[funsec] 2002 murder suspect located via MSN Map search

Paul Schmehl pauls at utdallas.edu
Sat Feb 4 22:34:49 CST 2006 

--On February 4, 2006 10:33:57 PM -0500 "Richard M. Smith" 
<rms at computerbytesman.com> wrote:

> On the flip side, one wonders why companies like Google and Yahoo find it
> necessary to go out their way to implement software which looks up what
> specific IP addresses and cookie ID numbers are searching for:
>
> Verbatim: Search firms surveyed on privacy
> http://news.com.com/Verbatim+Search+firms+surveyed+on+privacy/2100-1025_3
> -60 34626.html
>
> Given an IP address or cookie value, can you produce a list of the terms
> searched by the user of that IP address or cookie value?
> Langdon: Yes.
>
> Given an IP address or cookie value, can you produce a list of the terms
> searched by the user of that IP address or cookie value?
> Yes, we can.
>
> Another question here is why are these companies saving search history tie
> to IP addresses and/or cookie values in the first place.
>
All that information would be in /var/log/http-access.  It's a routine part 
of httpd logging.  The only question is what's their retention policy and 
why?  I was a bit surprised by the Microsoft mapping situation, because 
that implies a retention policy that is unusually long.

Our retention policy is one year.  Is that a bad thing?  I don't know, but 
if you give me an IP address, I can tell you when, down to the hundredth of 
a minute, that IP address accessed our webserver for any date/time in the 
past year.  OTOH, no court is going to see that information without a 
legally-obtained subpoena, and they're not going to get any more than 
precisely what they asked for.  IOW, I'll cull the logs for what you're 
looking for, but the only thing you're going to get is the snippets that 
include the IPs listed in the subpoena - nothing else.

This shouldn't come as a surprise, and it's certainly not "going out of our 
way".

I understand that individuals have rights, but we as a society have rights 
too.  When you agree to live in a civilized society you agree to live by 
its rules and that includes the government's right, upon production of 
lawful subpoena, to look at information that might implicate you in a 
crime.  Because the 99.99999% of us who aren't criminals prefer not to 
allow you to do whatever you please without consequence.

ISTM that too many people forget that the government is *us*, not them.

Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/

More information about the funsec mailing list