Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

FBI wants ISPs to retain your web surfing records for 2 years

Xeni Jardin at 12:28 pm Mon, Feb 8, 2010

— FEATURED —

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

Book Review

We Can Fix it! - a graphic novel time travel memoir

Science

The technology that links taxonomy and Star Trek

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
The FBI wants ISPs to keep tabs on which websites users visit, and retain those logs for two years. FBI Director Robert Mueller wants providers to store customers' "origin and destination information" to help in child porn and other felony investigations, said a bureau attorney at a recent federal task force meeting.

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

MORE:  Technology

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

  • Anonymous

    Why not just log the destination IP as opposed to the source? A lot less data to manage, and they’ll have more than enough work to do just going after the “dealers”.
    Hell, even the fahking RIAA goes after the uploaders, not the downloaders.

  • Marcel

    The sweet irony is, that they will probably all die from boredom monitoring our insignificant drivel on Facebook and alike.

    And then the real sarcastic aspect is that they’ll be wanting, no, craving for some hardcore shit to happen.

    Anything to break the stream of mediocracy.

    And so they become the twisted junkies they were out to pursue.

    • Anonymous

      Marcel:
      The sweet irony is, that they will probably all die from boredom monitoring our insignificant drivel on Facebook and alike.

      There will be no actual humans wandering around bored. That’s not what it’s for. Part of it is fodder for automated programs to browse through when they need to show action on the crime of the month. The primary function is to provide detailed information on the habits, interests, and concerns of persons of interest. A person of interest is anybody who for any reason comes to the attention of any branch of the government.

  • remmelt

    murray: there’s the sheer scale of the endeavor that makes your proposal unfeasible. You propose normalization which makes good sense at first glance. This would mean a lookup in a database table that’s not even just huge, it’s gigantic. Think rainbow tables. It would take more than just a moment to look up an address. Not to mention the fact that this database would need to be centralized somehow, adding network latency to the lookup time. Also, new URLs are generated quicker than we can look at them, so this table would be ever growing.

    So, we have a non-zero time for the lookup of the index of the visited URL. There are so many lookups per second that no current technology would be able to cope. This is one of the reasons that regular web logs, like the Apache log, stores their stuff in plain text: speed. Let the log crawlers and other log tools work out the rest.

    What’s more, I’m sure that the feds would love to have more information than just the source, destination and time stamp. What about http headers? What about the actual content sent and received?

    So yes indeed, the amount of data would be staggering.

    • murray

      remmelt,

      You’re assuming the entire load would be handled by one central system. It wouldn’t. Every ISP would have their own system. Their lookup tables wouldn’t be gigantic because they would only store the sites visited by their own customers. Similarly the volume of lookups would be managable because you’re only talking about the customers of one ISP. Large ISPs like Comcast would have regional databases. If there’s too much volume for a realtime system, it can be written to file in plaintext and processed in batch, catching up overnight when traffic is low. (Mind you, high end transaction processing systems are capable of upward of half a million transactions per minute. But as you say, the large index lookups could get slow.)

      Yes, the lookup table would be large and always growing, but no single ISP will have the whole world’s index of sites in their database. Considering the huge overlap in sites visited from person to person and day to day, even if every customer of an ISP visits 100 pages per day, the total number of unique hits is much smaller than the product of customers * visits * days. For a large ISP, various partitioning schemes can help overcome the problem of large tables.

      For example, you can further normalize by indexing sites separately from pages. Then each visit would be recorded as Time, Source IP, Site, Page, which takes more space and requires two lookups, but it would make for smaller lookup tables.

      Yes, certainly the feds would like more than just page URLs, and those wishes would be unfeasible. But to just track pages visited (not including the all of the state information tacked onto the http requests; let’s imagine a maximum of 128 bytes per URL), I believe it can be done today.

      The cost to the ISP would not be small, though.

  • Delaney

    Well…it makes for a good excuse to register for ipredator.com Maybe more people will want to if they know they’ll be liable two years from now for the government deciding that something else like the anarchist’s cookbook or Venezuelan propaganda, or anti-US Haitian policy ain’t okay to look at online.

  • Anonymous

    Great, so everyone who mistypes a URL and finds themselves going ‘whoa, THAT’S not where I was trying to go’ will forever have it linked on their permanent record. Then what, find other reasons to mine that data – weed out everyone else the government doesn’t like for one reason or another?

  • Anonymous

    First thought: Mr. Mueller has no concept of how much data that is. Second thought: stock in SAN vendors.

  • Anonymous

    From what I read about the industry, most of the core CP activity is very cleverly hosted by tiered, proxied and encrypted servers, usually with zombies serving to the end user, often over encrypted links.

    So logging all that crap wouldn’t do a damn thing to address the problem. It would however be a great start down a very slippery slope.

  • Ugly Canuck

    RE: giganto storage of data amounts to do this.

    It’s not whether or no people are actually being tracked & monitored: having them THINK that they are at risk of, or are being, tracked and monitored can be almost as good (or even better, since cheaper, maybe, like “dummy” security cameras or traffic cops) at getting people to obey the law.

    And to the extent that this is actually factually strictly directed at the manufacture & distribution of child porn, that’s a good thing.

  • lakelady

    the very first thing that popped into my head when reading this was the Stones singing “you can’t always get what you want”

  • Anonymous

    @ lasttide

    Can you honestly say there was a pressing need for Meagan’s law When it too was proven that the gov used botched numbers to propagate their hidden agendas. It has been proven that without a doubt that SO’s are less likely to be convicted of the same crimes as any other in fact, Drug possession and sales is the highest of repeat offenses.

    Meagans law was the precursor to all that you see going on now with the patriot act, Enemy combatants acts, homeland security, body scanners, fluoridation of water or touthpaste, their talk of lithium being added to water supplies to stem depression (like there is not a better way called the gov getting the heck out of our lives) and any other rights stripping laws.

    What of the Baker act where you placed into a nuthouse for just about any reason you can think of. Florida Courts make you aware that if you fight a traffic ticket you may be held indefinitely Under the SO version of the Baker Act. For what you are fighting for your rights and nothing more But them again what rights does one have when convicted of a crime? None, So why is bail set if you were not guilty until proven innocent because in the eyes of the court you are guilty until you prove yourself innocent Bail is set to prove it. It’s a money game, not even a political one.. It is about control and that is all.

    Most Americans really do not see the finer points of what is really going on.

    The new legislation that was passed about “homegrown” terrorism allows for a natural born citizen to be held indefinitely and does not allow for you to have any Miranda rights. Just think this the movie Unbreakable was put out as they passed this legislation to propagandize the reality of it and help make citizens falsely believe that it is for their benefit.

    So come on; is this peice of legistlation that much of a surprise?

    With all do respect.

    lol to the capticha I must now type,

    asebter witness….
    (I is a better witness)

    Another means of tracking by one source… GOOGLE… They already doit, by means of this…

  • John

    Is there any limit for FBI? How could they trace any like this.Is there any way to get rid of these Hardware keylogger.

  • greengestalt

    All mass surveillance will do is create a “Norm” of people using encryption on traffic and personal files and working out the “I do not talk to police. I want a lawyer” act. People can get fired for any or no reason, some argue to make a ‘pretend shell’ of a public persona online and then use aliases, traffic encryption, etc. And the public perception of police is souring, now they aren’t seen as protecting the public. Just parasites, the worst of bandits, who don’t care what they do to people as long as they get “Points” and therefore an innocent man is a better target for he’s almost totally unlikely to fight back, has money they can steal, and is easily tricked into talking to them which they can turn around and lie about to convict him.

    And, frankly, it’s sloppy policing even if it’s to track “Child Porn”. Recently, there was news of a guy who got busted for that because he used Limewire and accidentally downloaded it, went ‘yuck’ and promptly deleted it. They found it on his hard drive, and though he couldn’t have casually accessed it still prosecuted him for the “Justice by Points”. He’d almost totally forgotten the accident, since it was a year old. In short, they’d let someone they thought was a “Child pornographer/potential molester or funder of illegal sites, etc.” off for a year after discovery and only then decided to raid them… In short, “Justice by Points”, they went for a few “Easy Busts” to keep their scores up and couldn’t care less that it likely was an accident and just a gross waste of time and public monies that’ll lead to a lot of laws being overturned later eventually…

    So, this sort of ‘record keeping’ might just be for those that accidentally (big internet) go to the wrong sites, etc. They don’t care, just when they try to bust the mafia kingpin and they’d wished they’d faced his thugs versus his attorneys or a congressman taking open bribes, but the corporate lawyers again scared them away and need ‘points’ then they bust people held in reserve on such “Trap” lists. And they don’t care if it’s an accident, a “Brazil” movie worthy computer glitch, (Tuttle/Buttle) or a hideous Freddy Kruger with 30 freezers full of children’s blood, they’ll bust when they need “Points”.

    I’m not going to post a list of suggestions for people to keep their data private, just:
    1. Research encryption and other privacy options.
    -and-
    2. Anyone into programming, a real golden time to work out the next wave of “PGP” stuff. This I will expand on.

    I’d like to see some extensions to TrueCrypt that handle giant files and have multiple threads of encryption, so in the case of actual coercion one can ‘spill the beans’ on something illegal or embarrassing that isn’t the real deal. And I’m not just talking kiddie porn, I think some of us ‘radicals’ will be targeted and falsely accused of CP just to get us to reveal our files to prove we ain’t into it, then they can use the plans, contacts, etc. for “CointelPro 2.0″ missions.

    Some suggestions, a ‘wish list’ for entrepreneurs…

    a. I’ve heard, from a few sources that a 128 bit encryption would take a computer that cost the weight of the sun in dollar bills to crack. That was mid 90s. I wonder, though, is there some way to scramble things that doesn’t involve factoring primes, or rather renders factoring primes useless?

    b. Any easy to use “Emergency” codes/functions that could be installed, like “I invoke my right to remain silent!” spoken aloud causes the computer to go into deep lock mode? (hope no cop shows are on the TV!)

    c. KeyLogger/FedVirus exposure. Any ways to detect/block a keylogger even if installed? Also, I’ve heard the Feds tried to browbeat anti virus companies into making their viruses (usually crude high school level stuff) invisible to virus detection software. The large companies usually sucked their d-cks, the small ones outright refused and exposed them. Exposing one of these viruses (for a hacker who doubtless gets tons in his mail) would be a good blow for freedom, because the “Criminal Hackers” could then use these to work around anti-virus software by reprogramming them. Maybe either an article to a major news center -or- using one to cause massive disruption (and test it’s effectiveness) then (anonymously) revealing it’s source. Imagine, the government and lots of the private sector get shut down for days, then the news reveals it was a FBI virus that was out for 1 day, then a hacker found it and messed with it just for fun…and because they’d abused the “patriot act” to browbeat the antivirus companies, no defense existed. The FBI would be facing budget cuts and layoffs and the companies massive lawsuits. Imagine also a “Fight Club” scenario where the credit card companies lose all their data?

    • Dewi Morgan

      This article sounds to me like them suggesting stuff they know they won’t get, just to get the public used to the idea. When they try for it in five years time, everyone’s used to the idea, and says “Sure. I thought we got that already, like five years ago”.

      Yes, the solution is for everyone to use services like TOR, but the onus is also on websites to use HTTPS encryption *across their whole site* to protect their users.

      There really is no excuse *not* to put a whole site under https nowadays. It doesn’t need a separate IP number for each cert any more. Certificates are free. CPU and bandwidth increases are negligible.

      If most major sites did this, then the majority of UK-style logging would be useless.

      Replying to some of greengestalt:

      > “extensions to TrueCrypt that handle giant files”

      I’ve used it to encrypt file sizes of tens of gigs, and partition sizes of over a terabyte. I’m not aware of any size limit imposed by TC: any limits are OS limits.

      > “multiple threads of encryption, so in the case of actual coercion one can ‘spill the beans’ on something illegal or embarrassing that isn’t the real deal.”

      Again, TrueCrypt does this already. See their documentation on “hidden volumes” and “hidden operating systems”.

      > “I’ve heard, from a few sources that a 128 bit encryption would take a computer that cost the weight of the sun in dollar bills to crack. That was mid 90s.”

      128 bit encryption just means you need to try 2^128 =~ 10^38 combinations in order to find the right one.

      I think Google’s computer system is the most powerful system in the world, weighing in at 100 Petaflops, 10^17 operations per second.

      In order to crack a 128 bit encrypted partition, you’d need to run it for 10^38/10^17 = 10^21 seconds. There are 10^7 seconds a year, so that’s 10^14 years, or about a hundred thousand times older than the universe.

      Still, in a thousand years, if Moore’s law holds out, people will be cracking these things in just a few minutes! But 512 bit encryption is already available. 2^512 = 10^154ops = 10^130 years with current processing power.

      Heat death of the universe is scheduled in 10^100 years, so cracking 512 bit encryption will take 10^30 universe-lifetimes. By which time, we’ll probably have moved to stronger encryption anyway :P

      > “is there some way to scramble things that doesn’t involve factoring primes, or rather renders factoring primes useless?”

      Why?

      You cannot make a non-crackable system, any more than you can make a non-pickable lock.

      If you have something that can be decoded with a key, and the key can be made from any of N different shapes, then it’ll take, on average, half-an-N for a cracker to find the right key. A 128-bit key can take 2^128 shapes, which is a fair number.

      If you have something that *can’t* be unlocked with a key, then it’s no use to you since you can never read your own encrypted data.

      One of the principles of infosec is that you use the best known state of the art. Primes are that.

      “b. Any easy to use “Emergency” codes/functions that could be installed, like “I invoke my right to remain silent!” spoken aloud causes the computer to go into deep lock mode? (hope no cop shows are on the TV!)”

      Vista comes with voice recognition. I shudder at the idea of a TV show wiping your hard drive, though. Better to have some keylocks around the house, one by your front-door peep hole, etc. Or buy a panic button to wear around your neck. Hit the button, drive dies.

      Explosive bolts fired through your drive platters are allegedly not recoverable with the resources of today’s investigators. Same with microwaving the drives. Personally, I’d just install TrueCrypt, and have the boot sector overwritten and the machine turned off when I hit the button (beware: core memory may retain your password for a few minutes even after power off). I had that happen to myself accidentally, and since I had no recovery disk, I was screwed. I need to wait a thousand years before I can access that drive again :(

      > “c. KeyLogger/FedVirus exposure. Any ways to detect/block a keylogger even if installed?”

      Short answer: No.

      Long answer: There’s no way to detect a hardware keylogger other than seeing it with your eyes.

      As I understand it, a software keylogger, assuming they didn’t install a rootkit, should be visible in the user input handling chain, if you know how to look at it. I don’t, but it’s possible the people at the autohotkey forums might, since they hook into it for their own stuff.

      But that’s all moot anyway. If your system’s set up so they can keylog you with software, then you’re doing it WRONG.

      If you have a hidden OS on an encrypted virtual machine, how are they going to install a keylogger? Not by accessing your machine when it’s turned off. They can only install it when your machine is on, the encrypted partition is mounted, and the virtual OS is connected to the net. Then they can install a keylogger, if they find a way past your firewall. Even then, they can install it only for the duration of your session, if you have the hidden OS image set as non-writable.

      Of course, they might be logging you accessing your encrypted partition, but good luck to them on that if you have keyfiles as well as a passphrase.

      > “Also, I’ve heard the Feds tried to browbeat anti virus companies into making their viruses (usually crude high school level stuff) invisible to virus detection software.”

      Everyone I’ve spoken to or read from the industry says this is FUD. The only way this could ever work is if every virus scanner manufacturer from every country, including the open-source ones, were willing to cave to the US gov’t. It only takes one virus maker from Europe to say “Our scanner detects these viruses, that US scanners don’t!” and the US scanners would be out of business.

      Think about it: the main target for these viruses would be foreign interests. If US scanners were not finding stuff that, say, Iraqi or Russian or Chinese virus scanners were picking up, do you think the terrorists would protect themselves with US scanners?

      The gov’t has an interest (like any virus authors) in how the scanners work, and how to dodge them, but they don’t ask the scanners to make back holes. They’ve not tried stuff like that since the 80s.

      > “The large companies usually sucked their d-cks, the small ones outright refused and exposed them. Exposing one of these viruses (for a hacker who doubtless gets tons in his mail) would be a good blow for freedom,”

      So you’re saying “they were already exposed… so let’s expose them!” Seems quirky logic, but these magic ninja viruses don’t appear to exist anyway, so the point is moot.

      > “because the “Criminal Hackers” could then use these to work around anti-virus software by reprogramming them.”

      Seems to be the other way round: the criminal hackers make stuff that the government repurposes. They’re just way better at writing good ones than the gov’t is.

      Finally: I sound complacent, but that’s only because I am. Any sufficiently determined attacker will find your secrets. So long as the easiest way remains to walk up to you and ask about them (possibly with thumbscrews), then you’re doing the rest of your security right.

  • efergus3

    Me, I wish that they would quit breaking the law and try enforcing it for once. But I doubt that either wish will come true.

    • IronEdithKidd

      Here, here! and yeah, it’s not going to happen when they need to justify annual increases in the homeland security budget.

  • ryan873

    It’s about time. This program is 26 years overdue.

  • kc0bbq

    I wonder if they’ll bother to dictate what kind of storage they mean if this goes into effect.

    I picture a warehouse full of old dot matrix printers with that wide green and white lined paper they used to use for logs endlessly chirping away.

    “It’s here somewhere, we just have to start reading.”

    I don’t know why that’s what I picture. I’m just broken, I think.

  • lasttide

    Can Mueller show a pressing need for this? Have there been situations where suspected child pornographers were set free because the FBI couldn’t find enough evidence on their home computers?

    In other words, is there any chance that this isn’t simply an attempt to data mine everyone with the convenient excuse of it being necessary to “protect the children”?

    Even if such a situation existed, can he show that the supposed benefit to law enforcement would be worth citizen’s loss of privacy as well as the cost to ISPs?

  • Anonymous

    Mandatory log data retention is the Mark of the Beast and once implemented will be extremely difficult to rescind.

  • Chevan

    That is a staggering amount of information, both in the type and the volume.

  • mdh

    well, we had a good run.

  • phisrow

    Hey, I’ve got a cool idea for (slightly) reducing our trade deficit with China.

    We export this worthless shitstain.

  • Snig

    Not so credible from a gov’t that said “oops, we lost a couple years of the Bush Whitehouse emails”. Will they mine it also for insider trading, off shore tax evasion and similar white collar crimes? Why not? It does seem like and ungodly amount of data.

  • murray

    It’s really not that much data. No address/URL would be stored more than once. Each address would be indexed and represented by a number. 40 bits should cover it; that’s a trillion unique values, but let’s suppose they use a 64 bit field. Then every visit would require 64 bits for the destination URL, 32 bits for the source IP, and 32 bits for a timestamp. That’s 16 bytes per visit. At 18 million visits an hour (a figure mentioned in the article), that’s less than 7GB/day. I’m not sure if that figure was for one ISP or the whole country, but either way it’s manageable.

  • Patrick Dodds

    Your gubmint been listening to Europe?

  • zyodei

    Child pornography is like drugs – a moderate problem that is blown all out of proportion, and made worse, in order to expand the scope and intrusiveness of the government.

    We need a constitutional amendment making it illegal to prosecute for any crime if a victim cannot be found.

    Producing CP? There’s a victim. Purchasing CP? There’s a victim. Accidentally viewing an image? Where’s the victim?

    Sure, you might argue that viewing CP would raise one’s odds of molesting children or purchasing CP in the future – Minority Report style. But we have to weigh the damage to society and individuals that comes from state abuse against the harm to the young that might be presented.

    For instance, I know a fellow who was 18 and arrested for having a 16 year old girlfriend. He spent 4 years being serially gangraped in prison, and now he’s mentally traumatized (and a wanted felon for not understanding the draconian rules of his “sex offender” registration).

    What goes on every day in America’s prisons is the stuff of the worst nightmares of a child molestation survivor, but we as a society tolerate and joke about it.

    This state sanctioned child abuse (and an 18 year old is in some ways still a child) is a much bigger problem than Pedobear, IMHO.

  • Anonymous

    Manual trackback:
    http://www.aktion-freiheitstattangst.org/de/presse/unsere-themen-in-der-presse/1073-20100205-fbi-will-surfverhalten-aller-user-zwei-jahre-speichern-lassen-eng

    Best regards,
    Techteam of Aktion Freiheit statt Angst e.V. (Action Freedom Not Fear)

    P.S.: Please keep us informed about the further progress of this topic!

  • Anonymous

    I love the idea (because I sell computer hardware). What a great way to increase the sale of all that storage!

    Kidding aside – 2 years worth of data x 300 million people = one hell of a huge infrastructure need. Who’s paying for that?

  • Robbo

    Geez – why don’t thay just make it mandatory for everyone to wear tracking ankle bracelets?

    The powers that be really don’t like it when people can talk freely to each other and bypass the filter of their approved information flow.

    • Anonymous

      Remember Kids: Wearing your Ankle Track’a 4000 is not only a right of every American, but it can save your life when you take candy from that guy outside your house in that 80′s Dodge Van with no windows who calls himself “Uncle” Steve who has that weird mustache you seen in picture of your dad when he was 30.

      Love Ankle Track’a 4000! Love Ankle Track’a 4000! Love Ankle Track’a 4000! Love Ankle Track’a 4000! Love Ankle Track’a 4000! Love Ankle Track’a 4000! Love Ankle Track’a 4000!

      Not saying fighting Child Pron is not a noble cause or worth one taking up, but a figurative 50 Megaton Nuke on a guy sitting in a shack in the middle of a populated area MAKES NO PRACTICAL SENSE. Seriously, this looks just to be another way to legalize domestic spying on american citizens, nothing more. Once ISPs have recorded the data, they are ‘protected’ when they hand it over to government officials.

      U.S. Government will not spy on you, they privatize that effort. WTF? That just sounds wrong on so many levels. Sadly a reality we are already facing.

      “If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant.” – Verizon makes their customers Mobile Phone data available to “local, state, and federal” authorities, over the course of a year, records were accessed more than 3,000,000 times without warrants. This included GPS data.