1. Transmitter’s IP address
2. Receiver’s IP address
3. Transport protocol
4. Transmitter’s port number
5. Receiver’s port number
6. Time for the start and end of the communication

So what does this leave us with? Sure, we can see what machine you connect to and how long your connection lasts, so for the fun of it, and because this is about as ridiculous as it gets, I decided to take a try at logging all my TCP connects/disconnects an entire afternoon and evening and see what that would lead us to discover about me. Since the originating IP in this instance is a bit irrelevant, let us focus on the receiver’s IP address and port number.

A day’s worth of log information takes up a good bunch of lines, so instead of going through all of it, I will go through enough of it to illustrate the pointlessness of the entire thing. This took less than eleven minutes to do.

11:43:11 - 11:43:13: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:11 - 11:43:16: 81.19.246.12:www (RDNS N/A)
11:43:11 - 11:43:20: 81.19.246.12:www (RDNS N/A)
11:43:12 - 11:46:41: 193.88.32.86:www (RDNS N/A)
11:43:13 - 11:43:14: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:13 - 11:43:20: 81.19.246.12:www (RDNS N/A)
11:43:15 - 11:43:16: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:15 - 11:43:16: 64.158.223.144:www (RDNS img.snv.mediaplex.com)
11:43:20 - 11:43:27: 81.19.246.12:www (RDNS N/A)
11:43:29 - 11:43:31: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:31 - 11:43:55: 81.19.246.12:www (RDNS N/A)
11:43:32 - 11:43:33: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:34 - 11:43:35: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:35 - 11:43:36: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:35 - 11:43:36: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:37 - 11:43:40: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:37 - 11:43:43: 81.19.246.12:www (RDNS N/A)
11:43:38 - 11:48:51: 80.167.236.88:www (RDNS a80-167-236-88.deploy.akamaitechnologies.com)
11:43:38 - 11:49:19: 80.167.236.88:www (RDNS a80-167-236-88.deploy.akamaitechnologies.com)
11:43:39 - 11:43:45: 81.19.246.96:www (RDNS N/A)
11:43:49 - 11:44:14: 128.242.125.13:www (RDNS N/A)
11:43:51 - 11:43:53: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:51 - 11:43:52: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:51 - 11:43:55: 81.19.246.12:www (RDNS N/A)
11:43:54 - 11:43:55: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:54 - 14:20:33: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:55 - 11:43:56: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:55 - 14:20:35: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:55 - 11:44:04: 81.19.246.12:www (RDNS N/A)
11:44:00 - 11:44:01: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:00 - 11:44:01: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:02 - 11:44:03: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:02 - 11:47:13: 64.158.223.128:www (RDNS ad.snv.mediaplex.com)
11:44:02 - 11:44:16: 83.133.64.252:www (RDNS N/A)
11:44:03 - 11:44:05: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:03 - 11:44:05: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:03 - 11:46:36: 193.88.32.86:www (RDNS N/A)
11:44:04 - 11:44:09: 81.19.246.12:www (RDNS N/A)
11:44:06 - 11:44:07: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:07 - 11:44:08: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:09 - 11:44:14: 81.19.246.12:www (RDNS N/A)
11:44:10 - 11:44:12: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:14 - 11:44:17: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:15 - 11:44:20: 81.19.246.12:www (RDNS N/A)
11:44:19 - 11:44:20: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:20 - 11:44:21: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:20 - 11:44:23: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:20 - 11:44:47: 128.242.125.13:www (RDNS N/A)
11:44:20 - 11:44:32: 83.133.64.252:www (RDNS N/A)
11:44:22 - 11:44:23: 193.88.71.163:www (RDNS N/A)
11:44:24 - 11:44:26: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:27 - 11:44:28: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:28 - 11:44:29: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:29 - 11:44:32: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:30 - 11:44:32: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:37 - 11:44:38: 77.79.194.194:www (RDNS 77.79.194.194.adocean.pl)

To people who have spent some time looking into DNS, it should come as no surprise that reverse DNS is shaky at best, since most companies either don’t have the correct PTR records or they do not have them at all. So what did trigger all these calls to adtech? Well, that’s fairly easy: I visited pol.dk, which is the 81.19.246.12 entry above without an available reverse DNS. Pol.dk is the online version of the Danish newspaper Politiken, which is slightly on the left of the political spectrum, so if I consistently visit this news source as my primary source for news, people watching the logs could probably peg me to be on the left of the political spectrum as well.

11:52:16 - 11:52:17: 66.35.250.150:www (RDNS slashdot.org)
11:52:17 - 11:52:18: 216.73.86.153:www (RDNS annymegaadvip3.doubleclick.net)
11:52:18 - 11:52:22: 69.28.241.125:www (RDNS static-vip.srv.jobthread.com)
11:52:19 - 11:52:29: 66.35.250.55:www (RDNS images.slashdot.org)

Next is a trip around Slashdot to check for the latest geekish news. A huge portion of their readers are strong privacy advocates and for the most part they think copyright is too far-reaching in its current form and refer to MPAA and RIAA as the MAFIAA. At least the vocal part of their readers seem to hold these opinions. If I follow a lot of the yro.slashdot.org stories (your rights online) then odds are that I am also interested in these things and hold these views; however, from this log entry we can only tell that I’ve visited the main slashdot site.

11:52:23 - 11:52:24: 212.187.213.175:www (RDNS uk-pix05.quantserve.com)
11:52:56 - 11:53:00: 66.96.26.214:www (RDNS uf.ServerNorth.net)
11:52:56 - 11:53:17: 82.165.177.183:www (RDNS u15185240.onlinehome-server.com)
11:52:57 - 11:53:05: 209.172.63.166:www (RDNS iw-fb-apache-2.zeservers.com)
11:52:58 - 11:53:00: 66.96.26.214:www (RDNS uf.ServerNorth.net)
11:52:58 - 11:53:01: 66.207.163.2:www (RDNS N/A)
11:52:58 - 11:53:01: 64.131.83.210:www (RDNS princess.questionablecontent.net)
11:52:59 - 11:53:00: 64.4.241.33:https (RDNS www.paypal.com)
11:52:59 - 11:53:00: 64.4.241.33:https (RDNS www.paypal.com)
11:52:59 - 11:53:04: 209.172.63.166:www (RDNS iw-fb-apache-2.zeservers.com)
11:52:59 - 11:53:10: 66.96.26.211:www (RDNS uf2.ServerNorth.net)
11:52:59 - 11:53:09: 66.96.26.211:www (RDNS uf2.ServerNorth.net)
11:52:59 - 11:53:10: 66.220.2.5:www (RDNS ['ns1.keenspot.com', 'ns1.keenspace.com', 'binky.keenspace.com'])
11:53:00 - 11:53:10: 208.122.4.178:www (RDNS N/A)
11:53:00 - 11:53:01: 207.7.147.85:www (RDNS optimize.indieclick.com)
11:53:00 - 11:53:01: 64.4.241.33:https (RDNS www.paypal.com)
11:53:00 - 11:53:01: 204.11.109.21:www (RDNS a.tribalfusion.com)
11:53:01 - 11:53:08: 208.122.4.178:www (RDNS N/A)
11:53:01 - 11:53:05: 74.208.78.7:www (RDNS s214871675.onlinehome.us)
11:53:01 - 11:53:27: 66.220.2.5:www (RDNS ['ns1.keenspot.com', 'ns1.keenspace.com', 'binky.keenspace.com'])
11:53:02 - 11:53:05: 66.220.2.19:www (RDNS nineteen.keenspot.com)
11:53:02 - 11:53:09: 69.17.116.124:www (RDNS webhosting.speakeasy.net)
11:53:02 - 11:53:05: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:03 - 11:53:13: 69.17.116.124:www (RDNS webhosting.speakeasy.net)
11:53:04 - 11:53:05: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:04 - 11:53:14: 66.96.26.211:www (RDNS uf2.ServerNorth.net)
11:53:04 - 11:53:14: 66.96.26.211:www (RDNS uf2.ServerNorth.net)
11:53:05 - 11:53:06: 67.15.50.37:www (RDNS ev1s-67-15-50-37.ev1servers.net)
11:53:05 - 11:53:13: 66.249.93.166:www (RDNS ug-in-f166.google.com)
11:53:05 - 11:53:09: 69.17.116.124:www (RDNS webhosting.speakeasy.net)
11:53:05 - 11:53:11: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:06 - 11:53:13: 66.249.93.166:www (RDNS ug-in-f166.google.com)
11:53:06 - 11:53:11: 66.207.163.2:www (RDNS N/A)
11:53:07 - 11:53:25: 12.18.170.211:www (RDNS frost.mtaonline.net)
11:53:08 - 11:53:13: 216.197.119.157:www (RDNS N/A)
11:53:08 - 11:53:11: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:09 - 11:53:10: 207.7.147.85:www (RDNS optimize.indieclick.com)
11:53:09 - 11:53:11: 66.207.163.2:www (RDNS N/A)
11:53:09 - 11:53:10: 195.78.94.245:www (RDNS N/A)
11:53:10 - 11:53:25: 66.220.2.19:www (RDNS nineteen.keenspot.com)
11:53:10 - 11:53:11: 8.7.217.43:www (RDNS N/A)
11:53:10 - 11:53:11: 204.11.109.24:www (RDNS a.tribalfusion.com)
11:53:11 - 11:55:28: 209.101.90.33:www (RDNS dndorks.com)
11:53:11 - 11:53:13: 66.33.217.213:www (RDNS basic-kant.dawber.dreamhost.com)
11:53:11 - 11:53:12: 80.252.93.102:www (RDNS N/A)
11:53:11 - 11:53:13: 195.78.94.245:www (RDNS N/A)
11:53:12 - 11:53:19: 66.207.163.2:www (RDNS N/A)
11:53:12 - 11:53:13: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:12 - 11:53:15: 72.29.92.15:www (RDNS server.whiteninjacomics.com)
11:53:13 - 11:54:22: 192.217.199.107:www (RDNS N/A)
11:53:13 - 11:53:19: 66.207.163.2:www (RDNS N/A)
11:53:13 - 11:53:19: 66.33.217.213:www (RDNS basic-kant.dawber.dreamhost.com)
11:53:14 - 11:53:17: 64.131.83.210:www (RDNS princess.questionablecontent.net)
11:53:15 - 11:53:16: 216.197.119.157:www (RDNS N/A)
11:53:15 - 11:53:19: 209.101.90.33:www (RDNS dndorks.com)
11:53:16 - 11:53:17: 8.7.217.43:www (RDNS N/A)
11:53:16 - 11:53:20: 64.233.171.104:www (RDNS rn-in-f104.google.com)
11:53:16 - 11:53:20: 64.233.171.104:www (RDNS rn-in-f104.google.com)
11:53:17 - 11:53:18: 8.7.217.43:www (RDNS N/A)
11:53:18 - 11:53:24: 208.122.4.178:www (RDNS N/A)
11:53:18 - 11:53:24: 208.122.4.178:www (RDNS N/A)
11:53:18 - 11:53:29: 66.249.93.166:www (RDNS ug-in-f166.google.com)
11:53:20 - 11:53:22: 207.44.216.40:www (RDNS 1002-3.lowesthosting.com)
11:53:20 - 11:53:22: 66.228.125.212:www (RDNS server3.blibs.com)
11:53:23 - 11:53:24: 217.163.21.31:www (RDNS ad1.vip.rm.ch1.yahoo.net)
11:53:23 - 11:53:24: 217.163.21.31:www (RDNS ad1.vip.rm.ch1.yahoo.net)
11:53:24 - 11:53:42: 69.89.31.88:www (RDNS box288.bluehost.com)

This bunch of sites are the webcomics I read. There are a few of them, as you can see. Now, we don’t actually need to go any further than this in dissecting my personal browsing habits to see where this falls apart. A few of them are hosted on a hosted solution for a bunch of webcomics on keenspot. So how do we discern between what we actually visited on that specific address given the logs? Well, you can’t! This has all to do with the fact of how webservers host non-SSL webpages.

At the core level a webserver runs on a machine, typically listening on port 80 (the www port). This webserver may provide any number of pages using what in the Apache world is known as virtual hosts, so if you request a page from foo.com it will serve you one set of pages, and if you request a page from bar.com it will serve you another set of pages, but all this will happen just by you connecting to port 80 on some machine. If we couple this with the fact that a terrorist could be running a webserver that serves two sites: a reputable site that logs calls and a shady terroristy site (advocating privacy, or what have you) that does not log visits then it does not require huge amounts of training in Computer Science or in systems administration in general to quickly see zillions of ways through this.

Fortunately we have expert politicians dealing with these things. In fact, in Danish law we have something called §20 questions where a minister can be forced to answer some question from a member of parliament (folketinget). Here we have a question asking the justice minister’s opinion on the fact that a survey indicated that 54% of educated Engineers and Computer Scientists thought they could circumvent the legislated logging. For the non-Danish readers I will translate the minister’s answer:

I have no further knowledge of the survey that is referred in the question, including how and on what accounts Computer Scientists and Engineers think they can circumvent the requirements in the logging proclamation.

The purpose of the rules on logging is to prevent and solve very serious crime and it is difficult for me to imagine that Computer Scientists and Engineers in general would have a wish to try to circumvent the rules in this area.

It should be noted that it, in itself, will cause an increased attention on a person if the police, in the course of an investigation of a person, discover that he has tried to circumvent the logging proclamation.

In other words, it is suspicious to circumvent the logging, even though over half the higher educated IT workforce believe they can circumvent it without issues. I guess the criminals are extra fearful on account of this, it’s not as if the criminals are breaking a bunch of other laws already. Since I prefer to not be a suspect, I will not regale you with the ways this can be circumvented, but suffice it to say, the law is a joke, and the justice minister’s understanding of the implications are a joke. If it wasn’t so very sad, I’d probably be laughing my ass off.

If you wish to redo this experiment, or if you just want to see exactly how much information is logged about what you are doing online, grab a copy of tcpspy and leave it running for a while. If you are in Denmark, then all this is logged and is related to you personally (another requirement of the proclamation), or rather it is related to the account holder of the internet connection you are using, because there is no way to discern between the individuals using a connection, and it is saved for a year and made available for all investigations into ‘serious crime’. Welcome to the surveillance society, your privacy is gone.

Today the privacy of the individual has been given a devastating blow.

The man who trades freedom for security does not deserve nor will he ever receive either.

Sources:

• Data retention is no solution
• Statewatch (I expect the news will scroll off the page in the future, but there’s no direct link I can find)
• BBC
• Politiken (Danish)

With that out of the way, how come an otherwise politically disinterested member of the European Union takes this up on his blog? Why does he have to anyway, haven’t the ministers read Orwell’s 1984? Or perhaps more contemporarily relevant we have Scott Adams’ The Religion War that illustrates what may happen when we push our privacy aside in order to “fight” “terrorism”.

So let us ignore my dysfunctional paranoia for a moment, if you would like to call it that, and look at what is taking place for fighting terrorism in this thing. We have a directive that has been four years under way, that has been sought silently accepted by the council and is being pushed as a fast-track item for approval of non-controversial laws in the parliament later this month, on a first reading. If this law is really that useful for doing societal analysis for the police why not let it stand up to a full scrutiny of a second reading? Why push this hard so the public has almost no time to respond or take notice of it? I consider it more chance than not that I discovered they were actually trying to pass this directive this month already. I am appalled.

So what does this law do anyway? The data rentention law makes it mandatory for all telecommunications and internet service providers to retain all traffic data for no less than six months and no more than two years (four years have been mentioned as well). So what does this mean? It means that your location when you call someone is stored. It means that who you send mails to are stored. It means what websites you visit are stored. A complete blueprint of your interactions with people will be stored, available to the police and other parties that need the data (but more on this in a few seconds). Of course, I might just be pessimistic, but with the many millions of citizens in Europe, how many false-positives will we have? How much invasion of our privacy must we allow in order to ward off terrorists? Will it ward them off at all or will they just invent new and innovative ways to communicate? By accepting these things are we not doing what the terrorists intended in the first place? Giving up our freedoms and accepting a controlled and monitored society in order to lull us into a false sense of security? It saddens me.

The directive states that the data should only be made available in connection to a serious crime or terrorism. So far so good, it has been limited a bit (not enough, but a bit). Now, I live in the EU and I have a vague inkling of an idea about how the EU legislative aspects work, but only a very vague idea. For the uninitiated the member states are allowed to make exemptions to the directives (to some degree that I haven’t figured out yet). It intrigues me to see that some member states have sought not to limit this directive to only serious crime, they want it to be available in connection to any crime at all. This is where the interest organisations for the music industry enter and try in their righteous indignity to have the data available in order to prosecute copyright infringers. Copyright infringers! As if it wasn’t bad enough that we give up our privacy to fight terrorism, we have to give it up so an irrelevant industry fighting for its existential right can extort money from kids whose crime it is to love music and wanting to share it with their friends (yes, I realise there are other aspects to copyright infringement, but let us ignore that for the moment. They’re ignoring our privacy anyway)! The temerity! I am shocked.

So with sadness I sit here and think on the future. No, not sadness, that’s too mild. I sit here looking into the vast decrepit, dystopian future. When I want to talk to someone without being monitored I will have to remember not to use my computer as that leaves a digital trail that will be stored. I shall remember to turn off my cell phone as its location will be tracked (so far only when I make calls, sure, but entertain the thought for a bit). I will have to disappear from the communications grid altogether if I want a confidential conversation with someone. How long until the day where it becomes illegal to do this? You know, in the cause of fighting terrorism. When will I have to register all my friends in order to be allowed to call them, as with Adams’ The Religion War?

Let us hope that this law will not be passed when the parliament convenes between the 12th and the 15th. We do not welcome a new and fascist regime. We value our privacy rights. I will hope, but it seems irrational to me. Frightfully irrational. A sad day for Europe indeed.