DEFCON 18: Your ISP and the Government: Best Friends Forever 1/3

Speaker: Christopher Soghoian Your Internet, phone and web application providers are all, for the most part, in bed with the government. They all routinely disclose their customers’ communications and other private data to law enforcement and intelligence agencies. Worse, firms like Google and Microsoft specifically log data in order to assist the government, while AT&T and Verizon are paid .8 million per year in order to provide real time access to customer communications records to the FBI. How many government requests does your ISP get for its customers’ communications each year? How many do they comply with? How many do they fight? How much do they charge for the surveillance assistance they provide? Who knows. Most companies have a strict policy of not discussing such topics. You might assume that the law gives companies very little wiggle room – when they are required to provide data, they must do so. This is true. However, companies have a huge amount of flexibility in the way they design their networks, in the amount of data they retain by default, the emergency circumstances in which they share data without a court order, and the degree to which they fight unreasonable requests. The differences in the privacy practices of the major players in the telecommunications and Internet applications market are significant: Some firms retain identifying data for years, while others retain no data at all; some voluntarily provide the government access to user data …