Your ISP May Be Spying on You

From News.com:

The U.S. Department of Justice is quietly shopping around the explosive idea of requiring Internet service providers to retain records of their customers' online activities.

Data retention rules could permit police to obtain records of e-mail chatter, Web browsing or chat-room activity months after Internet providers ordinarily would have deleted the logs--that is, if logs were ever kept in the first place. No U.S. law currently mandates that such logs be kept.

I think the big idea here is that the Internet makes a massive surveillance society so easy. And data storage will only get cheaper.

Posted on June 28, 2005 at 8:16 AM • 62 Comments

Comments

IthikaJune 28, 2005 8:30 AM

Who wants to join me in setting up a game of spam pass-the-parcel? Maybe I could use all my latent bandwidth to download auto-generated Lorem Ipsum text. Storage space may be cheap, but not that cheap...

AndyJune 28, 2005 8:56 AM

Hey, I'd be surprised if the big providers don't do that already for '"research purposes" to determine why certain transactions had registered as unauthorized or uncompleted'. Make that why certain downloads / uploads take so long >:->

Steve L.June 28, 2005 8:58 AM

The sad thing is that since 9/11 and the start of things like the patriot act this will become a reality. In the name of national security every right to privacy is being slowly taken away. I mean come on who wouldn't want terrorist's email and chat logs to be in the hand of the government? The government has "given" itself the power to do as it wishes whenever it wishes, or so it seems to me. How does the saying go....Power tends to corrupt; absolute power corrupts absolutely...How true it is.

Kenneth BallardJune 28, 2005 9:08 AM

Well one of the things that must be kept in mind is that even if they do require ISPs to keep logs of this kind of stuff, they must still go through the usual court procedures to get it into evidence. This means affidavit->search warrant->seizure. They can't just go to your ISP and say, "I want the e-mail records for Jane Doe on September 7, 2004." It doesn't work that way. But they could say "I have a warrant for e-mail records for Jane Doe on September 7, 2004." But then they would also have to produce the warrant. It doesn't matter how they try to use the Patriot Act. The only thing the Patriot Act does is make it easier to have the evidence available without having to search for it. They still have to abide by the 4th Amendment to actually bring it into court against someone, which means search warrant.

Kenneth BallardJune 28, 2005 9:10 AM

One other thing to add to my comment. The affidavit for the search warrant must be specific to what they plan to seize. It can't say "E-mail records for Jane Doe". That's too broad. It would have to be more specific and include a date or possible date and time. "E-mail records for Jane Doe on September 7, 2004, between 12:00 am and 2:30 am".

Michael AshJune 28, 2005 9:15 AM

People have already brought up the privacy and abuse-of-power aspects, so I'll skip those.

One thing nobody has mentioned yet is money. Massive archive systems to store all of this data are not free. This is, in effect, a massive stealth tax on ISPs, and it will make all of our internet access more expensive if enacted. Bruce tells us to look at the tradeoffs of security; even ignoring privacy and power abuse, is this data worth the money needed to collect and store it?

DaedalaJune 28, 2005 9:26 AM

In Soviet Russia, your ISP spies on you! No, wait, that's not right....

The whole data retention/data disposal thing is very difficult to manage. On the one hand, you can't retain data for privacy and security reasons. On the other, you can't dispose of data for obstruction of justice reasons. Electrons being what they are, it's really difficult to say "I can't maintain that data."

bertJune 28, 2005 9:37 AM

Wow...yet another idiotic, useless idea from DHS.

Can you say "SSL tunnel everything I do on the internet" ?

Dave PageJune 28, 2005 9:40 AM

Kenneth,

What makes you think that any law passed that required ISPs to retain data would require serious judicial intervention for that data to be accessed? There's no reason why it should, it would be most unusual in these days of PATRIOT etc. for it to do so.

Just look at the English Regulation of Investigatory Powers Act, which allows pretty much anyone with a vague connection to the government to access a lot of supposedly private information.

Joseph MilnerJune 28, 2005 9:40 AM

Do you think with all the focus on monitoring internet and electronic communications, they are taking resources away from "Good ol' Normal" surveillance in their excitement to monitor this new media? Will we see criminals of the future abandoning the internet and just meeting in dark alleyways like they did hundreds of years ago?

Steve L.June 28, 2005 9:47 AM

@ Joseph Milner

Yeah, but now with all the "Crime reducing" surveillance cameras popping up in all of the major cities even the dark alleyways won't be private anymore. Big brother is always watching.

Dave HarmonJune 28, 2005 10:16 AM

Warrants? Yeah, right. "We're DHS, we don't need no stinking warrants, and if you tell anyone we were here, we'll throw you in jail."

Come on guys, the Bush cabal has made their goals and methods quite clear to anyone who hasn't "drunk the Kool-aid". This isn't about security, it's about intimidation and crushing dissent.

Why bother with a Watergate-style break-in, when you can monitor those evil Democrats, journalists, potheads, and other Traitors To The Homeland with a phone call to their ISP?

Erik NJune 28, 2005 10:17 AM

Denmark passed laws requiring extensive logging like this three years ago. The ISP's are required to log: When a connection is initiated, when it is terminated, change of identity (ie. through NAT) and e-mail exchange (not content), and logs must be kept a year.

However, the application of the law has been delayed, ISP's are now required to start logging by october this year, because of the definition of ISP: When are you an ISP and when are you just an ordinary homeuser building a community network. And who should log e-mail exchange if the user uses a third party provider such as hotmail.com?

And since the state didn't like the idea of introducing extra costs upon itself, public institutions, libraries etc. are excluded. So are corporate networks.

Another questionable part of the law is that police can request the logged information without prior acceptance of a judge. This was motivated by the idea that in case of suspected terrorrists high jacking planes, there would not be time for this paper work, the police needs access to passenger lists right away.

And the politicians were large enough to simply allow police to request any information. This means - in theory - that the IFPI could hook up with some police officer and request any log information that may expose violation of intelectual property rights.

So, the big difference is that we have a law that tells everyone that they won't be watched over in public libraries.

Erik

paulJune 28, 2005 10:24 AM

Even under existing law, such logs would be a record held by a third party, which the third party could divulge without involving the subscriber. And of course with Patriot II's "administrative subpoena" the only case that will have to be made is to some internal FBI office, not that judges have historically been very rigorous.

One of the unintended consequences of such a law, of course, will be that unscrupulous celebrity journalists and paparazzi will have a pretty much open book to work from...

ProbitasJune 28, 2005 10:32 AM

@ Kenneth

Your point about a warrant is well taken, but I am afraid that there is one huge difference between this and, say, a warrant for a phone wiretap. Our local telephone service provider does not tape our conversations, then put the tapes in a vault for retrieval in the future. Probable cause for a wiretap must be shown PRIOR to being able to hear any part of a FUTURE conversation. The ability to have our past conversations/downloads/histories accessed and used against us would represent a huge shift in the balance of power that was put in place to prevent abuses of power and overzealous prosecutors. This is especially true when such information is often available through forensic techniques. Yes, that is a more rigorous process, but there ought to be a higher standard for access to such info.

AnonymousJune 28, 2005 10:50 AM

Hey guys, think about the false sense of security the US government is buying itself!

JohnJJune 28, 2005 11:22 AM

So how will they find the terrorists that take their laptops/wireless-enabled PDAs to Starbucks or any other public WiFi spot? All one needs to do is compose the messages/files off-line, grab a cup of coffee, and hit Send. Upload your manifesto while waiting in the drive-thru.

StephenJune 28, 2005 11:43 AM

Ah, JohnJ, but you're forgetting about the massive network of cameras in many urban areas where WiFi pops up.

WoodyJune 28, 2005 11:51 AM

@Steve L.

The cameras are probably in the "downtown" districts, where muggers go after people coming out of clubs. I bet the industrial districts will still be empty, aside from the homeless, and any dealers/gangs roving the area.

Francois KashyJune 28, 2005 12:04 PM

I would be very surprised if a number of ISPs were not already doing something similar. There are some places right now where wi-fi is free and open to the public - essentially anonymous. Is anonymous access going to be banned or outlawed? Plus, Echelon is already supposed to be logging traffic. Is there a disconnect between the NSA and domestic law enforcement? I would think the current political and social climate would encourage greater communication and cooperation between domestic and other intelligence and law enforcement agencies.

ProbitasJune 28, 2005 12:51 PM

I am remembering wistfully the weeks post-911, when it was announced that the missing link in preventing that typs of attack was not a lack of data, it was ourinability to process it. The proposed solution was the creation of a Department of Homeland Security to act as a clearing house for intelligence gathered by the FBI, CIA and NSA.

What part of thhis proposal addresses any part of that?

xJune 28, 2005 1:48 PM

"ISPs are doing this already."

What a way to miss the whole point.

And again, I must say...

Thanks for not paying attention, America.

Those hands you feel on your ass cheeks are your own.

AkakieJune 28, 2005 1:50 PM

While a warrant may be needed, I think the Patriot Act extended the authority of the secret Foriegn Intelligence Survellience Act court to issue such warrants in criminal as well as intelligence matters. The federal agents say they think terrorism is possible and the court says go get 'em. It is non-adversarial; both court and agents are on the same "side". If I have this all correct, we have little if any protection against logging and access to the logs.

Ari HeikkinenJune 28, 2005 2:05 PM

It amazes me that most people are still more worried about terrorists using technology for attacks than someone using technology for invading their privacy. Terrorists can't do anything fancy with laptops or GSM's anyone in their homes couldn't do, but anything you write in email for instance, even a joke, can be used against you in court (and with bad luck it can cost you a lot).

Kenneth BallardJune 28, 2005 2:41 PM

Probitas, you make a good point. Wiretap warrants are for "what you think is going to be said", and there are quite a few restrictions around wiretaps. When doing research on a Supreme Court case in college, one of the appeals documents mentioned wiretap information. Internet data should be the same, and I think is the same, actually. Accessing logs kept on servers is one thing, but tapping into someone's e-mail and IM conversations is something completely different.

But this whole thing I think comes down to a matter of trust. Really in this post-9/11 world, there really isn't anything we can trust fully anymore. Any person in this world could be coming up with a huge plot to kill hundreds, thousands, possibly millions of people. The government has a duty to protect us "against all enemies, foreign and domestic", within reason of course. Any person in the United States could be plotting against the US. It's a harsh reality.

Who would have thought that Timothy McVeigh - who was a United States citizen - would plot to blow up the Federal building in Oklahoma City?

Prior to 9/11 we grew so accustomed to our civil liberties. It was our civil liberties that set this country apart from most others in the world. Our own civil liberties have been used against us on 9/11, and that is one thing the government is trying to ensure won't happen again.

The Internet is used to facilitate terror plots. We all heard the reports when the terrorists broadcast across the Internet the beheading of an American contractor. The Internet is being used by terrorists to collaborate on plans and plots, to share information and obtain other information. The Internet was another great American invention that is now being used against the United States. Welcome to reality, folks.

Terrorists don't care if your civil liberties are being violated. Terrorists don't care if the government can read your e-mail. The only thing terrorists care about is the fact that you have a heartbeat and they're hell-bent on stopping that. That is the cold reality in this post-9/11 world.

And this also comes down to one other thing: if you have nothing to hide, you have nothing to worry about. Only criminals need to worry about "Internet wiretaps".

Kenneth BallardJune 28, 2005 2:45 PM

@Ari

Just to note that your comment is slightly flawed. Some of those working for the terrorist organizations are quite skilled with technology, as has been shown by the various agencies investigating terrorism. They can be quite skilled. Someone correct me if I'm wrong, but I think a report once came out that said that Al-Qaeda considered a cyber-terrorist attack on Wall Street.

But you are right about something written in an e-mail. Yeah, it can come back to bite you, depending on who sees it and how good of lawyers represent your side and their side.

anonymousJune 28, 2005 3:21 PM

"Prior to 9/11 we grew so accustomed to our civil liberties. It was our civil liberties that set this country apart from most others in the world. Our own civil liberties have been used against us on 9/11, and that is one thing the government is trying to ensure won't happen again."

The stated purpose of our government is to preserve those civil liberties:

"We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America."

Securing our liberty is no more and no less of a goal than the common defense. Why bother with the common defense if there is nothing left to defend? As Bruce tries to hammer into people's brains, real security is about trade-offs. Is it worth the privacy of millions of people (not just Americans!) to *maybe* catch a few terrorists? This kind of surveillance is so easy to avoid and so easy to abuse that the trade-off just doesn't make sense.

As a side note, I suggest you do some research on terrorism. Most "terrorists" do not kill people as an objective in and of itself. They kill people to produce a political result and to draw attention to their cause. They kill people to create an atmosphere of fear to further their agenda. Terrorism is traditionally a response to an overwhelming opposing force.

Nova LoungeJune 28, 2005 3:30 PM

..and what data security standards will be in place to keep these logs from being tampered with? Or harvested for extortion purposes?

KurtJune 28, 2005 3:31 PM

And this also comes down to one other thing: if you have nothing to hide, you have nothing to worry about. Only criminals need to worry about "Internet wiretaps".

A favorite statement of fascists everywhere. It presumes that the government, both now and in the future, is inherently trustworthy. If we're going to argue with cliches, I prefer "Those who sacrifice liberty for security deserve neither and will probably lose both."

AndersJune 28, 2005 3:47 PM

Well, I for one will start to push friends and family to use encryption. 4096 bit ElGamal ought to slow the snoops down a bit.

If everyone use encryption then surveillance becomes an expensive pastime for the government.

traderJune 28, 2005 3:55 PM

@ K Ballard
President Thomas Jefferson: " The best government is the one that governs the least."

AnonymousJune 28, 2005 5:32 PM

"Some of those working for the terrorist organizations are quite skilled with technology"

Anyone with proper technical training could do the same. By that logic anyone with technical training would be considered a terrorist. Alternatively they could go to their local library and study themselves. By that logic any book with information terrorists could use for attacks should be banned and burned. Ridiculous, eh?

"if you have nothing to hide, you have nothing to worry about"

Everyone has something to hide. It's called privacy. If you don't care about your privacy then fine. But you can't deny the right for privacy from those who care.

Bruce SchneierJune 28, 2005 6:17 PM

"And this also comes down to one other thing: if you have nothing to hide, you have nothing to worry about."

There's a lot that I could say in response to this comment, but let me say something that might actually make you think: This assumes a simplistic world where there is only one threat, not a complex world where there are a multitude of threats. The truth is that the people who have nothing to hide have the most to worry about.

KyleJune 28, 2005 7:02 PM

If this becomes a reality:

Will the U.S. government outlaw or restrict private encryption as encryption proliferates and the cost of surveillance (for the government) rises?

Will U.S. ISPs go out of business? [I don't mean Internet services, as there are many ways to provide people Internet services without being an "ISP"]. Related - will "ISPs" migrate offshore [and provide industrial strength encryption out of the box]?

Bruce says it best: "..The truth is that the people who have nothing to hide have the most to worry about." Voiced differently: Does it take losing all your civil liberties and waking up in "surveillance society jail" [papers please (Real ID Act); give me Jane Does records NOW (Patriot Act /Administrative Subpoenas) etc.], before Americans deepen their critical thinking to realise AND take constructive action against the daily "kool aid" from Bush & Co.? It is not just taking lives in distant places (Iraq, Afghanistan, et al), but drop by drop taking yours too.

I used to think there was a fundamental difference between civil life in Russia, China, and the U.S. (outside the obvious material wealth differences). The gap is narrowing rapidly, and not in a desired direction, unless, like Bush: "If this were a dictatorship, it would be a heck of a lot easier - just so long as I’m the dictator." - George W. Bush, 18 December 2000.

I guess you're about to find out.

PercyJune 28, 2005 8:41 PM

Your employer "spied" on you; now your ISP gets to spy on you. I remember a lovely cartoon which had a dog surfing the net and had a caption: On the Internet, no one knows you're a dog. Now, they know you're a dog, and they know what kind of dog food you eat! Where is this whole thing going I wonder?

Erik CarlseenJune 28, 2005 8:52 PM

Big deal.

I'm far less worried about the government snooping / sniffing my Internet traffic than I am criminals doing so. And criminals (by definition) don't give a rat's ass what the laws are.

Therefore, I consider what I put 'in the clear' over my Internet connection, over my WLAN, etc. If it's 'important' or 'private', then it's reasonably encrypted (IPSec, SSH, SSL, etc). If not, then I just assume it's going to be viewed by whomever, and I don't worry about it.

No, I'm not terribly happy about the government (best case) randomly or (worst possible case) specifically maliciously monitoring Internet communications. But I don't worry about it either. And neither should you, unless you're a criminal. I do worry (and you might, too) about overzealous prosecutors who feel the need to nail 'somebody' because they're being heavily pressured to. I've been on the wrong side of that one. In that case, evidence will be manufactured and / or testimony perjured, so it really doesn't matter what they actually see or find. Or, hey, if the NSA wants to use their secret quantum computers built with alien technology from Area 51, well, then it doesn't matter what I do. If the government really wants to get you (and you don't take extraordinary steps to thwart them), they'll get you. Period.

The bottom line is that you can't trust the Internet for privacy - from criminals, snoops, stalkers, papparazi, or the Gub'mint. It would be nice to think we could just leave things out in the open, but any thinking along those lines is hopelessly naive. The Patriot act just formalizes a reality that (unfortunately) already existed. So get over it already.

Bruce SchneierJune 28, 2005 9:29 PM

"The bottom line is that you can't trust the Internet for privacy - from criminals, snoops, stalkers, papparazi, or the Gub'mint. It would be nice to think we could just leave things out in the open, but any thinking along those lines is hopelessly naive. The Patriot act just formalizes a reality that (unfortunately) already existed. So get over it already."

There's a lot of truth to what you say. The question is what we should do about. We can either accept it, or try to change it.

To me, the fundamental meta-problem is that more and more things in our lives now leave an audit trail. Data is routinely collected today on things that were completely private previously: our whereabouts via our cellphones, our correspondence, the articles and topics and websites we peruse. This has enormous implications w.r.t. surveillance, and greatly facilitates the creation of a police state.

I don't think we should simply let technology take its course. I think we should have a serious discussion about this issue, and decide what we as a society want to do about it.

Bruce SchneierJune 28, 2005 9:33 PM

"I'm far less worried about the government snooping / sniffing my Internet traffic than I am criminals doing so."

I'm worried about both. And I worry about countermeasures that make one attack more likely in an effort to defend against the other.

"And criminals (by definition) don't give a rat's ass what the laws are."

Actually, they do. One of the purposes of criminal penalties is to act as a deterrence. If we legalized burglary, for example, there would be more of it. A couple of weeks ago I posted something about counterfeiting the Sudan; the penalty is death so there isn't much of it. Criminals make security trade-offs the same as everyone else.

Bruce SchneierJune 28, 2005 9:34 PM

"I am remembering wistfully the weeks post-911, when it was announced that the missing link in preventing that typs of attack was not a lack of data, it was ourinability to process it. The proposed solution was the creation of a Department of Homeland Security to act as a clearing house for intelligence gathered by the FBI, CIA and NSA."

I argue that more data makes the problem even worse; it's a signal-to-noise issue.

GregJune 28, 2005 9:44 PM

Yes we have to do something and we need discussion.

And what action do I take when I suspect that when I'm watching tv big ears is listening?

jammitJune 28, 2005 10:52 PM

The problem I have is this. A wiretap is used to gather evidence against a criminal. The internet snooping is used to gather criminals to catch evidence. One is innocent until proven guilty, the other is guilty until proven innocent.
A question I have is if a wiretap for a phone needs to be cleared first under accepted protocols, is using a dialup internet the same as using a phone?

RyanJune 29, 2005 4:00 AM

Here in the netherlands the goverment is trying the same. However the ISPs here are arguing about the abhorrent costs such tapping brings.

Terrabytes upon terrabytes of logging data must be stores. This can quite literally ruin a small ISP.

Thank God we now have systems such as TOR to countermeasure such ridiculous laws.

ProbitasJune 29, 2005 12:50 PM

As some have pointed out, the internet is used by terrorists to hatch their plots. Among the other things used by terrorists to hatch their plots are cars, cell phones, pencils and paper. To try and stop terrorism by reducing the utility of a single tool in their arsenal is ridiculously short-sighted. Terrorist plots can and will continue to be hatched, even if the internet were completely wiped out tomorrow. The proposed solution simply does not match the problem.

I remember when the proffered explanation for September 11 was "They hate us because of our freedoms". So by stripping ourselves of our liberties, aren't we then giving the terrorists exactly what it is said they want?

WimJune 29, 2005 1:07 PM

In the Netherlands they are mostly worrying about costs of tapping not about the tapping itself

AnonymousJune 29, 2005 8:21 PM

@Wim,

I believe in some countries when they execute someone they send the family a bill for the bullet.

Maybe we should instigate a similar "user pays" system for wiretaps.

Ari HeikkinenJune 29, 2005 9:37 PM

"I'm far less worried about the government snooping / sniffing my Internet traffic than I am criminals doing so."

If there's a way for the government to snoop on you the bad guys can do it too using the same method. Considering that most people are the good guys your government generally don't have any use for most of the information gathered. This just leaves lots of information hanging around for the bad guys to take advantage of and no guarantees it's ever properly disposed. I'm amazed there's people who aren't worried about this.

Thomas SprinkmeierJune 29, 2005 10:08 PM

@Ari,

"I'm amazed there's people who aren't worried about this."

Bush, Blair and Howard all got re-elected by the same people you're amazed about.

anonymousJune 29, 2005 11:17 PM

An e-mail message sent from one ISP to another (which likely means passing through the Internet) is simply not secure. A message sent between two subscribers on the same ISP has some privacy, depending on the ISP. There are a surprising number of websites that have login systems without SSL. People still seem to use these sites. Obviously, there are cases where SSL is necessary. It should be noted that encryption does not necessarily guard against traffic analysis. Unencrypted information may sometimes not be a problem if its origin is anonymous. Being able to tie activity or electronic content to the identity of an individual makes a big difference with respect to privacy. This is particularly true if the safeguards for obtaining such information are weak or if people are not aware of what might be happening.


On encryption, there is a document "Why do you need PGP?" (http://www.pgpi.org/doc/whypgp/en/) by Phil Zimmermann. In part, using encryption for non-sensitive communication counteracts the idea that encryption means "you must have something to hide." It also helps even more if more people use encryption.


There is a project called Tor at http://tor.eff.org/ which may be of interest in terms of guarding against traffic analysis. The documentation talks about how it can be useful even for parties other than just individuals (http://tor.eff.org/cvs/tor/doc/tor-doc.html#why) Also, there are a number of anonymizing services located in various places.


There has been talk about data retention done by private entities. In particular, a certain extremely popular search engine has raised questions over its data retention and use of cookies.

http://www.cnn.com/2005/TECH/internet/06/03/google.privacy.reut/index.html

http://www.epic.org/privacy/gmail/faq.html#15

NeighborcatJune 30, 2005 6:15 AM

This comment is not specifically about IPs data storage, but I'd like to take a moment to examine some phrases frequently used on this site and in other current public discourse that I find troubling, inaccurate, and unhelpful.

First of all, the boogeymen: Terrorists/terrorism. This is a tidy catch all phrase that means nearly nothing. Terrorism is now and always has been asymetric conflict. Humans will always conflict with one another. Labeling some humans terrorists is a value judgement that side-steps the need to understand the motives and reasoning that drive your opponent. Stop using the terms "terrorist" and "terrorism" and you will be forced to define who you are really talking about, and maybe in the process understand them and their motives a bit better. Let's give that a try.

Next: Pre/post 9/11

I cannot stress enough that the only thing that may have changed on that date is the perception of the American public. It was a harbinger of absolutely nothing.

Example: In 1984 Union Carbide released poison gas in Bophal, India, killing 3800 outright and another 2000 more slowly. What was UCs motive? Profit.

Another example: Mislead the guillible American public to send their sons and daughters into war for personal reasons. What's the body count of this decision? Is is horrific enough yet to call ourselves evil?

What is more noble? To fight for what you believe in against overwhelming odds using only your wits and your enemies own resources, or to nonchalantly chemically burn 3800 people to death out of greed? Making unconsidered value judgements about others is a good way to cloud your thinking. Stop it.

Security:
You are going to die, I am going to die, so security isn't about preventing death or pain, it's about getting to live whatever life you have left in the fashion of your own choosing.

In many cases, groups of people decide to trade some degree of autonomy for cooperation, but at this point in time the greatest threat to my security, my autonomy, is not the slight chance that I may be killed at the hands of the boogeyman (I've got a much better chance of killing myself on my drive to work this morning), but rather our government deciding to take more than it's share of my money (which I trade irreplaceable minutes of life for) and my autonomy. Know it, Live it.

I am not Anti-American, not even anti-government, I'm anti-ignorance. The American public has precisely the government we deserve due to our ignorance. It pains me to see the mostly intelligent discourse on this and other forums derailed by the creeping language of our idiot government. Please, choose your words more carefully, and you will find you make better judgements.

ProbitasJune 30, 2005 8:54 AM

"It pains me to see the mostly intelligent discourse on this and other forums derailed by the creeping language of our idiot government. Please, choose your words more carefully, and you will find you make better judgements."


You have the order backwards, Neighborcat. If people in general could learn about our actions by examining and actually making concious choices about the words we use to convey our thoughts, we wouldn't be such idiots.

JohnJJune 30, 2005 9:15 AM

@Percy: "Your employer "spied" on you; now your ISP gets to spy on you."

Your employer is monitoring your use of the assets (PC, LAN connection, bandwidth) that they pay for. Those assets are provided to you so that you may perform your job - what they're paying you for. As long as you're using your employer-provided resources for employer-related activities, that they may be monitoring should not be of any concern. It is not substantially different from monitoring the use of photocopiers, fax machines, phone usage (personal and/or long distance calls), etc.

This is different from the "I have nothing to hide so I don't care if they monitor me" statement in that you have an obligation to your employer to be on-task and to use their resources to perform your job. And to not 'steal' or 'borrow' those resources for non-work business.

ScottJuly 1, 2005 1:36 PM

Mr. Ballard is woefully misinformed about the current requirements to subpoena records from third parties. The pertinent term is "administrative subpoena" and this procedure is in widespread use. Excerpted from Andrew McCarthy's June 15 National Review column:
" Notably, administrative subpoenas are not new. Federal agents have for decades been permitted unilaterally to issue this form of legal process in order to investigate such matters as narcotics trafficking, insider trading, health care fraud, and even violations of the Occupational Health and Safety Act (OSHA)."
Full text at: http://tinyurl.com/d88z5

A question for Mr. Carlseen. When the President and Vice President, and virtually every Congressman, Senator, federal judge, and agency employee in DC regularly violate their oath of office to uphold the Constitution, what criteria are you using to distinguish between criminals (whose intrusions you fear) and the government (whose intrusions you claim you do not)?

idookJuly 1, 2005 2:16 PM

If I was a three letter agency, I would be spending some money setting up tor nodes right about now...

Bob the turtleNovember 23, 2005 3:09 AM

wow, i better stop browsing sites like www.analparty.com and look at something more wholesome like www.lemonparty.org .
Thanks for the heads up Bruce. phew.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.