Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sonic.net's CEO On Why ISPs Should Only Keep User Logs Two Weeks

Posted by timothy on from the privacy-has-value dept.

Sparrowvsrevolution writes "Dane Jasper's tiny Internet service provider Sonic.net briefly took the national spotlight last October, when it contested a Department of Justice order that it secretly hand over the data of privacy activist and WikiLeaks associate Jacob Appelbaum. But Sonic.net has actually been quietly implementing a much more fundamental privacy measure: For the past eighteen months it's only kept logs of user data for two weeks before deletion, compared with 18 to 36 months at Verizon, AT&T, Comcast, Time Warner and other ISPs. In a lengthy Q&A, he explains how he came to the decision to limit logging after a series of shakedowns by copyright lawyers attempting to embarrass users who had downloaded porn films, and he argues that it's time all ISPs adopt the two-week rule."

1 of 190 comments (clear)

  1. The libraries sucessfully fight this all the time by davecb · · Score: 5, Interesting

    Someone always want to be able to ask if a particular person has read "Steal This Book", or "How to Build an Atom Bomb". Librarians get that kind of demand all the time, and have successfully fought it at the personal and also at the technical level.

    I once worked on library software, and it was a prerequisite in the business that, as soon as a book was returned or the non-return fine was paid, the record that "user X borrowed book Y" was deleted, and a counter of completed transaction was incremented. The latter was necessary for funding and statistical purposes.

    This was a norm because the library community actively went out and found a number of states, Germany among them, that protected library patrons from snooping without a warrant. They then made that know to their software suppliers. As the software had to be legal in all the countries where it was to be sold, it was written to meet the highest legal standards, which included the highest privacy standards.

    If a legitimate investigation needed to track a library patron's reading, and the investigator could convince a judge, then the library could put a watch on a patron in exchange for a warrant. The watch could not start in the past, of course, but a daily sql query could find out the books a patron currently had out.

    There is at least one DHCP program around, written by an ex-librarian, that behaves just this way...

    --dave

    --
    davecb@spamcop.net