Krypt3ia

Two bills have been introduced so far–S.436 in the Senate and H.R.1076 in the House. Each of the companion bills is titled “Internet Stopping Adults Facilitating the Exploitation of Today’s Youth Act,” or Internet Safety Act.

Each contains the same language:

“A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.

” Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.) “Everyone has to keep such information,” says Albert Gidari, a partner at the Perkins Coie law firm in Seattle who specializes in this area of electronic privacy law.

The full story here

How many times must they try to pass this type of bill and language in it before they realize that it just won’t work? When also, will they really admit the truth about this as being not a method to prevent or prosecute “child porn” surfers, but to clamp down on EVERYONE’s privacy? This is just bogus and again shows just how little the Senate and House understands the technology and the processes around it.

First, lets talk about the fallacy of “protecting the children” This bill will not affect the saving of children from predators online whatsoever. Why?

1) Logging is reactive and not proactive.. You are just taking notes. Unless the system warns you that a child crime is being committed, then it’s too late and it’s already happened. Looking at a log only “may” help you in finding them, that is IF the user is not using a spoofed address or on a TOR router etc.

2) Logging must be audited.. Anyone in the senate going to sit and audit all those logs?… Didn’t think so.

3) The logging is only as good as the security of the AP or the internet provider. If the security processes and implementations are the suck, then the data from any logging is suspect. A log can be turned off, futzed with, or outright deleted by an attacker. This is not a foolproof solution.

4) The VAST majority of child porn cases that I have seen do not rely on router logs from home AP’s to track their targets. As well, if there is a DHCP pool that they are tracking, they get a warrant and the providers work with them to trap and trace the IP address. THAT is how they track these pervs and lock it down to a physical address.

5) I have only heard of ONE case where a perv had driven along in his car and performed “War Driving” to get on unencypted AP’s to surf his child porn needs

6) The WIFI encryption protocols are all subject to attack and compromise. To force all home users to save 2 years of log files is just ridiculous. WIFI is ephemeral and not the main point of ingress for the “child predator” You can today, knock off a mac address on an AP and assume that IP (mac spoof) and unless you find that physical wireless card, you have no fucking idea who the perp was and I doubt that we will have teams of feds out there DF’ing perps as they surf my WIFI sig.

7) Recently there have been a spate of AP vulnerabilities, unless you make the routers completely secure, any logs are suspect and not admissible in court. It’s a fallacy to think that this is a real fix to the issue of child porn or predatory behavior.

So, you also gonna try and enforce this on TOR routers? Seems to me a way to try and knock down the security and privacy of this type of system eh? Someone else perhaps involved in this bill? Putting the bug in their ears? Ya know, a three letter agency perhaps? This law would pretty much put the TOR routers in the US into an “illegal” space right? I mean after all the TOR routers deliberately don’t capture logs… Interesting no? You start making the world log their traffic, those pesky TOR routers will break that whole theory huh?

This is total NANNY STATE mentality to attack a problem that they really should try to attack in a smarter fashion rather than use the usual lazy drifnet approach. Just how do they intend on enforcing this too? Roving bands of newly minted federal employees with NETSTUMBLER? Or perhaps something more 1984? Say a system that ties into the internet providers that seeks out the end point routers and checks their security and logging? Perhaps a nice back door into the routers?

No, just fucking no.

I am so sick and tired of the gubment trying to get a lock on the technology problems without actually consulting the security folks out in the world. I am also tired of them thinking that they can just create bills that will “protect” us and it’ll all be good through legislation. It’s not and it never will be. You can’t protect us you shitheads, at least not without destroying our personal privacy altogether. So just stop now. You are wasting my money and your time.

Oh, and by the way, you can also give up any thoughts of taxing downloads or emails like you also have been talking about. Take the crack pipe out of your mouths and start really working on the problems that you can. Not this bullshit, you collectively aren’t qualified.