I had a nightmare last night

It started out quite simply. I was with a few friends in an internet café just shooting the breeze when I noticed this perceptual shiver run through all the people there. When I asked what was going on nobody was talking. Finaly I convinced one of my friends to tell me and he informed me that one of the folks from the data retention section of the Gardaí was here to install the recording software for the shop.
This was in foot of the new legislation that had been introduced for the storage of all internet communications for an arbitrary time. Every bit was being recorded just in case it needed to be checked at a later time for terrorist activities.
This nightmare took a strange turn when I examined the data gathering software. It was performing a simple data dump of everything that was passing through. Because of the vast quantity of data, nothing was being done to ensure that it could not be tampered with by anyone should they have access to the data. At a later point one of my friends found himself in court facing a criminal charge of conspiracy to commit murder based on the content of one of the logs that had been recorded.
It’s scary, but it is possible for it to happen. The question beomes how do we ensure the integrity of the data that is in the recording? If you wanted to prevent accidental tampering with the data, then using some form of checksum on individual blocks of data would provide for that, however a malicious tamperer could simply alter the checksum for the given blocks to prevent their detection. Based on the quantity of information being gathered, you could chain the checksums. Initialize the first block to some random piece of information. checksum it. For the next checksum initialize it from the content of the previous checksum. The principle is used in various encryption systems (Cipher Block Chaining). If you wish to tamper with the data in-stream you need to alter the checksum from the point of alteration to the end of the recording.
As simulteneously you have a program continually writing new blocks of information to the storage device, you would need to either (a) insinuate a program that would alter the checksums as they are written to the device, or (b) interfere with the recording program to possess the new checksum just prior to the next write to the device, thereby having it perform the updating for you.
Both techniques are not impossible to perform, in fact the first is downright trivial. The only way of bypassing this sort of tampering is to ensure that the recording device is isolated in some way from the data that it is recording.
For this purpose, it would need to be a specially assembled recording device which possesses two fail-hot network interfaces as it’s only method of communication to the outside world. A fail-hot network interface pair is one that when the power is removed simply keeps the network traffic passing through without interruption.
Secondly it would just record the data, it would have no interpretation capabilities. The reason for this is to remove any chance that it could be subverted through maliciously formed network packets.
The box should be tamper-evident. by having this facility, any efforts to extract the data through physical manipulation of the recording device would be easily noticed, thus rendering the data recorded inadmissable in a court. Tampering with the device would be a criminal offence.
The device would need to be regularly inspected, hot-swapping new devices for old ones so the data recording could carry on uninterrupted.