[ISN] US cyber security may draft ISPs in spy game

From: InfoSec News (isnat_private)
Date: Wed Jun 19 2002 - 01:35:55 PDT

  • Next message: InfoSec News: "[ISN] Free tool: apache chunked vulnerability scanner"

    http://www.theregister.co.uk/content/55/25781.html
    
    By Kevin Poulsen, SecurityFocus Online
    Posted: 19/06/2002 at 04:32 GMT
    
    An early draft of the White House's National Strategy to Secure
    Cyberspace envisions the same kind of mandatory customer data
    collection and retention by U.S. Internet service providers as was
    recently enacted in Europe, according to sources who have reviewed
    portions of the plan.
    
    In recent weeks, the administration has begun doling out bits and
    pieces of a draft of the strategy to technology industry members and
    advocacy groups. A federal data retention law is suggested briefly in
    a section drafted in part by the U.S. Justice Department.
    
    The comprehensive strategy is being assembled by the President's
    Critical Infrastructure Protection Board, headed by cyber security
    czar Richard Clarke, and is intended as a collaborative road map for
    further action by government agencies, private industry, and Congress.
    
    While not binding, proposals that find their way into the final
    version of the National Strategy would likely have added weight in
    Congress, and could lead to legislation.
    
    A controversial directive passed by the European Parliament last month
    allows the 15 European Union member countries to force ISPs to collect
    and keep detailed logs of each customer's traffic, so that law
    enforcement agencies could access it later.
    
    Data to be gathered under the European plan includes the headers
    (from, to, cc and subject lines) of every e-mail each customer sends
    or receives, and every user's complete Web browsing history. The
    period of time that the data will have to be retained is up to each
    member country; specific legislative proposals range from 12 months to
    seven years, according to Cedric Laurant, a policy analyst at the
    Electronic Privacy Information Center (EPIC), which opposed the
    directive.
    
    "Somebody could see their past for the last seven years be completely
    open," says Laurant, speaking of the European directive. "It violates
    freedom of speech and the basic principle of the presumption of
    innocence."
    
    The draft of the U.S. plan does not specify how much data ISPs would
    be forced to collect, or how long they would have to store it. The
    White House did not return phone calls on the strategy, which is
    scheduled for release in September.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 04:14:15 PDT