What do you think about communications data collection and storage?

[Igor Mozolevsky]

2009/5/1 Roland Perry:

> One of the fallacies (which I've been pointing out for at least the last
> eight years) is that the communications data for a particular communication
> is a static thing.

That still doesn't address what is actually being recorded and more
interestingly where. The where part matters a fair bit here - for
example, if the data was sniffed out from the wire and logged at the
application layer, mounting a DoS on all of the sniffers is fairly
easy - you just have to mount a sizable frag attack and exhaust
sniffers' buffers and they will either be unable to take any more
traffic after that (while waiting to reassemble buffered packets) or
(more likely) crash... Even the script kiddies know how to use frag
attacks to bypass I(D|P)Ses and deliver attack data to the target, so
why is there a perception that any serious criminal would send data in
clear text and essentially get `logged' this way?

Besides, this reflects the situation with CCTV - the whole logging
initiative is not going prevent crime. Instead, it merely *may*
provide some corroborating evidence of a crime. Except, one needs to
be much more technically skilled to look at logs, correlate them and
figure out what is going on than to look at CCTV footage. Then there
are technical factors like, clock drift between logging hosts...

> To return to a postal/courier analogy...

[snip]

The problem with the postal analogy is that a) the whole address is
written on the packet and b) whatever is going to that address is
nicely wrapped inside and can be viewed with an x-ray machine or
opened up for inspection. Neither of the two are true in the Internet
world.