Collaboration

Proposed legislation would require Internet traffic logging

Keeping Internet traffic logs is a sketchy practice at best, currently; however, that may all change with a new law. IT pro Rick Vanover shares thoughts on the network management impact of this requirement.

A proposed new law would require all Internet providers to keep user and traffic records for two years. This is huge, as it also includes home users, hotels, and your local coffee shop. The legal and political aspects of this legislation are explained well by CNET’s Declan McCullagh in this CNET News post. I will focus on the issues that network administrators and others in the IT community would have with this law should it come to fruition.

First of all, this may mean the end of many free access points. If an organization has to expend extra effort (and incur liability) to provide free Wi-Fi with your crumpets and tea, this service may be first on the chopping block. This requirement extended to the home user will surely be haphazard, lacking support, and without consistency. The burden, in my opinion, will fall heavily on Internet service providers (ISPs) to log this information for residential accounts.

Many corporate users will be well equipped for this requirement, however. Most site filtering mechanisms are capable of logging blocked as well as allowed traffic. The two-year requirement would likely be a storage management topic for large organizations. The issue with that is allowed traffic hits so many domains and files. This is due to browsers calling subdomains, advertisements, and every image that may be on a page. And this is only Web traffic, rich media and other Web content may have requirements for archival as well. Luckily the requirement is for logs -– not a cache!

Overall, I’m not too worried, because the corporate user should be fine, and for the small office or home user, there will be ways to fulfill this requirement. We’d likely see a service built into anti-virus or home computer protection packages that could manage this part of the computing environment for a fee.

What issues do you see with this requirement for the computing landscape as a whole? Share your comments below.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

143 comments
b4real
b4real

The bill is stalled and hasn't moved. Surprised?

donaldcarroll
donaldcarroll

The idea is a great new horizon for Democrats, a whole new system requiring new welfare recipients ala Homeland Security. When do we add the camera and microphones in the bed and bathrooms!

mailstuff95
mailstuff95

It may not qualify as socialism but it definitely is about the government controlling us. What we do when. The actual action or purpose of our visiting a site or searching for terms is irrelevant. It's all about control. Some say they have nothing to hide, yah right. It's not about the right or wrong of we're looking at. While I'd like to say this all Obama's doing it's clearly been on congressional agenda for sometime. Mostly democrats but surprisingly some republicans vote for this crap as well. I'd recommend a truly competitive 3rd party. 1 or 2 seats in the house won't do anything but 2 seats in the senate yah, that'd could definitely ruin certain intellectuals days. we need to start writing letters to elected representatives and senators telling them that if vote for this clear invasion of our privacy that we'll vote them out of office come next term and stick to it. sending emails just doesn't the point across. they just don't take it seriously. just my 2 cents.

melekali
melekali

...that's a bunch of congress-idiots who have nothing useful to do.

DontKnowItAll
DontKnowItAll

"A proposed new law would require all INTERNET PROVIDERS to keep user and traffic records for two years." That means NOT home users, non-internet-service-provider businesses, etc., doesn't it? Only ISPs would have to do the logging, and most of those already do this as I understand things. Wake up, people! But then, I DontKnowItAll!

jdaughtry
jdaughtry

It is titled as a law that would help protect innocents from adult abuse via the internet. It's biggest supporters are companies trying to track down copyright infringment over the internet. I.E. another Republican gift to big business.

Charles Bundy
Charles Bundy

Current draft legislation targets dynamically assigned IP addresses. No logging requirement for ye olde static IP, eh? Wonder if that will become the de facto ISP standard instead of an extra $5 charge for residential customers...

b4real
b4real

Political topics aside, what do you think of the technology side? A criminal may just subscribe to a Internet provider out of the country that allows VPN and proxy through there and you are done. So, I question the root effectiveness.

Zpunky
Zpunky

It will be wearing a flag and screaming about the safety of the children... Maybe Sinclair Lewis got it wrong, he said it would be carrying a bible. Maybe their parents ought to be responsible for them, not society. I wonder if this kind of surveillance could pass constitutional muster.

robertbrown
robertbrown

Cloud-based computing is really going to be a nightmare for everyone involved, especially for businesses who routinely transceive private and confidential information.

esalkin
esalkin

Before the ink is dry spammers and hackers will be accessing these logs. People who commit cyber crimes will not keep the logs, doctor them or find ways around it. If China can't contol the internet what makes them think that a "free" society can?

NickNielsen
NickNielsen

If those flippin' id10ts in Congress were truly interested in protecting children, they'd pull their heads out of their butts and do something to start reducing federal spending and eliminating the budget deficit. D@mn committee! I'll be going static on the home network. Let my ISP sort it out.

Photogenic Memory
Photogenic Memory

I took this quote from this article: http://news.ninemsn.com.au/article.aspx?id=667093 I've taken it out of context from the original article but it pretty much sums up how we feel about the internet. Looks like things will change for all of us. For some of us; it's going to get worse like Ireland'web filtering or China's current internet "supervision". Hard times ahead.

luvwknd
luvwknd

So, when the telephone was invented did Ma Bell have to log all the phone conversations that took place on her watch? I didn't think so. This line of crap will never pass, if it does,,,I'm moving to Australia!

mjdstadler
mjdstadler

It's just another lightweight effort, ill-conceived and minimally considered. Remember TIA - Total Information Awareness - headed by convicted felon John Poindexter? Once the logistics are seen and costs associated with this strategy, it'll die a natural death. It would take an infinite number of data monkeys at an infinite number of workstations an infinity to sift the data streaming over the internet in only a single week into something useful. "Where is the Life we have lost in living? Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?" from T.S. Eliot's, "The Rock" If this goes through, it'll soon be evident that those wishing it will be unable even to find information in the data gathered.

chancea
chancea

Are you kidding me? There is no way that home users could be expected to do this themselves. Also, as others have mentioned, people will find a way to falsify the logs anyway. While the corporate side would have the ability to do this, it would be a gigantic waste of time and money to implement for many organizations. The storage capacity alone for two years of logging for large corporations would be ridiculous, especially if the logs needed to be backed up along with other company data.

seckel109
seckel109

Ohhhhhh, this makes me feel soooo safe. And this is coming from an organization that couldn't catch a cold much less a terrorist organization. But, hey, give them a few more billion dollars, a fresh knife to hack yet again at the constitution, and make us all feel much safer.

michael.tindall
michael.tindall

In today's world, to log all internet traffic WOULD be a de facto phone tap...as a larger and larger percentage of telephone traffic is actually Voice Over Internet Protocol. And EVEN IF some kind of safeguard were proposed to ensure the data wouldn't be used for nefarious or abusive purposes, how can ANYONE predict where the future of technology will take us? Who is to say that a few years from now,after the new legislation coming out of the another terrorist attack/big media event, that the newly constituted THOUGHT POLICE, working in the new MINISTRY OF HAPPINESS AND DISCIPLINE temple won't be going through the previous two years of log files, looking for enemies to prosecute/persecute? Furthermore: The statute of limitations is in effect to protect people's rights against unfair prosecution based on old, cold, stale evidence, the year's-old memories of witnesses, missing or unavailable evidence/witnesses for the defense, etc. Do YOU want to be arrested because someone, somehow, viewed some socially-unacceptable resource (or so they tell you...the ACTUAL information in question has been long-since pulled offline) through a computer nominally under your responsibility, though not your control, two or more years ago? Can they prove WHO accessed the resource? Will it even matter that they can't? And who is to say WHAT WILL EVEN BE ILLEGAL two years from now? BIG BROTHER? More like the Central Scrutinizer...in charge of enforcing all the laws that haven't been passed yet.

jrhue
jrhue

When the country was founded, those who governed believed that we had the Liberty to do our calling being Free from government intrusion. No more do those who govern over us believe this!

Netlord80
Netlord80

There are many messages on here bashing both Bush and Obama. While this issue has huge privacy ramifications, the issue is not a left or right issue. This legislation was pushed by the left a few years ago, and is now seeing new life from the right. In reality, this will not be enforcable as the vast majority of home users don't even know what DHCP actually means. The education level simply isn't there to have this be effective. And to be honest, it is no one else's buisness what sites I visit. I think many out there would agree with that sentiment. Personally I don't buy the guise of this being meant to protect children from exploitation. NAMBLA is allowed to operate when their whole premise is the exploitation of children. This reasoning is a smokescreen for other purposes.

Robert8506
Robert8506

Sure it can be done with technology [edited]

ncheneweth
ncheneweth

Do we have to keep logs of our mail, faxes, phones calls, txt messages? What about phones with web browsers, or other sorts of devices that don't have the necessary capability, sufficient memory, or a way to archive? This is like any of a dozen other laws that are only routinely enforced at certain corporate levels, and provide leverage over everyone else... "You better cut a deal with us cause we have you on 2 years worth of X fraud!"

cstrom2003
cstrom2003

Wasn't the government already doing this at the major access points a.k.a. Internet Backbone run by AT&T and other large telecom carriers?

sjwatsons
sjwatsons

The question is would the government attempt to implement this kind of legislation for phone calls? Today to listen in on a phone call, it takes a court order...that's the way it should be for Internet traffic. Personal privacy is very important.

kghansen1
kghansen1

Another degredation of our Fourth Amendment rights. The founding faters will be spinning in their graves.

hevymetl
hevymetl

Thankfully, there are enough home users around with WEP encrypted wifi routers to allow easy usage of their wifi. How is punishing all internet users going to dissuade child porn creeps from getting to what they want? Sounds like another government money making scam. It's good to be the government.

BrannenT
BrannenT

I read the links to the bill, and it looks to me like it's simply saying to retain the DHCP address assignments, so the traffic can be linked to an account - not a running transcript of sites vitited, not caching, etc. Quote: ?(h) Retention of Certain Records and Information- A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.?." Keeping DHCP IP assignments is no big deal.

crp
crp

Hello, I'm been bemusedly reading through all the hysterical posts in reply to this topic. You fools have been being logged, and followed around on the internet for years now! What do you think Google does when you access one of the sites they have their Google Ads posted on? I can tell you, they have scripts that load with those ads, that follow you along to the trail of sites you visit after leaving that site, all in the name of marketing research. Your isp has been logging your ip address from the beginning, and every time you hit a web site, that ip address is logged in that site's server logs. I know, I have two web sites of my own, and regularly download my log files, and run them through a web log analyzer to see who's been on my site, and where they are from. If you don't believe me, just get your hands on a good packet analyzer, and start listening to your internet connection while you are online. I'm on Linux, and have a network analyzer called EtherApe, which shows me a real time graphic representation of the sites that my computer is connected to. At any one point in time, there are as many as four or five connections to several of Google's many servers. One's even named google.safebrowsing.com, isn't that a joke! 8-) And I keep all of my server logs, they really do not take up that much room, or even take that long to extract and format their data into a nice html report, with graphs representing where the ip addresses are from, and many more facts. I don't personally have the GeoIP Plugin installed in my web analyzer, but it is available, and will tell anyone interested the city that you are from. I do get my results sorted by country and .com [which are mostly U.S.] addresses, however. I also know which browser you were using, and your screen resolution, whether or not you had javascript enabled, and how long you spent on my sites, and what you read while you were there. I can't really track down who the individuals are that visit my site, unless they send me a personal email, which gives me their ip address, and then it's a simple matter to extract them from my logs. That's what a lot of the sites you sign up for are doing, by making you give them your email address, and respond to an account verification email, they are able to identify you personally when you return to their sites. Yeah, I've even noticed the change in the search results I get when I go to Google now, because they know I'm on Linux, and skew the results to show me related topics when I do a search. If you'd like an easy way to see who's following you around the net, install Firefox, and then get the add on called Web Developer. In that add on, there is an error console that you can set to jump up, when an error or security violation is generated. At just about every page I load, there are errors in the web site's code, and more than likely a warning that Google has tried to access content from their site via my browser. I was really surprised at how lousy most of the web developers out there are at writing code, as I get constant error messages from the console as I surf around. It's no wonder that hackers are able to compromise them so regularly. Get a clue people, this government requirement to keep records is nothing new, it's been going on from day one on the web. Most of the sites you visit on a day to day basis, have very extensive records of your visits, and use them to advertise products to you, or otherwise tailor their communications with you. Which makes me wonder why they haven't made more of an effort to block, and prosecute the child pornographers, and take down the offensive content before now, as it can't be that hard to do. Have you ever tried to do a search on your own name, or email address on one of the big search engines? Try it, you'll be shocked! Most of you leave your footprints all over the web. I'm not to worried about the government keeping records of who had what ip address when for two years, and that is mainly because I know I'm not doing anything to be ashamed of while I'm on the web. The internet is a great learning resource, and that's mainly what I use it for, so I don't care if someone else knows where I'm going. Too many of you seem to think it's some kind of anonymous playground, where you can do whatever you want, and no-one's the wiser. Not so, my friends... I'm also always amazed at the number of people who feel it necessary to masquerade under assumed names while on the web, what's that about? I've always used my real name, and will always continue to do so. I know who I am, and I don't need to hide behind some made up persona to express myself while I'm out here. So, keep ranting on about your "lost rights", and "government intrusion" into your live's, it's isn't really much of a change from what's going on now, and what are you so ashamed of that you need to hide your tracks for anyway? And just for the record, I voted for John, because I thought we needed a strong head of state to continue the war on terrorism, and Obama just seems too weak, and wishy washy to fill that role to me. I find it amazing that so many of you have forgotten the horror of the twin towers on 9/11 already, and likened the current war to Vietnam, where we had no business being in the first place. There really is no comparison, we must weed out the insidious terrorist factions, before they attack us here at home again. I've been mighty proud of President Bush for his pursuit of the matter, and loath the thought of the current liberal peacenik we have in the white house now. I don't know if I've said enough yet to make you think, but I'm hoping that some of what I've said has gotten through to you, because I couldn't really believe what I was reading in these replies here. A lot of you people have a real problem, and it makes me sad to think that there are so many of you like that out there, that are so caught up in their own selfishness, and childishness, as I have witnessed here today. Later, Ray Parrish

wdewey@cityofsalem.net
wdewey@cityofsalem.net

This is only to identify who owns an address and for what period of time. The post office already knows that or you wouldn't be getting mail. I also believe that they are required to keep that info for a certain period of time so in effect this is already happening. Bill

misgateway
misgateway

After reading all the anti-Obama, anti-Democrat and anti-liberal hysteria in previous posts, I find it amusing that both of these bills are introduces by and sponsored by REPUBLICANS!

Old Man IT
Old Man IT

Our phones can be tapped without a court-order... Our Banking information will soon be controlled by our government... our SS# and information is already available... and if the current group of life-long do nothings get their way,our medical information will be in their control... Our right to free speech (if it is against those in power...)will be gone within the next 18 months... We already have no control over our lives or those of our children... Please don't be so naive to think that this is for the "children". Gore's internet will be taxed... why else do you think this is being pushed!

wdewey@cityofsalem.net
wdewey@cityofsalem.net

?(h) Retention of Certain Records and Information- A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.?. Logging of who owns an address and for how long. This is the exact text pasted out of the link provided above. Bill

---TK---
---TK---

Lets think about that... thats illegal. If you really want to hide what your doing, why not find an off shore proxy that allows a secure connection....? Last time I checked using a proxy wasn't illegal... Think about it.... :)

theron
theron

Uh, this was proposed by Texas REPUBLICANS. At least get the facts right before you spout drivel. This is a tech site, so "bring the tech" by actually discussing the topic at hand, and supporting that discussion with ACTUAL FACTS. You know, like who wrote the bill... That said, why is it that when govt tries bringing up crap like this, it is always "ABOUT THE CHILDREN! THINK OF THE CHILDREN!" (Until a bill comes up like S-Chip, which ACTUALLY IS FOR THE CHILDREN, and then they vote against it...) The level of hypocrisy of govt, from BOTH PARTIES, never ceases to amaze me. As does the lack of intelligence that is usually demonstrated in the rants and poorly supported argument from fanboys of both parties.

The 'G-Man.'
The 'G-Man.'

There are the people who will actually do this hacking. Makes them no better than a common theif as the door was locked, all be it not well.

Charles Bundy
Charles Bundy

The language is pretty vague, thus inviting argument over what you think nails down identity. Based on the language what do you think the government considers necessary to identify a user?

cowen80194
cowen80194

at the top where it reads "the Internet, and for other purposes." did you pay taxes on your ebay purchase? What about those other online purchases can you provide proof that tax was paid? These words are the "Grey Areas" where anything goes. And this is already done. More wasteful government spending. How many hours are being spent on this garbage when there are laws already on the books that do just this. I bet there is a Pay Raise in there TOO. Special Project gets attached....... IT is all fuzzy words until its law and then the hammer falls its like the HIPPA Laws that protect people from Medical ID Theft. It still happens. Financial ID Theft. Medical ID Theft CAN NOT BE Recovered from unless you have an Attorney and even then its hard and costly (And Medical Theft WILL kill you) HIPPA was a warm fuzzy to make people think that their records might be safe but Reality is it is a lie. And we spend billions enforcing HIPPA same as TSA. how many different organizations can we make to spend tax money.

Slamlander
Slamlander

For anyone. It's an unfunded mandate and it's still a violation of civil rights, as well as being unconstitutional. No, I am not bashing Obama. I've been bashing Bush on civil rights for years. If the US Feral Government wants records then they can keep them themselves or fork over a wad of cash.

chrisbedford
chrisbedford

Every week, I receive at least one e-mail screaming that Obama did this, Obama's going to do that, the Democratic Party want to do the next thing - and nine times out of ten, it's (at best) rabid right-wing hysteria based on anti-liberal emotion, or (more likely) downright disingenuousness or lies. Oh and the other one time usually turns out to be inacurate or quoted out of context, too. From BrannenT's post above, it seems this whole discussion is based on exactly the same sort of misunderstanding, deliberately fuelled by NRA-types with their own political agenda. Could someone take a step back, stop with the drama queen ranting, and actually analyse exactly what is going to be required? So far, of 40 posts on this topic, exactly THREE seem to be relevant and factual. If Mr T reads the references right, you are all screaming like stuck pigs and you haven't even been pricekd with a pin - someone has shown you a blunt toothpick and told you it's coming somewhere near you and you are screaming murder. I find it always makes for less embarrassment if you make sure of your facts before running off at the mouth.

KTC
KTC

Thank you, BrannenT. I was just about to give up on this TechRepublic posting because it seems to be a platform for Obama bashing instead of thoughtful discourse on the initial question. I appreciate people who can stay focused on the question and contribute intelligent answers to the questions. After reading much of the responses here, I don't think your intelligent input stands much of a chance but I am glad to know people like you still exist.

mkduffy
mkduffy

I agree with the real name part of your post. But still don't want this law. As it makes it look like something was done about the current problem. When in fact nothing has been done. Just more money spent without any results. Personly I don't care about the Privacy issue, but if this law was passed it opens the door to other laws that maybe I would care about because of the privacy issues. Signed: Mark Duffy

NickNielsen
NickNielsen

My complaint is that this law is being put forward when we already have laws concerning child pornography and when [b]there are so many better things for Congress to address than on-line child porn[/b]. As for the rest of your little screed, you can give away as many of your rights as you like but don't you dare try to give away any of mine!

Netlord80
Netlord80

The same bill (in essence) was put forth 3 years ago by Democrats.

jlofgren
jlofgren

I second theron's suggestion of getting back to the tech. I'd rather this not become a political forum. As the original article mentioned, the questions we should be exploring are: who all is affected by this, and to what extent. I'm the lead network administrator in my company, and currently our parent company controls the border routers, so I expect I don't need to currently worry about this law (at work, at least). But we will soon be taking that control back into our hands. As mentioned previously, I'm curious if the tracking my ISP does (or will be doing) is sufficient, or if I need to have my own in place that conforms to this potential law.

Netlord80
Netlord80

You must have missed the part where the democrats put this out there a few years back, but the Bush administration shot it down because they had "serious reservations" about the privacy concerns. These Republicans have just repackaged on old failed bill. Before placing blame, try looking at the history of the topic.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

How is this a civil rights violation? Telephone companies are required to keep logs of when phone calls are made and to who they were made to. Then it takes a court order to get this info. How is logging DHCP address leases different? Bill

BrannenT
BrannenT

... for example: "No Child Left Behind".

The 'G-Man.'
The 'G-Man.'

Could not aggree more! Walk the Walk & Talk the Talk Follow thy own advice.

BrannenT
BrannenT

Chuckling to myself ... Mr. T. I remember Mr. T. :)

eaglesinnc
eaglesinnc

And, I'm guilty (although my bashing has been more about the craziness of some of the posts). If anyone listens to the TWiT podcast, there's a really good conversation about this bill in this week's episode. They discuss the actual bill, the ramifications and the reasons behind it. It's a lot more intelligent and insightful than some of the garbage on here. Their assessment is in agreement with BrannenT's. As some here have pointed out, if you're against it, do something and write/call/email your congressperson or senator and tell them to vote no.

BrannenT
BrannenT

Lol. Thanks. It seems to be a good goal - protecting kids online, but as someone said, fixing social problems with technological solutions isn't always appropriate, or even feasible. :)

wdewey@cityofsalem.net
wdewey@cityofsalem.net

You have to identify people before you can treat them and if these people were going to turn themselves in then we wouldn't have a problem. How do you identify people if the only way they look for victims is on the internet? Bill edited for spelling

BrannenT
BrannenT

It's similar to the saying, "when handguns are illegal, only criminals will have handguns". There's always tradeoffs. :)

emmanuel.cauvin
emmanuel.cauvin

OK, I understand your distinction now. You are right when you say that the root of this problem is in people's mind, not in their computer. What they do with their computer just reflects what they have in mind. You would prefer to punish the wrongdoers rather than the computer (and even the entire "Internet community"), which makes sens. In the US you often use the word "balanced". I love this word. This kind of thechnical solution should not be seen as the only solution. But it should not be excluded. Take an example : when you don't want people to park their car in a certain place such like the entrance of a hospital, you may either say it kindly or build a barrier. The 2 options are valid, the social one and the technical one. The 2 options must be considered... without forgetting that the good thing with the technical option is that... it works !

BrannenT
BrannenT

What I mean, is that the problem is pedofilia. It's a social problem (at least in US culture) - of adults wanting to have sex with children (as a basic working definition). Logging Internet connections - is a technical "solution" - but it does not fix the problem. It's a treatment for a symptom - it does nothing to "treat the disease". Perhaps it would make it a little easier for law enforcement to track and convict people, but my opinion of these kinds of laws are that the legislator is looking to "feel good" and "look good" because they're legistlating that someone else throw lots of money at a problem - and it's not going to do anything to address the roots of the problem - helping these "sick people" get some treatment and cure our society - which is a MUCH larger and more difficult problem. So, if they're not going to solve the problem, then I question the value of throwing a technological solution at a social problem. I think we could look at it with a cost/benefit analysis - is the cost to implement a technological solution, nationwide, worth the benefit? When one factors in technological work arounds (to the criminal) - such as proxies, encryption, onion routing, good old "sneaker net" - I don't believe so. However, I didn't factor in the political aspects - like I said, the legislator looks good and feels good that they've "done something" - never mind that it doesn't solve the problem.

emmanuel.cauvin
emmanuel.cauvin

Hello, I do not understand your distinction between "social problems" and "technical solutions". I am Not an expert but as far as I know the Internet is a technology. So, if someone feels that there is a problem with this technology, then one logical way to try to solve the problem is to find a technical solution. One may also rely on people's behaviour but the idea of solving directly the problem within its environment does not look stupid to me. To say it otherwise : the Internet - in my view - is both a social network AND a technical environment. By the way, I am happy to talk to someone located in Hawaii (lucky man). Emmanuel (France)

Editor's Picks