What is the best way to hide a tree? The latest hare-brained scheme to be put forward by the Federal government is its proposed Data Retention Regime to be modelled on the European Union’s (EU) Data Retention Directive (PDF 85KB). The proposed directive will require companies providing Internet access to log all activity. That is the web sites you visit, the contents of your emails, your instant message and VoIP conversations, your posts and what you upload and download. This takes invasion of privacy to a whole new level.
The Attorney-General Robert McLelland has denied that the proposed regime will involve tracking people’s web browsing history. However, he refuses to release any details of the proposal even going so far as to make Internet Service Providers (ISP) sign non-disclosure agreements. This government has a long and well established track record of denying what they intend to implement.
The justification the government is peddling for needing this new regime is to combat terrorists, pedophiles and other nasties. I don’t know who is advising the government, but you are not going to catch these people this way. They know how to cover their tracks. If anything, the proposed regime will make it even harder to catch them, as I will discuss later. But first, let us look at the logistics of implementing this regime.
The first question ISPs will be asking is who will pay for all of this. You are talking terabytes of data a minute. That is a lot of storage. It has been reported that ISP’s will be required to retain this data for between five to 10 years. The cost per year will be in the tens of millions if not hundreds of millions. ISPs will have to capture it, save it and store it.
Currently ISPs do not log user browsing history (unless required to by a court order) or if they do will only retain a few months worth of data. Why? Because it is too expensive to do so. The big question is what medium they will be required to save the data to. It does not matter if it is to a hard drive, tape or DVD. They all have a failure rate, especially over a five- to 10-year period. If they are required to ensure that all data be available, then ISPs will be required to have redundant backups. Now double your costs. Realistically, the only method to ensure full retention over a number of years is to store the data on microfiche. That is slow, costly and hard to data mine.
In order for law enforcement agencies to effectively mine the data all ISPs would need to also store their data to a single repository. That is one hell of a big data centre the government will need to build. It will also be a very tempting data centre to hack into as the data stored there will be worth gold to anyone who can data mine the information.
So far I have only been talking about normal levels of traffic. The government does not seem to have considered what would happen if activists (or terrorists) decided to flood the network. This could be done in such a way as to overwhelm an ISPs capacity to capture and store.
Will the proposed regime achieve its goal of ridding the world of nasties? Well no. In fact it will make it harder to do so. Currently, it is easier to find a tree in someone’s backyard than it is to find in a forest. The government would need an army to sift through all the data. That is if the data is there to be found. Law enforcement agencies will be inundated with information, spending a lot of time chasing up false positives.
People who are up to no good know how to cover their tracks and are unlikely to show up in normal Internet traffic. They are more likely to use traditional methods such as dead letter drops, meeting face-to-face or using encryption. They are more likely to use Internet cafes where you will not be able to trace the data back to a person, unless the government is also going to require all Internet Cafes to have a video camera placed over each of their terminals. They would also use unsecured wireless connections.
There are also a myriad of other methods they can employ to avoid detection such as virtual private networks, use of proxy servers or simply saving an email as a draft in a communal email account. Due to the enormous amounts of traffic it will be easy to hide in the forest especially if terrorists implement a co-ordinated attack to flood the network.
Even if law enforcement authorities find something within the traffic it is unlikely to hold up in court. Log files are simple text files, which are easily manipulated. I can see the argument now. “Your Honour, Mr Smith visited anaughtysite.com between 3am and 4am”. Mr Smith’s reply, “Your Honour, I have never visited this site, here is my browsing history where you can see the site does not appear. Besides which, I was asleep at the time. Like everyone else, I am connected to the Internet 24/7”. It will only take one case like this and the whole regime will come tumbling down. Your browser history is also easily manipulated.
So what is the best way of ridding the world of nasties? By doing what law enforcement agencies are doing now: using tried and proven data gathering techniques that will hold up in court. I suspect the government already knows this, which begs the question, what is the real purpose for collecting this information?
Discuss in our Forums
See what other readers are saying about this article!
Click here to read & post comments.
11 posts so far.