[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR and ISP

> >      On the contrary, in the United States, all ISPs are *required* by

> >  statute to record all URL requests that can be detected passing from their
> >  customers through their equipment.
> False. ISP's in the US don't have to record any information of any
> kind about their user or their data whatsoever. None, period. Nor are
> they required to give it to anyone except under legal process
> [subpoena, court order].
> US ISP's routinely lobby against recording anything because the time,
> capital and
> recurring cost to them to do so is precisely that, pure cost, no profit.
> Any information they record is usually related to generating metrics
> so that they can make more money.
> However, lately, all that has been flipping on it's back, now many are
> recording as a feel good or pressure measure, 'Hey, I'm a spiffy
> "patriotic" company, I helped law enforcement bust a terrorist 9yo kid
> today. Yay :) Please count me in as a good guy and don't put me on
> your watch list ok.'
> Any data they do happen to have on hand is of course subject to process.
> > norms... against the ISPs reminding users that ISPs have this ability. :-)
> True. There is also the CALEA system, the result of which is that
> pretty much every phone switch in the US is remotely tappable.
> Internet gear is the next obviously logical step for that joint,
> partly required, partly offered, effort.
> >  I doubt that they provide this information
> >  to private individuals, and doing so may well be prohibited by ECPA
> True. Including other acts... wiretap, fcra, blah and etc. Such acts
> in some cases require those that have data about you to disclose it
> back to you on request. Or to others at your explicit direction. But
> that's usually only in the finance and medical sectors.
> >  but they
> >  can be required to submit their logs of this information to statute
> >  enforcement agencies.
> Only if such 'requirement' means court order. They can give it to whoever they
> want, provided they don't care about the possible legal repurcussions
> of doing so. ie: AT&T etc obviously have a 69 position with the gov't
> going back to the days of Western Union, so they don't care.

Toward a U.S. Data-Retention Standard for ISPs
"Current law, as contained in Title 18 U.S.C. Section 2703(f), outlines
the process by which law enforcement can contact ISPs to request the
preservation of identified records or communications related to a
particular person. The information cannot be deleted for 90 days,
during which time law enforcement obtains the proper legal process.7"

"7. United States Internet Service Provider Association, "The US Data Preservation System: Title 18 U.S.C. Section 2703(f)," http://www.usispa.org/pdf/DataPreservationSystem.pdf "


To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/