John Scrivner wrote:
Sam Tetherow wrote:

Given what the article cites I don't see it being a severe burden on a small ISP. All that I see mentioned in the article is the ability to track what IP belongs to what customer over a period of time. If you can't track that on your network, how do you manage to troubleshoot problems or deal with security concerns such as a virus/trojan or other inappropriate/malicious behavior on your network?

I think most people here track who has what address. Otherwise how could you possibly run your network? What they likely do not do is keep logs of who had what address three years ago. Or when IP address "A" changed to IP address "B" for customer "1" or "2". Without that legacy data the IP information provided could be inaccurate. In fact the only way it could be 100% accurate is if the request was in real time - ie. FBI calls ISP and asks who is using X.X.X.X IP address right now.
I don't think it would be overly burdensome for an ISP to track this information for a year though, which is what Mark's statement originally was. Although I think he was more envisioning tracking more than just who went with what IP for a given time period.

This never happens so the issue is how long should we have to keep this log information? Should we have to keep it at all? Should we simply use DNS to assign names to addresses for all users which are kept up to date then by us? (Names of customers as "A" records for all IPs) Then the person can be identified by DNS name in real time and leave the rest to Uncle Sam. After all we do not need to be telling Uncle Sam how to use DNS right? A sound argument by many could be made that a user of a "public" IP address should involve "public" disclosure via DNS of who a user of an address is. Please note I am not saying this is the way it should be necessarily. Only that this may well be a way to produce the needed result of government to track wrongdoers and the ISPs to not have to maintain lengthy log files of who had what address when.
That being said I don't want anyone to construe that I am for this legislation in ANY form. If the government wants to know what my subscribers are doing, they can get a court order and I will gladly log the customer covered under the court order for the period described by the court order.

The question on that topic is not whether or not a court should be able to access information. I think that is obvious. The real question is what should we be obligated to make available (email, web sites browsed, chats, etc.) We cannot really do much to help the government see where people go. I do not think that should be our job or any of our business as ISPs.
Realistically, about all we can do is say user X went to IP Y on port Z. If we are talking about any organized illegal behavior (child pornography rings, drug cartels, terrorists), they will be using encrypted data transfer and quite likely proxies and ip anonymizers. The concept of capturing and retaining customer email and chat logs would keep me up nights. That is not data that I want to have stored on my servers for any period of time from both a personal privacy standpoint as well as a liability standpoint.


This needs to be fought not on a technical basis, but on a rights basis. The technical issues can solved over time and then where would we be.

Let's look at a rights basis then. Should people who use a "public" Internet be able to be anonymous via the connection of their ISP? If this "right" is taken away (right of personal anonymity online) then I think we need to make sure every person knows this when it happens so the "thought police" do not start throwing people in jail for what they read and think. Many argue that we have this problem already with some of the pornography cases where people have been put in prison for what they saw on the Internet. I agree that these are important issues to address. Rights does need to be the basis. Technology is not as important as rights.
I think there should be some ability for limited anonymity. For instance I think I should be certain that someone cannot enter my name into a web page and get my IP address. I also don't think it unreasonable to think that any schmuck cannot take my IP address and get my name from it. However I do think it unreasonable to think that law enforcement, given a proper warrent would be able to take my IP address and get me name. I would be a little leery of them being able to enter my name and get my IP from a database somewhere though.

I liken this to being able to do a *67 to block my number showing up on caller ID. In reality we have greater capability than this though. I can go to Walmart and pay cash for a cell phone that cannot be traced to anywhere other than a particular store. Couple this to a modem on a PC along with a free AOL account and all you can do is trace the information back to AOL who might be able to match it up with an incoming number which traces to anonymous cell phone. The cell phone is traced to a particular tower and you can narrow me down to an area on a particular date.

I can stop by any Holiday Inn Express, Quality Inn or Starbucks and pop onto a free wireless hotspot and surf to my hearts content and all they can say is that I was in the vacinity of 8th and P St on a particular date.

Neither of these examples requires me to be some sort of "super hacker". Do this someplace like New York, Miami, San Francisco and it becomes virtually untracable from a back tracking standpoint. If you are actively watching a cell phone you obviously can track the calls in real time, but we are talking about storing history rather than tracking active connections which would be covered under wiretapping and CALEA.

   Sam Tetherow
   Sandhills Wireless

Scriv


   Sam Tetherow
   Sandhills Wireless

Mark Koskenmaki wrote:

Why? Because it will severely burden smaller ISP's that lack the network
infrastructure to do this.

Is WISPA lobbying against this? It will be nearly impossible for most of us in the wireless business to do this, without major restructuring, or a
huge expense that we can't afford.




----- Original Message ----- From: "George Rogato" <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Wednesday, August 23, 2006 10:05 AM
Subject: [WISPA] WHY?


http://news.com.com/2100-1028_3-6108279.html?part=rss&tag=6108279&subj=news
Why would Qwest want ISP's to have to retain this data?

George

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/





--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to