German ISP Forced To Delete IP Logs

An anonymous reader writes "A German federal court decided today that T-Online, one of the largest ISPs in Germany, was obligated to delete all IP logs of a customer upon request to guarantee their privacy. From the article: 'The decision (German) does not mean that T-Online is now obliged to delete all their IP-logs, the customers first need to complain. But, if they ask T-Online to delete their IP-logs, the ISP has no other choice than to comply. A lawyer from Frankfurt already sketched a sample letter (German) to make this process easier.'"

The way it should be.

[rolyatknarf]

There's not a chance in hell that anything like this would ever happen in the United States. I hope it works for the Germans. This is the way privacy should be treated. The people have rights.

Re:The way it should be.

[The+Step+Child]

I think it depends on the situation. IANAL, but in the US an ISP could conceivably delete logs as long as there is no criminal investigation ongoing. If one was ongoing, then the ISP would be participating in obstruction of justice.

Re:The way it should be.

[poifgh]

Please ignore this http://www.youbanking.com/

Re:The way it should be.

[rolyatknarf]

Yes, an ISP in the US could delete the logs but I think that is unlikely. I believe we all know that our government is already pushing for, and probably already has arrangements with communication and information companies to retain records.

Re:The way it should be.

[LilGuy]

If it works, I envision much spam and rooting originating from German end users' machines.

Re:The way it should be.

[SoundDirections]

Yes, they (the "People") have rights.

To life, liberty and the persuit of happiness.

Unfortunately, we do not seem to regard an expectation of privacy as very important....

Re:The way it should be.

[rolyatknarf]

I think we (at least most of the people) do still regard privacy as being important but our government seems to believe differently. Our officials don't appear to fully support our wishes.

Re:The way it should be.

[JPriest]

AFAIK US ISP's are required to keep the logs for some 180 days in case of a criminal investigation. It is fairly common to get investigations for things that happened more than, say 60 days prior. I believe there is legislation in the works to force ISP's to keep logs for longer periods of time (1 year?).

Disclaimer: By "logs" I don't mean record of what web sites were surfed and what files downloaded, I mean record of what customer had X IP address at Y time.

Re:The way it should be.

[Benaiah]

actually every ISP (in Australia) keeps all of these logs from the beginning of time. If they wanted to know who had this ip 5 years ago at 4.22am they could get it. Im not sure if its company policy or what but we just seem to keep them. The mentality is "Why destroy good data?"

From a consumer/privacy point of view I like this idea. In Australia our privacy laws are so strong that you can go up to ANY private company and demand a list of every single detail they have about you. Im not sure if you can demand they delete them though.

Re:The way it should be.

[JPriest]

The problem with keeping them forever is that for a largish ISP even keeping them for 180 days can amount to a few thousand TB of data.

Re:The way it should be.

[nath_de]

The sad thing is that the EU is forcing Germany to change their laws so that ISPs need to keep the IP records for 12 months. :-(

Re:The way it should be.

[Benaiah]

64bits for an ip.
48 for a mac.
how big is a datetime? give it 128.
30 bytes being generous.
another datetime for disconnect.
30+30+8+6 = 74bytes
why not make it a clean 100 bytes.
If you stored the connection details for every single possible ip adress in the 64bit space.
you got 4billion connections a day at 100 bytes.Thats only 400g
So the entire worlds isps would only generate 144TB of connection data a year and only if everysingle ip in the space was used and being connected everyday.

A few thousand TB is waaaaaaaaay off mate.

Re:The way it should be.

[SoundDirections]

LOL

If the people were concerned about privacy, so would the government. Those of us in the industry are somewhat concerned, at least more than the general public. Such is life......

Re:The way it should be.

[Lord+Kano]

Unfortunately, we do not seem to regard an expectation of privacy as very important....

Especially as it relates to conduct on a public network.

LK

Re:The way it should be.

[Loconut1389]

Have you ever seen a linux logfile? Especially if you have iptables turned on and fairly restrictive on a public-facing ip...... Each line a couple hundred characters and the files get very huge very fast. You're also assuming the customer is only being logged for something like a ppp connect/disconnect... Many protocols (IMAP forinstance) have 5-10 lines for each connection, and then mmore during transfers and idles, depending on your log level. It's conceivable to have several gb a day for even an extremely small IP. If they were hosting a handful of ginormous sites, replete with services (IMAP, SMTP, NNTP, RADIUS (for 802.11 or other), HTTP and others), the logs would be well beyond the simple calculation you're discussing.

Re:The way it should be.

[harlows_monkeys]

There's not a chance in hell that anything like this would ever happen in the United States. I hope it works for the Germans

Well, if by "works for the Germans" you mean "every spammer and phisher and kiddie porn trader and net stalker and all the other net scum switch to German ISPs, until Germany gets blackholed by the rest of the world", then yeah, I think it will work out for them.

Re:The way it should be.

[unheiliger]

People talk about "an expectation of privacy". Others discuss the situation relative to toher countries. As an ISP administrator I have seen some (hopefully darkest, but probably not) parts of the net. There are some really sick people out there, and I would imagine that Germany suddenly became an attractive labour market to these people.

Let me explain. I do not "expect" privacy. I do not "expect" all ISPs to spend millions of Euros on logging mechanisms based on each user records. The impact of this is huge. Currently all user activities are normally written to a single log file. The files are normally rotated based on time. This does not apply to telco records, which are stored differently, due to billing concerns. Anyway, in order to extract one user's activities, one requires each line in the log files (relevant to a user) to be searchable, and identifiable, then easily deletable. This will mean vast databases, huge storage requirements (it is not just the data, but the indexing, and more logging for the database activities, etc). not to mention another opportunity for goverments to set up a new office, to monitor which logs are generated, by which ISP. What about changes to logging systems? Will that now require Federal authorisation?

So what do I expect? Well, I expect ISPs to behave in a responsible manner. If someone wants to look at my ISP records, I will galdly sign a piece of papar to let them. Why? Because if some bureaucrat wants to find out I spent >40 mintues browsing slashdot this morning, I don't care. We do not live in a police state (and I am not going to tell you where I do live ;-). But, we do live in a state with enough freedom for people to do some truly awful things, and publish their feelings on the internet. These people should be catchable and stoppable, quickly. I do not expect the authorities to let my doctor intercept my e-mail transmission (I hope the UK is listenting there). I do expect the relevant qaulified people to be allowed to access my information, if they go through the approved channels, and make a formal request to my ISP.

Terrorism is not an excuse. Most governmental monitoring is relatively trivial for a cell based organisation to work round, and I am sure they do.

Think about the reality. How many terrorists are there? And how many twisted people? I am not just talking about perverts, but race hate, etc also apply. Would you like the person next door, to be able to publish pictures of your kids on the net, and then hide his tracks. Or would you be prepared to tolerate an occasional question, based on clicking a link in a spam mail? Even if that was by accident? So long as the questions are discrete, or everyone gets them (either would result in the fact that I would not be instantly guilty, by association with the question), then it is fine.

Of course, it is in the nature of "authorities" to lose control of their own employees, and for this to be abused. This is more common in the UK, than in France or Germany. Belgium is a different problem, as they seem to have statue authorised paedophilia, anyway. But this abuse just leads to more debate, and further reviews of the legislation, which is what democracy is all about.

Most people have no idea how much of their activity is traceable. Anonymizers? They don't work. If I want to track a user activity, I can, and I can trace it back to the source telephone number, which has an address, and a physical piece of copper connecting it. Have I ever done this? No of course not. I have much more interesting things to do at work. This is a disaster for the ISP industry, and for the community as a whole, and certainly not for the individual who boasts in the bar about having his records erased.

Wake up people. This is not about freedom. Has anyone asked what the plaintiff has to hide? I hope he gets cyber-stalked by a hate group, who are now able to hide their tracks. Rough justice, but if one child is hurt as a result of this case, then it will be some justice (not enough IMHO).

Re:The way it should be.

[mysidia]

It's not true, because you haven't presented all the connection details that have to be stored. For starters, none of that information actually identifies which user it was exactly that dialed in, or what MAC or IP address was assigned to that user.

Secondly, more information about the connection has to be kept to be useful for analyzing any problems/difficulties with the service. There's really no point in just retaining merely a list of ip addresses, usernames, and times, absent the key connection parameters.

Re:The way it should be.

[vadim_t]

I don't give a damn whether it's convenient to you or not to provide a bit of privacy for me. If your original logging plan was dumping everything into one file, well, too bad, you'll have to redesign it now.

Re:The way it should be.

[LameMonikerGoesHere]

Germany takes privacy laws to the extreme, in my opinion. For example, the company I work for has a large presence in both the US and Germany. We were in the process of setting up user-based page-hit tracking of an intranet application and found that doing so would be illegal, according to German law. In order to stay within the law and protect the privacy of our own employees (even though the data would only be used within the company), we had to track usage based on the user's Active Directory group.

In hindsight, usage reporting by group is a lot easier/cleaner/simpler than by user but, I can't help but think the law is a bit too strict.

Re:The way it should be.

Sounds very similar to the case of Landmark Education misusing the DMCA to issue subpoenas against Internet Archive, as described at

http://www.eff.org/legal/cases/landmark/

The video in question can be downloaded on BitTorrent at

http://thepiratebay.org/tor/3537369/2003_Inside_La ndmark_Forum.avi

Re:The way it should be.

[randomblast]

Yes, but to switch to a German ISP, you kinda have to move to Germany. Have you ever tried keeping a conversation together across continents with someone who has a restraining order against you?

Re:The way it should be.

[KnuthKonrad]

Germany takes privacy laws to the extreme, in my opinion.

As a admin, working for a german company in Germany, I know that our privacy laws are a PITA.

As a german citizen, living and working in Germany I think our privacy laws are way too relaxed.

That said, I very much welcome the decision of the court. We had a couple of similar decisions lately. And one always got the impression that the judges not only talking about the very case they had to handle, but that their sentence was also aimed at our politians to show them how german courts think about the EU data retention act. This one can't be trialed in Germany yet, as it hasn't become german law as of now. So this seem like a warning about what to expect when that gets taken to court, once it made it into german law.

Re:The way it should be.

[kill-1]

You obviously don't know how spammers and phishers work. Do you really think they're scared of being tracked down by an IP address? Ever heard of botnets? It's ignorant people like you that should get blackholed by the rest of the world.

Re:The way it should be.

[1u3hr]

Let me explain. I do not "expect" privacy. I do not "expect" all ISPs to spend millions of Euros on logging mechanisms based on each user records. The impact of this is huge. Currently all user activities are normally written to a single log file. The files are normally rotated based on time.

This case is about deleting a particular user's records. If you don't keep them, you don't have to do anything. You seem to say you'll need to create an all-encompassing tracking system so you can selctively delete the records. Just delete them all as soon as you've abstracted any information you need for billing or debugging.

Has anyone asked what the plaintiff has to hide? hope he gets cyber-stalked by a hate group

In TFA: "The court ruling is the result of a case that was initiated by Holger Voss, a 33 year old man from Münster. Voss was sued for making a sarcastic comment in an Internet forum back in 2002."

Sarcasm? Yeah, he totally deserves to be stalked and vilified by a hate group. That'll learn him not to mouth off.

Re:The way it should be.

Only an idiot would log everything in extremely verbose human readable text.

Re:The way it should be.

[D.+Taylor]

Yes, and if you ran the logs through uuencode a million times each prior to storage, they'd be absurdly huge.

Who the hell would do that?

Re:The way it should be.

[grimwell]

So....

Should the "authorities" be able to get a list of books you've checked out?
Should anonymous pamphleteering be banned?

Would you like the person next door, to be able to publish pictures of your kids on the net, and then hide his tracks.
How would you even know he did that? How do you know he hasn't already done that? Maybe some CTV operators in Britain are already doing that. Do those cameras make you feel safe now?

Wake up people. This is not about freedom.
Law is about freedom. In "Free" countries it is suppose be that which isn't explicitly denied is permitted.

Has anyone asked what the plaintiff has to hide?
The concept of "Innocent until proven guilty" doesn't ring any bells?

Freedom means being free to both follow & break the law. Freedom means being responsible for your actions. Freedom is an elusive asset that people seem all too willingly to trade away for a false sense of security. People too easily forget there are worst things than terrorists & criminals.

The internet is just a mirror of human nature; both the brightest & darkest sides of it. One can't control or "correct" human nature by controlling the internet. Attempting to do so is a fool's errand.

Re:The way it should be.

[diersing]

I too am not a lawyer, but I believe ISPs in the US have to keep logs for a minimum of 2 years, but that may vary per the state as well. The key bit here is, is the article is about Germany which has strict privacy laws. One example I was given is that you (nor the authorities) can monitor data transmissions and search warrants are strictly scrutinized and narrowed to a specific thing the search is after (I got what I do know from a friend who lives there, my german is too rusty to make heads or tails of the site I linked, although my friend says its a good resource if you can read german).

Re:The way it should be.

[dpiven]

>64bits for an ip.

Worst case would be 256 bits (32 bytes) for source and destination IPv6 addresses.

>48 for a mac.

Not worth collecting; the MAC address that would actually be in the packet at the time would be that of the last switch/router the packet passed through... unless you are collecting this data at all of the users' gateways.

>another datetime for disconnect.

How do you do this for UDP? UDP does not have a "connect/disconnect" paradigm; you just throw packets at the port and hope they stick. (Same goes for TCP connections which are abandoned and timeout rather than go through a disconnect or reset.)

Besides, if ISPs had to track connections with enough data to make those logs worthwhile as evidence, they would also have to log HTTP packets as well, in order to distinguish requests to multiple sites on the same server and IP address... after all, it wouldn't do to confuse people connecting to www.stuff-money-in-denny-hasterts-thong.com with those surfing www,win-a-date-with-mark-foley.com, should those two sites happen to be on the same server.

Re:The way it should be.

[LoadWB]

I work closely with several ISPs, and have worked for one myself. AFAIK they are not required to keep logs, period. In fact, one of them I work with deletes logs on a regular basis.

The whole idea of data retention is horse shit. The data is not "evidence" until requested by court order. If the data is gone by then, too bad. With a proper court order, the MIB can monitor 'till their hearts' content to obtain new data. Proactive monitoring (pre-crime) is anti-American.

Re:The way it should be.

[Teun]

I work for the Dutch branch of a British company and when internet became available they did the British Thing (tm) and started logging everything on the company's proxy on a per user basis.

That in itself was probably not much of a privacy issue as many servers are logging connections anyway.

What did become an issue was that those logs were made available to all via our intranet.
The idea being this way supervisors/ management could root out abuse of the internet access, like people spending too much time surfing /.

In the UK this was not an issue (no meaningful privacy laws) but for the branches in the other European countries this was illegal and after a few warnings by the (companies own) lawyers the public access to the logs was disabled.

In Holland the management now has to request access on a per case basis and inform the the works council of its reasons.

Re:The way it should be.

[diersing]

Evidence is a record, if you've ever been audited you'd know that they'll ask for 'evidence' that your IT controls (things such as user request processing, review of security logs, etc) to prove or disprove you are actually doing what you say you are doing. For such 'evidence' to be admissible in court, you have to show they were generated in the course of normal processing.

Re:The way it should be.

[tinkerghost]

You are forgetting dynamic IP assignment for dialup services. And Lease expirations resulting in multiple entries for IP addresses that change for DSL & Cable modems. The dialup logs fill up a lot faster than you are giving them credit for

Re:The way it should be.

[1stpreacher]

http://www4.law.cornell.edu/uscode/html/uscode18/u sc_sec_18_00002703----000-.html Look for "f"/"2"

OK, so under times when you're told to hold records, I get it... But why would an ISP (other than some tech support stuff) want to keep this crap? I mean, get what you need and toss it - otherwise be prepared to keep extra staff on hand to handel all that information - especially when the govt wants info from you. If you just tossed the data as soon as you could, and the govt called you could say "Sorry, it's already gone, we don't keep it" ... Then you don't have to have additional resources to feed to something that won't help you bottom line anyhow, right? That said, I don't have a business degree, so... Maybe I don't know what I'm talking about. :-)

Re:The way it should be.

[big+dumb+dog]

The EU is way ahead of the US on privacy laws.

Re:The way it should be.

[LoadWB]

Never been audited. My comment was meant as more of a stab at the whole "Kill A Commie for Mommy" idea for forcing ISP data retention -- logs of all ISP user activity. I do not believe that an ISP should be any more responsible for what its users do than a phone company is responsible for customers' crank calls or a toll road operator is responsible for reckless drivers.

Re:The way it should be.

[LoadWB]

I need to requalify that... if an ISP, phone company, et al is informed that it has a customer doing Something Bad, *then* it should take action. The majority of pro activeness these days is to criminalize everyone involved in an activity, and ask questions later. I do not subscribe to this philosophy.

So, if ComCast has a spammer, it should terminate the account. If Embarq has someone making threatening calls, it should work to monitor and eventually shut the line down. And so on. But we should not be watched all the time "just in case" we do something illegal.

Re:The way it should be.

[diersing]

I agree, managing and archiving that much log activity is daunting, even more so if its expected that ISPs should be parsing the logs in search of suspicious behavior.

The problem arises when the government steps in and says 'don't worry about the logs, we'll take care of it, please place this sniffer at your key relay points, we'll manage and parse the logs for you.... its for uh, National Security reasons'.

Re:The way it should be.

Wake up people. This is not about freedom. Has anyone asked what the plaintiff has to hide? I hope he gets cyber-stalked by a hate group, who are now able to hide their tracks. Rough justice, but if one child is hurt as a result of this case, then it will be some justice (not enough IMHO).

YES! Just Think Of The Children, please! GIVE UP ALL YOUR FREEDOM FOR THEIR SAKE!

What a jackass.

Re:The way it should be.

[DorianBrytestar]

"Has anyone asked what the plaintiff has to hide?" His reason is irrelevant, it is the request itself that is the point. I used to think that giving up certain things would be finne since I did not have anything to hide. And the more I hear today about botched investigations and crooked cops I have come to realize that no it is not ok to look at someone's stuff in any situation unless there is a massively damn good reason for it and the excuse of "why should you care if you have nothing to hide" is mornoic and nieve.

Re:The way it should be.

[Lars+T.]

Well, if by "works for the Germans" you mean "every spammer and phisher and kiddie porn trader and net stalker and all the other net scum switch to German ISPs, until Germany gets blackholed by the rest of the world", then yeah, I think it will work out for them.

Scared they kick the US from 1st place?

Re:The way it should be.

[egypt_jimbob]

You want a document that gives rights to individuals? I have such a document. My birth certificate.

Re:The way it should be.

There are very legitimate reasons to have IP logging for law enforcement purposes. Just like tracking phone records and phone conversations through wire tapping, it makes sense to require or have this for everyone. This WILL cost T-Online money; they will not simply be deleting their logging info. I hope they even manage to keep it in some other way related to billing.

How many child molesters will be regularly sending legal form letters to their German ISPs to purge them from their IP log? How many thieves/scam artists? Numerous other illegal activities pop into mind because of this, including pirating music, video or software (hence the fact it was posted on a Torrent site).

Honestly, there's almost no good that comes from this. If you feel guilty because you're visiting some trashy porn site or using a torrent download, then too bad. If it's normal and nothing to feel guilty about, then don't feel guilty. If you think there is a reason to feel guilty, then don't do it. If you feel guilty because you know it's illegal and you don't want to get caught, then too damn bad; you'll hopefully get what you deserve.

Personally, I can't believe he was sued, or even allowed to be sued about a comment on a web forum, sarcastic or not. If he said what he said without sarcasm, then I could imagine him being tracked anyway and I'd personally be happier because of it. Honestly, the fact that he was sued over free speech that was not hate speech is the real issue here and Germany is clearly at fault, not the ISP or the IP logs.

Re:The way it should be.

[1u3hr]

How many child molesters will be regularly sending legal form letters to their German ISPs...

How ironic that some Anonymous Coward wrote this crap.

Re:The way it should be.

[arminw]

.....Think about the reality. How many terrorists are there? And how many twisted people?.....

So why not collect an keep information ONLY on people suspected for wrongdoing? Why does data have to be kept for everybody for every minute of the day? The REAL evil people who are not totally stupid, will not be caught by these "cast a wide net tactics" in the first place. For example, there are literally millions of open wireless access points that a person bent on doing wrong can use to access the Internet. Any and every log will only contain the ip information of the particular connection point the perp used on that day. Keeping such records is a complete waste of time and I have no idea why any ISP in their right mind would spend a dime to keep such information. If the law enforcers suspect someone of illegal things, they can and do confiscate the suspect's computer and hope that it contains evidence to confirm the suspicions.

Re:The way it should be.

[svoloch]

an absolutely ludicrous amount of hacking comes from dial-up accounts from this ISP. They care not a whit when we have attempted to track down the source of these attempts, and have largely ignored any attempt to investigate or follow on their customers' abuses. I realize dial-up accounts are notoriously difficult to track/shutdown, as people float from one to the other, but these guys make zero effort.

I'm surprised anybody got anything useful out of them in the first place. I'm all for privacy, but I'd like to think that someone running crappy DOS scripts from a dial up account would be somewhat accountable...

Re:The way it should be.

[arminw]

..... it makes sense to require or have this for everyone.......

Only if your basic assumptions is that everyone is guilty of some sort of crime every single day of their life and it is the job of someone to sift through all that data to find all these criminals. Would it not be more effective to monitor ONLY those who are truly suspects of a real crime? A real crime that does real damage to others? Most possession crimes do not rise to ever hurting anyone, until the illicit substance or object is actually used against someone else. The AK47 or UZZI or other weapon in someone's closet or car trunk doesn't hurt anyone until the device is actually used against a human or their property. Porn is disgusting, but someone looking at it on a computer screen doesn't really affect others. It's when the porn addict becomes a molester, the law should rightly step in.

At least 75% of prisoners are locked up because directly or indirectly because of something the were in possession of. You probably have something somewhere which is not legal for you to have. Let's put mandatory video cameras and microphones in every house and street corner, in case someone does bad stuff at any time, anywhere. Where should the line for privacy be drawn? At some point it may be more cost effective to lock up the minority of law abiding people in safe places and let the criminals run around free preying on each other.

Re:The way it should be.

[JPriest]

Well, there are cases where an ISP is notified of a compromised machine on their network (often being used as a launch platform for spam etc.) and the user is (sometimes) glad to be made aware. Outside of that, you are correct. ISP's have little to gain from holding these records and staffing abuse teams, outside of the fact that if there was complete refusal to co-operate with authorities on legitimate cases (like the Secret Service, NSA, FBI, state police etc.) they could be accused of covering for the criminals.

Re:The way it should be.

Well that might be one of the reasons why every Aussie I know complains about ISPs delivering a meager service for a high price....

Re:The way it should be.

[harlows_monkeys]

Perhaps you should actually learn what role botnets play in spamming and phishing, before presuming that other people are ignorant. (Hint: think about how a spammer or phisher makes their money).

Re:The way it should be.

[unheiliger]

Hi,

Io totally agree, and that was my point. Missed by most. The internet is an extremely dark place. My objection is to allowing the dark people to hide, permanently. Of coursae they hide. Of course they exist. Christ, there are some truly screwed up individuals. I have had to deal with it more than once.

My point is, that by being "responsible" about my actions, I have the freedom to act. I don't care that my ISP knows what I am doing. I don't care that my ISP can catch this message and give it to the right wing (Christian) fundamentalists in the United States.

What worries me, is that this Guy, instead of asking the world at large for help, has provided a legal precedent which will certainly be abused in the coming months/years. Until some truly awful event, is so uncontrevertible, it can over turn the original decision.

Who has to die for that? A child? An African? An African child? And who will scream about "right wing extremism" then? Or catholic cover ups?

The decision was wrong, and only time will prove me right. For what it is worth, I think you and I actually agree. We just do not see it in the same light, but may be that has to do with how much of the darkness you have truly seen!

Re:The way it should be.

[unheiliger]

Oh come on. Grow up. Assuming your "theory" of multiple access points, and a bad man doing the dirty with those points. You truly think his mobile movements cannot be tracked? These guys are clever. And they know a lot more about it than you or I. Most of any real legal case is about circumstantial evidence. The proof is very diffcult to catch. If they had to "grab" computers, for fidning the evidence, they would have been runnig an openly police state for years. They use the circumstantial to decide whether or not to act. The circumstantial gives them a reason to grab a PC/whatever with the actual proof. What? You think the "terrorists" are the worst or darkest? Not even close my friend. In the middle of the deepest darkest part of your mind, you might find a scary thing. In the middle of that, is the brightest part of some people's minds! these are the twits who need stopping. By the way. What is a "perp". It was not in my English-Arab dictionary.

Re:The way it should be.

[grimwell]

Morning,

I totally agree, and that was my point. Missed by most.

I think you missed my point. The internet is just a mirror. So your statement "The internet is an extremely dark place." is really you commenting that the world is very a dark place.

I can only suggest that you take a break and find some goodness to focus on to replenish your spirit. A few moments everyday to appreciate that which is good in your life and the darkness won't seem so powerful, so overwhelming that you're willing to trade away your freedom to feel safe.

My objection is to allowing the dark people to hide, permanently.

And what of those that wish to speak out anonymously against entrenched evil? Are they not in need of a place to hide? Who decides who's "dark" and who's "light"? You? Gulity until proven innocent?

A hammer can be used to build house or bash in your skull. Should all tools that can be used for evil be outlawed?

That which can be used for good, can also be used for evil.

My point is, that by being "responsible" about my actions, I have the freedom to act.

You don't believe in the concept of "Free Will"? You are free to act, regardless of whether your actions are responsible or not.

Morality by fear isn't morality, it's just living in fear.

What worries me, is that this Guy, instead of asking the world at large for help, has provided a legal precedent which will certainly be abused in the coming months/years.

Self-reliance should be applauded. Either way he did ask the world for help, he asked his local legal framework for help. The "world at large" can be as close as your local courthouse.

Appeals can be abused, should they be gotten rid of?

Until some truly awful event, is so uncontrevertible, it can over turn the original decision.
Who has to die for that? A child? An African? An African child? And who will scream about "right wing extremism" then? Or catholic cover ups?

Whose life is more important than anonymous free speech?

Intangible things like Freedom are hard to weigh & balance against tangible things like a child life. Which is why the whole "Think of the children" mantra sells well to the public. But if one were to actually take a moment and think about it... preserving Freedom for future generations actually is "thinking of the children".

The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.

The decision was wrong, and only time will prove me right. For what it is worth, I think you and I actually agree.

I am sorry I have done such a poor job of explaining my position, then. I think we differ greatly on at least three points
1) You don't seem to believe in anonymous free speech
2) You default to seeing how something can be used for evil, where I tend to see how something can be used for good.
3) You have way more faith in law enforcement than I do

"We cannot expect people to have respect for law and order until we teach respect to those we have entrusted to enforce those laws" -- Hunter S Thompson

What type of logs?

[slimey_limey]

The article is vague. Are these the logs of connections made, or are they the logs of when an address was assigned to them by DHCP, or what?

Re:What type of logs?

[nospam007]

The article is vague. Are these the logs of connections made, or are they the logs of when an address was assigned to them by DHCP, or what?
--
The customer has a flatfee arrangement, so the IP address is irrelevant for billing purposes and so doesn't need to be stored and hence is forbidden to.
Their privacy law forbids saving any irrelevant data of customers.

Re:What type of logs?

[slimey_limey]

So I take it then that we're talking about DHCP server logs?

Re:What type of logs?

[mxs]

Radius, actually. That particular ISP does not use DHCP; all (A|V)DSL(2\+?)? connections are handled with PPPoE, so you get your IP from the PPP session set-up. Connections are reset every 24 hours automatically, and you do not usually get the same IP again after 24 hours (they claim this is done for technical reasons, which is, simply put, BS :)

Re:What type of logs?

[eguaj]

"they claim this (connexion reset every 24h) is done for technical reasons, which is, simply put, BS"

Well, I heard that there is a (rare ?) problem of "ghost" PPPoE connexions when they are not closed/teared-down properly that oblige you to wait for the server to reset the connexion, and that's why they force a reset every 24h, to properly close all the connexion and allow you to reconnect at least after 24h.

Re:What type of logs?

Please don't reply in the form of a signature. It's annoying.

Re:What type of logs?

[mxs]

This problem could be handled differently. You could tear down a PPPoE connection if no data has flown through it in 24 hours, for instance, or automatically reset the connection if new LCP packets arrive indicating the customer wants to set up a new PPPoE connection; also contrary to popular belief, you can set up multiple PPPoE sessions on the same wire; they need to have the Host-Uniq flag set, or use different MACs -- but it is possible; for instance, you can open connections to T-Online and Titan Networks over the same link easily (I actually use this for native IPv6 connectivity from Titan).
Also, if this WERE the reason for this idiotic behavior, you would not be able to get business service on the exact same line from the exact same access concentrator using the exact same infrastructure that did not have this limitation. Of course, the price is not exactly the same in that case.

Re:What type of logs?

[slimey_limey]

My thoughts exactly. That's why God invented the

tag.

Re:What type of logs?

Here's a possible technical reason: to prevent users of the service from effectively running their own web servers, DNS, or other services that rely on a client connecting to the service's ip address. The forced disconnects will keep unnecessary traffic/idle connections to a minimum.

Re:What type of logs?

That's not really a technical reason though...

Re:What type of logs?

[mxs]

It's probably the reason (not having server services run reliably), but that is /really/ not a technical one.
Note that your connection can stay completely idle for those 24 hours, or pump a full 16mbit/s through it for 24 hours -- you can also reconnect immediately after the forced disconnect; it doesn't really do anything to prevent idle connections or "unecessary" (that term should be defined by the paying customer, not by the telco) traffic.

Requests to delete server logs

[Neoncow]

Requests to delete server logs, however, will be logged.

Re:Requests to delete server logs

[giminy]

Well that's easy, we simply ask them to delete the log that records that we asked them to delete the log. Problem solved!

Re:Requests to delete server logs

[Duncan3]

Fear not! Google has a copy.

Re:Requests to delete server logs

[sanyam_y]

Well, the ISP can always keep a backup of the logs before deleting them. Who's going to check anyway :).

Re:Requests to delete server logs

[kjart]

Fear not! Google has a copy.

This raises an interesting question: would Google delete logs on you if you asked them to?

Re:Requests to delete server logs

[AndersOSU]

Records deletion requests all the way down.

Re:Requests to delete server logs

[Duncan3]

They have stated publicly many times - absolutely not.

Then they wouldn't know what ads to give Adblock to block :)

But no privacy in the land of the free

[Salvance]

I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have? While some other freedoms (e.g. speech,press) are more limited in countries like Germany, there appears to be a strong right-to-privacy movement backed up by the government.

Sure, our media and government pay lip service to privacy issues, but the reality is that our government wants to increase monitoring in the name of fighting terror. Compare this story of Germany forcing the ISP to delete logs for a customer to this one outlining yet another argument by US officials to require ISPs to maintain even more user data.

I'd hate to see us to become a 'surveillance society' like Britain has. Unfortunately, we seem to be quickly heading down that path, particularly since our citizens haven't yet raised up to demand greater freedom.

Re:But no privacy in the land of the free

I think the "why" comes down to constitutions, and this serves as a good example of why constitutions (and good constitutional adjudication) are so important. I'm not sure about the extent to which you can say the German government supports privacy because it thinks it's an inherent good. The German constitutional court has for decades recognised a strong right to "informational self-determination" in the German constitution. This right applies pretty much whenever individualised data is being collected (and sometimes even more broadly - e.g. this is why there aren't CCTV cameras everywhere in Germany, c.f. your average English High Street). Compare this to England, where there is absolutely no legal tradition of a right to privacy (even the European Convention on Human Rights, which the UK is obliged to comply with, has had scant effect on this).

The US is somewhere in between. Sure, the US constitution contains what has for the best part of a century now been recognised as a right to privacy, but the Supreme Court put a wall up around this in the 1980s by saying that surveillance of the kind that would be possible with the naked eye in a public street is constitutionally ok (after all, a Police officer standing there 24 hours a day, 7 days a week could observe that stuff, right). Not really an apt comparison for the purposes of IP logging, but demonstrative of the failure of the US courts to keep up with the pace of change.

Re:But no privacy in the land of the free

[Firehed]

We know we won't get it if we ask, so we don't bother. You don't get anywhere lying down, but at least you don't get red-flagged by asking for some privacy.

Re:But no privacy in the land of the free

[foobsr]

some other freedoms (e.g. speech,press) are more limited in countries like Germany

Any source? Just curious, as I am living in Germany and did not really realize.

Also:

Press Freedom Index 2006

CC.

Re:But no privacy in the land of the free

In America and Britain, some people consider the fact you are not free to spread Nazi propaganda in Germany as a grave violation of freedom of speech. Of course, if some German does spout off some Nazi nonsense, Germany is accused of not doing enough to prevent Nazism.

Re:But no privacy in the land of the free

source one. source two. source three. source four. source five.

Re:But no privacy in the land of the free

The German government isn't a bit better than the US government. However, we have some basic rules, and as long as the *courts* (not government) uphold these rules, we're good.

Complain to your courts that they don't honor the constitution quite as much. Oh, and while you're at it, abolish that standing army that has been there for waay longer than two years, and that was used in many offensive contexts.

In many ways I as a German envy Americans for their freedom, really, but citizen rights are still reasonable here in Europe, especially the right to privacy in Germany. (the whole political spectrum is just way shifted to the left, with good and bad consequences)

Re:But no privacy in the land of the free

[nath_de]

You do know that the law banning nazi propaganda and symbols was installed by the Allies after the war? It is no German invention at all (but I still think it is a good law most of the time).

Re:But no privacy in the land of the free

[Jugalator]

He may be considering hate speech laws, but then, on the other hand, is he considering free speech zones in the US, and so on? I'm hesitant to call freedoms more limited in countries like Germany for this reason, especially with the actions GWB has taken in the US lately.

Re:But no privacy in the land of the free

[Calinous]

As a matter of fact, Mein Kampf (the "bible" for the nazi regime) is copyrighted by the US Army (as retribution after the war, I think). This way, they were able to stop a re-edition of it in Germany. The opinion of the editors? This being a copyright issue, it cannot be considered censorship, and we won't publish it (they were pretty far in regard to the publishing)

Re:But no privacy in the land of the free

[Analein]

Yes, we here in Germany weren't all that good when it came to banning Nazi stuff, before all that stuff with Hitler dying and us losing the war happened :/

Re:But no privacy in the land of the free

[nath_de]

Sorry, but you're wrong there. Copyright for "Mein Kampf" has fallen to the state of Bavaria after Hitlers death (since there were no heirs). You can only get an annotated version as Bavaria won't publish the original version. 2015 the copyright should expire (70 years after authors death) and the book should go into the public domain (barring any changes to copyright laws).

Re:But no privacy in the land of the free

[Trevelyan]

UK does have laws protecting peoples privacy. Namely the Data Protection Act and Rights of Investigatory Powers Act. The first one controls disclosure as well as providing means for individuals to review the data kept about them. The second controls what a co. such as an ISP can do with the data (eg traffic logs) as well as what the authorities can do. The two together means that you have to be able to justify the data you keep and for how long you keep it. The network that I work for does not keep data for longer than 3 months, unless it relevent to some network issue/investigation, then its kept for 2 years; but never indefinately. Lastly there is also the Freedom of Information Act, which allows citizen access to all sorts of government and civil service information and documentation. So you can double check their procedures for example.

Re:But no privacy in the land of the free

[misanthrope101]

I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have?

Well, Germany actually had a dictator lie his way to power by using fear and patriotism as bludgeons against his opponents. They know firsthand what dangers lie at the end of that road. We still think we can have everything along the road (the exaggerated nationalism, the fear-mongering, the reduction of freedom to save freedom, etc) without necessarily arriving at the same destination. Continental Europeans know better, at least for now. In time they'll forget, because people always do, but for now they are more vigilant in defense of freedom than the Brits or Americans.

Similarly, Stanley Milgram, in his Obedience to Authority experiments and book, found very high obedience levels in Americans, but less so in the nations that had to live under Hitler. People sometimes do learn from history, though the knowledge probably gets diluted with time and distance. But for now Europeans seem a bit more disillusioned with the idea that you can give government unlimited power and still protect freedom, ergo they restrict government more. We seem to think the opposite, at least for the moment, which is why you're considered a terrorist appeaser if you think the government should have to get a warrant before putting people under surveillance, you oppose torture, or you think people should get a trial before being locked away. I only hope the pendulum starts swinging the other way soon. I'd like my nation to oppose torture and support habeus corpus. Strange that my pulse quickens while typing that--why should it be controversial?

Re:But no privacy in the land of the free

[vidarh]

Actually, the legal basis for this decision in Germany, is the EU data privacy regulations, which each member country are required to reflect in national laws. In the UK this would be the Data Privacy Act that gives us similar protections to the Germans.

Re:But no privacy in the land of the free

[Kokuyo]

I think your parent poster has got something mixed up. What he meant was freedom of speech. And by all means, that is limited in Germany and Switzerland as far as my little swiss mind can remember. Try stating that you think jews are subhuman and see what happens (I advise you to only do that if you don't really like your life as it is all that much...).

Of course we could argue that such sentiments are stupid anyway, but that is clearly a matter of opinion. And just because our opinion (assuming you also do not believe that jews are sub-human) happens to coincide with the law doesn't mean that they couldn't just as easily apply a similar law to something we hold dear.

Re:But no privacy in the land of the free

[foobsr]

It is on Gutenberg.

No, I am more libertarian.

CC

Re:But no privacy in the land of the free

Well, looking up this index http://www.rsf.org/rubrique.php3?id_rubrique=639 seems that the Brits and the Yanks are behind Germany even in freedom of press (which probably translates in freedom of speech, I think). But the worrying thing is that because your countries are leading the way into more and more restrictions and because you are supposedly the 'leaders and guards' of the western society as it is now, our governments will enforce restrictions similar to the ones you (will) have. Like, as an example, the incredibly stupid new rule where you cannot board a plane in any of the European countries carrying a bottle of water/juice/whatever because of what happened in Heathrow few months ago. But, of course, you are allowed to bring any bottle you buy from a duty free shop. How stupid is this?

Re:But no privacy in the land of the free

Could it be bacause most countries in continental Europe did experience actual (and painful) loss of freedoms during the last part of the 20th century?

Re:But no privacy in the land of the free

[wizztick]

freedoms (e.g. speech,press) are more limited in countries like Germany

Salvance, can you give some example of why speech and press are more free in America than in Germany. I am curious to what is more limited in Germany, or a country like Germany.

Re:But no privacy in the land of the free

[jujuchef]

Protect peoples' privacy from whom? Companies? They come and go. How about governments? Which ones?
Good thing there is no such thing as having video surveillance seized by UK government, or the ID card scheme that will potentially tie-in seemless ability to quickly pull all purchases, where you drive and how fast, whether or not you prefer regular or free-range eggs...
http://www.privacy.org/pi/activities/idcard/uk/uk- idcard-faq.html
In particular, note the legal protections to limit the use of any information. As a yank living in the UK for a number of years now, I don't see much difference in the information gathering capabilities between US/UK. I see the UK as more bold in their actions because the citizens here do not have an underpinning constitution. This is important as laws can change much more quickly than with a constitution.
This does make me question just how solid a move Germany has made with this log deal, and if it can't be over-ruled by a higher court.

Re:But no privacy in the land of the free

[dajak]

In addition to having hate speech law, Germany has also been accused of persecution of religious minorities. Other continental European countries (for instance the Netherlands, where I come from) still have archaic crimes like lese majeste, libelous blasphemy, and criminal libel in the books. Apparently this does not prevent most of these countries from ending up higher (shared #1 for the Netherlands) in press freedom rankings than the US, which imprisons journalists for not revealing sources and generally frustrates investigative journalism.

Re:But no privacy in the land of the free

[dufachi]

We try to demand it. But, the **AA puts an incredible amount of cash in our legislators pockets, and every red-blooded American knows that Congress is the puppet of those with the most cash and have no interest in actually serving their constituents.

Re:But no privacy in the land of the free

Not just hate speech (though that too), but you can't insult a bureacrat without being heavily fine ($5000) which I find pretty ridiculous. It's called, Beamten Beleidigung. That means any bureacrat, even a cop. (These fuckers should have thick skin and bear it:)

Also, one year the papers were making fun of Schroeder's (the Chancellor) hair color and suggesting it was dyed. He sued and banned them from talking about his hair. So there goes freedom of press.

http://en.wikipedia.org/wiki/Gerhard_Schröder#Pres s_freedom

So there goes your freedom of the press. Really, in Germany you enjoy your freedoms unless you have the wrong opinions (slightest right leaning) about anything.

Re:But no privacy in the land of the free

[dajak]

People sometimes do learn from history, though the knowledge probably gets diluted with time and distance.

The fear of politicians and government of being perceived as nationalist sometimes has perverse results. Here in the Netherlands we used to have a historical curriculum that identified tolerance as a key part of national identity, but the reluctance of government to prescribe historical dogma about "our ancestors" gives license to for instance schools with a majority of muslim pupils to gloss over impopular subjects like the holocaust and the eighty years' war (1568-1648), where "our protestant ancestors" are the ones being persecuted.

Teaching children about the attack by the resistance in 1943 on the population register in Amsterdam, with the intent to burn it down in order to frustrate Nazi bureaucracy, is the best way to instill respect for privacy. Reference to this event that most people know about is a powerful antidote to suggestions that "you have nothing to fear if you are innocent": it was the Dutch government that, in better days, compiled the data that allowed the Nazis to trace most jews (population register) and gave them few places to hide (cadastral maps). What to remember and what to forget is still a policy choice.

The US and continental Europe have different experiences of, and therefore perspectives on, WWII. For the US, WWII is a license to interfere militarily in perceived Nazi regimes abroad (as they did in WWII), while formerly occupied countries, and Germany itself, are busy simply not being a Nazi regime.

Re:But no privacy in the land of the free

[KnuthKonrad]

In addition to having hate speech law, Germany has also been accused of persecution of religious minorities

Ah, nice twist by the Scientology spin doctors. Scientology is not considered to be a "religion" in Germany. Therefore there can't be any "persecution of religious minorities". They're a company with any rights and duties each other company has in Germany.

But they're also considered to be an anti-constitutional. Their goals are against our constitution. Therefore our secret services ("Verfassungsschutz") has them on their watch list, like any other suspicious anti-constitutional organsations like NPD (german neonazi party) or Al Quaida.

And I truely welcome the above actions. We once had a fascistic regime here, no need to have another one (Scientology)

Re:But no privacy in the land of the free

[foobsr]

Welcome to our scientologic overlords.

CC.

Re:But no privacy in the land of the free

>I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the

Some of us do, but Americans are conditioned from birth not to expect privacy. Everything from *everybody* using your SSN to ID you (you wouldn't believe the arguments I've had) to the pizza place not wanting to deliver to you unless your address matches the caller ID.

For example - in Hillsborough County, Florida (Tampa) homeowners are required to provide their SSN to qualify for Homestead status of their homes. Homesteading provides serious protections yet if you don't allow the tax collector to store your SSN, you get no protection.

In that same county, they'll remove the names of officials, police, etc from public property records, but nobody else - I've known women who had restraining orders issued against abusers who couldn't get their names removed from public records even if they had moved.

Re:But no privacy in the land of the free

[6031769]

Rights of Investigatory Powers Act

I think you mean the Regulation of Investigatory Powers Act.

Re:But no privacy in the land of the free

[jackbird]

One problem is that the legal underpinnings of the court decision guaranteeing abortion rights in America rely on there being a right to privacy enshrined in the constitution. Since privacy is not mentioned explicitly anywhere in the document, this is one of the weak points anti-abortion groups go after. In other words, USA political discussions of "the right to privacy" are actually about abortion, making it very difficult to make any headway on actual privacy rights.

Re:But no privacy in the land of the free

[Jtheletter]

Ah, but the author didn't actually die until 1968, thus ending the Occult Wars. So really it won't be in the public domain until 2038.

Sorry, I just watched Hellboy for the first time the other night. ;)

Re:But no privacy in the land of the free

[dajak]

Ah, nice twist by the Scientology spin doctors. Scientology is not considered to be a "religion" in Germany. Therefore there can't be any "persecution of religious minorities". They're a company with any rights and duties each other company has in Germany.

The government has no business deciding what is and what is not a religion, of course. Not that I am positively disposed towards Scientology, but if awarding status as a religion is apparently problematic, then maybe religion has a privileged status it shouldn't have. Criticism by NGOs is justified.

Their goals are against our constitution.

So? We even have a religious political party in parliament that refuses to admit women as members and is fundamentally undemocratic in nature. In Germany lots of political organizations (milli gorus is one I can think of) are prohibited that are allowed in the surrounding countries.

Re:But no privacy in the land of the free

The government has no business deciding what is and what is not a religion, of course. Not that I am positively disposed towards Scientology, but if awarding status as a religion is apparently problematic, then maybe religion has a privileged status it shouldn't have. Criticism by NGOs is justified.

Yet, the government definitely has a right to decide what is tax-excempt, and what is not, of course as well. Otherwise everyone could come about and say hey, this here Cult of International Business Machines is tax excempt as of right now.

The problem with scientology is that they can not prove that their sole purpose is religious in nature. Fixed prices for seminars and auditions intended to reap a profit are considered a big do-do for tax-excemption. Nevermind there's no law against for-profit religions. Just don't expect to be treated as if your organization lived from pocket change. Which is the only reason to depend on tax-excemption for religious freedom whatsoever.


So? We even have a religious political party in parliament that refuses to admit women as members and is fundamentally undemocratic in nature. In Germany lots of political organizations (milli gorus is one I can think of) are prohibited that are allowed in the surrounding countries.


Well. Let's just say that we tried that. It's been a failure. Catastrophic, as you might be aware of. We won't try that again. Well, I hope so. See how well it works? No world wars caused again, as of yet.

Anyways, it's the bit about inciting people to do something to topple the system of democratic values in germany. It's not about having that opinion or expressing it - okay, expressing it to the extent that it doesn't harm others. Yelling "fire" in a crowded theater theory comes to mind here.

Re:But no privacy in the land of the free

[arminw]

....Not really an apt comparison for the purposes of IP logging.....

But is a good comparison. The Internet is a PUBLIC place. Anyone who thinks otherwise is fooling themselves. Privacy only should apply where human eye or ears or their extensions would normally be, like in your house. Universal surveillance cuts down on random crimes of opportunity, but will never deter anyone determined to do wrong. Therefore, it is pretty useless to deter terrorists by universal monitoring of everybody. Terrorists are not random criminals and know well how to evade all monitoring efforts. Officials who advocate wholesale monitoring should know this. Therefore, their motives for wanting to monitor everybody must have other reasons. What those are can be argued about forever.

Re:But no privacy in the land of the free

[arminw]

.......are prohibited that are allowed ......

Germany is not alone in the idea that everything that is not expressly permitted is automatically forbidden. It's just like in many things German, the Germans are more thorough and methodical about it.

Re:But no privacy in the land of the free

[dajak]

Yet, the government definitely has a right to decide what is tax-excempt, and what is not, of course as well.

Deciding that "a religion" is tax exempt is contrary to freedom of religion. Only things sufficiently similar to christianity will be considered religion, which means that the taxpayer sponsors christianity. Best way to avoid criticism of privileging one religion over another is to ignore them in the first place.

The problem with scientology is that they can not prove that their sole purpose is religious in nature.

I think I can make a convincing case against, let's say, Roman Catholicism as well. Here in the Netherlands Roman Catholic higher clergy have been prohibited up to 1853. They are obviously dangerous political subversives who disrespect the rule of law, and they definitely have considerable business interests.

Well. Let's just say that we tried that. It's been a failure. Catastrophic, as you might be aware of. We won't try that again. Well, I hope so. See how well it works? No world wars caused again, as of yet.

This doesn't convince me at all. I see no relation between being particularly liberal on freedom of speech and starting wars, and I don't believe that the lack of censorship in the Weimar republic caused a world war.

Yelling "fire" in a crowded theater theory comes to mind here.

This is a concrete behaviour, not an organization or an idea. In the case of Scientology it is for instance possible to prohibit morally reprehensible sales techniques they use, and I see valid applications for things like criminal libel and defamation per se as well.

Criminalizing opinions, symbols, and organizations only gives a false sense of security. You can take away legal personality from an organization, but you cannot make an organization without legal personality responsible for criminal behaviour, and you also cannot make it disappear.

Re:But no privacy in the land of the free

[blue-rabbit]

But it's RIPA 2000 that obliges ISPs to keep logs of every site you've visited for a considerable periods of time. It's a massive blow to your civil liberties.

Re:But no privacy in the land of the free

[Bloody+Troll]

Now, if you're a Jew and state that Arabs are sub-human - that, of course, would be a totally different matter.

Re:But no privacy in the land of the free

[Bloody+Troll]

Last time I checked, NPD was perfectly legal political party in Germany, however much your "mainstream" polititians tried to vilify it. And it's position in the political spectre, I'd think, would be wa-ay to the left of the US Democrats, for example.

A question for network admins

[gaijin99]

I'm not an admin, and never have been so I'm working on ignorance here. But my question is, why bother with long term logs anyway? I understand a need to keep logs of activity for a week or so to deal with various attacks, zombie machines, etc, but why not set the logs to automatically wipe anything past that point? I can see maybe going nasty and selling it to advertisers, but other than stuff like that is there a use?

Re:A question for network admins

[unboring]

IP forensics is a very useful for fraud detection and prevention, not just click-through fraud but also ecommerce/transaction fraud. Its invaluable to mine through old IP data and detect predictive patterns in fraud.

Re:A question for network admins

Let's say if someone gets an e-mail/forum post but has been away for a long time - let's just say one day longer than the logs are supposed to be kept (meaning, eight days if we're going by a week with your suggestion). That e-mail/forum post was very abusive, racist, sexist, whatever - bad enough to merit a complaint. You can file a complaint, show the e-mail, but if the ISP doesn't log the IP as being online at that time, they can't do shit.

Granted, nowadays they don't do shit anyway, but beings we're already thinking hypothetically...

Re:A question for network admins

[plaxion]

You've answered you own question.... it's "stuff like that" (i.e. vague and unknown uses, both current and future) that are the worry.

Re:A question for network admins

[gaijin99]

To me that would seem to apply mostly to people hosting commercial sites, not an ISP providing end user access. Is that your angle, or did I miss something obvious?

Re:A question for network admins

[mxs]

Yes, there is a use. Law Enforcement LOVES long data retention. Really, they do.

The MPAA/RIAA/IFPI/etc. all LOVE long data retention as well, especially when combined with Law Enforcement.

I'm pretty sure all manner of intelligence services also LOVE long data retention.

I have yet to see a case of a consumer/customer loving long data retention.

Re:A question for network admins

[gaijin99]

Well, its what worries me about people *keeping* logs, actually....

On a practical note, how much storage are we talking about for a decent sized ISP? I'm assuming you'd want to store the customer's ID, the IP address visited by the customer, the website address (if there is one), a timestamp for that visit, and maybe the amount of transfer both upstream and downstream each time the computer sends or recieves. Even for small ISP's that sounds like a lot of info to keep, indefinately, for every single customer and ever single thing they do online. I know we store a lot these days, but for the big guys like AOL that sounds like it could get into the range of multiple gigabytes per day. I know that tape backups aren't that expensive, but it sounds like a lot of trouble to go through for not a lot of payoff.

Are my guesses here utterly off, or do they really store that much data on their users?

Re:A question for network admins

[gaijin99]

Yeah, but the ISP's are doing it, and they aren't compelled to do so by law (at least not yet in the US). That implies that they have reasons of their own, and I'll be buggered if I can see what those reasons might be, beyond evil stuff like selling the info to advertisers.

Re:A question for network admins

[mxs]

The ISP in question stores your assigned IP, duration of the session, start-time of the session, bytecounters up/down, username, and probably access concentrator (i.e. which physical land line was used).
No logs of website accesses or acribic list of all packets sent and received are made.

A lot of data is accumulated, but really, what does a terabyte of online storage cost these days ... Peanuts.
Amazon stores your entire clickstream history, everything you ever did on their website, for an indefinite amount of time. Walmart has some of the largest databases in the world holding all manner of customer and sales records. I'd be surprised if Google ever deleted search logs. archive.org tries to store the entire web many times over.
Storage, per se, is cheap :)

Re:A question for network admins

[cheater512]

Your guesses are off.

They only log what ip each customer gets.

Re:A question for network admins

[daverabbitz]

Well, I personally love my HDD's long data retention. If I'm lucky it might retain my data for 10 years. Then again it might fail 1 week after purchase. .....

Oh log retention, yes well that doesn't make a whole lot of sense... Except when it does.

I really wish Linux had a fossilfs like Plan9 that stored all changes chronologically. Kind of like Subversion on 'roids.

And no I'm not in favour of my ISP logging huge amounts of data about me, on the other hand I would be quite grateful if they kept reasonable amounts of logs of routing tables, I'm not sure what logging IP addresses means, surely they aren't logging every host I connect to, that would be insane.

Oh well, I can't even remember why I started this post, I guess that means I don't hav every good data retention...

Re:A question for network admins

[mxs]

Did you miss that AOL and TW merged ? Many ISPs are part of larger conglomerates, or in bed with parts of the media industry. That should be enough incentive.
Traffic usage logs are interesting as well; one broadband ISP (1&1) in Germany regularily offers some of their customers $150 if they leave for another provider, since these customers actually used the bandwidth being advertized and generated generous amounts of traffic. You can't do that without retaining information on traffic usage.
Other ISPs might use this to segment their userbase a bit so that the bandwidth-hogs get lower traffic priority than the "good" customers. This is rather common (or used to be so) in Switzerland. Some ISPs take it as a metric to decide whether certain ports should be blocked for a certain customer (a notable one, also in Germany, blocked port 1214 and some other notorious filesharing ports; if you asked them about it, they'd lift the block -- but only if you signed a contract that you are not breaking the law ... Fat lot of good that does, but hey, it seems to intimidate enough). Another ISP (I think it was T-Online, way back) sent letters to their bandwith-hogs reminding them not to do illegal stuff with their connection -- the ONLY metric used in that case was bandwidth used, not any indication of any wrongdoing. So if you were merrily sharing Warcraft patches or Firefox releases using BitTorrent you would get such a letter.

Maybe the network admins per se can't do much with that data, but the accountants & salesforce sure can.

Re:A question for network admins

[elyk]

I think it's also somewhat a matter of simply "because they can"; they don't necessarily see a use at the moment for those two year old logs, but you never know when they might come in handy...especially when a nosy government issues you a subpoena To those wondering whether the letter requesting that the logs be deleted will be logged: Yes, it will, unless you submit another letter requesting that it be deleted, but then that letter will be logged, unless you submit another letter...

Re:A question for network admins

[mxs]

"logging IP addresses" means logging which IP address your connection had at a particular point in time within the last 80 days. (so a lookup of 1.2.2.4 in their database would yield "mxs", or whatever my customer number is)

hrrm ... wouldn't UDF work as a replacement for fossilfs ?

Re:A question for network admins

, but you never know when they might come in handy...especially when a nosy government issues you a subpoena

Yeah, it sure is handy to have logs off on secondary storage somewhere that you have to spend at least a few hours if not days of man time recovering just to comply with a single subpoena. No possible way it would be better to spend practically zero time complying with a subpoena because there are no logs to retrieve in the first place.

Let's see - say 50 subpoenas per year means at least 50 man hours wasted vs zero man hours wasted if there are no logs. Yep, sure is handy to keep those logs around!!

Re:A question for network admins

[Benaiah]

Yes, there is a use. Law Enforcement LOVES long data retention. Really, they do.
The MPAA/RIAA/IFPI/etc. all LOVE long data retention as well, especially when combined with Law Enforcement.

The MPAA/RIAA/.... doesnt combine with law enforcement because they arent enforcing laws. What these lawyers do to get your IP address is damn right underhanded, and many would consider illegal. I would say MPAA/RIAA/... combined with politicians love data retention to push their case and make examples of people who oppose their view.
Watch thank you for smoking. Fucking Lobbiests.

Re:A question for network admins

[Burdell]

I work for an ISP. As part of my job, I handle abuse reports. Often
reports are for events more than a week old (typically worm type reports
come fast, but spam reports are often delayed because the recipients
don't read their email every day).

We also use long-term data for trend analysis: which POP needs more or
less dialup lines, who dialed in to a POP (with how much they pay, does
the POP make financial sense), etc.

While trend analysis doesn't require IP addresses (for the most part),
the call database has a record per call that includes the IP (same
database as used for IP abuse lookups). To not retain IP addresses,
we'd have to set up a second database, second lookup interface, and some
transfer mechanism between the "with IP" and "without IP" databases.
That's a real PITA, so we don't do that.

Re:A question for network admins

[arminw]

.....A lot of data is accumulated, but really, what does a terabyte of online storage cost these days......

The idea of immense data storage and its implication for all humans, especially evil doers, is nothing new. DNA can store a lot of information. If we humans can develop low cost data storage, is it so far fetched that the One who came up with the DNA data storage machinery can and will do exactly what he has promised to do in revealing ALL of man's thoughts and deeds? This was written centuries ago in the Holy Scriptures:

Luke 8:17 For nothing is secret that shall not be revealed; nor secret which shall not be known and come to be revealed.

Luke 12:2 For there is nothing covered that shall not be revealed, nor anything hidden that shall not be known. 3 Therefore whatever you have spoken in darkness shall be heard in the light. And that which you have spoken in the ear in secret rooms shall be proclaimed on the housetops.

Rev 20: 11 And I saw a great white throne, and Him sitting on it, from whose face the earth and the heaven fled away. And a place was not found for them. 12 And I saw the dead, the small and the great, stand before God. And the books were opened, and another book was opened, which is the Book of Life. And the dead were judged out of those things which were written in the books, according to their works. 13 And the sea gave up the dead in it. And death and hell delivered up the dead in them. And each one of them was judged according to their works.

Re:A question for network admins

[mxs]

Thanks for this, I needed some comic relief :)

(the above was written by man, and genetic memory was not even a far-fetched thought back then. I love it when people try to cite that (admittedly in some stretches quite entertaining) book as a way to instill fear and prophecize whatever it is that is currently worth prophecizing to the citer :)

Canadian/America version?

Is there someone who is a lawyer and is able to make a version for us Canadians/Americans?

Australia..

[swordfishBob]

It should work in Australia. Privacy laws here state that:
- If I ask a company operating in Australia what information they have about me, they are obliged to tell me
- If I ask where they got this information, again they must answer
- If I ask the same company to remove such records, AFAIK they must, though there are reasonable exceptions to this one. (e.g. if i've done business with them, they have to keep financial records. if it's my bank, they might have to cancel the mortgage to comply..)
- Companies operating here are not supposed to pass on private information without consent, which is why so many competitions and things have clauses in tiny writing to get your consent.

Re:Australia..

[Mattwolf7]

I nominate a motion from this point forward Australia and Austria will be noted in the following fashion:

Australia (AU)
Austria (EU)

Cause I was totally reading this comment and since my mind was on Europe and Germany immediately thought you were talking about Austria (EU) and not Australia (AU) the country in a different hemisphere...

Re:Australia..

[Heir+Of+The+Mess]

You must be from America. Americans often send us Australians instruction manuals in German because they think everyone speaks German in Austraya.

Re:Australia..

[rastos1]

>Privacy laws here state that: ...

Good for you. Basically the same laws are valid in my country. The problem is that they do not work.

I got good offer from a bank for a credit card (they are not so common here, most people use debit cards). I applied and I had to supply some information about my backround, so the bank knows I can pay back my debts. (that was the 1st strange thing because they aproached me because of my account history). After one manth I got a written balance statement and I saw that the offer is not that good as advertisied. The clerk in bank simply told me something what turned out not to be true. I said: ok, cancel the credit card. And I formally asked for list of informations they received as part of application, list of 3rd parties they provided this info to and I asked them to delete that information. The reply: You are right that based on the "privacy law" you can request deletion of that data, but based on "archiving law" we and "National credit bureau" can keep the data for next 5 years. "National privacy protection office" confirmed this. I never heard about "archiving law" before.

So, don't trust laws in your country unless you get a chance to test them on your own.

Re:Australia..

[Timbotronic]

Unfortunately the laws don't work very well with small companies. I filed a complaint against a Sydney real estate agency who sent multiple unsolicited text messages to my mobile phone. They just ignored my requests to 1. stop and 2. tell me where they got my number from.

The Office of the Privacy Commissioner will only launch investigations against larger companies (IIRC they need to have an annual turnover >$500K) and they told me as much when I complained. So that leaves a fair bit of room for unscrupulous companies to flaunt the law without fear of reprisal.

Re:Australia..

i'm guessing this is just your run-of-the-mill all financial records hould be kept for 5 years.
And even worse!!!!1 i bet your school still has all your grades/projects since they are required to keep them for about 11 years or so. (this includes that wonderfull little science project you made)
(it's been a while since i went to school though, but 15 years ago my school had a big room stuffed with all the science projects done ever at that school, and apparently there are only so many ways you can make a papermasche hindenburg type blimp)

This making the assuption you live in the netherlands btw.

all because of accountabilty i guess

Re:Australia..

I nominate a motion from this point forward dipshit americans and respectable americans will be noted in the following fashion:

American (dipshit)
American (respectable)

if you can misread australia as austria, you are of the dipshit variety

Re:Australia..

[tryptych]

Respectable Americans? I thought they were called "Canadians"?

Re:Australia..

[rca66]

Americans often send us Australians instruction manuals in German because they think everyone speaks German in Austraya.

Is this so? I assumed, they think that people in Germany and Austria talk English with a funny accent, mixed in some strange words like "Achtung!", "Marsch! Marsch!"

Re:Australia..

[Marsmensch]

I was about to say the same thing about France, but will add this as a reply here. I worked in France for some time and remember the same rights being effective there, and having them printed on a lot of things you sign to when you hand someone information (when ordering something or whatever). I remember being impressed that the system seemed to work there and be respected, at least most of the time, though I'm sure there are exceptions.

It is interesting to note that while a lot of restrictions are in place on the kind of information private companies can obtain and store about you, making France one of the most privacy conscious countries in the world as far as commerce is concerned, the opposite is true about their intelligence services. Though laws protect certain professions from snooping (journalists, judges, and the like), if you're an ordinary person, they can know pretty much everything about you with little oversight.

Re:Australia..

[fizze]

Kangaroo jokes aside, the parent's parent is also truthful for Austria.

Re:Australia..

[KnuthKonrad]

It should work in Australia. Privacy laws here state that: [...]

Exact same thing here. On top of that, various courts, including the BVG (constitutional court) have stated that data storgar must be minimized to only the data necessary to fullfill the request service/transaction. I.e. a site providing a newsletter might not store (and not even ask for) anything more than your email address (and perhaps which newsletter you'd like to subscribe, in case the site provides more than one newsletter).

I regard that principle as highly appreciated.

Re:Australia..

[pclminion]

Are you kidding? Because that's pretty damn funny (and very sad) if true.

Re:Australia..

[Heir+Of+The+Mess]

It does happen. Mainly from small niche market suppliers who do ruggedised or magnetic/electric field resitant equipment. Sometimes we get the manuals with multiple Asian languages but no English, but I think that's something to do with Australia being in the Asian region. The strangest one was when we got the manuals in Hebrew.

Data Retention Directive?

[aleph]

Isn't there an EU Directive regarding data retention that went through in response to "the terrorist threat"? How does that gel with this ruling?

Re:Data Retention Directive?

[mxs]

The laws resulting from that directive will not be in effect before Jan 1, 2007.

Re:Data Retention Directive?

[Clythos]

The ruling applies under current law, likely the telecommunication law will be changed before the EU directive is enacted.

Re:Data Retention Directive?

[TheGilmanator]

Gel isn't allowed in quantities over 100ml, you insensitive clod!

You Can Delete the Logs Present Now...

[MSTCrow5429]

...but what happens when the user logs on again, after the IP log purge? Are they back in the records from that point on?

Blurb text misleading

[mxs]

Not /exactly/ true. The sample letter speaks of a complaint, but T-Online has every choice not to comply.
The linked webpage then recommends sueing T-Online in that case. If/Once you win that lawsuit, T-Online has no choice but to comply. This is a tad different from what the blurb here would have you believe.

(All this is based on rather strict privacy laws that require a provider not to collect any data not relevant to accounting; since IP addresses and data volume is not needed for accounting on plans with a flat fee per month, T-Online has no right to do so; they, however, save that data for 80 days.)

Of course!

[bblboy54]

The A in AT&T stands for American.... You don't exactly see GT&T do you?

Re:Of course!

Dude. Don't know why you think German Telecom should be spelt with a 'G'. Try Deutsche Telekom. And it does exist, it's just not allowed to have such a monopolistic market share as the large american carriers.

After Deleting the Logs...

[DavidD_CA]

After deleting the logs, does the ISP have to delete the letter that requested the logs be deleted?

Re:After Deleting the Logs...

[EveLibertine]

No, I believe it goes something like this:

"This message will self destruct in 5...4...3...2...*!"

Re:After Deleting the Logs...

[SuiteSisterMary]

Dear requester: Per your request, we have deleted your IP logs. The deleted records are attached to this letter, for your reference. We will keep a copy of this letter on file, as proof that your request was carried out. Thank you for your patronage.

Google Language is a real boon :)

[glowworm]

Sometimes tools like Google language or Babelfish are an absolute necessity when dealing with texts in a language other than your own...

Othertimes though...

The deplored one is condemned to omit it with the use of the Internet entrance

Machine translation just isn't up to task.

Re:Google Language is a real boon :)

[boraugurlu]

german laws can be really complicated you know..

Over here we force deletion of election logs

Thanks Diebold!

Re:Motherfucking bureaucratic world...

[aeschenkarnos]

Because: (a) some people commit actual crimes (like, the kind with victims) on the internet, and the ISP's logs are equivalent to the film from the CCTV camera across the street from a robbed bank; (b) there are good technical reasons, ie statistical data used for load-balancing purposes, network expansion, upgrade scheduling etc, for keeping logs (although obviously, stripping out identifying data ought to be done wherever this doesn't interfere with that purpose); (c) to some extent, keeping "logs" as such is an unavoidable consequence of doing what an ISP does. Functions like billing depend on logs. If they didn't keep logs, what recourse do you have if they bill you for 100GB over-quota usage during the month?

As with any other business you deal with, the difference between "monitoring customers" and "keeping business records" gets a bit blurry. A plumber keeps a "log" of whose house he visits, what he does in each house, what materials he uses, and how much he charges each householder. He probably calls this log a "receipt book". Obviously this book is unlikely to contain evidence of a crime, but that's due to the different nature of the plumber's business, not the fact that he keeps logs.

Good and bad.

The main problem, as I see it, is that a huge load of users will be infected by malware, which is used to spam. If these same users have requested that all their IP logs should be deleted after disconnect - things get rather tricky.

Also, what if a spammer signs up, requests all logs to be deleted .. waits .. and then starts spamming? Pretty damn difficult to track down if a lot of users have requested that their IPs should not be logged.

On the other hand, I hate that the spam problem should be solved by violating privacy. It was all okay for me when ISPs logged what they wanted, but didn't hand it over to anyone except when they found it necessary to investigate something themselves - due to complaints which would hurt the ISP itself (i.e spammers.. RBL's .. and so forth).

Re:Good and bad.

[nath_de]

I don't think this will happen. All other ISPs always deleted the IP logs for flat fee users, only T-Online didn't.

Re:Motherfucking bureaucratic world...

[Gunnut1124]

So you are saying that it is a valid and reasonable argument that we should give up privacy because someone COULD commit a crime? I think this is the root of the problem many folks see with monitoring today. People like you, who are presumably good folks, think that it's cool if the gov't looks over your shoulder and watches everything you do. Others, presumably good folks too, want to have a private and less-observed life away from the cameras, recorders, logs, biometric-scanners, and databased-identities of your Orwellian dream. Monitoring never directly prevented crime, it has only been used to established that a crime was committed. If you want to prevent crime by monitoring, I hope you have no problem with the gov't putting GPS in your car to make sure you drive the speed limit, then mailing you a ticket when you do. If you want to prevent crime by monitoring, you better hope that camera on your street corner jumps in the way of the bullet before it hits you in the chest, cause all it's likely to do is tell them a person in a hoodie blasted you. (Not a threat on you at all, i don't even know you...)

Does that clear up how monitoring goes afoul? Does that show you how monitoring isn't going to HELP you? If not... Then I guess I have failed here.

er

[mr.cbaker]

99 luftballoons?

Re:er

[ettlz]

Hmm... wasn't she the one all the blokes used to fancy — until she raised her arms?

Not quite as good as it looks

[njdj]

The original article points out that keeping logs is incompatible with existing German law. But the law will soon be changed, because Germany will have to comply with an EU directive mandating that logs be kept for at least 6 months. Germany has already asked for an extension of the deadline to comply with this, but the strong likelihood is that the German privacy laws will be changed to comply with the EU-mandated snooping.

EU pols and bureaucrats are as hostile to personal privacy as US pols and bureaucrats.

Re:Not quite as good as it looks

[hweimer]

The original article points out that keeping logs is incompatible with existing German law. But the law will soon be changed, because Germany will have to comply with an EU directive mandating that logs be kept for at least 6 months.

It wouldn't be the first time that the highest German court nullifies the implementation of a EU directive.

Re:Not quite as good as it looks

[ista]

From as far as I've heard of, the current ideas how to implement that EU directive in Germany will be more in the way ...

• The ISP has to store the data for exactly 6 months on his own cost at his own site. No remotelogging to some agency, no costsharing.
  
• This does apply to "communication" logs - httpd, file transfer, mail and dialups. Some sites (web hosts, freemail services, ...) are logging way more than 100 Byte a day, and so the cost for that logging isn't that low as some readers might guess. It doesn't mean that any ISP has to tcpdump or mirror their traffic, but any of their own server who is logging something would have to comply to this rule.
  
• The ISP may not use that data for his own purpose other than as much as needed by the user's contract (e.g. billing, statistics) or internal debugging.
  If they're looking up an IP adress for net abuse without any legal document asking them to do so, that evidence is to be rejected in any court and the one presenting that "evidence" is likely to get into some legal trouble.
  

At least from some legal point of view, this restricts the use to comply with both privacy as well as the EU snooping directive.

ista

it should be "opt in"

[chocolatetrumpet]

You should have a send a letter to request being logged.

Re:Motherfucking bureaucratic world...

"some people commit actual crimes (like, the kind with victims) on the internet" Like what?

Re:Motherfucking bureaucratic world...

[Pofy]

>a) some people commit actual crimes (like, the kind with victims) on the internet,

Yet in almost no country does the post office keep track and logs of who mail who despite crimes both in the past and present probably occur thorugh mail. Further, many countries does not have any law requiring ISPs to keep logs, yet they do it anyway.

>b) there are good technical reasons, ie statistical data used for load-balancing purposes,
>network expansion, upgrade scheduling etc, for keeping logs (although obviously, stripping
>out identifying data ought to be done wherever this doesn't interfere with that purpose);

Which would be about every time or almost every time.

>(c) to some extent, keeping "logs" as such is an unavoidable consequence of doing what an
>ISP does. Functions like billing depend on logs. If they didn't keep logs, what recourse
>do you have if they bill you for 100GB over-quota usage during the month?

Which would only ever be important if you are billed by ammount of traffic which, at least in my country is almost non existant. Further, it requires no point in logging the IP number for example, you only need to keep track of ammount of data used (like electricity companies do for example).

formerly, it did

[misanthrope101]

You didn't get the memo, it seems. The A now means "All." Big merger. They also are the CIA now. Analysts were fired to free up office space for shredders, and all raw intel is funneled into Dick Cheney's office, where it is sorted into two piles, "reality," and "tomorrow's talking points." The first pile is thrown out, where Colbert Report operatives posing as facts (so they won't be noticed) smuggle the reality over to Comedy Central, where it is broadcast and uploaded just in time to highlight the perspicacity of today's (formerly tomorrow's) talking points.

And no, I have no idea how that tangent ended up the way it did. Good or bad, I had to follow it. My muse isn't very talented, but she's mine, and I love her.

The interesting political spin...

[phooka.de]

The ISP is germany's biggest ISP, the "Telekom". By the law, they were only entitled to keep logs that are required for billing. If you have a flatrate, no IP-logs are needed for billing and other ISPs didn't keep them, but the Telekom did.

Now here's the interesting bit: The entity that owns most of Telekom's shares is - the Bundesrepublik Deutschland, the German gouvernment. The "Innenminister", the guy responsible for the justice system, police etc. was one of the kind of politicians who'd like to know everything about everyone for the sake of "security". (Who needs freedom if they are secure? Oh wait, that was prison.)

So, while by the law he could not force ISPs to retain that data, the biggest german ISP that just happened to be controlled by... him(!)... did so anyway, aiding law enforcement in trivial (and here: unfounded) cases with said data.

Unfortunately, even in germany, noone seems to bother about privacy anymore.

Re:The interesting political spin...

[ahillen]

Now here's the interesting bit: The entity that owns most of Telekom's shares is - the Bundesrepublik Deutschland, the German gouvernment.

If by "most" you mean more than 50%, then you are wrong. The German state still owns about 30%, although only 15% directly, while the other 15% are parked at the "Kreditanstalt fuer Wiederaufbau". Most(!) (as in ~70%) of the shares are nowadays owned by private and institutional investors.

Re:The interesting political spin...

the Bundesrepublik Deutschland, the German gouvernment

Bundesrepublik Deutschland == Federal Republic of Germany. That is by no means the same as the government.

Data retention directive

[stefanb]

Regardless of this ruling, the EU data retention directive will force providers to retain connection info, such as IP assignment to DSL accounts, for up to six months. So unless the directive gets repealed (IIRC Ireland has brought it before the EU court of justice), providers will have to keep all this info anyway.

Re:Data retention directive

[KnuthKonrad]

So unless the directive gets repealed (IIRC Ireland has brought it before the EU court of justice), providers will have to keep all this info anyway.

It depends...you can't trial the EU directive as of yet in Germany, because it hasn't become national law yet. *After* it has become german law, it will be trialed at the BVG (german constitutional court), several groups have already prepared the papers to do so. Now, if BVG rules the EU data retention directive unconstitutional, it can't become german law. So, (german) providers might not be forced to store the data anyway. Of course, politians will try to wrangle the court's ruling in such a way that they can stuff it onto us nonetheless.

Re:Data retention directive

[mxs]

Quite correct, but said directive has not been transformed into national law in Germany, yet, so what T-Online is doing is, put simply, illegal; whether or not it will be legal 3 months from now is a different matter.

would this work in the UK?

[ken-doh]

technically the data protection act says that any company must remove all your details and information they have on you upon your request... any ideas?

Re:would this work in the UK?

[6031769]

Actually, that's not quite what the act says. It says that the entity (not necessarily a company, could even be an individual) must disclose all the personal information which they have on you upon your request.

Some of it they must remove upon your request, but not all. There is a very serious legal problem in the UK between the conflicting requirements of the DPA, the Regulation of Investigatory Powers Act (RIP) and the Human Rights Act. I suspect that if you pay enough to your QC they will make sure that you get away with retaining or destroying data as per your individual requirements.

Anyone working in the harvesting or storage of personal data in the UK should read the DPA - it's quite an eye-opener.

Re:Motherfucking bureaucratic world...

[slimey_limey]

Which would only ever be important if you are billed by ammount of traffic which, at least in my country is almost non existant.

In my country home users generally are billed by the month; colo-ed, peered, and commercial users are generally billed by the bit.

Some additional facts...

[Analein]

It was not made clear in the article, why this was fought out up to the supreme court. Initially, this whole process was started by a posting in Telepolis, the political webzine of heise.de

heise.de is somewhat comparable to slashdot. It's the biggest IT news site in German language. Trolling is even worse.

http://en.wikipedia.org/wiki/Holger_VossWikipedia article on the incident

After all, this is an achievment, yes. However there's an http://www.heise.de/newsticker/meldung/77185EU law (pdf) being considered that not only allows but forces ISPs to save logs starting 2009. Oh, and did I mention that some politicians are actually trying to incriminate so called "hacker tools", here? Oh, surely they will think of Nessus and Wireshark as needed security tools. They are politicians, they know that.

There is one important information missing ...

[bentrop]

... in the article. This court decision only applies to this one customer. If any other customer wants their ISP to actually comply with the current law in Germany (and sadly hardly any do at the moment) they also have to sue, every single one of them. Currently this court decision doesn't change much, but chances are good that more customers will sue and ISPs will finally realize that cannot continue like this anymore. Well, that is until the EU forces Germany to change the law and makes us give up even more privacy.

Possible in the UK?

[AmiMoJo]

It sounds like this might be possible in the UK as well. The Data Protection Act allows an individual to request all electronically stored data about them at a company be deleted. Normally they can charge you a nominal fee (£10) to do it, but they must comply.

Bakups Anyone?

I would assume that these logs are backed up nightly. So if you request to have your logs deleted, do you really think an administrator is going back through every backup, and removing them?

Re:Bakups Anyone?

Depending on what backup solution they are using all previous backups could be deleted/expired automatically from storage at the time of the next backup.

Sarcastic comment explained

[Teun]

Voss was sued for making a sarcastic comment in an Internet forum back in 2002.

Sorry for reading TFA...

Re:Sarcastic comment explained

[sholden]

From wikipedia: "during the course of the trial, it was also revealed that his disclaimer of the posting as sarcasm had been left out from the legal documents provided to the prosecutor by law enforcement agencies."

You would hope that would be a crime in itself.

Re:Sarcastic comment explained

[Teun]

Knowing the German system a little I assume this gaffe made the court have his expenses nicely paid.

This is the way it already is...

[davecb]

... in enough english-speaking jurisdictions in North America that library software companies arrange for their programs to only keep logs while a book is actually in the hands of a patron (think: IP address is assigned by DHCP), and discard the identifying information as soon as the book is returned, or paid for if lost.

Non-identifying information, like "book x circulated twice this year", is retained for planning and statistical purposes.

If one happens to do business in a jurisdiction that has such a requirement, which you can probably discover from the ALA, then you have a perfect right to obey the law and discard old logs once appropriate billing information is obtained from them, or not retain them at all if you do not need them for a legitimate business purpose.

Of course, you will face the same pressures that librarians do in their everyday work (;-))

--dave

obliged to delete all logs

[hoggoth]

> 'The decision (German) does not mean that T-Online is now obliged to delete all their IP-logs, the customers first need to complain.

Yes it does. Maybe not yet, but soon as German ISPs get these complaints by the hundreds daily the only way to handle the requests will be to just change their log retention policy and delete them all after n days.

Re:obliged to delete all logs

[Cheeze]

Why even keep logs? There are plenty of other ways to track down problems and see how much your service is used. Logging is nothing but hassle. I've worked in the ISP industry for 8 years now, and every chance I get I make logrotate keep minimal logs.

Hacker Utopia

[Plutonite]

Who on earth needs anonymous proxy chains now? I'm off to Berlin.

So without logs...

[pclminion]

Without logs, it seems it would be harder to track down network abuse (i.e. crackers). So you trade privacy for some protection from assholes. To me, that's a fair tradeoff, but what happens when the German courts demand that an ISP assist in some investigation and they can't because they've deleted certain logs (as the SAME courts told them they have to do)?

Seems like it puts the ISP between a very uncomfortable rock and a hard place.

Re:So without logs...

[tiocsti]

You mean you trade *everybodys* privacy for protection against a few assholes? That's an okay tradeoff for you to make about your information, but kindly dont make that tradeoff for me. I value my privacy.

Re:So without logs...

[pclminion]

Eh? I guess my sentence wasn't clear. I said that trading protection from crackers for enhanced privacy is a fair trade. I agree with you. Seems you interpretted my comment reverse to what I meant.

In Soviet Russia...

[noidentity]

In Soviet Russia, government orders ISP to delete logs!

Re:Motherfucking bureaucratic world...

[p0tat03]

"Because: (a) some people commit actual crimes (like, the kind with victims) on the internet, and the ISP's logs are equivalent to the film from the CCTV camera across the street from a robbed bank;"

The CCTV camera doesn't watch *every* person in the world, 24/7/365.

Let's take a look at another example: telephones. You wouldn't tap a guy's phone until he was suspected of a crime, so why would you "tap" a guy's internet connection when he hasn't done anything to warrant suspicion? I'm all in favour of law enforcement being able to obtain warrants and order log keeping for particular users suspected of crimes, but doing it by default across the board is too extreme.