example of what I mean. --Lucky tap as much of my 3DES encrypted traffic as you desire Green - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DOJ proposes US data-rentention law.
In message [EMAIL PROTECTED], David G. Koontz writes: Trei, Peter wrote: - start quote - Cyber Security Plan Contemplates U.S. Data Retention Law http://online.securityfocus.com/news/486 Internet service providers may be forced into wholesale spying on their customers as part of the White House's strategy for securing cyberspace. By Kevin Poulsen, Jun 18 2002 3:46PM An early draft of the White House's National Strategy to Secure Cyberspace envisions the same kind of mandatory customer data collection and retention by U.S. Internet service providers as was recently enacted in Europe, according to sources who have reviewed portions of the plan. ... If the U.S. wasn't in an undeclared 'war', this would be considered an unfunded mandate. Does anyone realize the cost involved? Think of all the spam that needs to be recorded for posterity. ISPs don't currently record the type of information that this is talking about. What customer data backup is being performed by ISPs is by and large done by disk mirroring and is not kept permanently. This isn't clear. The proposals I've seen call for recording transaction data -- i.e., the SMTP envelope information, plus maybe the From: line. It does not call for retention of content. Apart from practicality, there are constitutional issues. Envelope data is given to the ISP in typical client/server email scenarios, while content is end-to-end, in that it's not processed by the ISP. A different type of warrant is therefore needed to retrieve the latter. The former falls under the pen register law (as amended by the Patriot Act), and requires a really cheap warrant. Email content is considered a full-fledged wiretap, and requires a hard-to-get court order, with lots of notice requirements, etc. Mandating that a third party record email in this situation, in the absence of a pre-existing warrant citing probable cause, would be very chancy. I don't think even the current Supreme Court would buy it. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (Firewalls book) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
