On Nov 11, 2007, at 1:26 PM, Duncan Simpson wrote:
> The signal-to-noise logic probably does work, but I am not sure the
> legal
> angle does. If you were *deliberately* ran the software that acidently
> downloaded that kiddie porn the suggested angle might not work.
That's been an ongoing question for me with regards to things like
TOR gateways.
As has been recently posted on Risky Business[1] and The Age[2], TOR
doesn't prevent sniffing of the traffic leaving its gateway. If a
running gateway connects to a server with "information of interest" -
child porn, bomb making information, a known criminal forum - that
brings authorities investigating to your house, it isn't a very good
way to cover ones own tracks with noise. On a similar note, randomly
connecting and pushing network data may create noise that obscures
important data, but it may be easily filtered out from the logs
during analysis.
>
> A law requiring log data to be retained for 6 momths should be a
> major problem
> to enforce. Last time I think the UK mooted this it did not happen
> (disclaimer: this might have been a trial balloon designed to
> generate flak).
> My reaction at the ISP end was "OK, will you buy us the extra hardware
> required?" with the intention the answer would be "no" and the plan
> quietly
> killed. (Thinking that plain daft things will not be enacted is not
> always
> reliable, unfortunately).
That's been my first question as well. Storage, at least for
compliance purposes, has gotten cheaper. 6 months of log data for
most ISPs will still be under the 500GB range of disk. The harder
part of the stored logs is making it easily analyzed and relevant.
There are, of course, several companies in the data retention
compliance arena already, most have offerings for PCI, SOx and HIPAA.
It's not a stretch to think there are smaller offerings to handle
this German laws lighter retention requirement for logs.
On Nov 11, 2007, at 1:26 PM, Duncan Simpson wrote:
> The signal-to-noise logic probably does work, but I am not sure the
> legal
> angle does. If you were *deliberately* ran the software that acidently
> downloaded that kiddie porn the suggested angle might not work.
That's been an ongoing question for me with regards to things like
TOR gateways.
As has been recently posted on Risky Business[1] and The Age[2], TOR
doesn't prevent sniffing of the traffic leaving its gateway. If a
running gateway connects to a server with "information of interest" -
child porn, bomb making information, a known criminal forum - that
brings authorities investigating to your house, it isn't a very good
way to cover ones own tracks with noise. On a similar note, randomly
connecting and pushing network data may create noise that obscures
important data, but it may be easily filtered out from the logs
during analysis.
>
> A law requiring log data to be retained for 6 momths should be a
> major problem
> to enforce. Last time I think the UK mooted this it did not happen
> (disclaimer: this might have been a trial balloon designed to
> generate flak).
> My reaction at the ISP end was "OK, will you buy us the extra hardware
> required?" with the intention the answer would be "no" and the plan
> quietly
> killed. (Thinking that plain daft things will not be enacted is not
> always
> reliable, unfortunately).
That's been my first question as well. Storage, at least for
compliance purposes, has gotten cheaper. 6 months of log data for
most ISPs will still be under the 500GB range of disk. The harder
part of the stored logs is making it easily analyzed and relevant.
There are, of course, several companies in the data retention
compliance arena already, most have offerings for PCI, SOx and HIPAA.
It's not a stretch to think there are smaller offerings to handle
this German laws lighter retention requirement for logs.
[1] http://www.itradio.com.au/security/?p=48
[2] http://www.theage.com.au/news/security/the-hack-of-the-year/
2007/11/12/1194766589522.html
[ reply ]