In message <[EMAIL PROTECTED]>, "David G. Koontz" writes: >Trei, Peter wrote: >> - start quote - >> >> Cyber Security Plan Contemplates U.S. Data Retention Law >> http://online.securityfocus.com/news/486 >> >> Internet service providers may be forced into wholesale spying >> on their customers as part of the White House's strategy for >> securing cyberspace. >> >> By Kevin Poulsen, Jun 18 2002 3:46PM >> >> An early draft of the White House's National Strategy to Secure >> Cyberspace envisions the same kind of mandatory customer data >> collection and retention by U.S. Internet service providers as was >> recently enacted in Europe, according to sources who have reviewed >> portions of the plan. >> ... > >If the U.S. wasn't in an undeclared 'war', this would be considered >an unfunded mandate. Does anyone realize the cost involved? Think >of all the spam that needs to be recorded for posterity. ISPs don't >currently record the type of information that this is talking about. >What customer data backup is being performed by ISPs is by and large >done by disk mirroring and is not kept permanently.
This isn't clear. The proposals I've seen call for recording "transaction data" -- i.e., the SMTP "envelope" information, plus maybe the From: line. It does not call for retention of content. Apart from practicality, there are constitutional issues. Envelope data is "given" to the ISP in typical client/server email scenarios, while content is end-to-end, in that it's not processed by the ISP. A different type of warrant is therefore needed to retrieve the latter. The former falls under the "pen register" law (as amended by the Patriot Act), and requires a really cheap warrant. Email content is considered a full-fledged wiretap, and requires a hard-to-get court order, with lots of notice requirements, etc. Mandating that a third party record email in this situation, in the absence of a pre-existing warrant citing probable cause, would be very chancy. I don't think even the current Supreme Court would buy it. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)