Slashdot Mirror
Lycos Germany to No Longer Store IP Data
quaker5567 writes "The Register is carrying the story that Lycos Germany says it will no longer store dynamic IP addresses of its customers. According to the German Tele Services Data Protection and Telecommunications Act, ISPs are only allowed to store communications data for accounting purposes. Apparently, there is no requirement for German ISPs to keep a record of IP addresses. A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding that ISPs disclose the names of suspected file sharers."
This has always been an option for ISPs. I can see keeping IP info for a week or so in case there was an incursion but after that the only thing that it could be used for is informing (whether it was coerced or otherwise) on your customers ! As customers we must demand that our ISPs no keep long term IP records. There are plenty of options to connect to the internet and we as consumers must tell our ISPs that we will make this an important part of our bandwidth purchasing decision.
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
... crackers have obsessively moved to Germany, and signed up for accounts with dynamic IP addresses.
Anonymous Coward
What happens when somebody does something more serious than steal music, are they just going to look the law enforcement trying to get information and shrug? I hope this does not mean that people will feel even more anonymous and get the gull to do things they wouldnt've otherwise.
I'm moving to Germany and then taking over the world. One nation at a time.
TW
Television is dead. Long live That Weasel Television
Lycos DSL in Germany says it will no longer store dynamic IP addresses of its customers, now that a specialist on data privacy laws from Frankfurt University has threatened to sue the company.
Jonas Breyer had asked Lycos what data was kept on him and whether that information was shared with backbone providers, but the ISP refused to co-operate. Probably to avoid further law suits, Lycos has now decided to ditch IP storage altogether.
Deutsche Telekom tentacle T-Online faces similar threats from German subscriber Holger Voss, who this week in court argued that dynamic IP addresses are irrelevant for book keeping and shouldn't be stored. According to the German Tele Services Data Protection and Telecommunications Act, ISPs are only allowed to store communications data for accounting purposes. Apparently, there is no requirement for German ISPs to keep a record of IP addresses.
A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding from ISPs to disclose the names of suspected file sharers. Courts in both Germany and Canada have recently denied the entertainment industry the right to subpoena the identities of file-sharers. Of course, as most broadband providers use fixed IP addresses for their customers, an audit trail would still be able to reveal their identity. ®
Related stories
Court rules for German ISPs in P2P identities case
German ISP told to cough up customer's details
German court protects P2P ne'er-do-well
I can already tell that the comments to this article might get confusing. In the interest of clarity, please use the abbreviation "IP" to refer only to Internet Protocol and its addressing scheme, not to copyrights, patents, trademarks, trade secrets, and rights of publicity.
What about data pertaining to spam and hack attempts? Wouldn't IP data be crucial for those purposes in addition to file sharing? Now don't get me wrong, I have zero respect for the RIAA/MPAA. But I'd have a great deal more admiration if they had simply put their collective foot down about the file-sharing privacy issue and left it at that.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
...think this is a good move on the part of ISPs to quit doing the government's dirty work for tracking down criminals. It's not a company's job to keep tabs on their customers for the sole purpose of turning them over to law enforcement.
On the minus side, it is very likely some kind of political backlash will occur and a law will be passed requiring ISPs to keep much more detailed records than they do even now...
-py
It is quite a sad state of affairs when a company does something that is popular with the people, and yet there is controversy because another company doesn't want it to be done.
This is the most artificial sense of the word "controversy," because it is completely artificial.
Sad, sad state of affairs.
fifth sigma, inc.
"A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding that ISPs disclose the names of suspected file sharers."
Entertainment industry be damned. What we should worry about is network and systems security, DDoS, botnets, zombies, and of course SPAM and PORN. I hope we will not have to block *.de on our SMTP relays and TCP/IP firewalls like we had with *.cn and *.ne. Hopefully Germans will know how to be responsible with their privacy and lack of control. Only time will tell.
Karma: Positive (probably because of superiour intellect)
If this IP block is known to be safe from identification, its certainly possible that crackers could choose to scan the area more heavily for exploits and rootable machines, making the block a source for malicious traffic.
On the other hand, it should make quite a selling point for tech-savvy customers in the area when in comparison with other ISP's. This may be effective protection against copyright lawsuits, providing enough obscurity that the regional enforcement agency choose not to pursue cases.
It should be interesting to see if this trend continues to other ISP's, and what effects occur as a result of this change
Business Voyeur
While everybody is obsessed about 'music' and 'file sharing', its time to think about what effect this will have on law enforcement... E.g. how will the police trace a criminal without the precious info?
Not keeping IPs
would save ISPs money
- no DMCA!
If you weren't AC that would be a nice try for Karma, but it's The Register. They're quite used to Slashdot.
Oh ya they are not storing IP data, Hey some court ordered them to give some specific IP data, ohh ya, they worked out and managed to give IP address somehow... Stop this joke, get serious business, and if they are serious, tell google also2be serious
Unlike most other nations' legal systems, human dignity and therefore privacy is central to the German constitution (this was a result of its being drafted in the wake of second world war). It follows that German copyright law does not trump privacy concerns; this was one of the reasons why Germany invented the levy-funded private copying system.
Fixing copyright
wait a minute, since when is porn a bad thing?
You are joking, right? This is not funny at all.
Karma: Positive (probably because of superiour intellect)
I'd rather one criminal go free than the RIAA got one damned penny from people through intimidation.
to complain (which they will/have, mark my words). ISPs have been storing IP data on their OWN databanks which they themselves didn't require for daily operations. Therefore, it's their right to stop doing MPAA, RIAA and other similar institutions favours.
Commodore64_love: I don't comprehend people who're so frightened of death that they'll bankrupt themselves to stay alive
If you're smart enough to run a server your certainly smart enough to A) pay for a static address B) set up dynamic redirection.
Aside from the fact that this would never happen in the US you've brought up essentially a stupid, non-point.
Quack, quack.
Alleged child molester, RIAA recording artist, same thing.
This isn't just good news for unauthorized file sharers. It's also good news for spammers, who assuredly will race to use any ISP which does not log IP allocations. Untraceable senders are great both for direct spammers, who will benefit from their untouchability, as well as indirect spammers, who will benefit from having infected spam relays on the net for a much, much longer time.
While it's nice to know that this will make it more difficult for the **AA to come knocking on your door, this removes one of the three big A's in security: auditing. If a machine with a dynamic IP address is engaging in malicious behavior, this makes it much more difficult for the ISP to identify the account associated with the behavior. This is a real problem if you want to disable machines that are compromised and are being used for spamming/DDOS/whatever. I hope that there are provisions for the ISP to keep the data for a short period of time and/or keep interesting data available for investigative purposes.
Where do I sign up? I rather have an ISP that doesn't need to surrender to the damn corrupt legal system.
Just like the Germans DIDN'T ?
Poland was the start of the rest of the world ceasing to treat Hitler like a grand chap who really got things all sorted out with those peculiar German folk. Not the start of his aggression.
Akarsz Magyar Gentoo fórumot? Akkor
Lest we forget that an ISP turning over an IP address could be one way to catch a pedophile...
Which IMHO, is paramount to some kid downloading movies...
...would be extremely controversial as the entertainment industry is increasingly demanding that ISPs disclose the names of suspected file sharers.
Which is a shame since the entertainment industry is suffering so badly. I mean, those poor, poor starving, homeless bastards. Oh. Nevermind, that's not true:
The figures are in, and the Thursday gross for Episode III is a record-breaking $50 million from 3,661 venues and about 9,400 prints.
So movies are able to open with revenues are at a record high. Wow. So maybe it's the music industry that's suffering from all this online piracy. Or maybe not in the case of Warner Music:
Recorded Music revenue expanded 4.9 percent to $621 million, "led by digital sales mostly offset by declines in physical sales," the company said.
So they're selling less physical copies of music - but selling digital music, yet their revenue is actually up. Universal and Sony aren't public (Warner just went public), so they're not accountable to public stockholders and they can continue to woefully lie about how file sharing is ruining (just RUINING!) their business.
It's not like I didn't see Star Wars available for download yesterday - but I still went to see the movie today with friends - and will still buy the first three episodes when all of them are available on DVD. (I already have the original trilogy).
That the birthplace of the Gestapo and the SS may well become one of the last remaining strongholds of personal liberty and privacy in the world.
Oh, wait. They've seen this before, haven't they?
-- Alice Uber Deutchland
The meaning of your Life is up to you. Mean well. -- Me, 9/11/2001
Actually, that's kinda funny. Next time, it'll be barcodes or embedded RFI chips.
These actions would just be extending that to the ISPs themselves. If they have no need for the data, it must be disposed of, or not collected in the first place.
Of course, given that this means there is no accountability through the ISP for the actions of users, I know I won't be allowing random IPs from Germany to connect to my email servers!
I can't believe all this crap I'm hearing about "what if somebody does something bad and the ip address isn't logged" shit.
What fucking country did you grow up in where monitoring your every move IN CASE you MIGHT break a law was tolerated. When did we let our privacy and freedom get JACKED from us?
Real IDs, IP monitoring, etc... This kind of shit was UNTHINKABLE here in the US before the 1980's, and now, because we believe everything we're told about bad things happening if we don't do it, we've given away all of our freedoms and tolerate monitoring and intrusion that was considered science fiction material 20 years ago.
Other countries are NOT following our example- Spain didn't turn itself into a police state after the train bombings, politicians there went as far as to say "we are NOT at war", whereas, hear in the US, politicians say just the opposite, and we buy that shit!!!
Land of the Free, my ass....
</flame>
The other day I was able to walk down the street, go into a shop and buy some milk - get this - WITHOUT ONE PERSON ASKING ME TO IDENTIFY MYSELF!.
Can you imagine all the possible marketing information I squandered selfishly by not informing a central database about this action (this report not included). The cash I used was totally UNTRACEABLE!!! it could have come from anywhere. Not only that, but the person behind the counter was happy to undertake the transaction without me identifying myself (obviously some kind of terrorist).
I could have been going to use the milk for a BOMB!, would the authorities have had any way to check this? NO!!!!
When did everything become like this?
Oh wait - it has always been like this in Democracies.
Move along... there is no sig here.
They know you buy batteries. Perhaps to power your instruments of terror? I hear Osama bin Laden uses batteries. Coincidence? That's for the judge to decide.
Where was this posted before?
Most likely this is a way get the RIAA/MPAA to pay off/save-face and for Lycos to establish user pseudo-anonymity. Not to mention the "not my responsibility" legal liability for Lycos. Hope they pull it off.
With all the FUD the entertainment industry is spreading and with the real danger of having to cough up thousands of Euros for sharing some files, this move is brilliant in terms of marketing.
OTOH, and before you start thinking that Germany is the real land of the free, there are laws under way that will require ISPs to keep connection data for at least 6 months. Some even want them to keep them for 2 years.
Apparently Lycos was thinking that they should make some revenue before they have to shell out millions for tracking equipment.
BTW, bear in mind that data protection is nothing less than part of a constitutional civil/human right in most civilized societies, making it illegal (even for the state to tolerate) that unnecessary records are being kept on anyone by public officials or private entities. Thus creating (let alone preserving) traffic logs by flat-fee ISPs (other than for very short-term performance/quality assurance or intrusion detection) that can only be used for spying on users or clandestine gathering of data for unsolicited commercial exploitation have no legitimate purpose whatsoever.
Now I'll have to start IP blocking German ISPs as well as the damned Koreans on my server.
The article also mentions that another case (Holger Voss vs. Deutsche Telekom / T-Online) is currently being heard by a court; Wikipedia has some more background information on Holger Voss and on another case which is probably related.
quidquid latine dictum sit altum videtur.
Apparently, there is no requirement for German ISPs to keep a record of IP addresses
There is not only no requirement to keep the data, the ISPs (and everybody else) are prohibited to keep personal data (which includes anything that might identify an individual) unless immediately required for conducting their business or explicitely allowed by the customer. In other words, people are suing because the providers are not complying to German Datenschutz (data protection) laws.
if you're downloading music/films/games/software you bloody well know it's illegal and the risks of what you're doing. whatever your views may be on the subject, the bottom line is it's illegal and the state has given the RIAA the right to sue your ass. yes it's ugly, i don't like the RIAA either, but making the distribution of child porn easier just so some already well off people can listen to more music with peace of mind is just immoral.
That's a bold statement you're making.
How's parent redundant? This point is almost never stated on slashdot.
However, as a server admin trying to fight off attacks from the Russians, Koreans and Chinese script kiddies, I disagree.
Now you get to add Germans.
Does this make Lycos the ISP of choice for German paedophiles then ?
How is it controversial to treat customers with respect by not recording information not absolutely necessary to provide service to them? When I go into Office Depot, I can buy supplies, pay cash and leave. They don't ask me my address, my religion or my political opinions; all they care about is that my money is the right color, as it should be. Other business should consider doing the same thing: If you don't need the information in order to provide the product or service, don't ask for it. If you don't need to retain the information once the product or service is provided, don't keep it.
I have run my businesses that way for years; it saves a lot of paperwork hassles. Too many businesses see additional information collected from customers as a business asset they can sell. Which turns it into more data that can be prostituted into use for other purposes, not all of them good. Correction, most of them definitely bad.
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
Running a trace or whois on a suspicious IP already gives a first approximation of who the 'nearest bystander' is, even if the ISP is not keeping logs, the IP address can be traced back to it.
The "safe harbour" provision for common carriers sort of implies that the ISPs are expected to deploy reasonable efforts to keep accurate logs in case of ulterior litigation - these logs are the only way ISPs can 1) prove that the IP address was spoofed or 2) identify who had that IP address when asked by the courts.
As for data protection, most countries do not impose any restrictions on private data collection for private records, they only regulate how entities can trade private info - generally by forbiding it.
"What a load of bullshit. Hilarious that the "massive invasion of privacy" is your ISP keeping a log of who used what IP when. Massive invasion of privacy indeed. You then follow this up by saying that the police use things like credit-card transactions: Oh my god! You mean the credit card company tracks when and where I use my card?! What a massive invasion of privacy."
Haha. Thanks for the morning laugh. His argument just shows that exaggeration is a bad tool in the hands of those who don't know how to use it.
There are some valid arguments in this whole debate, but since the purpose of these debates isn't to enlighten, but to push a particular agenda. You get logic like the OP demonstrated.
"Of course, the solution to this is to block port 25 entirely, or filter port 25 in some more creative way. ie. a 1 second cumulative delay for each mail recipient in the last ten minutes from this account/IP/port."
Once again, a technical solution to a social problem. Funny how all that techno-mumbo-jumbo isn't suppose to work for spammers, but it's suppose to work for illegal file sharers.
"I can't believe all this crap I'm hearing about "what if somebody does something bad and the ip address isn't logged" shit."
Quick! Someone call Taco. Tell him to disable the "Posted 10 Times" counter, and the "Slow down, Cowboy" limiter. Let alone the "You've been banned!" blocker. They're all violations of our "right to privacy".
"Real IDs, IP monitoring, etc... This kind of shit was UNTHINKABLE here in the US before the 1980's,"
Good Lord! Were did you study history? The IBM PC in 85 was when the PC really started taking off. The Internet was only really available to a minority.
Unthinkable? More like pointless.
Imagine this. I have stolen your credit card details and purchase items through the internet. You then discover whats going on (usually when your credit card statement arrives and you see that several thousands of Euros/Dollars worth of transactions appear on it that you didn't make). After talking to some of the suppliers they look into their audit logs and tell you the IP address of the dude who did some of those transactions... and its all the same IP address... yeah, you then talk to the ISP to try to get the details of the user, who is clearly doing credit card fraud.
Now, how would you react when the ISP says, for privacy reasons, we don't log such details at all? The activities of the criminal have helped by the ISP.
There is a fine line between privacy, and irresponsibility, and I think the German ISP is being bloody irresponsible, since they have effectively said you can use their services and nobody can trace you via your IP address.
What if a you saw a car run over somebody, and the police were unable to trace the culprit because the vehicle was rented and Hertz/Avis/whoeveer didn't log details of the renter to the car's details becaue they were scared about privacy laws...