Appendix B File Transfer and Retrieval Logs Tracing a File Directly to an Individual Virtually all online information services, such as America On Line (AOL), Prodigy, Compuserve, and the Internet, contain wealth of files and information in areas known as "file archives". There are many thousands of archives throughout cyberspace, containing files ranging from political information (e.g.: White House press releases, legislation, policy statements, etc.), shareware (free, public domain software), to images from the Hubble Space Telescope. Users can access file archives through a variety of ways depending on the service they subscribe to. For purposes of maintenance, accounting and security, most online services keep records of all transactions involving file transfer and retrieval. Through a simple analysis of these records, one can easily trace a file directly to an individual user. The example to follow will illustrate how such a trace can be accomplished using transactional records from the Internet File Transfer Protocol (ftp), the primary method for transferring and retrieving files over the Internet. FTP provides any Internet user with the ability to retrieve files from any computer on the network. Files available via ftp are stored in 'ftp archives' which can be accessed by a user through the execution of a few relatively simple commands. Every user on an online network is identified by an electronic identity, usually identical to their electronic mail (email) addresses. Individuals control access to their email addresses through a secret personal password. Because email addresses are tied to individual users, and because ftp logs indicate that a specific file has been retrieved, a simple analysis of ftp logs can easily reveal that an individual has retrieved a specific file. FTP Transaction logs This example will trace an individual user's retrieval of a file from the online archives of the Electronic Frontier Foundation (EFF). The file, named 'digitel.faq', contains answers to frequently asked questions about the Digital Telephony legislation. The records below are actual records from EFF's ftp archive (named <ftp.eff.org>) and main computer (<eff.org>) All computers connected to the Internet have names. In this example, it is important to note that <ftp.eff.org> and <eff.org> are two distinct computers. The computer <ftp.eff.org> keeps separate records from the computer <eff.org>. Furthermore, each authorized user has a unique electronic identity, usually same as that individual's electronic mail address (e.g.: brown@eff.org is the user Dan Brown [EFF's system administrator]). A simple correlation of the timestamps on the transactions between the two computers will reveal that Dan Brown retrieved the file 'digitel.faq'. 1. Dan Brown Logs Onto <eff.org> By examining the logs of the computer eff.org, we can determine when a specific individual logged onto and off of the network. This record is displayed below: Because the user 'brown' is linked to Dan Brown through a unique personal password, this record indicates that Dan Brown was logged onto <eff.org> on Friday July 29 between 12:59 and 13:03. II. Dan Brown Executes a File Transfer (ftp) By examining the logs which record the programs run by users on <eff.org>, and noting the times at which those programs were run, we can determine when Dan Brown executed a file retrieval program (ftp). This record is displayed below (printed on July 29 at 13:15): Note that the start and end times correspond to the period of time Dan was logged onto <eff.org>. This record clearly shows that Dan Brown ran the file retrieval program (ftp) between 13:00:21 and 13:01:20. III. Logs from the File Archive Show a File Transfer We now turn our analysis to the records of the computer containing EFF's online file archives (the computer named <ftp.eff.org>). Again, a simple check of timestamps reveals that a user from <eff.org> made a connection using the file transfer program (ftp). These records are displayed below: Note the direct correlation between the times indicated above and the times indicated on the previous two logs. This log shows that the file transfer program run by Dan Brown was exe uted on the computer <ftp.eff.org>, indicating that Dan Brown retrieved a file om EFF's online file archive. IV. Logs from the File Archive Name the File Transferred to Dan Brown One final check of the logs from EFF's online archive show which file Dan transferred to his own computer. We already know that Dan was logged onto the network between 12:59:03 and 13:03:14. We also know that he ran the file transfer program between 13:00:21 and 13:01:20. This has been confirmed by logs from two separate computers. By examining one additional log on the computer containing EFF's online file archive (<ftp.eff.org>), we can see which particular file Dan retrieved. This log is displayed below: Fri Jul 29 13:01:18 1994 1 eff.org 67773 /pub/EFF/Policy/Digital_Telephony/digitel.faq This log shows that the file 'digitel.faq' was retrieved at 13:01:18 by a user logged onto the computer <eff.org>. Note that the exact time of the file retrieval corresponds to the time that Dan Brown was running the file retrieval program (as indicated on the logs described previously). We have seen that Dan Brown was running the file retrieval program between 13:00:21 and 13:01:20. This is confirmed on the logs from both the computer Dan was logged onto (<eff.org>) as well as the computer containing the online file archive (<ftp.eff.org>). Because the logs also show that the only user running the file transfer program at that time was Dan Brown, we have now confirmed that Dan Brown retrieved the file 'digitel.faq'. FTP Logs Reveal the Actions of an Individual User and the Detailed transactional information from online information services enables anyone with access to these records to reconstruct a detailed picture of a user's actions. In this case, the logs show which document the user accessed. Because all users on the Internet and other online services are linked to their electronic identities by a unique password, transactional records which reveal the electronic identity of a user correspond directly with that individual. The electronic identity <brown @eff.org> is always Dan Brown. In the case of this example, transactional records reveal that Dan retrieved the file 'digitel.faq' from the online archives of the Electronic Frontier Foundation. Transactions similar to the one illustrated here occur millions of times each day on computer networks throughout the United States. Furthermore, because computer logs record each and every transaction, it is not difficult to track the actions of any individual using an online service simply by examining such logs. This type of detailed transactional information is not unique to Internet ftp sessions. It is captured in similar forms on computers throughout the online service world. Every time a user logs on to an online service, sends electronic mail, retrieves a file, or joins a discussion group, detailed information is collected in the normal course of completing these transactions. And, since virtually all users of online services are personally linked to their electronic identities by a unique password, all of these transactional records point directly to the actions of individual people. Hon. DON EDWARDS, Subcommittee on Civil and Constitutional Rights, PODESTA ASSOCIATES, INC., DEAR CONGRESSMAN EDWARDS: Enclosed please find a copy of the Final Report of the Privacy and Technology Task Force. The task force was appointed by Senator Patrick Leahy, Chairman of the Senate Subcommittee on Technology and the Law, and consisted of 15 members representing a wide array of business, consumer and privacy interests and experience. The task force was charged with examining new technologies and determining the adequacy and effectiveness of the protections found in current federal law (most notably in the Electronic Communications/Privacy Act). While task force members disagreed at times, strongly-on many issues, we reached consensus on many others. I believe the report raises a number of issues which may be of interest to you, and makes recommendations where possible, presenting alternate viewpoints where consensus was not reached. We delved into many complex and controversial issues facing society today: the privacy of new radio-based communications technologies, Caller ID, government wiretapping, dossier building, restrictions on the dissemination of customer proprietary network information and appropriate uses of information derived from phone calls to 800 and 900 numbers. I hope you find the report useful. Sincerely, JOHN D. PODESTA, CHAIR, Privacy and Technology Task Force. FINAL REPORT OF THE PRIVACY AND TECHNOLOGY TASK FORCE SUBMITTED TO SENATOR PATRICK J. LEAHY INTRODUCTION In August 1990, Senator Patrick Leahy chaired a hearing of the Senate Judiciary Subcommittee on Technology and the Law. The hearing focused on Caller I.D. technology and the Electronic Communications Privacy Act (ECPA). At that hearing, Chairman Leahy became convinced that developments in the area of communications technology required a review of ECPA to ensure that the privacy protections within the statute had not been outdated by new technology. Senator Leahy was interested in an array of perspectives, so a task force was assembled with experts from a wide variety of fields: technology, business, consumer advocacy, the law, and civil liberties. (A list of members is provided in the appendix.) While the group was diverse, it was not constructed for, nor did it hold itself out as, representing every interest or view. The task force was charged by Senator Leahy with examining current developments in communications technology and how they relate to the legal framework for protecting communications privacy. This examination was to focus on the extent to which the law in general, and ECPA, specifically, protects, or fails adequately to protect, personal and corporate communications privacy. The task force studied a variety of newer communication media: cellular phones, personal communications networks, the newer generation of cordless phones, wireless modems, wireless local area networks (LAN's), and electronic mail and messaging. The task force also debated newer technological innovations with a focus on digital transmission of information and out of band communication signalling which is capable of carrying Calling Party Number with a privacy indicator. The task force also considered whether special privacy concerns were raised by the increased service offerings of Caller I.D. and 800 and 900 numbers. The task force examined the extent to which these technologies were regulated by the federal government, either through ECPA or the Communications Act of 1934 and whether they were regulated by state authorities. The task force discussions usually centered on the appropriate balance between privacy rights of one or both of the parties to the communication and the rights of the called party or a third party to employ devices which capture either the substance of a communication or detailed transactional information about the fact of the communication or the parties to it. The task force also discussed the extent to which the government had a right to monitor communications or obtain information about the communicants, by request, by subpoena, or by warrant. As a starting point, the task force agreed that traditional privacy principles, embodied in the Constitution, must guide public policy with respect to communications privacy and the new technologies. Few social and commercial relationships remain unaffected by the introduction of new technologies_such as cellular and cordless phones, electronic mail, bulletin boards, and pagers. Traditional barriers of distance, time, and location are disappearing as our society comes to take these advanced forms of communication for granted. As new technologies become available, a tension is often created between existing societal values and expectations, and the commercial opportunities and outlets for personal expression created by these advances. The task force agreed that peoples' expectations of privacy should not be measured against what is technically possible. People care deeply about their privacy, and cherish the ability to control personal information. Even if they have done nothing wrong, or have nothing to hide, most people are offended if they are denied the ability to keep certain personal information confidential. Crucial to one's sense of self is the right to maintain some decision-making power over what information to divulge, to whom, and for what purpose. The uses of new technologies are always threatening to overtake current law, leaving society without a new set of laws and social mores to limit and define the extent to which new devices can be used to know all we can about each other, often without regard to each other's wish to keep information private. National polls document a growing public demand for privacy protection. A Trends and Forecasts survey released in May 1989 found that seven out of ten consumers feel that personal privacy is very important to them, with many expressing the fear that their privacy is in jeopardy. Half of the people believe new laws are needed to protect their privacy. A May 1990 Harris study concluded: "Particularly striking is the pervasiveness of support for tough new ground rules governing computers and other information technology. Americans are not willing to endure abuse or misuse of information, and they overwhelmingly support action to do something about it." After examining a wide array of technologies, and considering the privacy implications of them all, there were significant points of agreement among task force members. However, the task force did not reach consensus on every question. The goal of this report is to set out points of agreement, to describe areas of controversy, and to recommend areas in need of further examination by the Subcommittee. Emerging communications technologies and the extent of protection by the electronic communications privacy act of 1986 In 1984, Congress undertook to update the 1968 Wiretap Act to extend coverage to new forms of telecommunications. The effort culminated in the passage in 1986 of the Electronic Communications Privacy Act (ECPA). The 1968 Wiretap Act generally limited its protections to voice communications carried on a common carrier network. The 1986 Act expanded protection to voice and nonvoice electronic communications, whether carried on common carrier or through a private network. Title I of ECPA 1) protects wire (voice) or electronic communications, while in transmission, from illegal interception by unauthorized third parties, 2) creates standards and procedures for court authorized electronic surveillance, and 3) regulates when electronic communications firms may release the contents of communications during the transmission process. Title II of ECPA provides legal protection of the privacy of stored electronic communications, from both outside intruders and unauthorized government officials. By helping to ensure the confidentiality of electronic communications, ECPA encourages the development and use of new technologies. ECPA has served as the foundation for legal protection of the privacy of electronic communications. However, five years after ECPA was enacted, a new array of technologies, which were only on the drawing board in 1986, are in the process of being deployed. These new technologies have highlighted the need for a review of the 1986 Act. Specifically, the task force perceived four trends which are challenging the existing statutory scheme for communications privacy: 1) There are a number of new radio-based communications technologies that are in the process of being deployed, that facilitate voice, data, and broadband communications, but that do not fall clearly within the protections afforded by ECPA; 2) There is a movement away from analog to digital transmission, digital being more easily protected at a lower cost; 3) Signalling System 7 which is in the process of being deployed by many of the nation's telephone companies, employs out-of-band signaling, and thereby creates both an opportunity for new services and enhanced concerns about the privacy of transactional information; and, finally, 4) customer premises equipment (CPE) can now perform a wider variety of functions which can be used to enhance or defeat privacy protections. In analyzing these trends, the task force focused on the proper balance between the promise of these new technologies and the privacy rights of those who use elec |