Fear of a Million Big Brothers

The U.S. government’s surveillance push isn’t the only thing on the minds of privacy advocates this year. Concern is growing about the trails netizens leave in routine Web server logs, and who’s seeing them. The privacy advocates and civil libertarians at the 13th annual Computers, Freedom and Privacy conference sometimes seem dwarfed by the enormity of the projects they oppose — larger-than-life enterprises worthy of a James Bond villain. John Poindexter’s Total Information Awareness project, if successful, would combine every government and private sector database into a massive data mining system capable of picking out aberrant behavior in the actions of seemingly-ordinary citizens. The Department of Homeland Security’s CAPPS II program aims to run automatic background checks on every airline passenger in the U.S. But the day before CFP 2003 began, a smaller invitation-only group of technologists and policy wonks met at the conference site to discuss a matter that some say is just as important to Internet privacy as any of the monolithic omniscient supercomputers being hatched in Washington… The humble Web server log. Or more to the point, the countless thousands of logs routinely kept by servers throughout the Internet, each marking every visit to a given website, identifying what pages were viewed, what transactions made, and the Internet IP address of the visitor. Recent laws have made it easier for government agencies to get their hands on server log entries, and civil litigators are increasingly finding logs a valuable target for subpoenas. At the same time, the art of wringing every ounce of useful information out of such logs is advancing, as is the ease of tracking down a user’s identity from their IP address by correlating data from different sources. Full Story