IP Technical question

[Ian Batten]

On 29 Jan 09, at 1017, Roland Perry wrote:

> In article <20090128232029.GH77888@davros.org>, Clive D.W. Feather <clive@davros.org 
> > writes
>>> Of course, many of the parameters defined in Data Retention  
>>> documents
>>> don't really apply to certain types of connection. What use is the  
>>> "log
>>> in" and "log off" times for even those ADSL connections that do  
>>> have a
>>> username/password?
>>
>> See my presentation to Parliamentarians:
>>
>> <http://www.davros.org/presentations/retention-20060110.html>
>
> The wording in the Directive bears a strong resemblance to previous  
> drafts of the abortive Framework Decision (available for the  
> previous 12 months) - what seems to have been missing here isn't so  
> much people noticing a need for re-drafting of the technical bits,  
> but getting amendments [1] placed and accepted during the summer of  
> 05 (although 7/7 was a bit of a distraction, I agree).

Let's consider my scenario, as a moderately competent cobbler, fed up  
with accusations that my children are ill-shod, who has recently  
sorted out his home network.

All the machines in my house talk IMAP+TLS and SMTP+TLS to a  
mailserver in a data centre.  When in the office I (for complex  
reasons that aren't interesting) tunnel IMAP+TLS and SMTP+TLS through  
SSH.

Out of respect for my hosts I don't have an IPSec tunnel or similar  
between home and a copy of squid on my private server, through which I  
would route HTTP, but it would be a matter of moments to set such a  
thing up.

Now the service as it happens is subject to EU law, and as it happens  
sends and receives mail via the data centre owner's mailers (as a  
glance at the headers will reveal).  But that's the merest  
happenstance, and a convenience so I can get in my car and repair the  
machine when it fails.  I could equally well be, and have indeed  
considered, renting a zone on a Solaris box or the FreeBSD / Linux /  
VMware equivalent in the US, the USSR or the Cayman Islands.  It would  
cost me little more than a handful of beans for the only communication  
in and out of my site to be heavily encrypted traffic headed for a  
location completely outside UK jurisdiction.

Now I'm not up to no good: I just can't be bothered to deal with  
malware and such at home, nor worry overmuch about the security of my  
ISP, so I have arranged matters so that concentrated plaintext (ie  
mail in quantities of more than one) isn't shipped or stored other  
than either encrypted or on machines I trust.  I'm not a heavy-duty  
security dude, but I'm reasonably confident about securing Solaris  
boxes against script-kiddies, and that's all my risk assessment  
worries about.  I'm doing the equivalent of locking my car doors on  
the assumption they'll steal the unlocked car next door instead.

I obviously run my own name servers, so there are no logs of DNS  
requests at an obvious central point.

So today, logs of my mail sending and receipt exist, within my hosts'  
logs.  But it would be trivial to arrange matters otherwise, and which  
point I would generate no logs whatsoever.

Now the argument runs that the data retention directive is about  
preserving information that already exists, rather than creating new  
classes of records.  But surely, anyone up to no good would take  
precautions roughly like mine?

ian