[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Forward Privacy" for ISPs and Customers



Timothy C. May said:
> However, there are certain things my phone company does *not* do. They
> don't keep _copies_ (recordings) of my phone conversations. This means a
> court order can't yield copies of past conversations. They also don't track
> incoming phone calls to me. (I don't believe such records of incoming phone
> calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming
> phone numbers is possible....I just don't think local or regional phone
> companies care about such records, and hence don't bother to accumulate
> them.)

I had heard through the grapevine about a year ago that US West (the
local Phone Monopoly) was required to turn over a list of all phones
that called a certain local number. I don't recall what the details,
but it implies that records of calls (from, to, possibly duration) are
kept at least for a time.

> Something ISPs could do--and may do if there is sufficient customer
> pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
> technical term). That is, to have an explicit policy--implemented in the
> software--of _really_ deleting the back messages once a customer downloads
> them to his site. This means that _backups_ must be done in a careful
> manner, such that even the backup tapes or disks are affected by a removal.

Interesting thought, but it fails when it gets to my scale. It would
be trivial to exclude a file or set of files from normal backup, but
it would be problematic to exclude files from filesystem dumps, etc.
The scale I deal with (40,000 users, 12gb of /home directory files and
about the same in the mail spool) would make it almost impossible to
provide this service with accuracy to my users.

> But if no logs and backup tapes of mail are kept, at least the job of
> gaining access to communications is made more difficult.

I've been concerned about system logging on remailers, and what kind of
traffic details they could leave. If a remailer operator doesn't control
the machine that the remailer runs on, there can be no guarantee that 
traffic information is unavailable to someone with a warrant or a gun.
It wouldn't be to much of a stretch to imagine a coordinated raid of
all remailers, to "capture a terrorist ring" or some other likely
excuse.

-- 
Kevin L. Prigge                     | Some mornings, it's just not worth
Systems Software Programmer         | chewing through the leather straps.
Internet Enterprise - OIT           | - Emo Phillips
University of Minnesota             |