FBI wants records kept of Web sites visited

[DKT27]

WASHINGTON--The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.

FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. As CNET reported earlier this week, a survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. Matt Dunn, an Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting.

Greg Motta, the chief of the FBI's digital evidence section, said that the bureau was trying to preserve its existing ability to conduct criminal investigations. Federal regulations in place since at least 1986 require phone companies that offer toll service to "retain for a period of 18 months" records including "the name, address, and telephone number of the caller, telephone number called, date, time and length of the call."

At Thursday's meeting (PDF) of the Online Safety and Technology Working Group, which was created by Congress and organized by the U.S. Department of Commerce, Motta stressed that the bureau was not asking that content data, such as the text of e-mail messages, be retained.

"The question at least for the bureau has been about non-content transactional data to be preserved: transmission records, non-content records...addressing, routing, signaling of the communication," Motta said. Director Mueller recognizes, he added "there's going to be a balance of what industry can bear...He recommends origin and destination information for non-content data."

Motta pointed to a 2006 resolution from the International Association of Chiefs of Police, which called for the "retention of customer subscriber information, and source and destination information for a minimum specified reasonable period of time so that it will be available to the law enforcement community."

Recording what Web sites are visited, though, is likely to draw both practical and privacy objections.

"We're not set up to keep URL information anywhere in the network," said Drew Arena, Verizon's vice president and associate general counsel for law enforcement compliance.

And, Arena added, "if you were do to deep packet inspection to see all the URLs, you would arguably violate the Wiretap Act."

Another industry representative with knowledge of how Internet service providers work was unaware of any company keeping logs of what Web sites its customers visit.

If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant.

What remains unclear are the details of what the FBI is proposing. The possibilities include requiring an Internet provider to log the Internet protocol (IP) address of a Web site visited, or the domain name such as cnet.com, a host name such as news.cnet.com, or the actual URL such as http://reviews.cnet.com/Music/2001-6450_7-0.html.

While the first three categories could be logged without doing deep packet inspection, the fourth category would require it. That could run up against opposition in Congress, which lambasted the concept in a series of hearings in 2008, causing the demise of a company, NebuAd, which pioneered it inside the United States.

The technical challenges also may be formidable. John Seiver, an attorney at Davis Wright Tremaine who represents cable providers, said one of his clients had experience with a law enforcement request that required the logging of outbound URLs.

"Eighteen million hits an hour would have to have been logged," a staggering amount of data to sort through, Seiver said. The purpose of the FBI's request was to identify visitors to two URLs, "to try to find out...who's going to them."

A Justice Department representative said the department does not have an official position on data retention.

Disclosure: The author of this story participated in the meeting of the Online Safety and Technology Working Group, though after the law enforcement representatives spoke.

Source - CNET

[*dcs18]

. . . . . . after reading this, Ravisoorya's never gonna want to have anything to do with static IP. :lol:

[shought]

I want a gazillion euros, but I'm not likely to get that either...

[Sl@pSh0ck™]

This would be hard....hard for FBI, hard for the ISP's, and hard for the users :frusty:

[HX1]

Was noticing after the past two days that on every request made.. PeerBlock shows an entry 'Computer Sciences Group' ( ICMP ) which accompanies each and every request.. which actually goes back to the main issuer of the I address 'AT&T' .. which is my ISP.. so be aware that this is and can be already in place for many of you... I have also had problems with Tor this week...( not sure if its just me though .. LOL ) Its able to connect but is giving extremely poor performance.. Funny thing is that I just allowed CSC through my filter for an hour... right before I started checking my e-mail and came here.. The problem I have is that this will be slowing me down when blocking it.. Also noticed with several video sites like CBS.com.. and a few others that there is also another company now trying to harvest information while commercials are being a run and while you watch the videos.. The video ( where otherwise would be fine ) Starts to jump and be problematic to watch... consumes more bandwidth.. and I believe has something to do with logging which commercials you have watched.. but does cause a problem when being filtered.. It seems once you get it ironed out and get what you want out of it.. someone throws a big fat wrench in the works... Hopefully this will be unobtrusive eventually..

On the FBI note.. I don't mind this change... The problem I have are statutes regarding the actual usage of this information.. and the cost it may incur to the end users for the companies t have to change it.. I never really have had anything to hide.. but I just know there is going to be some sort of 'SuperDemographical Ad Campaign'.. that will just make me puke all over the idea... Google Analytics shouldn't have too much to change to comply..LOL

Just simply need to stay abreast of the information and change accordingly... Rely on your conscience... LOL .. and hope for the best..

EDIT: I do see.. and was trying to find the wording for it.. how many people will not like this idea.. as now it will be much easier to nail down all kinds of activity...

[Bizarre™]

You can always follow safety precautions, and best yet use encryption ^_^

[LeetPirate]

You can always follow safety precautions, and best yet use encryption ^_^

The encryption available to the public is always inferior to the ones available to the military/gov't so they can easily decrypt any data. It's illegal in most places to have certain types of encryption levels that surpass the military so it's not like you could invent your own algorithm, :ph34r:, you could easily be charged for treason. The Bureau of Industry and Security will have documentation on what levels of encryption is allowed for public use. Strictly from a western point of view, I am unfamiliar with the European encryption laws.

[Bizarre™]

@LeetPirate:

Even if the masses can't access military grade encryption, do you think they can easily break a combined encryption?

Besides, aside from safety precautions, I don't think the military can recover a hardware fried in a microwave :rolleyes:

[HX1]

Stinky.. whew... Reminds me of that commercial...

[LeetPirate]

@LeetPirate:

Even if the masses can't access military grade encryption, do you think they can easily break a combined encryption?

Dunno. What I do know is any level they can't decipher themselves, they can deem it illegal and find the person responsible for using it. I doubt they would just randomly do that though, only if they suspect you of hiding something. It's not the first time the FBI wants to monitor internet traffic, this has been going on for years. What is different now is they want ISP's to keep the logs for up to 2 years.

My opinion is that this may not be such a bad thing. From a privacy point of view people may object to it heavily but from a crime fighting point of view this is a hell of a good idea. The FBI has to do what is necessary to stay ahead of the criminals else things will get out of hand. There are lots of cold cases that could be solved if there is a trail of evidence linking back to the criminals. I don't think their main concern for doing this is to bust p2p users, I believe their motives are more to do with anti crime. All these new initiatives are like double edged swords, use them the wrong way and everyone will be screaming new world order, use them the right way and hopefully the authorities can stay ahead of the criminal elements of society.

[Sl@pSh0ck™]

If you are really concerned about this, have a lot of safety precaution in place and set your computer to self-destruct in such eventuality. :lol:

......or better yet migrate to North Korea and have lite adapt you :rofl:

[Bizarre™]

My opinion is that this may not be such a bad thing. From a privacy point of view people may object to it heavily but from a crime fighting point of view this is a hell of a good idea. The FBI has to do what is necessary to stay ahead of the criminals else things will get out of hand. There are lots of cold cases that could be solved if there is a trail of evidence linking back to the criminals. I don't think their main concern for doing this is to bust p2p users, I believe their motives are more to do with anti crime. All these new initiatives are like double edged swords, use them the wrong way and everyone will be screaming new world order, use them the right way and hopefully the authorities can stay ahead of the criminal elements of society.

Indeed. We don't want shought harming children :P

[implague]

@Bizz

whatever u sued for the security like encryption or whatever still FBI find somthing cause they always hav helping hand from NSA :frusty: :frusty: :frusty:

[Bizarre™]

@implague:

Don't worry, I don't always rely on encryption.

Just like what I mentioned a few posts above ^_^

[implague]

@BiZZ

i really like to know what kinda precautiond u would use though i know a lil abt this to impreve my knowledge i need to know and yes i am not doubting on ur abilities

[Bizarre™]

@implague:

If things turn to sh!t, all you need to do is put all your memory retaining hardware in a microwave.

Let's see experts try recovering evidence from electromagnetically fried components

BTW, you can also melt them if you want :lol:

[DKT27]

What a heated and fiery way of encrypting your data.

[LeetPirate]

@BiZZ

i really like to know what kinda precautiond u would use though i know a lil abt this to impreve my knowledge i need to know and yes i am not doubting on ur abilities

If he told you his secrets, he'd have to kill you. :lol:

[chlorophyll]

. . . . . . after reading this, Ravisoorya's never gonna want to have anything to do with static IP. :lol:

:s :o

[*dcs18]

One of the best privacy solutions unknown to most (unfortunately, it's shareware & no fix available):-

Browser Encryption

[Sl@pSh0ck™]

One of the best privacy solutions unknown to most (unfortunately, it's shareware & no fix available):-

Browser Encryption

Tor does the job for me ;) and best of all...it's FREE! :dance2:

[chlorophyll]

One of the best privacy solutions unknown to most (unfortunately, it's shareware & no fix available):-

Browser Encryption

Tor does the job for me ;) and best of all...it's FREE! :dance2:

could u pls tel me whether tor affects download speeds and browsing speed.i never tested it. need info abt it pls :blink:

[Sl@pSh0ck™]

could u pls tel me whether tor affects download speeds and browsing speed.i never tested it. need info abt it pls :blink:

Yes, it does slow down your browsing/download speed a lot. But with the proper configuration you can achieve a modest browsing/download speed but it will lower your anonymity/security a bit.

I had configured tor so that I only connect to those relay with 2mb/s or higher bandwidth to offer, you can also set it up so that you will only have for ex US IP's as your exit node (this will be the IP address that will show instead of your real IP).

[chlorophyll]

@nivrid05

thanks for ur response. :)

[DKT27]

Tor is a chain proxy. And is very good. But is very very slow. It feels slow even with my connection. :blink:

After getting assistance from a networking expert, I came to know that just one layer protections is not enough. :)