German ISP Forced To Delete IP Logs

An anonymous reader writes "A German federal court decided today that T-Online, one of the largest ISPs in Germany, was obligated to delete all IP logs of a customer upon request to guarantee their privacy. From the article: 'The decision (German) does not mean that T-Online is now obliged to delete all their IP-logs, the customers first need to complain. But, if they ask T-Online to delete their IP-logs, the ISP has no other choice than to comply. A lawyer from Frankfurt already sketched a sample letter (German) to make this process easier.'"

The way it should be.

[rolyatknarf]

There's not a chance in hell that anything like this would ever happen in the United States. I hope it works for the Germans. This is the way privacy should be treated. The people have rights.

Re:The way it should be.

[rolyatknarf]

Yes, an ISP in the US could delete the logs but I think that is unlikely. I believe we all know that our government is already pushing for, and probably already has arrangements with communication and information companies to retain records.

Re:The way it should be.

[LilGuy]

If it works, I envision much spam and rooting originating from German end users' machines.

Re:The way it should be.

[JPriest]

AFAIK US ISP's are required to keep the logs for some 180 days in case of a criminal investigation. It is fairly common to get investigations for things that happened more than, say 60 days prior. I believe there is legislation in the works to force ISP's to keep logs for longer periods of time (1 year?).

Disclaimer: By "logs" I don't mean record of what web sites were surfed and what files downloaded, I mean record of what customer had X IP address at Y time.

Re:The way it should be.

[Benaiah]

64bits for an ip.
48 for a mac.
how big is a datetime? give it 128.
30 bytes being generous.
another datetime for disconnect.
30+30+8+6 = 74bytes
why not make it a clean 100 bytes.
If you stored the connection details for every single possible ip adress in the 64bit space.
you got 4billion connections a day at 100 bytes.Thats only 400g
So the entire worlds isps would only generate 144TB of connection data a year and only if everysingle ip in the space was used and being connected everyday.

A few thousand TB is waaaaaaaaay off mate.

Re:The way it should be.

[Loconut1389]

Have you ever seen a linux logfile? Especially if you have iptables turned on and fairly restrictive on a public-facing ip...... Each line a couple hundred characters and the files get very huge very fast. You're also assuming the customer is only being logged for something like a ppp connect/disconnect... Many protocols (IMAP forinstance) have 5-10 lines for each connection, and then mmore during transfers and idles, depending on your log level. It's conceivable to have several gb a day for even an extremely small IP. If they were hosting a handful of ginormous sites, replete with services (IMAP, SMTP, NNTP, RADIUS (for 802.11 or other), HTTP and others), the logs would be well beyond the simple calculation you're discussing.

Re:The way it should be.

[mysidia]

It's not true, because you haven't presented all the connection details that have to be stored. For starters, none of that information actually identifies which user it was exactly that dialed in, or what MAC or IP address was assigned to that user.

Secondly, more information about the connection has to be kept to be useful for analyzing any problems/difficulties with the service. There's really no point in just retaining merely a list of ip addresses, usernames, and times, absent the key connection parameters.

Re:The way it should be.

[KnuthKonrad]

Germany takes privacy laws to the extreme, in my opinion.

As a admin, working for a german company in Germany, I know that our privacy laws are a PITA.

As a german citizen, living and working in Germany I think our privacy laws are way too relaxed.

That said, I very much welcome the decision of the court. We had a couple of similar decisions lately. And one always got the impression that the judges not only talking about the very case they had to handle, but that their sentence was also aimed at our politians to show them how german courts think about the EU data retention act. This one can't be trialed in Germany yet, as it hasn't become german law as of now. So this seem like a warning about what to expect when that gets taken to court, once it made it into german law.

Re:The way it should be.

[1u3hr]

Let me explain. I do not "expect" privacy. I do not "expect" all ISPs to spend millions of Euros on logging mechanisms based on each user records. The impact of this is huge. Currently all user activities are normally written to a single log file. The files are normally rotated based on time.

This case is about deleting a particular user's records. If you don't keep them, you don't have to do anything. You seem to say you'll need to create an all-encompassing tracking system so you can selctively delete the records. Just delete them all as soon as you've abstracted any information you need for billing or debugging.

Has anyone asked what the plaintiff has to hide? hope he gets cyber-stalked by a hate group

In TFA: "The court ruling is the result of a case that was initiated by Holger Voss, a 33 year old man from Münster. Voss was sued for making a sarcastic comment in an Internet forum back in 2002."

Sarcasm? Yeah, he totally deserves to be stalked and vilified by a hate group. That'll learn him not to mouth off.

Re:The way it should be.

[dpiven]

>64bits for an ip.

Worst case would be 256 bits (32 bytes) for source and destination IPv6 addresses.

>48 for a mac.

Not worth collecting; the MAC address that would actually be in the packet at the time would be that of the last switch/router the packet passed through... unless you are collecting this data at all of the users' gateways.

>another datetime for disconnect.

How do you do this for UDP? UDP does not have a "connect/disconnect" paradigm; you just throw packets at the port and hope they stick. (Same goes for TCP connections which are abandoned and timeout rather than go through a disconnect or reset.)

Besides, if ISPs had to track connections with enough data to make those logs worthwhile as evidence, they would also have to log HTTP packets as well, in order to distinguish requests to multiple sites on the same server and IP address... after all, it wouldn't do to confuse people connecting to www.stuff-money-in-denny-hasterts-thong.com with those surfing www,win-a-date-with-mark-foley.com, should those two sites happen to be on the same server.

Re:The way it should be.

[big+dumb+dog]

The EU is way ahead of the US on privacy laws.

Re:The way it should be.

[1u3hr]

How many child molesters will be regularly sending legal form letters to their German ISPs...

How ironic that some Anonymous Coward wrote this crap.

Re:The way it should be.

[arminw]

..... it makes sense to require or have this for everyone.......

Only if your basic assumptions is that everyone is guilty of some sort of crime every single day of their life and it is the job of someone to sift through all that data to find all these criminals. Would it not be more effective to monitor ONLY those who are truly suspects of a real crime? A real crime that does real damage to others? Most possession crimes do not rise to ever hurting anyone, until the illicit substance or object is actually used against someone else. The AK47 or UZZI or other weapon in someone's closet or car trunk doesn't hurt anyone until the device is actually used against a human or their property. Porn is disgusting, but someone looking at it on a computer screen doesn't really affect others. It's when the porn addict becomes a molester, the law should rightly step in.

At least 75% of prisoners are locked up because directly or indirectly because of something the were in possession of. You probably have something somewhere which is not legal for you to have. Let's put mandatory video cameras and microphones in every house and street corner, in case someone does bad stuff at any time, anywhere. Where should the line for privacy be drawn? At some point it may be more cost effective to lock up the minority of law abiding people in safe places and let the criminals run around free preying on each other.

Requests to delete server logs

[Neoncow]

Requests to delete server logs, however, will be logged.

Re:Requests to delete server logs

[Duncan3]

Fear not! Google has a copy.

But no privacy in the land of the free

[Salvance]

I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have? While some other freedoms (e.g. speech,press) are more limited in countries like Germany, there appears to be a strong right-to-privacy movement backed up by the government.

Sure, our media and government pay lip service to privacy issues, but the reality is that our government wants to increase monitoring in the name of fighting terror. Compare this story of Germany forcing the ISP to delete logs for a customer to this one outlining yet another argument by US officials to require ISPs to maintain even more user data.

I'd hate to see us to become a 'surveillance society' like Britain has. Unfortunately, we seem to be quickly heading down that path, particularly since our citizens haven't yet raised up to demand greater freedom.

Re:But no privacy in the land of the free

[foobsr]

some other freedoms (e.g. speech,press) are more limited in countries like Germany

Any source? Just curious, as I am living in Germany and did not really realize.

Also:

Press Freedom Index 2006

CC.

Re:But no privacy in the land of the free

[Jugalator]

He may be considering hate speech laws, but then, on the other hand, is he considering free speech zones in the US, and so on? I'm hesitant to call freedoms more limited in countries like Germany for this reason, especially with the actions GWB has taken in the US lately.

Re:But no privacy in the land of the free

[nath_de]

Sorry, but you're wrong there. Copyright for "Mein Kampf" has fallen to the state of Bavaria after Hitlers death (since there were no heirs). You can only get an annotated version as Bavaria won't publish the original version. 2015 the copyright should expire (70 years after authors death) and the book should go into the public domain (barring any changes to copyright laws).

Re:But no privacy in the land of the free

[Trevelyan]

UK does have laws protecting peoples privacy. Namely the Data Protection Act and Rights of Investigatory Powers Act. The first one controls disclosure as well as providing means for individuals to review the data kept about them. The second controls what a co. such as an ISP can do with the data (eg traffic logs) as well as what the authorities can do. The two together means that you have to be able to justify the data you keep and for how long you keep it. The network that I work for does not keep data for longer than 3 months, unless it relevent to some network issue/investigation, then its kept for 2 years; but never indefinately. Lastly there is also the Freedom of Information Act, which allows citizen access to all sorts of government and civil service information and documentation. So you can double check their procedures for example.

Re:But no privacy in the land of the free

[misanthrope101]

I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have?

Well, Germany actually had a dictator lie his way to power by using fear and patriotism as bludgeons against his opponents. They know firsthand what dangers lie at the end of that road. We still think we can have everything along the road (the exaggerated nationalism, the fear-mongering, the reduction of freedom to save freedom, etc) without necessarily arriving at the same destination. Continental Europeans know better, at least for now. In time they'll forget, because people always do, but for now they are more vigilant in defense of freedom than the Brits or Americans.

Similarly, Stanley Milgram, in his Obedience to Authority experiments and book, found very high obedience levels in Americans, but less so in the nations that had to live under Hitler. People sometimes do learn from history, though the knowledge probably gets diluted with time and distance. But for now Europeans seem a bit more disillusioned with the idea that you can give government unlimited power and still protect freedom, ergo they restrict government more. We seem to think the opposite, at least for the moment, which is why you're considered a terrorist appeaser if you think the government should have to get a warrant before putting people under surveillance, you oppose torture, or you think people should get a trial before being locked away. I only hope the pendulum starts swinging the other way soon. I'd like my nation to oppose torture and support habeus corpus. Strange that my pulse quickens while typing that--why should it be controversial?

Re:But no privacy in the land of the free

[dajak]

People sometimes do learn from history, though the knowledge probably gets diluted with time and distance.

The fear of politicians and government of being perceived as nationalist sometimes has perverse results. Here in the Netherlands we used to have a historical curriculum that identified tolerance as a key part of national identity, but the reluctance of government to prescribe historical dogma about "our ancestors" gives license to for instance schools with a majority of muslim pupils to gloss over impopular subjects like the holocaust and the eighty years' war (1568-1648), where "our protestant ancestors" are the ones being persecuted.

Teaching children about the attack by the resistance in 1943 on the population register in Amsterdam, with the intent to burn it down in order to frustrate Nazi bureaucracy, is the best way to instill respect for privacy. Reference to this event that most people know about is a powerful antidote to suggestions that "you have nothing to fear if you are innocent": it was the Dutch government that, in better days, compiled the data that allowed the Nazis to trace most jews (population register) and gave them few places to hide (cadastral maps). What to remember and what to forget is still a policy choice.

The US and continental Europe have different experiences of, and therefore perspectives on, WWII. For the US, WWII is a license to interfere militarily in perceived Nazi regimes abroad (as they did in WWII), while formerly occupied countries, and Germany itself, are busy simply not being a Nazi regime.

Re:But no privacy in the land of the free

[KnuthKonrad]

In addition to having hate speech law, Germany has also been accused of persecution of religious minorities

Ah, nice twist by the Scientology spin doctors. Scientology is not considered to be a "religion" in Germany. Therefore there can't be any "persecution of religious minorities". They're a company with any rights and duties each other company has in Germany.

But they're also considered to be an anti-constitutional. Their goals are against our constitution. Therefore our secret services ("Verfassungsschutz") has them on their watch list, like any other suspicious anti-constitutional organsations like NPD (german neonazi party) or Al Quaida.

And I truely welcome the above actions. We once had a fascistic regime here, no need to have another one (Scientology)

A question for network admins

[gaijin99]

I'm not an admin, and never have been so I'm working on ignorance here. But my question is, why bother with long term logs anyway? I understand a need to keep logs of activity for a week or so to deal with various attacks, zombie machines, etc, but why not set the logs to automatically wipe anything past that point? I can see maybe going nasty and selling it to advertisers, but other than stuff like that is there a use?

Re:A question for network admins

[mxs]

The ISP in question stores your assigned IP, duration of the session, start-time of the session, bytecounters up/down, username, and probably access concentrator (i.e. which physical land line was used).
No logs of website accesses or acribic list of all packets sent and received are made.

A lot of data is accumulated, but really, what does a terabyte of online storage cost these days ... Peanuts.
Amazon stores your entire clickstream history, everything you ever did on their website, for an indefinite amount of time. Walmart has some of the largest databases in the world holding all manner of customer and sales records. I'd be surprised if Google ever deleted search logs. archive.org tries to store the entire web many times over.
Storage, per se, is cheap :)

Re:A question for network admins

[Burdell]

I work for an ISP. As part of my job, I handle abuse reports. Often
reports are for events more than a week old (typically worm type reports
come fast, but spam reports are often delayed because the recipients
don't read their email every day).

We also use long-term data for trend analysis: which POP needs more or
less dialup lines, who dialed in to a POP (with how much they pay, does
the POP make financial sense), etc.

While trend analysis doesn't require IP addresses (for the most part),
the call database has a record per call that includes the IP (same
database as used for IP abuse lookups). To not retain IP addresses,
we'd have to set up a second database, second lookup interface, and some
transfer mechanism between the "with IP" and "without IP" databases.
That's a real PITA, so we don't do that.

Australia..

[swordfishBob]

It should work in Australia. Privacy laws here state that:
- If I ask a company operating in Australia what information they have about me, they are obliged to tell me
- If I ask where they got this information, again they must answer
- If I ask the same company to remove such records, AFAIK they must, though there are reasonable exceptions to this one. (e.g. if i've done business with them, they have to keep financial records. if it's my bank, they might have to cancel the mortgage to comply..)
- Companies operating here are not supposed to pass on private information without consent, which is why so many competitions and things have clauses in tiny writing to get your consent.

Re:Australia..

[Heir+Of+The+Mess]

You must be from America. Americans often send us Australians instruction manuals in German because they think everyone speaks German in Austraya.

Re:Australia..

[tryptych]

Respectable Americans? I thought they were called "Canadians"?

You Can Delete the Logs Present Now...

[MSTCrow5429]

...but what happens when the user logs on again, after the IP log purge? Are they back in the records from that point on?

Blurb text misleading

[mxs]

Not /exactly/ true. The sample letter speaks of a complaint, but T-Online has every choice not to comply.
The linked webpage then recommends sueing T-Online in that case. If/Once you win that lawsuit, T-Online has no choice but to comply. This is a tad different from what the blurb here would have you believe.

(All this is based on rather strict privacy laws that require a provider not to collect any data not relevant to accounting; since IP addresses and data volume is not needed for accounting on plans with a flat fee per month, T-Online has no right to do so; they, however, save that data for 80 days.)

Re:What type of logs?

[mxs]

Radius, actually. That particular ISP does not use DHCP; all (A|V)DSL(2\+?)? connections are handled with PPPoE, so you get your IP from the PPP session set-up. Connections are reset every 24 hours automatically, and you do not usually get the same IP again after 24 hours (they claim this is done for technical reasons, which is, simply put, BS :)

Re:Motherfucking bureaucratic world...

[aeschenkarnos]

Because: (a) some people commit actual crimes (like, the kind with victims) on the internet, and the ISP's logs are equivalent to the film from the CCTV camera across the street from a robbed bank; (b) there are good technical reasons, ie statistical data used for load-balancing purposes, network expansion, upgrade scheduling etc, for keeping logs (although obviously, stripping out identifying data ought to be done wherever this doesn't interfere with that purpose); (c) to some extent, keeping "logs" as such is an unavoidable consequence of doing what an ISP does. Functions like billing depend on logs. If they didn't keep logs, what recourse do you have if they bill you for 100GB over-quota usage during the month?

As with any other business you deal with, the difference between "monitoring customers" and "keeping business records" gets a bit blurry. A plumber keeps a "log" of whose house he visits, what he does in each house, what materials he uses, and how much he charges each householder. He probably calls this log a "receipt book". Obviously this book is unlikely to contain evidence of a crime, but that's due to the different nature of the plumber's business, not the fact that he keeps logs.

Not quite as good as it looks

[njdj]

The original article points out that keeping logs is incompatible with existing German law. But the law will soon be changed, because Germany will have to comply with an EU directive mandating that logs be kept for at least 6 months. Germany has already asked for an extension of the deadline to comply with this, but the strong likelihood is that the German privacy laws will be changed to comply with the EU-mandated snooping.

EU pols and bureaucrats are as hostile to personal privacy as US pols and bureaucrats.

Re:Not quite as good as it looks

[hweimer]

The original article points out that keeping logs is incompatible with existing German law. But the law will soon be changed, because Germany will have to comply with an EU directive mandating that logs be kept for at least 6 months.

It wouldn't be the first time that the highest German court nullifies the implementation of a EU directive.

formerly, it did

[misanthrope101]

You didn't get the memo, it seems. The A now means "All." Big merger. They also are the CIA now. Analysts were fired to free up office space for shredders, and all raw intel is funneled into Dick Cheney's office, where it is sorted into two piles, "reality," and "tomorrow's talking points." The first pile is thrown out, where Colbert Report operatives posing as facts (so they won't be noticed) smuggle the reality over to Comedy Central, where it is broadcast and uploaded just in time to highlight the perspicacity of today's (formerly tomorrow's) talking points.

And no, I have no idea how that tangent ended up the way it did. Good or bad, I had to follow it. My muse isn't very talented, but she's mine, and I love her.

The interesting political spin...

[phooka.de]

The ISP is germany's biggest ISP, the "Telekom". By the law, they were only entitled to keep logs that are required for billing. If you have a flatrate, no IP-logs are needed for billing and other ISPs didn't keep them, but the Telekom did.

Now here's the interesting bit: The entity that owns most of Telekom's shares is - the Bundesrepublik Deutschland, the German gouvernment. The "Innenminister", the guy responsible for the justice system, police etc. was one of the kind of politicians who'd like to know everything about everyone for the sake of "security". (Who needs freedom if they are secure? Oh wait, that was prison.)

So, while by the law he could not force ISPs to retain that data, the biggest german ISP that just happened to be controlled by... him(!)... did so anyway, aiding law enforcement in trivial (and here: unfounded) cases with said data.

Unfortunately, even in germany, noone seems to bother about privacy anymore.

Sarcastic comment explained

[Teun]

Voss was sued for making a sarcastic comment in an Internet forum back in 2002.

Sorry for reading TFA...

Re:Sarcastic comment explained

[sholden]

From wikipedia: "during the course of the trial, it was also revealed that his disclaimer of the posting as sarcasm had been left out from the legal documents provided to the prosecutor by law enforcement agencies."

You would hope that would be a crime in itself.