I knew this was coming

keatron

http://abcnews.go.com/Technology/wireStory?id=2692400

JDMurray

Corporations have already been doing this for years, they just have a new name for it now. Before it was called "server backup tapes."

keatron

Yeah. One problem is a lot of companies (the ones that are a little too small to host their own exchange servers), have absolutely no backup strategy for email. They basically assume their ISP who usually hosts their email has this taken care of, and in most cases they don't by default.

Plantwiz

So with this 'new' information does this require ISPs to now also retain all data? If they didn't by default, woudn't this make them have to?

sprkymrk

I'd like to see if the federal and state courts IT departments are actually saving everything they are requiring corporations to save.

Hey Judge - sweep your own front porch before you complain about the neighbors porch. What are your IT guys doing to save all your emails and IM's to your wife and kids and girlfriends?

keatron

ISP's have been instructed to retain certain information for certain amounts of time for years. Whether or not they're actually doing it is an entirely different story. It's going to interesting to see how the first case shakes out when the authorities try enforce this.

JDMurray

I am not aware of any specific legislation requiring ISPs to retain their customer's usage logs for a specific amount for time. I know that the FBI has been continually confounded by ISPs not having logs for a specific user for a specific past period of time, and there's never any charges of failing to comply with regulations against the ISP. The best they can do is serve a warrant to start "tapping" the user's activities from the current point in time.

Silver Bullet

I have yet to see which type of businesses this ruling effects.

Is it for all businesses?

I can see where this makes sense for some larger corporations, but this just sounds absurd for smaller businesses to have to follow.

Are the company's users going to be charged with "virtual shredding" for deleting emails before the backup was ran?

garv221

If the goverment is serious about this they need to offer some kind of tax relief to these potential companies to invest in proper technology to comply. I am sure as hell not spending out of my already taxed budget to bend over backwards for the gov.

JDMurray

Silver Bullet wrote:

Are the company's users going to be charged with "virtual shredding" for deleting emails before the backup was ran?

Not the company's users, the company itself is responsible for preserving a copy of all electronic communications--if the company is currently under federal litigation. Copying over a backup tape or deleting emails off a server--even Spam emails--can be considered destruction of evidence.

keatron

Keep a watchful eye on the news and other media outlets over the next couple of years. As the government continues to get slammed for wiretapping and other snoopish activities, watch how it is slowly revealed that all the major carriers have been participating all along.

Please read this article. And I can tell you AT&T is certainly not alone. The thing that most people don't realize is that all the smaller carriers are for the most part using the larger carriers equipment and infrastructure. They're almost like "resellers" if you will. Again, pay close attention as more of this comes out.

http://www.wired.com/news/technology/0,70621-0.html

Company states: "Your Honor, we don't currently host any of our own stuff and our ISP does not have the capabilities to log it for us"

ISP replies: "Sir, that's not entirely accurate"


This is why security get's more interesting every day. A lot of the things we as consultants and infosec professionals have been recommending and calling best practices are now being forced on most corporations. And mark my word, this trend will continue.

Plantwiz

Keatron, interesting 'location' on your avatar

I was just thinking how much more challenging it will be to 'unplug' moving forward. Look how tough it is to fix your automobile today compared with 25 years ago? Pretty soon you probably won't be able to rotate your own tires without resetting the comptuer.

Though the trend has been to move away from paper in offices we seem to 'keep' much, much more today due to the 'ah how much space does a MB take compared to a file cabinents?"

Plantwiz

Just read your link Keatron....just gotta ask.... if it took until the year 2006 before the 'average' US citizen realized that they are being watched or can be watched all the time, then Hollywood hasn't been a doing a good job

"Sneakers" anyone?
(plus there are many other titles that bring this up).

Seriously, I was a bit surprised at how many people didn't have a clue that their phone calls could be monitored. I think we discussed it way back in High School Gov't if I remember correctly.....certainly high schoolers discuss this still today don't they?

keatron

This is true. But it's the same as people who work for companies. They logon to the network EVERYDAY and see the same group policy interactive logon banner that clearly states all internet communications are logged, but yet and still they look at inappropriate sites, and do all kinds of other stupid things that get them fired or sent to jail. It's like they "know", but at the same time they are "unaware". It just goes to show how much the general public is controlled by the media. If the media does not talk about it, it's like it's not happening. I even hear people tell me directly sometimes "if that were true it would be all over the news". I told a group of infosec professionals recently that most sizeable banks are compromised RIGHT NOW whether the owners know it or not. I followed it by saying that every device that is connected to the internet can be compromised at will RIGHT NOW. One of the attendees politely raised his hand and said, "Why haven't we seen any of this in the newspaper" Though I didn't say it, the first thing that came to my mind was "are you freakin serious!!!!!??!!!!. Keep in mind this was a CISO (Cheif Information Security Officer) for an extremely large and well known company. THAT scared the mess outta me.

elover_jm

keatron wrote:

This is true. But it's the same as people who work for companies. They logon to the network EVERYDAY and see the same group policy interactive logon banner that clearly states all internet communications are logged, but yet and still they look at inappropriate sites, and do all kinds of other stupid things that get them fired or sent to jail. It's like they "know", but at the same time they are "unaware". It just goes to show how much the general public is controlled by the media. If the media does not talk about it, it's like it's not happening. I even hear people tell me directly sometimes "if that were true it would be all over the news". I told a group of infosec professionals recently that most sizeable banks are compromised RIGHT NOW whether the owners know it or not. I followed it by saying that every device that is connected to the internet can be compromised at will RIGHT NOW. One of the attendees politely raised his hand and said, "Why haven't we seen any of this in the newspaper" Though I didn't say it, the first thing that came to my mind was "are you freakin serious!!!!!??!!!!. Keep in mind this was a CISO (Cheif Information Security Officer) for an extremely large and well known company. THAT scared the mess outta me.

surprised!?

ok... well don't be surprised if you meet others like him

i guess no matter how much of a professional you are there is always somtin new to learn in this world of technology.