New Security Rules May Expand Data Requirements

Discussions

News: New Security Rules May Expand Data Requirements

  1. New Security Rules May Expand Data Requirements (12 messages)

    According to ZDNet, US Attorney General Alberto Gonzales is pushing a bill that would require sites to track IP addresses of users for one full year. The primary focus is on ISPs, but social networking sites may be included as well, and what the definition of a "social networking site" is has not been made clear, although primary targets are sites like MySpace. Other sites that provide discussion forums, chat rooms, or email service might also be affected. The European Union had already passed legislation requiring recording of Internet usage in December 2005, although it's not clear whether the social networking sites are affected by this as in one of the proposed US variants. This issue may be worth paying attention to, considering the potentially broad nature of the impact - which may be even more far-reaching than Sarbanes-Oxley, which mandates standards for public and accounting firms for security and records-keeping.

    Threaded Messages (12)

  2. Nice to see how the US is doing it's best to regulate entrepreneurs and start-ups to death.. To begin with, just being aware of all laws with which a company is required to comply is a science in itself. Add to that the effort and cost required to comply with said laws. I guess the politician take on "If all you have is a hammer, every problem looks like a nail" is "If all you know is legislation, every problem looks like it can be solved with a law". I wouldn't be surprised if the US is soon rid of its comparative advantage when it comes to business friendliness. Europe may be worse, but the US is sure doing what it can to catch up in terms of regulations and legislations.. And don't doubt it for a second: this will do absolutely nothing for "security". The bad men will use anonymizing services. It is a complete paper-tiger. The only thing that will happen is that the incumbent large companies will thrive, at the cost of start-ups and competition. All regulation ever does is entrench the incumbents..
  3. passing the buck[ Go to top ]

    The governement has already been illegally spying and data mining on American's communications and internet traffic for some time now. http://www.eff.org/Privacy/ This is just an effort to shift the cost of spying away from the government onto the private sector.
  4. Re: passing the buck[ Go to top ]

    The governement has already been illegally spying and data mining on American's communications and internet traffic for some time now. http://www.eff.org/Privacy/

    This is just an effort to shift the cost of spying away from the government onto the private sector.
    This is nothing new. Just look at how the government ended up using social security numbers.
  5. Re: passing the buck[ Go to top ]

    The governement has already been illegally spying and data mining on American's communications and internet traffic for some time now. http://www.eff.org/Privacy/

    This is just an effort to shift the cost of spying away from the government onto the private sector.


    This is nothing new. Just look at how the government ended up using social security numbers.
    It's also not illegal. The only intercepted traffic is that which flows into and out of the country, therefore no traffic inside the US itself is affected which means US law does not apply even if the agencies doing the monitoring are held to those laws (some of them are excempted from certain legal restrictions).
  6. Re: passing the buck[ Go to top ]

    It's also not illegal. The only intercepted traffic is that which flows into and out of the country, therefore no traffic inside the US itself is affected which means US law does not apply even if the agencies doing the monitoring are held to those laws (some of them are excempted from certain legal restrictions).
    My comment had nothing to do with the illegality or legality of wiretapping. My comment was about the government using the private sector to do their dirty work.
  7. Re: passing the buck[ Go to top ]

    It's also not illegal.
    The only intercepted traffic is that which flows into and out of the country, therefore no traffic inside the US itself is affected which means US law does not apply even if the agencies doing the monitoring are held to those laws (some of them are excempted from certain legal restrictions).


    My comment had nothing to do with the illegality or legality of wiretapping. My comment was about the government using the private sector to do their dirty work.
    The private sector and the man on the street pays either way: - If the government does it directly, people pay through higher taxes. - If regulation forces the work onto the private sector, people pay through higher prices.
  8. hiding the truth[ Go to top ]

    Since the executive branch keeps blocking any inquiry into the legality of domestic surveillance no one knows it's full extent. We know it exists http://www.wired.com/news/technology/0,70908-0.html and it's just for foreigners.
  9. If a law like this passed it would most likely only apply to large revenue generating web sites. If you or a company hosts a web site that does not generate millions a year in revenue then the odds of a law like this being enforced on you are about 0%. There does have to be some rationality about how and who the law could apply to. It applies to everyone running "social networking sites" isn't rational. On the technical side, it's very easy to track the ip addresses of visitors, many web sites do this for their own security reasons. Let's suppose you have a million unique visitors a day on your web site and each ip takes 20 bytes (probably more like 4 or 5 bytes). The disk space to store a years worth of ip addresses would be about 7 GB. It's not an issue from a technical and feasability stand point. I think this article is bit of a fear tactic against the little guys running web sites. Danny http://www.soamodeling.org
  10. If you or a company hosts a web site that does not generate millions a year in revenue then the odds of a law like this being enforced on you are about 0%. There does have to be some rationality about how and who the law could apply to. It applies to everyone running "social networking sites" isn't rational.
    Still, it CAN be enforced, and no one has ever accused politics or politicians to be rational... Anyone who thinks they are should think again.
    On the technical side, it's very easy to track the ip addresses of visitors, many web sites do this for their own security reasons.
    Very true, but a few hundred, or thousand of these "requirements" add up at the end of the day. In isolation this thing doesn't seem to bad, but when you add up all the regulations you have to deal with, it's quite a bit.
  11. If you or a company hosts a web site that does not generate millions a year in revenue then the odds of a law like this being enforced on you are about 0%. There does have to be some rationality about how and who the law could apply to. It applies to everyone running "social networking sites" isn't rational.

    Still, it CAN be enforced, and no one has ever accused politics or politicians to be rational... Anyone who thinks they are should think again.

    On the technical side, it's very easy to track the ip addresses of visitors, many web sites do this for their own security reasons.

    Very true, but a few hundred, or thousand of these "requirements" add up at the end of the day. In isolation this thing doesn't seem to bad, but when you add up all the regulations you have to deal with, it's quite a bit.
    And don't forget that many of those requirements are mutually exclusive. So in reality it's often impossible to run a company completely within the law because complying with one law will inevitably mean you're breaking one or more others. I could for example well imagine that compliance with this law might be a violation of wiretap and privacy laws.
  12. I could for example well imagine that compliance with this law might be a violation of wiretap and privacy laws.
    And remember, as they always say: "Ignorance of the law is no excuse". Damned if you do, damned if you don't..
  13. "Shit! All it recorded was millions of 127.0.0.1. I guess we had a bug. Now **** off."