The Grey

It has been approximately a year since I felt like there was time to sit and write out my frustrations to the world.  Well, there is even less time than before, but I am tired and need to get a few things off my chest.

I am sitting in my office overlooking a city composed from this perspective completely of muted grey, browns and white.  A single red pipe sticking up from the new construction across the way composes the only primary color in view.  The two things, the Grey and the Tired, are probably not unrelated and in part seem to be kept in check by the miracle of Modern Pharmaceuticals for which I am happy.

In reading the interwebs the other day I run across this little gem -

DOJ seeks mandatory data retention requirement for ISPs ; Joins police chief organization in calling for law to bolster enforcement efforts to fight child porn, other online crime

John Douglas, chief of police in Overland Park, Kansas and a representative of the International Association of Chiefs of Police, echoed similar concerns (PDF).  "Clearly, preserving digital evidence is crucial in any modern-day criminal investigation," Douglas said in his prepared testimony for the House subcommittee. On occasion, law enforcement has been able to use existing legal processes to get ISPs to preserve data in connection with specific investigations, he said.

However, because of widely varying data retention policies, sometimes law enforcement requests for protecting data are made too late. "There are cases where we are not able to work quickly enough -- mostly because a 'lead' is discovered after the logs have expired or we are unaware of the specific service provider's protocols concerning data retention time periods," Douglas said.

What is being asked for is that ISP's retain data about online activity for a period of two years.  The form of the data that is being asked for has not been fully described but any form of this retention represents a significant erosion of the notion of privacy.  In the more full bodied version, providers would be required to keep full session information (think of this in terms of all your "web traffic").  Two years is a long time.

Now this strikes me as a little stinky.  There is almost no discussion of privacy concerns except perhaps:

A discussion about data retention is also not about whether the government should have the ability to obtain retained data. Retained data is held by the provider, not the government. Federal law controls when providers can disclose information related to communications, and it requires investigators to obtain legal process, such as a subpoena or court order and in some cases with a search warrant, in order to compel providers to disclose it.

Any way, the same DOJ jokers who currently break the law and abuse the system will just get another tiny speed bump put in place to see whatever you have been doing on line for the past couple of years.

This is by no means a suggestion that it will be used by unethical folks for illegal actions, but really people give me a fucking break.

In a larger perspective we can look back on the NSA coercing telecommunication companies into allowing them to engage in warentless surveillance.    I have gone on and one about this in the past so, this will be short and to the point.  From one of my favorite sites:

Senator Barack Obama, desperate for some traction against Hillary Clinton in the fight for the Democratic nomination for president announced (via) he would support a filibuster if it contained retroactive immunity, but in the end he supported it. The phone companies were off the hook (har) and no one had to find out anything.

Why dredge up this ancient history? Because it sent the message to the business community that if the government comes calling it is best to go along. There is no downside to cooperating, apart perhaps from some anxiety while the pretty theater in the capitol plays out. There is a definite downside to pushing back, though.

This scenario appears to be repeating, this time with Internet companies. Twitter just received a subpoena for user data along with a gag order preventing it from telling the targets. To its enormous credit, it fought back, challenging and quashing the gag order. WikiLeaks - the target of the investigation - raised the entirely reasonable question of whether, say, Facebook and Google have received similar orders. What assurance can anyone have that their data is being protected from US government surveillance?

Honestly compared to this, the NSA buildout in various telcos is totally kids stuff.

Just another day in The Grey.