I am signatory no 82 of the Online petition Netizens against Evidence (Amendment) (No2) Act 2012 (here)
What is the essence of the amendment (refer the Bill here)
3. The principal Act is amended by inserting after section 114 the following section: “Presumption of fact in publication
114A. (1) A person whose name, photograph or pseudonym appears on any publication depicting himself as the owner, host , administrator, editor or sub- editor, or who in any manner facilitates to publish or re-publish the publication is presumed to have published or re-published the contents of the publication unless the contrary is proved.
(2) A person who is registered with a network service provider as a subscriber of a network service on which any publication originates from is presumed to be the person who published or re-published the publication unless the contrary is proved.
(3) Any person who has in his custody or control any computer on which any publication originates from is presumed to have published or re-published the content of the publication unless the contrary is proved.
(4) For the purpose of this section—
(a) “network service” and “network service provider” have the meaning assigned to them in section 6 of the Communications and Multimedia Act 1998 [Act 588]; and
(b) “publication” means a statement or a representation, whether in written, printed, pictorial, film, graphical, acoustic or other form displayed on the screen of a computer.”.
EXPLANATORY STATEMENT : Clause 3 seeks to introduce a new section 114A into Act 56 to provide for the presumption of fact in publication in order to facilitate the identification and proving of the identity of an anonymous person involved in publication through the internet.
We are presumed to be the person committing the offense. The explanatory statement clearly describe the intent of the clause is to facilitate the identification of an anonymous person.
That would be me.
Defamation
499. Whoever, by words either spoken or intended to be read or by signs, or by visible representations, makes or publishes any imputation concerning any person, intending to harm, or knowing or having reason to believe that such imputation will harm the reputation of such person, is said, except in the cases hereinafter excepted, to defame that person
Or say
Causing, etc., disharmony, disunity, or feelings of enmity, hatred or ill-will, or prejudicing, etc., the maintenance of harmony or unity, on grounds of religion 298A. (1) Whoever by words, either spoken or written, or by signs, or by visible representations, or by any act, activity or conduct, or by organizing, promoting or arranging, or assisting in organizing, promoting or arranging, any activity, or otherwise in any other manner— (a) causes , or attempts to cause , or is likely to cause disharmony, disunity, or feelings of enmity, hatred or ill will; or (b) prejudices, or attempts to prejudice, or is likely to prejudice, the maintenance of harmony or unity, on grounds of religion, between persons or groups of persons professing the same or different religions, shall be punished with imprisonment for a term of not less than two years and not more than five years.
Let us also look at the Communications and Multimedia Act (here)
The Regulators would first have to identify the identity of the said blogger.
To do that they would have to get a court order to compel Blogger or Wordpress to disclose the email account that is linked to the site. The Second step would be for the Authorities to identify the Internet Protocol Address of the user which uses the particular email address to access the Blogger or Wordpress Admin module for the particular offensive site.
The situation becomes more complex with Twitter Retweets or being mentioned in a tweet or Facebook walls post by 3rd party or or tagged in a FB post or picture.
Do you think that they have the capabilities?
We've seen cases where by the Authorities were able to identify a comment being posted at a particular site.
I still could not figure how the Authorities plan lets say to track an anonymous blogger or a commentor who resides outside our jurisdiction.
The cost of enforcement is far to high for them to get access to the IP or the email account.
Now lets say that this now involves some element of historical activity on the Web and how far back do you track your website visits or the IP of the particular anonymous comment?
FYI Blogger does not have an automatic IP monitoring unlike Wordpress.
This is one of the reason that I use IntenseDebate Comment system as it provides the full IP tracking capabilities for each comment on my site and I calibrate and tag my readers so that I know your behaviour on my site.
How many Bloggers actually do that?
The other aspect that I find rather repulsive is the fact that as Blog admin who does not moderate any comment unless it is an automatic spam filter by Intense Debate I would be presumed as the "Indirect Publisher of the Said Comment"
But are we the only one facing these more stringent control over the cyber space?
Lets travel to UK
And here for the Facebook court order
The Americans in New York are pushing a similar bill
Ours seems like a quick kampung mari solution to solve a rather complex issue without properly evaluating the technical issues involved.
It did not even consider the cooperation of the website owners/operators/blog admins to assist in promoting responsible behavior on the net
In one sentence we are all presumed guilty.
Apekelancau!!
Now lets go into the Technical aspects.. (here) reproduced in full below
So folks do you think Jolobu Bingai is up to task ?
Remember my post on the TBH Inquest? (here)
Are we now banking on his inability to regulate and provide proper guidance to the industry as our only line of defense against the presumption of guilt?
Ada guna jugak si Jolobu bingai nih....
Why don't you show me your powers and identify who I am....
If you can't then 114A cannot be implemented in Malaysia
As you will have people like me "who will be above the Law"
Prohibition on provision of offensive content
211. (1) No content applications service provider, or other person using a content applications service, shall provide content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person. (2) A person who contravenes subsection (1) commits an offence and shall, on conviction, be liable to a fine not exceeding fifty thousand ringgit or to imprisonment for a term not exceeding one year or to both and shall also be liable to a further fine of one thousand ringgit for every day or part of a day during which the offence is continued after conviction.
Improper use of network facilities or network service, etc.
233.
(1) A person who—
(a) by means of any network facilities or network service or applications service knowingly— (i) makes, creates or solicits; and (ii) initiates the transmission of, any comment, request, suggestion or other communication which is obscene, indecent, false, menacing or offensive in character with intent to annoy, abuse, threaten or harass another person;
(b) initiates a communication using any applications service, whether continuously, repeatedly or otherwise, during which communication may or may not ensue, with or without disclosing his identity and with intent to annoy, abuse, threaten or harass any person at any number or electronic address, commits an offence.
(2) A person who knowingly—
(a) by means of a network service or applications service provides any obscene communication for commercial purposes to any person; or
(b) permits a network service or applications service under the person’s control to be used for an activity described in paragraph (a), commits an offence.
(3) A person who commits an offence under this section shall, on conviction, be liable to a fine not exceeding fifty thousand ringgit or to imprisonment for a term not exceeding one year or to both and shall also be liable to a further fine of one thousand ringgit for every day during which the offence is continued after convictionLet us assume that an Offense such as described above has been committed by an Anonymous Blogger.
The Regulators would first have to identify the identity of the said blogger.
To do that they would have to get a court order to compel Blogger or Wordpress to disclose the email account that is linked to the site. The Second step would be for the Authorities to identify the Internet Protocol Address of the user which uses the particular email address to access the Blogger or Wordpress Admin module for the particular offensive site.
The situation becomes more complex with Twitter Retweets or being mentioned in a tweet or Facebook walls post by 3rd party or or tagged in a FB post or picture.
Do you think that they have the capabilities?
We've seen cases where by the Authorities were able to identify a comment being posted at a particular site.
BUTTERWORTH: An engineer has been given the maximum sentence of a RM50,000 fine and one year’s jail for forwarding offensive comments on the Internet against the Sultan of Perak. Chan Hon Keong, 29, was earlier calm when Sessions Court judge Ikmal Hishan Mohd Tajuddin found him guilty of the offence but was visibly shocked when the punishment was read out. Chan’s wife Khoo Hui Shuang, 30, who was seated in the public gallery, was in tears. In his judgment, Ikmal Hishan said the offence was a very serious one. Chan was found guilty of committing the offence at his house in Permatang Pauh, Central Seberang Prai, at 12.05 am on Feb 13, 2009. He was charged with creating and forwarding the offensive comments with the intention of upsetting others at http://books.dreambook.com/duli/duli.html which had a link to the Sultan’s official portal http://sultan.perak.gov.my. The offence of improper use of network facilities or network service to create and transmit offensive comments under Section 233(1)(a) of the Communications and Multimedia Act is punishable under Section 233(3) with a fine of up to RM50,000 or a jail term of up to a year, or both. Those convicted are also liable to a further fine of RM1,000 for every day that the offence is continued after conviction. (here)Chan got caught because his IP was tracked by dreambook and I would presume that dreambook cooperated with the Authorities to provide the IP data.
I still could not figure how the Authorities plan lets say to track an anonymous blogger or a commentor who resides outside our jurisdiction.
The cost of enforcement is far to high for them to get access to the IP or the email account.
Now lets say that this now involves some element of historical activity on the Web and how far back do you track your website visits or the IP of the particular anonymous comment?
FYI Blogger does not have an automatic IP monitoring unlike Wordpress.
This is one of the reason that I use IntenseDebate Comment system as it provides the full IP tracking capabilities for each comment on my site and I calibrate and tag my readers so that I know your behaviour on my site.
How many Bloggers actually do that?
The other aspect that I find rather repulsive is the fact that as Blog admin who does not moderate any comment unless it is an automatic spam filter by Intense Debate I would be presumed as the "Indirect Publisher of the Said Comment"
But are we the only one facing these more stringent control over the cyber space?
Lets travel to UK
Internet trolls targeted in new bill to tackle defamation online
Websites will get greater protection from being sued if they help identify people posting defamatory messages under new plans Major reforms of the libel laws will see a duty placed on internet service providers to try to identify internet trolls without victims needing to resort to costly legal action. Websites will also be given greater protection from being sued if they help to identify those posting defamatory messages, under government plans. The defamation bill, which will be debated in the Commons on Tuesday, will also see would-be claimants having to show they have suffered serious harm to their reputations, or are likely to do so, before they can take a defamation case forward. The justice secretary, Kenneth Clarke, said: "As the law stands, individuals can be the subject of scurrilous rumour and allegation on the web with little meaningful remedy against the person responsible. "Website operators are in principle liable as publishers for everything that appears on their sites, even though the content is often determined by users. "But most operators are not in a position to know whether the material posted is defamatory or not and very often – faced with a complaint – they will immediately remove material. "Our proposed approach will mean that website operators have a defence against libel as long as they comply with a procedure to help identify the authors of allegedly defamatory material." He added: "The government wants a libel regime for the internet that makes it possible for people to protect their reputations effectively but also ensures that information online can't be easily censored by casual threats of litigation against website operators. "It will be very important to ensure that these measures do not inadvertently expose genuine whistleblowers, and we are committed to getting the detail right to minimise this risk." The debate comes after an internet troll who sent a threatening email to a Conservative MP was banned last week from contacting a host of celebrities. Frank Zimmerman narrowly escaped jail when a district judge suspended a 26-week prison sentence for two years after he sent an offensive email to the Corby MP, Louise Mensch. The bill will also introduce a single-publication rule, so that the one-year limitation period in which a libel action can be brought would run from the date of the first publication of material, even if the same article is subsequently published on a website on a later date. The reform is intended to end the situation by which material in online archives is regarded as being republished every time it is downloaded which, in effect, leaves the archive operator with a limitless risk of being sued. The bill will also replace the common law defences of justification and honest comment with new statutory defences of truth and honest opinion. The so-called Reynolds defence of responsible journalism published in the public interest also gets statutory recognition as responsible publication on a matter of public interest. (here)
Internet trolls face tough new UK rules
By Rosalba O'Brien LONDON, June 12 | Tue Jun 12, 2012 10:27am EDT (Reuters) - Website operators may soon be forced under planned new British laws to reveal the identity of those who post defamatory comments on their forums, a move that aims to protect victims by speeding up what is often a lengthy and expensive legal process. Justice Secretary Kenneth Clarke said the proposed approach would give greater protection to operators who complied with the procedure, ahead of Tuesday's second reading in Parliament of the Defamation Bill. "As the law stands, individuals can be the subject of scurrilous rumour and allegation on the web with little meaningful remedy against the person responsible," said Clarke in a statement. "The government wants a libel regime for the Internet that makes it possible for people to protect their reputations effectively but also ensures that information online can't be easily censored by casual threats of litigation against website operators." Both members of the public and companies have made angry threats to take legal action against Internet 'trolls', who circulate false rumours about them online. Last month, London-listed oil explorer Gulf Keystone became the latest in a string of firms to say it would not tolerate what it said were attempts to damage its reputation and share price.
However, litigation is currently difficult and expensive in Britain, in part because victims often need to achieve a court order to force the website owner to hand over subscriber contact details. Known as a 'Norwich Pharmacal order', named for a 1973 judgment which found that the Norwich Pharmacal Company was entitled to be told the identity of those whose illegal activity was hurting its business, the move has been used in Britain against Facebook and Wikipedia in recent years.
Under the new proposals, website operators would act as intermediaries, trying to resolve the dispute between author and complainant. If attempts at resolution failed, they would be required to hand over the subscriber's contact details so the complainant could pursue legal action against the author. The website itself would be protected against any action as long as it complied with these rules. The government's Defamation Bill aims to make the process of suing for defamation less expensive and more accessible, while providing for free speech. British defamation laws are considered to be among the world's toughest, with the burden of proof on the defendant, but the cost of taking action favours the wealthy. The proposed bill is passing through parliament at the same time as the ongoing Leveson inquiry looks into media ethics. The enquiry was prompted by a phone hacking scandal that has shaken the establishment and questioned the power of the press and the nature of its relationship with politicians and the police.(here)This is the wording of the Bill
Operators of websites
(1)This section applies where an action for defamation is brought against the operator of a website in respect of a statement posted on the website.
(2)It is a defence for the operator to show that it was not the operator who posted the statement on the website.
(3)The defence is defeated if the claimant shows that— (a)it was not possible for the claimant to identify the person who posted the statement, (b)the claimant gave the operator a notice of complaint in relation to the statement, and (c)the operator failed to respond to the notice of complaint in accordance with any provision contained in regulations.
(4)A notice of complaint is a notice which— (a)specifies the complainant’s name, (b)sets out the statement concerned and explains why it is defamatory of the complainant, (c)specifies where on the website the statement was posted, and (d)contains such other information as may be specified in regulations.
(5)Regulations may— (a)make provision as to the action required to be taken by an operator of a website in response to a notice of complaint (which may in particular include action relating to the identity or contact details of the person who posted the statement and action relating to its removal); (b)make provision specifying a time limit for the taking of any such action; (c)make provision conferring on the court a discretion to treat action taken after the expiry of a time limit as having been taken before the expiry; (d)make any other provision for the purposes of this section. (here)Here a reference on the Norwich Pharmacal Order being used against ISP in UK (here)
And here for the Facebook court order
The Americans in New York are pushing a similar bill
And while some U.S. Internet users may view the events across the pond as heavy-handed examples of a surveillance-centric state, a similar bill (here) has been in the works for New York Internet users. The bill would ban all anonymous comments from New York websites, essentially forcing anyone interested in leaving a comment to verify their identity first. The bill would require website owners to, "remove any comments posted on his or her website by an anonymous poster unless such anonymous poster agrees to attach his or her name to the post." While the legality of such a bill—as well as its chances of actually being passed—remain unclear, these events all point to a trend of governments pushing for an end to Internet anonymity. For years American journalists and whistleblowers alike have relied on anonymous messages in the service of vital information making its way to the public. However, if Internet anonymity is eventually quashed by legal means, it could have broad repercussions on the future of free speech online (here)Below the said Bill (here)
S T A T E O F N E W Y O R K
________________________________________________________________________
6779
I N S E N A T E
March 21, 2012
___________
Introduced by Sen. O'MARA -- read twice and ordered printed, and when
printed to be committed to the Committee on Codes
AN ACT to amend the civil rights law, in relation to protecting a
person's right to know who is behind an anonymous internet posting
THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:
1 Section 1. The civil rights law, is amended by adding a new section
2 79-o to read as follows:
3 S 79-O. ANONYMOUS INTERNET POSTER; RIGHT TO KNOW. 1. DEFINITIONS. AS
4 USED IN THIS SECTION, THE FOLLOWING WORDS AND TERMS SHALL HAVE THE
5 FOLLOWING MEANINGS:
6 (A) ANONYMOUS POSTER IS ANY INDIVIDUAL WHO POSTS A MESSAGE ON A WEB
7 SITE INCLUDING SOCIAL NETWORKS, BLOGS FORUMS, MESSAGE BOARDS OR ANY
8 OTHER DISCUSSION SITE WHERE PEOPLE CAN HOLD CONVERSATIONS IN THE FORM OF
9 POSTED MESSAGES.
10 (B) "WEB SITE ADMINISTRATOR" MEANS ANY PERSON OR ENTITY THAT IS
11 RESPONSIBLE FOR MAINTAINING A WEB SITE OR MANAGING THE CONTENT OR DEVEL-
12 OPMENT OF INFORMATION PROVIDED ON A WEB SITE INCLUDING SOCIAL NETWORKS,
13 BLOGS FORUMS, MESSAGE BOARDS OR ANY OTHER DISCUSSION SITE WHERE PEOPLE
14 CAN HOLD CONVERSATIONS IN THE FORM OF POSTED MESSAGES, ACCESSIBLE VIA A
15 NETWORK SUCH AS THE INTERNET OR A PRIVATE LOCAL AREA NETWORK.
16 (C) "INTERNET" MEANS THE GLOBAL SYSTEM OF INTERCONNECTED COMPUTER
17 NETWORKS THAT USE THE INTERNET PROTOCOL.
18 (D) "INTERNET PROTOCOL ADDRESS" OR "IP ADDRESS" MEANS A NUMERICAL
19 LABEL ASSIGNED TO EACH COMPUTER OR DEVICE PARTICIPATING IN A COMPUTER
20 NETWORK THAT USES THE INTERNET PROTOCOL FOR COMMUNICATION.
21 2. A WEB SITE ADMINISTRATOR UPON REQUEST SHALL REMOVE ANY COMMENTS
22 POSTED ON HIS OR HER WEB SITE BY AN ANONYMOUS POSTER UNLESS SUCH ANONY-
23 MOUS POSTER AGREES TO ATTACH HIS OR HER NAME TO THE POST AND CONFIRMS
24 THAT HIS OR HER IP ADDRESS, LEGAL NAME, AND HOME ADDRESS ARE ACCURATE.
25 ALL WEB SITE ADMINISTRATORS SHALL HAVE A CONTACT NUMBER OR E-MAIL
26 ADDRESS POSTED FOR SUCH REMOVAL REQUESTS, CLEARLY VISIBLE IN ANY
27 SECTIONS WHERE COMMENTS ARE POSTED.
28 S 2. This act shall take effect on the ninetieth day after it shall
29 have become a law.
EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
[ ] is old law to be omitted.
I just find the wordings in the UK and the New York case far more accommodating and elegantly worded instead of the one drafted by Junaidah binti Abdul Rahman of Attorney General Chambers.
Ours seems like a quick kampung mari solution to solve a rather complex issue without properly evaluating the technical issues involved.
It did not even consider the cooperation of the website owners/operators/blog admins to assist in promoting responsible behavior on the net
In one sentence we are all presumed guilty.
Apekelancau!!
Now lets go into the Technical aspects.. (here) reproduced in full below
The FBI is worried that an explosion of new Internet numeric addresses scheduled to begin next week may hinder its ability to conduct electronic investigations.
A historic switchover that will give the Internet a nearly inexhaustible supply of network addresses -- up from the current nearly exhausted total of 4.3 billion -- is planned for next Wednesday. AT&T, Comcast, Facebook, Google, Cisco, and Microsoft are among the companies participating.
Side effects from the transition to Internet Protocol version 6, or IPv6, "could have a profound effect on law enforcement," an FBI spokesman told CNET. "Additional tools" may need to be developed to conduct Internet investigations in the future, the spokesman said.
That's one reason the FBI recently formed a new unit, the Domestic Communications Assistance Center in Quantico, Va., which is responsible for devising ways to keep up with "emerging" technologies. CNET was the first to report on the formation of the center in an article last week.
While Wednesday's World IPv6 Day is only one step in the transition to the next-generation system, it's expected to mark the beginning of a gradual decline in popularity of the outgoing IPv4 standard. The participating Internet providers will begin to switch over a fraction of their residential subscribers on Wednesday, and router makers will enable IPv6 by default for their products. (Here's an IPv6 FAQ.)
That's what worries the FBI, which has been meeting quietly with Internet companies to figure out how its agents can maintain their ability to obtain customer records in investigations.
"This is a very real concern," says Jason Fesler, Yahoo's IPv6 evangelist. It will "impact a service provider's ability to readily respond to legal requests from law enforcement agencies," according to the Broadband Internet Technical Advisory Group, or BITAG, which counts AT&T, Cisco, Comcast, Time Warner Cable, Google, and Microsoft as members.
D-Link, the Taiwan-based company that's one of the largest makers of routers and networking gear worldwide, agrees. "D-Link is aware of potential issues concerning IPv6 and law enforcement concerns that are currently being assessed," a company spokesman said. "D-Link is committed to IPv6 support and will comply with any future guidelines."
The Internet engineers who recognized the need for more addresses as far back as the 1980s, and began sketching out what became IPv6 over two decades ago, didn't intend to create headaches for police agencies. Instead, it was an unintended consequence of the hybrid technologies that were created to allow IPv4 and IPv6 connections to share one network during the transition.
Once IPv6 is near-universally adopted, it's likely to prove a boon to police, a fact that some law enforcement representatives privately acknowledge. That's because each device -- tablets, phones, refrigerators, lawn-mowing robots, and so on -- will sport its own unique Internet address.
So far, the FBI is taking a wait-and-see approach to the transition, saying that "it is too early to know the extent of the impact of IPv6 upon law enforcement until more providers deploy it."
The bureau's concern about IPv6 is one component of what it calls the "Going Dark" problem, meaning that the surveillance capabilities of police may diminish as technology advances. CNET was the first to report that the FBI is asking Internet companies not to oppose a controversial proposal crafted in response to Going Dark that would extend the Communications Assistance for Law Enforcement Act (CALEA) to the Web.
FBI's CGN problem: the technical details
At the moment, if someone suspected of committing a crime is posting about it on Facebook, for instance, police can obtain a court order to trace an IPv4 Internet address such as 64.30.224.26 back to a single household.
But the exhaustion of IPv4 addresses is prompting many Internet providers to embrace a transitional technology called carrier-grade Network Address Translation, or CGN, that allows a single Internet address to be shared by hundreds of homes, or even an entire town, at the same time. It's common to have 1,000 people share one Internet address.
That means it's no longer enough to know that someone's publicly visible address is 64.30.224.26.
Facebook and other Web sites that want to trace a network connection back to a person -- for their own anti-abuse purposes or to assist law enforcement -- will need to log the IP address and also what's known as the port number. (Port numbers, such as assigning one household the range 12000-12009, are how hundreds of households can share a single Internet address simultaneously.)
In addition, an Internet provider using CGN also will have to keep logs of which port numbers map to which customer. "You will need more," Keith O'Brien, a Cisco distinguished engineer, told the High Technology Crime Investigation Association this month. O'Brien said increased use of CGN "will require more information to be gathered in order to accurately identify a subscriber." O'Brien suggested to his audience that, when conducting investigations, they should ask Web sites for the Internet address address, the exact time, and the source and destination ports that were in use.
Fesler, Yahoo's IPv6 evangelist, said that in addition to storing IP addresses, his employer is now recording the source port from which its users are connecting. "Only with the combination of time, address, and source port, will any Internet service provider have any chance of checking their logs, and associating that information back to a specific subscriber," he said.
Last summer, engineers from AT&T, Yahoo, and Juniper Networks jointly published "Logging Recommendations for Internet-Facing Servers," which the Internet Engineering Steering Group approved as a best-practices document called RFC 6302. It recommends that anyone operating a Web server record the source port number of inbound connections down to the precise second "to support abuse mitigation or public safety requests."
One inevitable side effect of all this extra logging is the expense: detailed logs consume an extraordinary amount of storage.
CableLabs, a research and development organization founded by the cable industry that counts representatives of Comcast, Rogers Communications, and Time Warner Cable on its board, says the log size is immense. It estimates the average subscriber opens 33,000 connections per day, which means 1.8 petabytes per year per million subscribers just for logging.
But, says Chris Donley, CableLabs' project director for network protocols, there's a way to chop log sizes. It involves assigning port ranges in advance to specific Internet addresses, which will reduce log volumes in the range of 100,000- to one million-fold, he estimates.
Law enforcement representatives like the idea, Donley says. "It will make it easier for ISPs to respond to public safety requests without requiring onerous infrastructure on either the ISP or public safety part," he said. "We've been meeting with a number of public safety agencies roughly quarterly to discuss this approach."
Not all Internet providers are using CGN. Comcast, for instance, has taken a different approach using what's known as a "dual stack," meaning their customers' computers will run IPv4 and IPv6 simultaneously.
Increased logging can also lead to privacy concerns. "We have urged providers not to log information that they don't need for their own provision of services, even if someone else might want the information or they hypothesize that it might be valuable someday," says Seth Schoen, a senior staff technologist at the Electronic Frontier Foundation in San Francisco.
And mandatory logging -- required by an FBI-backed bill that a House of Representatives committee approved last year -- would be especially problematic for smaller Internet providers. "We couldn't retain records" even under the smaller data requirements of IPv4, says Brett Glass, owner of Lariat.net, a local Internet provider in Laramie, Wy. "There would be too much volume."
"There is no doubt that the wiretappers are being left behind and challenged," says one attorney who represents telecommunications providers. "It is just a question of whether you have an always-on storage of everyone's activity for law enforcement's benefit when the Federal Trade Commission is suing you for overcollection in other contexts, and less intrusive measures can be used."
Live IPv6 wiretaps
In theory, intercepting IPv6-only traffic isn't any different from intercepting IPv4 traffic. Readily available sniffing tools such as tcpdump, Ethereal, and Wireshark can decode IPv6 packets. In practice, however, some hurdles can arise.
CALEA: The 1994 law called CALEA resulted in industry standards requiring telecommunications companies to make their networks readily wiretappable by police. But those standards, including one element called CACmII (which stands for the awkwardly-titled phrase Content-Associated Communications Identifying Information), are incompatible with IPv6. During a presentation at a networking conference last fall, AT&T researchers warned (PDF) that "the standards are steps behind the industry evolution" to IPv6.
Encryption: Any computer with IPv6 has built-in encryption called IPsec (which can also be available with IPv4). The New York Times reported in 2010 that the FBI was lobbying for a law requring telecommunications companies offering encryption to build in backdoors for law enforcement, a requirement that would likely cover IPsec, but the bureau distanced itself from that idea a few months later. "The frequency of use should increase with IPv6," predicts a network engineer at Sonic.net, an Internet provider in Santa Rosa, Calif. "None of this is good news for law enforcement organizations."
But some of the technical details are challenging, and IPsec is still not widely used. Neither are HTTPS encrypted connections; Arbor Networks estimates that only 2 percent of native IPv6 traffic is HTTPS, not counting file sharing traffic.
Tunneling: A technology called Dual-Stack Lite, or DS-Lite, is designed to help with the transition by wrapping an IPv6 packet around an IPv4 packet, which can be faster than other methods. It, too, can cause problems with wiretaps. An Internet draft published in March by representatives of Telecom Italia and France Telecom acknowledges DS-Lite can hinder eavesdropping. "A single IPv4 address, or some range of ports for each address, might be set aside for monitoring purposes to simplify such procedures," they recommend. The FBI says it's paying close attention to these aspects of IPv6: "Some of the optional capabilities will determine whether existing law enforcement tools and techniques will continue to support lawfully authorized collections or additional tools will need to be developed."
So folks do you think Jolobu Bingai is up to task ?
Remember my post on the TBH Inquest? (here)
Section 268. Minister may make rules on record-keeping. The Minister may make rules, to be published in the Gazette, to provide for record-keeping and to require one or more licensees or persons to keep and retain recordsNot only he has that power he also has "Lawful Intercept Powers"
Section 265. Network interception capability. (1) The Minister may determine that a licensee or class of licensees shall implement the capability to allow authorised interception of communications. (2) A determination, under subsection (1), may specify the technical requirements for authorised interception capability.
So did Jolobu Bingai made the rules for Record Keeping or Data Retention??
Are we now banking on his inability to regulate and provide proper guidance to the industry as our only line of defense against the presumption of guilt?
Ada guna jugak si Jolobu bingai nih....
Why don't you show me your powers and identify who I am....
If you can't then 114A cannot be implemented in Malaysia
As you will have people like me "who will be above the Law"