What do you think about communications data collection and storage?

Richard Clayton ukcrypto at chiark.greenend.org.uk
Fri, 8 May 2009 12:06:32 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <alpine.LFD.2.00.0905071632540.2892@melandri.jakma.org>, Paul
Jakma <paul@jakma.org> writes

>On Tue, 5 May 2009, Roland Perry wrote:
>
>> And why would they be? This issue hasn't overly troubled 
>> investigations in the past, and I see no reason why it's useful to 
>> raise it now.
>
>I guess it won't be till someone acting for a defendent asks for 
>proof that clocks were synchronised...

Making sure that clocks are likely to be correct is an important part of
assessing almost any traceability evidence. The usual problem is a
timezone (or daylight saving) error.  As usual, see my PhD thesis for a
discussion of this (and some examples).  Also keep in mind (see
discussions passim) that traceability is seldom "evidence" but is mainly
used for "intelligence" -- working out which door to smash down, so as
to prosecute on the basis of the evidence found behind that door.

Also, I am puzzled as to why there is any interest in very precise
accuracy. It would be very unusual in the type of equipment with which I
am familiar to re-issue IP addresses which have been in active use for
several minutes. This is because there may still be active sessions for
the previous user of the IP address; and you don't want lots of specious
traffic turning up and being delivered to the new user.

Hence you either run with run with a big pool of addresses, so that the
least recently used one is very likely to be quiescent; or where there
is a fixed allocation (eg to ports on a NAS) you ensure that the port is
not made available again until a little while after the previous user
has departed.

- -- 
richard                       writing to inform and not as company policy

"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSgQSOJoAxkTY1oPiEQJV4ACglGWnnFsdMwLKxlCJkmO4Rm8e83QAoPlv
qspfAEr2+dFL5BfGJrY07oMF
=97g5
-----END PGP SIGNATURE-----