Today in Parliament

Richard Clayton ukcrypto at chiark.greenend.org.uk
Thu, 17 Jul 2008 18:16:25 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <00b401c8e82a$5cb90940$e57ea8c0@Jinja>, James Firth
<james2@jfirth.net> writes

>On a wider point, can anyone explain to me why (or indeed if they are) ISPs
>are required to capture Domain Name Service (DNS) lookup logs as part of
>data retention legislation?

We await the Communications Data Bill (or a statutory instrument that
implements the Data Retention Directive)...

... but the existing ATCS voluntary scheme does not include DNS lookup
logs (and indeed I doubt that many ISPs generate such logs)

>  If so, what is supposed to happen if
>subscribers choose to use their own or 3rd-party DNS servers?
>
>I ask the question because it is kind of obvious that ISPs need to keep a
>log of which IP addresses were assigned to any subscriber at any given point
>in time.  I can see the argument for traceability.  But I can't see the
>argument for DNS lookups. 

Who is making one ?

I suppose someone might think there was value in determining which
subscribers had resolved www.binladen.me over the past year... but it
doesn't sound very proportionate to me (or likely to be useful).

Some anti-phishing activity is helped by access to "passive DNS"
information -- but that's (a) content and (b) not linked to any
individuals;  so it's not really relevant.

>Furthermore I have some concerns about the accuracy of IP address assignment
>logs, in that it has since become a legal requirement to keep these records,
>however the logging equipment has, to the best of my knowledge, not been
>properly audited.  The typical logging mechanism will record when an address
>has been assigned, but if a log-write operation fails, it could be
>interpreted that an IP address was still assigned to the previous
>subscriber.

see #2.2.3 in my thesis :)

        http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-653.html

and most of the rest of the chapter is relevant if you think that
traceability is always perfect :)

my rates for expert witness work are available on request :)

>Questions have already been raised by at least one of the 800 people Virgin
>Media sent warning letters accusing them of copyright violations.  I hate to
>think a conviction or worse rests on a logging mechanism which has not yet
>come under close scrutiny in court (to the best of my knowledge).

RADIUS logs (or their moral equivalent) do need to be looked at
carefully ....  but the existence of both START and END events should
mean that unless there are multiple failures, you can at least know that
there is uncertainty.

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSH9+aZoAxkTY1oPiEQIsrACgnftWoI38WvRzo8STDnvHTvBRHWgAn2ac
Dnn0DbTvvXWGIUdVLFERN18Q
=8WdK
-----END PGP SIGNATURE-----