[148210] in North American Network Operators' Group
Re: question regarding US requirements for journaling public email
daemon@ATHENA.MIT.EDU (Fred Baker)
Thu Jan 5 14:17:42 2012
From: Fred Baker <fred@cisco.com>
In-Reply-To: <CAP-guGUXKVf6q1Nvs-pwUefz5DEVaiTiSrFmN++AyeNehd-Uag@mail.gmail.com>
Date: Thu, 5 Jan 2012 11:16:15 -0800
To: William Herrin <bill@herrin.us>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 5, 2012, at 10:42 AM, William Herrin wrote:
> On Thu, Jan 5, 2012 at 10:56 AM, Eric J Esslinger =
<eesslinger@fpu-tn.com> wrote:
>> His response was there is legislation being pushed in both
>> House and Senate that would require journalling for 2 or 5
>> years, all mail passing through all of your mail servers.
>=20
> Hi Eric,
>=20
> The only relatively recent thing I'm aware of in the Congress is the
> Protecting Children =46rom Internet Pornographers Act of 2011.
Since you bring it up, I sent this to Eric a few moments ago. Like you, =
IANAL, and this is not legal advice.
> From: Fred Baker <fred@cisco.com>
> Date: January 5, 2012 10:46:30 AM PST
> To: Eric J Esslinger <eesslinger@fpu-tn.com>
> Subject: Re: question regarding US requirements for journaling public =
email (possible legislation?)
>=20
> I don't know of anything on email journaling, but you might look into =
section 4 of the "Protecting Children =46rom Internet Pornographers Act =
of 2011", which asks you to log IP addresses allocated to subscribers. =
My guess is that the concern is correct, but the details have morphed =
into urban legend.
>=20
> http://www.govtrack.us/congress/billtext.xpd?bill=3Dh112-1981
> =
http://www.techdirt.com/articles/20110707/04402514995/congress-tries-to-hi=
de-massive-data-retention-law-pretending-its-anti-child-porn-law.shtml
>=20
> I'm not sure I see this as shrilly as the techdirt article does, but =
it is in fact enabling legislation for a part of Article 20 of the COE =
Cybercrime Convention =
http://conventions.coe.int/Treaty/en/Treaties/html/185.htm. US is a =
signatory. Article 21 is Lawful Intercept as specified in OCCSSS, FISA, =
CALEA, and PATRIOT. Article 20 essentially looks for retention of =
mail/web/etc logs, and in the Danish interpretation, maintaining Netflow =
records for every subscriber in Denmark along with a mapping between IP =
address and subscriber identity in a form that can be data mined with an =
appropriate warrant.
I can't say (I don't know) whether the Danish Police have in fact =
implemented what they proposed in 2003. What they were looking for at =
the time was that the netflow records would be kept for something on the =
order of 6-18 months.=20
=46rom a US perspective, you might peruse
=
http://en.wikipedia.org/wiki/Telecommunications_data_retention#United_Stat=
es
The Wikipedia article goes on to comment on the forensic value of data =
retention. I think it is fair to say that the use of telephone numbers =
in TV shows like CSI ("gee, he called X a lot, maybe we should too") is =
the comic book version of the use but not far from the mark. A law =
enforcement official once described it to me as "mapping criminal =
networks"; if Alice and Bob are known criminals that talk with each =
other, and both also talk regularly with Carol, Carol may simply be a =
mutual friend, but she might also be something else. Further, if Alice =
and Bob are known criminals in one organization, Dick and Jane are known =
criminals in another, and a change in communication patterns is observed =
- Alice and Bob don't talk with Dick or Jane for a long period, and then =
they start talking - it may signal a shift that law enforcement is =
interested in.=
