Slashdot Mirror

← Back to Stories (view on slashdot.org)

German ISP Forced To Delete IP Logs

Posted by ryuzaki0 on from the next-the-request-will-be-used-as-evidence dept.

An anonymous reader writes "A German federal court decided today that T-Online, one of the largest ISPs in Germany, was obligated to delete all IP logs of a customer upon request to guarantee their privacy. From the article: 'The decision (German) does not mean that T-Online is now obliged to delete all their IP-logs, the customers first need to complain. But, if they ask T-Online to delete their IP-logs, the ISP has no other choice than to comply. A lawyer from Frankfurt already sketched a sample letter (German) to make this process easier.'"

18 of 202 comments (clear)

  1. The way it should be. by rolyatknarf · · Score: 5, Insightful

    There's not a chance in hell that anything like this would ever happen in the United States. I hope it works for the Germans. This is the way privacy should be treated. The people have rights.

    1. Re:The way it should be. by rolyatknarf · · Score: 3, Insightful

      Yes, an ISP in the US could delete the logs but I think that is unlikely. I believe we all know that our government is already pushing for, and probably already has arrangements with communication and information companies to retain records.

    2. Re:The way it should be. by LilGuy · · Score: 2, Insightful

      If it works, I envision much spam and rooting originating from German end users' machines.

      --

      You're nothing; like me.
    3. Re:The way it should be. by vadim_t · · Score: 1, Insightful

      I don't give a damn whether it's convenient to you or not to provide a bit of privacy for me. If your original logging plan was dumping everything into one file, well, too bad, you'll have to redesign it now.

    4. Re:The way it should be. by KnuthKonrad · · Score: 4, Insightful
      Germany takes privacy laws to the extreme, in my opinion.

      As a admin, working for a german company in Germany, I know that our privacy laws are a PITA.

      As a german citizen, living and working in Germany I think our privacy laws are way too relaxed.

      That said, I very much welcome the decision of the court. We had a couple of similar decisions lately. And one always got the impression that the judges not only talking about the very case they had to handle, but that their sentence was also aimed at our politians to show them how german courts think about the EU data retention act. This one can't be trialed in Germany yet, as it hasn't become german law as of now. So this seem like a warning about what to expect when that gets taken to court, once it made it into german law.

    5. Re:The way it should be. by dpiven · · Score: 2, Insightful
      >64bits for an ip.

      Worst case would be 256 bits (32 bytes) for source and destination IPv6 addresses.

      >48 for a mac.

      Not worth collecting; the MAC address that would actually be in the packet at the time would be that of the last switch/router the packet passed through... unless you are collecting this data at all of the users' gateways.

      >another datetime for disconnect.

      How do you do this for UDP? UDP does not have a "connect/disconnect" paradigm; you just throw packets at the port and hope they stick. (Same goes for TCP connections which are abandoned and timeout rather than go through a disconnect or reset.)

      Besides, if ISPs had to track connections with enough data to make those logs worthwhile as evidence, they would also have to log HTTP packets as well, in order to distinguish requests to multiple sites on the same server and IP address... after all, it wouldn't do to confuse people connecting to www.stuff-money-in-denny-hasterts-thong.com with those surfing www,win-a-date-with-mark-foley.com, should those two sites happen to be on the same server.

    6. Re:The way it should be. by big+dumb+dog · · Score: 2, Insightful

      The EU is way ahead of the US on privacy laws.

      --
      "Seven years of college down the drain. Might as well join the f-ing Peace Corps." - John 'Bluto' Blutarsky
    7. Re:The way it should be. by arminw · · Score: 2, Insightful

      ..... it makes sense to require or have this for everyone.......

      Only if your basic assumptions is that everyone is guilty of some sort of crime every single day of their life and it is the job of someone to sift through all that data to find all these criminals. Would it not be more effective to monitor ONLY those who are truly suspects of a real crime? A real crime that does real damage to others? Most possession crimes do not rise to ever hurting anyone, until the illicit substance or object is actually used against someone else. The AK47 or UZZI or other weapon in someone's closet or car trunk doesn't hurt anyone until the device is actually used against a human or their property. Porn is disgusting, but someone looking at it on a computer screen doesn't really affect others. It's when the porn addict becomes a molester, the law should rightly step in.

      At least 75% of prisoners are locked up because directly or indirectly because of something the were in possession of. You probably have something somewhere which is not legal for you to have. Let's put mandatory video cameras and microphones in every house and street corner, in case someone does bad stuff at any time, anywhere. Where should the line for privacy be drawn? At some point it may be more cost effective to lock up the minority of law abiding people in safe places and let the criminals run around free preying on each other.

      --
      All theory is gray
  2. But no privacy in the land of the free by Salvance · · Score: 5, Insightful

    I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have? While some other freedoms (e.g. speech,press) are more limited in countries like Germany, there appears to be a strong right-to-privacy movement backed up by the government.

    Sure, our media and government pay lip service to privacy issues, but the reality is that our government wants to increase monitoring in the name of fighting terror. Compare this story of Germany forcing the ISP to delete logs for a customer to this one outlining yet another argument by US officials to require ISPs to maintain even more user data.

    I'd hate to see us to become a 'surveillance society' like Britain has. Unfortunately, we seem to be quickly heading down that path, particularly since our citizens haven't yet raised up to demand greater freedom.

    --
    Crack - Free with every butt and set of boobs
    1. Re:But no privacy in the land of the free by foobsr · · Score: 5, Insightful

      some other freedoms (e.g. speech,press) are more limited in countries like Germany

      Any source? Just curious, as I am living in Germany and did not really realize.

      Also:

      Press Freedom Index 2006

      CC.

      --
      TaijiQuan (Huang, 5 loosenings)
    2. Re:But no privacy in the land of the free by Anonymous Coward · · Score: 1, Insightful

      In America and Britain, some people consider the fact you are not free to spread Nazi propaganda in Germany as a grave violation of freedom of speech. Of course, if some German does spout off some Nazi nonsense, Germany is accused of not doing enough to prevent Nazism.

    3. Re:But no privacy in the land of the free by Jugalator · · Score: 4, Insightful

      He may be considering hate speech laws, but then, on the other hand, is he considering free speech zones in the US, and so on? I'm hesitant to call freedoms more limited in countries like Germany for this reason, especially with the actions GWB has taken in the US lately.

      --
      Beware: In C++, your friends can see your privates!
    4. Re:But no privacy in the land of the free by misanthrope101 · · Score: 2, Insightful
      I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have?

      Well, Germany actually had a dictator lie his way to power by using fear and patriotism as bludgeons against his opponents. They know firsthand what dangers lie at the end of that road. We still think we can have everything along the road (the exaggerated nationalism, the fear-mongering, the reduction of freedom to save freedom, etc) without necessarily arriving at the same destination. Continental Europeans know better, at least for now. In time they'll forget, because people always do, but for now they are more vigilant in defense of freedom than the Brits or Americans.

      Similarly, Stanley Milgram, in his Obedience to Authority experiments and book, found very high obedience levels in Americans, but less so in the nations that had to live under Hitler. People sometimes do learn from history, though the knowledge probably gets diluted with time and distance. But for now Europeans seem a bit more disillusioned with the idea that you can give government unlimited power and still protect freedom, ergo they restrict government more. We seem to think the opposite, at least for the moment, which is why you're considered a terrorist appeaser if you think the government should have to get a warrant before putting people under surveillance, you oppose torture, or you think people should get a trial before being locked away. I only hope the pendulum starts swinging the other way soon. I'd like my nation to oppose torture and support habeus corpus. Strange that my pulse quickens while typing that--why should it be controversial?

  3. You Can Delete the Logs Present Now... by MSTCrow5429 · · Score: 2, Insightful

    ...but what happens when the user logs on again, after the IP log purge? Are they back in the records from that point on?

    --
    Slashdot: Playing Favorites Since 1997
  4. Re:A question for network admins by mxs · · Score: 2, Insightful

    The ISP in question stores your assigned IP, duration of the session, start-time of the session, bytecounters up/down, username, and probably access concentrator (i.e. which physical land line was used).
    No logs of website accesses or acribic list of all packets sent and received are made.

    A lot of data is accumulated, but really, what does a terabyte of online storage cost these days ... Peanuts.
    Amazon stores your entire clickstream history, everything you ever did on their website, for an indefinite amount of time. Walmart has some of the largest databases in the world holding all manner of customer and sales records. I'd be surprised if Google ever deleted search logs. archive.org tries to store the entire web many times over.
    Storage, per se, is cheap :)

  5. Not quite as good as it looks by njdj · · Score: 4, Insightful

    The original article points out that keeping logs is incompatible with existing German law. But the law will soon be changed, because Germany will have to comply with an EU directive mandating that logs be kept for at least 6 months. Germany has already asked for an extension of the deadline to comply with this, but the strong likelihood is that the German privacy laws will be changed to comply with the EU-mandated snooping.

    EU pols and bureaucrats are as hostile to personal privacy as US pols and bureaucrats.

  6. The interesting political spin... by phooka.de · · Score: 2, Insightful
    The ISP is germany's biggest ISP, the "Telekom". By the law, they were only entitled to keep logs that are required for billing. If you have a flatrate, no IP-logs are needed for billing and other ISPs didn't keep them, but the Telekom did.


    Now here's the interesting bit: The entity that owns most of Telekom's shares is - the Bundesrepublik Deutschland, the German gouvernment. The "Innenminister", the guy responsible for the justice system, police etc. was one of the kind of politicians who'd like to know everything about everyone for the sake of "security". (Who needs freedom if they are secure? Oh wait, that was prison.)


    So, while by the law he could not force ISPs to retain that data, the biggest german ISP that just happened to be controlled by... him(!)... did so anyway, aiding law enforcement in trivial (and here: unfounded) cases with said data.


    Unfortunately, even in germany, noone seems to bother about privacy anymore.

  7. Bakups Anyone? by Anonymous Coward · · Score: 1, Insightful

    I would assume that these logs are backed up nightly. So if you request to have your logs deleted, do you really think an administrator is going back through every backup, and removing them?