In this CNET article by Declan McCulagh, he reports that the DoJ is planning to request mandatory data retention by Internet providers. Their argument is that the lack of data retention is interfering with law enforcement’s ability to investigate cases. This implies some kind of shift in the balance of privacy vs. access. No such shift has taken place.

I think that they are more frustrated by the fact that a huge potential gold mine of information is out there to which they don’t have access. Prior to the various modern technological revolutions people used pay phones, sent letters, and paid cash for toll roads.

Now they use Twitter, SMS, Facebook, Email, cell phones, electronic toll payment etc. There is way more information available to law enforcement now than before. The fact that this data retention is only on the Internet may make people feel better, but one would certainly learn more about me from my Internet activities than from following me around physically.

Lets look at what is being asked for with a real world analogy. This is like saying that the US Postal Service should photograph and database the address, and return address, on every letter which goes through the system. Physically is it like saying the cell phone company should record and retain my GPS location at all times. Either of those would actually be much less intrusive than monitoring how I use the Internet at all times.

Lets not get in to the cost of maintaining these records or the issues with leaks or hackers. Consider the Chinese attacks on dissident Google accounts. This plan would ensure that such information was much more widely maintained.

At this point it appears to be a only a request. I am curious to see how this evolves over the congressional term.

India to Monitor Google and Skype – WSJ.com.

As an extension of their policy of pushing for access to encrypted communications on RIM BlackBerry devices, they are now demanding access to data from both Google and Skype. India is demanding that Skype and Google install servers within India so the government can access the information on Indian users.

Obviously bad guys can trivially bypass this through the use of VPNs and by taking care to use servers located outside of India. The real impact will be to open all legitimate Internet users to universal surveillance.

The Wall Street Journal has been running an excellent series of articles on commercial tracking technologies used by websites and advertisers to profile and target you. Many will be shocked by the level of detail in the collected information and the scope of its collection.

This information is used for targeting advertising, but also (and worse) for giving you different information, offers, and prices.

Your Privacy Online – What They Know – WSJ.com The main page for this set of reports

On the Web’s Cutting Edge, Anonymity in Name Only – WSJ.com: talks about some of the specific tracking technologies and how they are used.

Lawsuit Tackles Files That ‘Re-Spawn’ Tracking Cookies – Digits – WSJ talks about new kinds of tracking methods that allow you to be tracked and identified even if you change IP address and delete cookies in your browser.

Personal Details Exposed Via Biggest U.S. Websites – WSJ.com: talks about how many of the largest and best know sites on the web are actively participating in this tracking trend. In some cases the WSJ found over 100 different tracking tools on a single website.

Social Networkers Risk More Than Privacy | Privacy Digest

Here is another story about how bad people can use your social network presence against you. In this case, it is about home burglars using information about travel and vacation plans. This really demonstrates why I have this ambivalent relationship with social networking. On the one hand, I love being able to find and reconnect with old friends. On the other, I feel unable to use more than a tiny fraction of the capability because of the identity theft, privacy, and physical security issues associated with really opening myself to the world.

I even agonize over whether I should only “friend” real friends, so only they can see some of the content on my page. The other option is to accept everyone so analysts can’t tell who my real friends are from looking at my network.

In general I have opted out. Even anonymity is a tricky thing in this context. If I go in totally anonymously, then I really get very little benefit from the site. If I try to be anonymous but still connect with friends, the anonymity will be tissue thin and instantly penetrated by anyone interested.

The Proxy Fight for Iranian Democracy – Renesys Blog

This is an article worth reading and understanding. The gist is that the use of proxies to evade censorship in Iran is failing. They are now getting blocked faster than they can be created. This is a basic flaw in the idea of simply deploying a proxy and promoting it. One must assume that the Iranian censors are monitoring the same channels you are trying to use to promote the proxy. After all, a proxy no one knows about is of little use. Public open proxies are similarly doomed because the Iranian censors can use the same discovery tools you do to find such proxies. Also, once you try to let people know about them, the same problem applies as with new proxies.

Distribution of a given proxy address to only a small number of people solves that problem, but it is very limiting. It takes tremendous numbers of proxies to serve a large population, and only those with contacts who have set up proxies are protected.

There are solutions to these problems, but they require substantial technical skills and resources to implement.

If you have contacts within Iran, do what you can to set up closed proxies that they can use to bypass censorship. In the short run, it is an effective action you can take right now. A good place to start would be here.