Re: question regarding US requirements for journaling public email (possible legislation?)

[Fred Baker <fred () cisco com>]

On Jan 5, 2012, at 10:42 AM, William Herrin wrote:

> On Thu, Jan 5, 2012 at 10:56 AM, Eric J Esslinger <eesslinger () fpu-tn com> wrote:
> > His response was there is legislation being pushed in both
> > House and Senate that would require journalling for 2 or 5
> > years, all mail passing through all of your mail servers.
>
> Hi Eric,
>
> The only relatively recent thing I'm aware of in the Congress is the
> Protecting Children From Internet Pornographers Act of 2011.

Since you bring it up, I sent this to Eric a few moments ago. Like you, IANAL, and this is not legal advice.

> From: Fred Baker <fred () cisco com>
> Date: January 5, 2012 10:46:30 AM PST
> To: Eric J Esslinger <eesslinger () fpu-tn com>
> Subject: Re: question regarding US requirements for journaling public email (possible legislation?)
>
> I don't know of anything on email journaling, but you might look into section 4 of the "Protecting Children From 
> Internet Pornographers Act of 2011", which asks you to log IP addresses allocated to subscribers. My guess is that 
> the concern is correct, but the details have morphed into urban legend.
>
> http://www.govtrack.us/congress/billtext.xpd?bill=h112-1981
> http://www.techdirt.com/articles/20110707/04402514995/congress-tries-to-hide-massive-data-retention-law-pretending-its-anti-child-porn-law.shtml
>
> I'm not sure I see this as shrilly as the techdirt article does, but it is in fact enabling legislation for a part of 
> Article 20 of the COE Cybercrime Convention http://conventions.coe.int/Treaty/en/Treaties/html/185.htm. US is a 
> signatory. Article 21 is Lawful Intercept as specified in OCCSSS, FISA, CALEA, and PATRIOT. Article 20 essentially 
> looks for retention of mail/web/etc logs, and in the Danish interpretation, maintaining Netflow records for every 
> subscriber in Denmark along with a mapping between IP address and subscriber identity in a form that can be data 
> mined with an appropriate warrant.

I can't say (I don't know) whether the Danish Police have in fact implemented what they proposed in 2003. What they 
were looking for at the time was that the netflow records would be kept for something on the order of 6-18 months. 

From a US perspective, you might peruse

    http://en.wikipedia.org/wiki/Telecommunications_data_retention#United_States

The Wikipedia article goes on to comment on the forensic value of data retention. I think it is fair to say that the 
use of telephone numbers in TV shows like CSI ("gee, he called X a lot, maybe we should too") is the comic book version 
of the use but not far from the mark. A law enforcement official once described it to me as "mapping criminal 
networks"; if Alice and Bob are known criminals that talk with each other, and both also talk regularly with Carol, 
Carol may simply be a mutual friend, but she might also be something else. Further, if Alice and Bob are known 
criminals in one organization, Dick and Jane are known criminals in another, and a change in communication patterns is 
observed - Alice and Bob don't talk with Dick or Jane for a long period, and then they start talking - it may signal a 
shift that law enforcement is interested in.