[67717] in Cypherpunks
Re: "Forward Privacy" for ISPs and Customers
daemon@ATHENA.MIT.EDU (Kevin L Prigge)
Wed Oct 9 19:35:03 1996
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
To: tcmay@got.net (Timothy C. May)
Date: Wed, 9 Oct 1996 17:26:26 -0500 (CDT)
Cc: cypherpunks@toad.com
In-Reply-To: <v03007802ae819385a300@[207.167.93.63]> from "Timothy C. May" at "Oct 9, 96 10:13:22 am"
Timothy C. May said:
> However, there are certain things my phone company does *not* do. They
> don't keep _copies_ (recordings) of my phone conversations. This means a
> court order can't yield copies of past conversations. They also don't track
> incoming phone calls to me. (I don't believe such records of incoming phone
> calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming
> phone numbers is possible....I just don't think local or regional phone
> companies care about such records, and hence don't bother to accumulate
> them.)
I had heard through the grapevine about a year ago that US West (the
local Phone Monopoly) was required to turn over a list of all phones
that called a certain local number. I don't recall what the details,
but it implies that records of calls (from, to, possibly duration) are
kept at least for a time.
> Something ISPs could do--and may do if there is sufficient customer
> pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
> technical term). That is, to have an explicit policy--implemented in the
> software--of _really_ deleting the back messages once a customer downloads
> them to his site. This means that _backups_ must be done in a careful
> manner, such that even the backup tapes or disks are affected by a removal.
Interesting thought, but it fails when it gets to my scale. It would
be trivial to exclude a file or set of files from normal backup, but
it would be problematic to exclude files from filesystem dumps, etc.
The scale I deal with (40,000 users, 12gb of /home directory files and
about the same in the mail spool) would make it almost impossible to
provide this service with accuracy to my users.
> But if no logs and backup tapes of mail are kept, at least the job of
> gaining access to communications is made more difficult.
I've been concerned about system logging on remailers, and what kind of
traffic details they could leave. If a remailer operator doesn't control
the machine that the remailer runs on, there can be no guarantee that
traffic information is unavailable to someone with a warrant or a gun.
It wouldn't be to much of a stretch to imagine a coordinated raid of
all remailers, to "capture a terrorist ring" or some other likely
excuse.
--
Kevin L. Prigge | Some mornings, it's just not worth
Systems Software Programmer | chewing through the leather straps.
Internet Enterprise - OIT | - Emo Phillips
University of Minnesota |
