John Scrivner wrote:
I don't think it would be overly burdensome for an ISP to track this
information for a year though, which is what Mark's statement originally
was. Although I think he was more envisioning tracking more than just
who went with what IP for a given time period.
Sam Tetherow wrote:
Given what the article cites I don't see it being a severe burden on
a small ISP. All that I see mentioned in the article is the ability
to track what IP belongs to what customer over a period of time. If
you can't track that on your network, how do you manage to
troubleshoot problems or deal with security concerns such as a
virus/trojan or other inappropriate/malicious behavior on your network?
I think most people here track who has what address. Otherwise how
could you possibly run your network? What they likely do not do is
keep logs of who had what address three years ago. Or when IP address
"A" changed to IP address "B" for customer "1" or "2". Without that
legacy data the IP information provided could be inaccurate. In fact
the only way it could be 100% accurate is if the request was in real
time - ie. FBI calls ISP and asks who is using X.X.X.X IP address
Realistically, about all we can do is say user X went to IP Y on port
Z. If we are talking about any organized illegal behavior (child
pornography rings, drug cartels, terrorists), they will be using
encrypted data transfer and quite likely proxies and ip anonymizers.
The concept of capturing and retaining customer email and chat logs
would keep me up nights. That is not data that I want to have stored on
my servers for any period of time from both a personal privacy
standpoint as well as a liability standpoint.
This never happens so the issue is how long should we have to keep
this log information? Should we have to keep it at all? Should we
simply use DNS to assign names to addresses for all users which are
kept up to date then by us? (Names of customers as "A" records for all
IPs) Then the person can be identified by DNS name in real time and
leave the rest to Uncle Sam. After all we do not need to be telling
Uncle Sam how to use DNS right? A sound argument by many could be made
that a user of a "public" IP address should involve "public"
disclosure via DNS of who a user of an address is. Please note I am
not saying this is the way it should be necessarily. Only that this
may well be a way to produce the needed result of government to track
wrongdoers and the ISPs to not have to maintain lengthy log files of
who had what address when.
That being said I don't want anyone to construe that I am for this
legislation in ANY form. If the government wants to know what my
subscribers are doing, they can get a court order and I will gladly
log the customer covered under the court order for the period
described by the court order.
The question on that topic is not whether or not a court should be
able to access information. I think that is obvious. The real question
is what should we be obligated to make available (email, web sites
browsed, chats, etc.) We cannot really do much to help the government
see where people go. I do not think that should be our job or any of
our business as ISPs.
I think there should be some ability for limited anonymity. For
instance I think I should be certain that someone cannot enter my name
into a web page and get my IP address. I also don't think it
unreasonable to think that any schmuck cannot take my IP address and get
my name from it. However I do think it unreasonable to think that law
enforcement, given a proper warrent would be able to take my IP address
and get me name. I would be a little leery of them being able to enter
my name and get my IP from a database somewhere though.
This needs to be fought not on a technical basis, but on a rights
basis. The technical issues can solved over time and then where
would we be.
Let's look at a rights basis then. Should people who use a "public"
Internet be able to be anonymous via the connection of their ISP? If
this "right" is taken away (right of personal anonymity online) then I
think we need to make sure every person knows this when it happens so
the "thought police" do not start throwing people in jail for what
they read and think. Many argue that we have this problem already with
some of the pornography cases where people have been put in prison for
what they saw on the Internet. I agree that these are important issues
to address. Rights does need to be the basis. Technology is not as
important as rights.
I liken this to being able to do a *67 to block my number showing up on
caller ID. In reality we have greater capability than this though. I
can go to Walmart and pay cash for a cell phone that cannot be traced to
anywhere other than a particular store. Couple this to a modem on a PC
along with a free AOL account and all you can do is trace the
information back to AOL who might be able to match it up with an
incoming number which traces to anonymous cell phone. The cell phone is
traced to a particular tower and you can narrow me down to an area on a
I can stop by any Holiday Inn Express, Quality Inn or Starbucks and pop
onto a free wireless hotspot and surf to my hearts content and all they
can say is that I was in the vacinity of 8th and P St on a particular date.
Neither of these examples requires me to be some sort of "super
hacker". Do this someplace like New York, Miami, San Francisco and it
becomes virtually untracable from a back tracking standpoint. If you
are actively watching a cell phone you obviously can track the calls in
real time, but we are talking about storing history rather than tracking
active connections which would be covered under wiretapping and CALEA.
Mark Koskenmaki wrote:
Why? Because it will severely burden smaller ISP's that lack the
infrastructure to do this.
Is WISPA lobbying against this? It will be nearly impossible for
us in the wireless business to do this, without major restructuring,
huge expense that we can't afford.
----- Original Message ----- From: "George Rogato"
To: "WISPA General List" <email@example.com>
Sent: Wednesday, August 23, 2006 10:05 AM
Subject: [WISPA] WHY?
Why would Qwest want ISP's to have to retain this data?
WISPA Wireless List: firstname.lastname@example.org
WISPA Wireless List: email@example.com