Another threat has surfaced that could to be the greatest threat to the privacy of American internet users. It’s not a security hole in Microsoft Windows this time. Now the federal government is proposing legislation to effectively destroy the anonymity of the internet as a whole.
Last week, US Attorney General Gonzales and FBI Director Mueller privately met with members of AOL, Comcast, Google, Microsoft, and Verizon. And the topic of conversation? The Washington brass wants ISPs (Internet Service Providers) to retain mail, web, and radius logs detailing their users activities for a long as two years. ISPs normally use these sort of files for billing purposes and to troubleshoot technical issues. The logs typically have a very short life span, mainly because there is simply too much data to be easily stored and organized. For example, once and ISP has completed a billing cycle, the authentication logs are typically purged in preparation for the next billing cycle.
The Attorney General and the FBI would like to make it a requirement for these logs, and more, to be maintained for a two year period. Logs indicating web traffic, search terms, email correspondence, instant chat, and possibly even VoIP communication would be retained in the event that the powers that be find the information necessary in a criminal investigation.
Gonzales claims that this information will be used to fight terrorism and prevent the internet from being used in the exploitation of children. At first, the concept sounds altruistic. But the fact is that this is a massive invasion of every American’s privacy. It can be compared to the same flawed thinking behind gun control initiatives where taking the guns away from the common man somehow puts weapons out of the reach of terrorists. In much the same way, if the government monitors every move we make on the internet, terrorist are simply going to use underground tools to use the internet in the same way they might have in the past.
Gonzales’ motivations for this sort of oversight are certainly suspect. History is riddled with examples of personal and civil liberties that have been given up simply due to the wording of the governments intention. If Gonzales were to approach these major networks and simply stated what the government wanted to monitor traffic, he would have been laughed at. But when he extends his argument adding that it will protect Americans from terrorists and children from predators, it makes the entire argument a politically charged bomb in that there is only one acceptable response. Providers lose the ability to dismiss the request outright. If they did, their respective corporations can be cast in a very negative light. In short, Gonzales knew how to make his play— fair or not.
In recent months, there have been numerous news stories detailing the theft or loss of sensitive personal information. In one case, medial information of Veterans was stolen. There have also been a dozens of cases of high jacked customer information databases stolen from retailers and e-commerce sites. All of this proves one thing… not every company keeps sensitive customer information as secure as it should. It will only be a matter of time before Gonzales’ plan for this massive data retention comes back to hurt law enforcement more than it helps.
So, what does the average internet user do if he or she has no devious political agenda and shows no malevolence toward children? Should we give up your rights to anonymity even if we are doing nothing wrong? I don’t think so.
While its not possible to keep service providers from logging customer activities online, there are ways for web users to protect themselves from prying eyes. These means vary depending on the medium of communication, but one product comes to mind that covers many of the communication methods and secures them well.
I have been planning a review of the iPhantom for some time. The problem I keep running into is that, while the device is easy to use and very simple to install, explaining it great detail can be somewhat overwhelming. But as it pertains to the proposal by the Attorney General and the FBI, the iPhantom makes a user’s web surfing activity completely anonymous.
When someone surfs any site on the web, their computer interacts with that web site. It draws content from the server. That content might be the HTML source code that makes up the page as well as any number of images or media formats. Each time a users web browser touches the remote web server, it leaves a fingerprint of sorts behind in the server’s log. The information in that log file is nondescript, but it can generally be tracked back to the person surfing the site. Information left in the log includes the name of the file or content accessed, the timestamp of the access, a code designating whether for not the content was successfully accessed, and the IP address of the person who accessed the content.
Most people think that this data in no way points back to them as the person surfing the site. But, if that site contained illegal information or content, there is a way to track down the person doing the surfing. First, the log details the IP address and timestamp of the person surfing the site. An investigator can then use that IP address to track down the network provider to whom that IP address belongs. At that point, the service providers simply pulls authentication logs from their system to find out what account holder was using the given IP address at the given date and time. This trail simply leads back to the billing contact information on file with the given service provider.
The up shot to all of this is that evil doers can be located and prosecuted. The down side is that the rest of us are simply not as anonymous as we assume. An argument can still be made that while this information is available and the process of back-tracking someone is fairly straightforward, it is simply not worth an investigator’s time to do this unless someone has done wrong.
The real question is who gets to decide what is right and wrong? We can all agree that conspiring with terrorists is wrong. But if you consider the MPAA and the RIAA’s view point on movie and music piracy respectively, they would (and have) used this sort of procedure to prosecute people for downloading copyrighted material. And while I have strong feelings about stopping terrorism, my viewpoint on file-swapping is simply not as clear cut. But under this proposal from the Attorney General and the FBI, there would be nothing to separate the two indiscressions.
This brings me back to the iPhantom. The methodology it uses is beyond the scope of the particular story, but I will be further explaining the product in an upcoming post. Simply put, while it is not possible for a user to keep their web browser from leaving a fingerprint in the logs of servers it touches, the iPhantom leaves a fingerprint that simply cannot be traced back to the person doing the surfing. This provides the person doing the web surfing with a great deal more anonymity that they have ever had in the past.
The Attorney General’s proposal is already becoming a politically charged debate. There are people on both sides of the argument who will follow one extreme or the other. In the end, it will be the average internet user who will bear the effects of this sort of oversight. Most of us have nothing to hide but believe we have a right to go about our business anonymously. One thing is for sure&m
dash; if the Attorney General has his way, the internet will no longer be a place where people can interact with each other anonymously.
Please checkout the following links for more information on the Attorney General’s proposal: