On 30 November 2016 at 15:40, Aled Morris <[email protected]> wrote: > Ideally a guide which spells out which fields of which packets correspond to > the "Internet Connection Record" the government would like me to store for > 12 months and what kind of searches they expect to be able to run across > this data (i.e. do they expect an SQL interface or grep for a string?)
If I wasn't party to the specifics, but was told I had no choice but to make logs, I'd simply store TCP SYN packet headers. I'm not even sure whether I'd need to store DNS query logs, but I might hedge my bets and store them anyway. As to providing some way of interrogating the logs, I'd simply hand over the raw logs to GCHQ, or whoever, under warrant or not as the law required, as I'm sure their log processing would be more sophisticated than anything I could muster. Ideally though, the gov't would run their own fibre into core network locations, and pay for the cost of a mirror port to simply feed them all the traffic, and then I wouldn't have to care what they did with it. That would seem to be the fairest solution!
