Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

German ISP Forced To Delete IP Logs

ScuttleMonkey posted more than 7 years ago | from the next-the-request-will-be-used-as-evidence dept.

202

An anonymous reader writes "A German federal court decided today that T-Online, one of the largest ISPs in Germany, was obligated to delete all IP logs of a customer upon request to guarantee their privacy. From the article: 'The decision (German) does not mean that T-Online is now obliged to delete all their IP-logs, the customers first need to complain. But, if they ask T-Online to delete their IP-logs, the ISP has no other choice than to comply. A lawyer from Frankfurt already sketched a sample letter (German) to make this process easier.'"

cancel ×

202 comments

The way it should be. (5, Insightful)

rolyatknarf (973068) | more than 7 years ago | (#16748203)

There's not a chance in hell that anything like this would ever happen in the United States. I hope it works for the Germans. This is the way privacy should be treated. The people have rights.

Re:The way it should be. (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16748237)

Still waiting to find the document that all these "rights" are spoken of.

In reality, your will is your right. Might equals right.

Re:The way it should be. (1)

The Step Child (216708) | more than 7 years ago | (#16748315)

I think it depends on the situation. IANAL, but in the US an ISP could conceivably delete logs as long as there is no criminal investigation ongoing. If one was ongoing, then the ISP would be participating in obstruction of justice.

Re:The way it should be. (3, Insightful)

rolyatknarf (973068) | more than 7 years ago | (#16748475)

Yes, an ISP in the US could delete the logs but I think that is unlikely. I believe we all know that our government is already pushing for, and probably already has arrangements with communication and information companies to retain records.

Re:The way it should be. (2, Interesting)

JPriest (547211) | more than 7 years ago | (#16748661)

AFAIK US ISP's are required to keep the logs for some 180 days in case of a criminal investigation. It is fairly common to get investigations for things that happened more than, say 60 days prior. I believe there is legislation in the works to force ISP's to keep logs for longer periods of time (1 year?).


Disclaimer: By "logs" I don't mean record of what web sites were surfed and what files downloaded, I mean record of what customer had X IP address at Y time.

Re:The way it should be. (1)

Benaiah (851593) | more than 7 years ago | (#16748765)

actually every ISP (in Australia) keeps all of these logs from the beginning of time. If they wanted to know who had this ip 5 years ago at 4.22am they could get it. Im not sure if its company policy or what but we just seem to keep them. The mentality is "Why destroy good data?"

From a consumer/privacy point of view I like this idea. In Australia our privacy laws are so strong that you can go up to ANY private company and demand a list of every single detail they have about you. Im not sure if you can demand they delete them though.

Re:The way it should be. (1)

JPriest (547211) | more than 7 years ago | (#16748811)

The problem with keeping them forever is that for a largish ISP even keeping them for 180 days can amount to a few thousand TB of data.

Re:The way it should be. (3, Informative)

Benaiah (851593) | more than 7 years ago | (#16748919)

64bits for an ip.
48 for a mac.
how big is a datetime? give it 128.
30 bytes being generous.
another datetime for disconnect.
30+30+8+6 = 74bytes
why not make it a clean 100 bytes.
If you stored the connection details for every single possible ip adress in the 64bit space.
you got 4billion connections a day at 100 bytes.Thats only 400g
So the entire worlds isps would only generate 144TB of connection data a year and only if everysingle ip in the space was used and being connected everyday.

A few thousand TB is waaaaaaaaay off mate.

Re:The way it should be. (2, Interesting)

Loconut1389 (455297) | more than 7 years ago | (#16749261)

Have you ever seen a linux logfile? Especially if you have iptables turned on and fairly restrictive on a public-facing ip...... Each line a couple hundred characters and the files get very huge very fast. You're also assuming the customer is only being logged for something like a ppp connect/disconnect... Many protocols (IMAP forinstance) have 5-10 lines for each connection, and then mmore during transfers and idles, depending on your log level. It's conceivable to have several gb a day for even an extremely small IP. If they were hosting a handful of ginormous sites, replete with services (IMAP, SMTP, NNTP, RADIUS (for 802.11 or other), HTTP and others), the logs would be well beyond the simple calculation you're discussing.

Re:The way it should be. (0, Offtopic)

poifgh (1023659) | more than 7 years ago | (#16748467)

Please ignore this http://www.youbanking.com/ [youbanking.com]

Re:The way it should be. (2, Insightful)

LilGuy (150110) | more than 7 years ago | (#16748501)

If it works, I envision much spam and rooting originating from German end users' machines.

Re:The way it should be. (1)

SoundDirections (991459) | more than 7 years ago | (#16748559)

Yes, they (the "People") have rights.

To life, liberty and the persuit of happiness.

Unfortunately, we do not seem to regard an expectation of privacy as very important....

Re:The way it should be. (1)

rolyatknarf (973068) | more than 7 years ago | (#16748579)

I think we (at least most of the people) do still regard privacy as being important but our government seems to believe differently. Our officials don't appear to fully support our wishes.

Re:The way it should be. (1)

SoundDirections (991459) | more than 7 years ago | (#16748931)

LOL

If the people were concerned about privacy, so would the government. Those of us in the industry are somewhat concerned, at least more than the general public. Such is life......

Re:The way it should be. (1)

Lord Kano (13027) | more than 7 years ago | (#16749225)

Unfortunately, we do not seem to regard an expectation of privacy as very important....

Especially as it relates to conduct on a public network.

LK

it should be "opt in" (1)

chocolatetrumpet (73058) | more than 7 years ago | (#16748801)

You should have a send a letter to request being logged.

Re:The way it should be. (1)

nath_de (535933) | more than 7 years ago | (#16748861)

The sad thing is that the EU is forcing Germany to change their laws so that ISPs need to keep the IP records for 12 months. :-(

Re:The way it should be. (0, Troll)

harlows_monkeys (106428) | more than 7 years ago | (#16749341)

There's not a chance in hell that anything like this would ever happen in the United States. I hope it works for the Germans

Well, if by "works for the Germans" you mean "every spammer and phisher and kiddie porn trader and net stalker and all the other net scum switch to German ISPs, until Germany gets blackholed by the rest of the world", then yeah, I think it will work out for them.

What type of logs? (1)

slimey_limey (655670) | more than 7 years ago | (#16748207)

The article is vague. Are these the logs of connections made, or are they the logs of when an address was assigned to them by DHCP, or what?

Re:What type of logs? (1)

nospam007 (722110) | more than 7 years ago | (#16748285)

The article is vague. Are these the logs of connections made, or are they the logs of when an address was assigned to them by DHCP, or what?
--
The customer has a flatfee arrangement, so the IP address is irrelevant for billing purposes and so doesn't need to be stored and hence is forbidden to.
Their privacy law forbids saving any irrelevant data of customers.

Re:What type of logs? (1)

slimey_limey (655670) | more than 7 years ago | (#16748345)

So I take it then that we're talking about DHCP server logs?

Re:What type of logs? (4, Informative)

mxs (42717) | more than 7 years ago | (#16748413)

Radius, actually. That particular ISP does not use DHCP; all (A|V)DSL(2\+?)? connections are handled with PPPoE, so you get your IP from the PPP session set-up. Connections are reset every 24 hours automatically, and you do not usually get the same IP again after 24 hours (they claim this is done for technical reasons, which is, simply put, BS :)

Re:What type of logs? (1)

eguaj (612494) | more than 7 years ago | (#16748489)

"they claim this (connexion reset every 24h) is done for technical reasons, which is, simply put, BS"

Well, I heard that there is a (rare ?) problem of "ghost" PPPoE connexions when they are not closed/teared-down properly that oblige you to wait for the server to reset the connexion, and that's why they force a reset every 24h, to properly close all the connexion and allow you to reconnect at least after 24h.

Re:What type of logs? (1)

mxs (42717) | more than 7 years ago | (#16748513)

This problem could be handled differently. You could tear down a PPPoE connection if no data has flown through it in 24 hours, for instance, or automatically reset the connection if new LCP packets arrive indicating the customer wants to set up a new PPPoE connection; also contrary to popular belief, you can set up multiple PPPoE sessions on the same wire; they need to have the Host-Uniq flag set, or use different MACs -- but it is possible; for instance, you can open connections to T-Online and Titan Networks over the same link easily (I actually use this for native IPv6 connectivity from Titan).
Also, if this WERE the reason for this idiotic behavior, you would not be able to get business service on the exact same line from the exact same access concentrator using the exact same infrastructure that did not have this limitation. Of course, the price is not exactly the same in that case.

Re:What type of logs? (0)

Anonymous Coward | more than 7 years ago | (#16748493)

Please don't reply in the form of a signature. It's annoying.

Re:What type of logs? (1)

slimey_limey (655670) | more than 7 years ago | (#16748621)

My thoughts exactly. That's why God invented the <blockquote> tag.

Requests to delete server logs (5, Funny)

Neoncow (802085) | more than 7 years ago | (#16748219)

Requests to delete server logs, however, will be logged.

Re:Requests to delete server logs (1)

giminy (94188) | more than 7 years ago | (#16748651)

Well that's easy, we simply ask them to delete the log that records that we asked them to delete the log. Problem solved!

Re:Requests to delete server logs (3, Informative)

Duncan3 (10537) | more than 7 years ago | (#16748915)

Fear not! Google has a copy.

But no privacy in the land of the free (5, Insightful)

Salvance (1014001) | more than 7 years ago | (#16748223)

I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have? While some other freedoms (e.g. speech,press) are more limited in countries like Germany, there appears to be a strong right-to-privacy movement backed up by the government.

Sure, our media and government pay lip service to privacy issues, but the reality is that our government wants to increase monitoring in the name of fighting terror. Compare this story of Germany forcing the ISP to delete logs for a customer to this one [msn.com] outlining yet another argument by US officials to require ISPs to maintain even more user data.

I'd hate to see us to become a 'surveillance society' like Britain has. Unfortunately, we seem to be quickly heading down that path, particularly since our citizens haven't yet raised up to demand greater freedom.

Re:But no privacy in the land of the free (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16748377)

I think the "why" comes down to constitutions, and this serves as a good example of why constitutions (and good constitutional adjudication) are so important. I'm not sure about the extent to which you can say the German government supports privacy because it thinks it's an inherent good. The German constitutional court has for decades recognised a strong right to "informational self-determination" in the German constitution. This right applies pretty much whenever individualised data is being collected (and sometimes even more broadly - e.g. this is why there aren't CCTV cameras everywhere in Germany, c.f. your average English High Street). Compare this to England, where there is absolutely no legal tradition of a right to privacy (even the European Convention on Human Rights, which the UK is obliged to comply with, has had scant effect on this).

The US is somewhere in between. Sure, the US constitution contains what has for the best part of a century now been recognised as a right to privacy, but the Supreme Court put a wall up around this in the 1980s by saying that surveillance of the kind that would be possible with the naked eye in a public street is constitutionally ok (after all, a Police officer standing there 24 hours a day, 7 days a week could observe that stuff, right). Not really an apt comparison for the purposes of IP logging, but demonstrative of the failure of the US courts to keep up with the pace of change.

Re:But no privacy in the land of the free (1)

Firehed (942385) | more than 7 years ago | (#16748381)

We know we won't get it if we ask, so we don't bother. You don't get anywhere lying down, but at least you don't get red-flagged by asking for some privacy.

Re:But no privacy in the land of the free (5, Insightful)

foobsr (693224) | more than 7 years ago | (#16748623)

some other freedoms (e.g. speech,press) are more limited in countries like Germany

Any source? Just curious, as I am living in Germany and did not really realize.

Also:

Press Freedom Index 2006 [rsf.org]

CC.

Re:But no privacy in the land of the free (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16748713)

In America and Britain, some people consider the fact you are not free to spread Nazi propaganda in Germany as a grave violation of freedom of speech. Of course, if some German does spout off some Nazi nonsense, Germany is accused of not doing enough to prevent Nazism.

Re:But no privacy in the land of the free (1)

nath_de (535933) | more than 7 years ago | (#16748907)

You do know that the law banning nazi propaganda and symbols was installed by the Allies after the war? It is no German invention at all (but I still think it is a good law most of the time).

Re:But no privacy in the land of the free (1)

Calinous (985536) | more than 7 years ago | (#16748997)

As a matter of fact, Mein Kampf (the "bible" for the nazi regime) is copyrighted by the US Army (as retribution after the war, I think). This way, they were able to stop a re-edition of it in Germany. The opinion of the editors? This being a copyright issue, it cannot be considered censorship, and we won't publish it (they were pretty far in regard to the publishing)

Re:But no privacy in the land of the free (4, Informative)

nath_de (535933) | more than 7 years ago | (#16749049)

Sorry, but you're wrong there. Copyright for "Mein Kampf" has fallen to the state of Bavaria after Hitlers death (since there were no heirs). You can only get an annotated version as Bavaria won't publish the original version. 2015 the copyright should expire (70 years after authors death) and the book should go into the public domain (barring any changes to copyright laws).

Re:But no privacy in the land of the free (1)

foobsr (693224) | more than 7 years ago | (#16749175)

It is on Gutenberg [gutenberg.net.au] .

No, I am more libertarian.

CC

Re:But no privacy in the land of the free (1)

Analein (1012793) | more than 7 years ago | (#16749019)

Yes, we here in Germany weren't all that good when it came to banning Nazi stuff, before all that stuff with Hitler dying and us losing the war happened :/

Re:But no privacy in the land of the free (0)

Anonymous Coward | more than 7 years ago | (#16748745)

source one [pitt.edu] . source two [wired.com] . source three [bbc.co.uk] . source four [dw-world.de] . source five [germarrudolf.com] .

Re:But no privacy in the land of the free (4, Insightful)

Jugalator (259273) | more than 7 years ago | (#16748991)

He may be considering hate speech [wikipedia.org] laws, but then, on the other hand, is he considering free speech zones [wikipedia.org] in the US, and so on? I'm hesitant to call freedoms more limited in countries like Germany for this reason, especially with the actions GWB has taken in the US lately.

Re:But no privacy in the land of the free (1)

Kokuyo (549451) | more than 7 years ago | (#16749137)

I think your parent poster has got something mixed up. What he meant was freedom of speech. And by all means, that is limited in Germany and Switzerland as far as my little swiss mind can remember. Try stating that you think jews are subhuman and see what happens (I advise you to only do that if you don't really like your life as it is all that much...).

Of course we could argue that such sentiments are stupid anyway, but that is clearly a matter of opinion. And just because our opinion (assuming you also do not believe that jews are sub-human) happens to coincide with the law doesn't mean that they couldn't just as easily apply a similar law to something we hold dear.

Re:But no privacy in the land of the free (0)

Anonymous Coward | more than 7 years ago | (#16748875)

The German government isn't a bit better than the US government. However, we have some basic rules, and as long as the *courts* (not government) uphold these rules, we're good.

Complain to your courts that they don't honor the constitution quite as much. Oh, and while you're at it, abolish that standing army that has been there for waay longer than two years, and that was used in many offensive contexts.

In many ways I as a German envy Americans for their freedom, really, but citizen rights are still reasonable here in Europe, especially the right to privacy in Germany. (the whole political spectrum is just way shifted to the left, with good and bad consequences)

Re:But no privacy in the land of the free (5, Informative)

Trevelyan (535381) | more than 7 years ago | (#16749063)

UK does have laws protecting peoples privacy. Namely the Data Protection Act and Rights of Investigatory Powers Act. The first one controls disclosure as well as providing means for individuals to review the data kept about them. The second controls what a co. such as an ISP can do with the data (eg traffic logs) as well as what the authorities can do. The two together means that you have to be able to justify the data you keep and for how long you keep it. The network that I work for does not keep data for longer than 3 months, unless it relevent to some network issue/investigation, then its kept for 2 years; but never indefinately. Lastly there is also the Freedom of Information Act, which allows citizen access to all sorts of government and civil service information and documentation. So you can double check their procedures for example.

Re:But no privacy in the land of the free (2, Insightful)

misanthrope101 (253915) | more than 7 years ago | (#16749067)

I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have?

Well, Germany actually had a dictator lie his way to power by using fear and patriotism as bludgeons against his opponents. They know firsthand what dangers lie at the end of that road. We still think we can have everything along the road (the exaggerated nationalism, the fear-mongering, the reduction of freedom to save freedom, etc) without necessarily arriving at the same destination. Continental Europeans know better, at least for now. In time they'll forget, because people always do, but for now they are more vigilant in defense of freedom than the Brits or Americans.

Similarly, Stanley Milgram, in his Obedience to Authority experiments and book, found very high obedience levels in Americans, but less so in the nations that had to live under Hitler. People sometimes do learn from history, though the knowledge probably gets diluted with time and distance. But for now Europeans seem a bit more disillusioned with the idea that you can give government unlimited power and still protect freedom, ergo they restrict government more. We seem to think the opposite, at least for the moment, which is why you're considered a terrorist appeaser if you think the government should have to get a warrant before putting people under surveillance, you oppose torture, or you think people should get a trial before being locked away. I only hope the pendulum starts swinging the other way soon. I'd like my nation to oppose torture and support habeus corpus. Strange that my pulse quickens while typing that--why should it be controversial?

Re:But no privacy in the land of the free (1)

vidarh (309115) | more than 7 years ago | (#16749117)

Actually, the legal basis for this decision in Germany, is the EU data privacy regulations, which each member country are required to reflect in national laws. In the UK this would be the Data Privacy Act that gives us similar protections to the Germans.

Re:But no privacy in the land of the free (0)

Anonymous Coward | more than 7 years ago | (#16749197)

Well, looking up this index http://www.rsf.org/rubrique.php3?id_rubrique=639 [rsf.org] seems that the Brits and the Yanks are behind Germany even in freedom of press (which probably translates in freedom of speech, I think). But the worrying thing is that because your countries are leading the way into more and more restrictions and because you are supposedly the 'leaders and guards' of the western society as it is now, our governments will enforce restrictions similar to the ones you (will) have. Like, as an example, the incredibly stupid new rule where you cannot board a plane in any of the European countries carrying a bottle of water/juice/whatever because of what happened in Heathrow few months ago. But, of course, you are allowed to bring any bottle you buy from a duty free shop. How stupid is this?

Re:But no privacy in the land of the free (0)

Anonymous Coward | more than 7 years ago | (#16749295)

Could it be bacause most countries in continental Europe did experience actual (and painful) loss of freedoms during the last part of the 20th century?

Re:But no privacy in the land of the free (1)

wizztick (710379) | more than 7 years ago | (#16749301)

freedoms (e.g. speech,press) are more limited in countries like Germany
Salvance, can you give some example of why speech and press are more free in America than in Germany. I am curious to what is more limited in Germany, or a country like Germany.

A question for network admins (4, Interesting)

gaijin99 (143693) | more than 7 years ago | (#16748235)

I'm not an admin, and never have been so I'm working on ignorance here. But my question is, why bother with long term logs anyway? I understand a need to keep logs of activity for a week or so to deal with various attacks, zombie machines, etc, but why not set the logs to automatically wipe anything past that point? I can see maybe going nasty and selling it to advertisers, but other than stuff like that is there a use?

Re:A question for network admins (1)

unboring (697886) | more than 7 years ago | (#16748331)

IP forensics is a very useful for fraud detection and prevention, not just click-through fraud but also ecommerce/transaction fraud. Its invaluable to mine through old IP data and detect predictive patterns in fraud.

Re:A question for network admins (1)

gaijin99 (143693) | more than 7 years ago | (#16748383)

To me that would seem to apply mostly to people hosting commercial sites, not an ISP providing end user access. Is that your angle, or did I miss something obvious?

Re:A question for network admins (0)

Anonymous Coward | more than 7 years ago | (#16748337)

Let's say if someone gets an e-mail/forum post but has been away for a long time - let's just say one day longer than the logs are supposed to be kept (meaning, eight days if we're going by a week with your suggestion). That e-mail/forum post was very abusive, racist, sexist, whatever - bad enough to merit a complaint. You can file a complaint, show the e-mail, but if the ISP doesn't log the IP as being online at that time, they can't do shit.

Granted, nowadays they don't do shit anyway, but beings we're already thinking hypothetically...

Re:A question for network admins (1)

plaxion (98397) | more than 7 years ago | (#16748351)

You've answered you own question.... it's "stuff like that" (i.e. vague and unknown uses, both current and future) that are the worry.

Re:A question for network admins (1)

gaijin99 (143693) | more than 7 years ago | (#16748425)

Well, its what worries me about people *keeping* logs, actually....

On a practical note, how much storage are we talking about for a decent sized ISP? I'm assuming you'd want to store the customer's ID, the IP address visited by the customer, the website address (if there is one), a timestamp for that visit, and maybe the amount of transfer both upstream and downstream each time the computer sends or recieves. Even for small ISP's that sounds like a lot of info to keep, indefinately, for every single customer and ever single thing they do online. I know we store a lot these days, but for the big guys like AOL that sounds like it could get into the range of multiple gigabytes per day. I know that tape backups aren't that expensive, but it sounds like a lot of trouble to go through for not a lot of payoff.

Are my guesses here utterly off, or do they really store that much data on their users?

Re:A question for network admins (2, Insightful)

mxs (42717) | more than 7 years ago | (#16748457)

The ISP in question stores your assigned IP, duration of the session, start-time of the session, bytecounters up/down, username, and probably access concentrator (i.e. which physical land line was used).
No logs of website accesses or acribic list of all packets sent and received are made.

A lot of data is accumulated, but really, what does a terabyte of online storage cost these days ... Peanuts.
Amazon stores your entire clickstream history, everything you ever did on their website, for an indefinite amount of time. Walmart has some of the largest databases in the world holding all manner of customer and sales records. I'd be surprised if Google ever deleted search logs. archive.org tries to store the entire web many times over.
Storage, per se, is cheap :)

Re:A question for network admins (1)

cheater512 (783349) | more than 7 years ago | (#16748473)

Your guesses are off.

They only log what ip each customer gets.

Re:A question for network admins (1)

mxs (42717) | more than 7 years ago | (#16748385)

Yes, there is a use. Law Enforcement LOVES long data retention. Really, they do.

The MPAA/RIAA/IFPI/etc. all LOVE long data retention as well, especially when combined with Law Enforcement.

I'm pretty sure all manner of intelligence services also LOVE long data retention.

I have yet to see a case of a consumer/customer loving long data retention.

Re:A question for network admins (1)

gaijin99 (143693) | more than 7 years ago | (#16748435)

Yeah, but the ISP's are doing it, and they aren't compelled to do so by law (at least not yet in the US). That implies that they have reasons of their own, and I'll be buggered if I can see what those reasons might be, beyond evil stuff like selling the info to advertisers.

Re:A question for network admins (1)

mxs (42717) | more than 7 years ago | (#16748497)

Did you miss that AOL and TW merged ? Many ISPs are part of larger conglomerates, or in bed with parts of the media industry. That should be enough incentive.
Traffic usage logs are interesting as well; one broadband ISP (1&1) in Germany regularily offers some of their customers $150 if they leave for another provider, since these customers actually used the bandwidth being advertized and generated generous amounts of traffic. You can't do that without retaining information on traffic usage.
Other ISPs might use this to segment their userbase a bit so that the bandwidth-hogs get lower traffic priority than the "good" customers. This is rather common (or used to be so) in Switzerland. Some ISPs take it as a metric to decide whether certain ports should be blocked for a certain customer (a notable one, also in Germany, blocked port 1214 and some other notorious filesharing ports; if you asked them about it, they'd lift the block -- but only if you signed a contract that you are not breaking the law ... Fat lot of good that does, but hey, it seems to intimidate enough). Another ISP (I think it was T-Online, way back) sent letters to their bandwith-hogs reminding them not to do illegal stuff with their connection -- the ONLY metric used in that case was bandwidth used, not any indication of any wrongdoing. So if you were merrily sharing Warcraft patches or Firefox releases using BitTorrent you would get such a letter.

Maybe the network admins per se can't do much with that data, but the accountants & salesforce sure can.

Re:A question for network admins (1)

daverabbitz (468967) | more than 7 years ago | (#16748491)

Well, I personally love my HDD's long data retention. If I'm lucky it might retain my data for 10 years. Then again it might fail 1 week after purchase. .....

Oh log retention, yes well that doesn't make a whole lot of sense... Except when it does.

I really wish Linux had a fossilfs like Plan9 that stored all changes chronologically. Kind of like Subversion on 'roids.

And no I'm not in favour of my ISP logging huge amounts of data about me, on the other hand I would be quite grateful if they kept reasonable amounts of logs of routing tables, I'm not sure what logging IP addresses means, surely they aren't logging every host I connect to, that would be insane.

Oh well, I can't even remember why I started this post, I guess that means I don't hav every good data retention...

Re:A question for network admins (1)

mxs (42717) | more than 7 years ago | (#16748525)

"logging IP addresses" means logging which IP address your connection had at a particular point in time within the last 80 days. (so a lookup of 1.2.2.4 in their database would yield "mxs", or whatever my customer number is)

hrrm ... wouldn't UDF work as a replacement for fossilfs ?

Re:A question for network admins (1)

Benaiah (851593) | more than 7 years ago | (#16748833)

Yes, there is a use. Law Enforcement LOVES long data retention. Really, they do.
The MPAA/RIAA/IFPI/etc. all LOVE long data retention as well, especially when combined with Law Enforcement.

The MPAA/RIAA/.... doesnt combine with law enforcement because they arent enforcing laws. What these lawyers do to get your IP address is damn right underhanded, and many would consider illegal. I would say MPAA/RIAA/... combined with politicians love data retention to push their case and make examples of people who oppose their view.
Watch thank you for smoking. Fucking Lobbiests.

Re:A question for network admins (1)

elyk (970302) | more than 7 years ago | (#16748503)

I think it's also somewhat a matter of simply "because they can"; they don't necessarily see a use at the moment for those two year old logs, but you never know when they might come in handy...especially when a nosy government issues you a subpoena To those wondering whether the letter requesting that the logs be deleted will be logged: Yes, it will, unless you submit another letter requesting that it be deleted, but then that letter will be logged, unless you submit another letter...

Re:A question for network admins (0)

Anonymous Coward | more than 7 years ago | (#16748613)

, but you never know when they might come in handy...especially when a nosy government issues you a subpoena

Yeah, it sure is handy to have logs off on secondary storage somewhere that you have to spend at least a few hours if not days of man time recovering just to comply with a single subpoena. No possible way it would be better to spend practically zero time complying with a subpoena because there are no logs to retrieve in the first place.

Let's see - say 50 subpoenas per year means at least 50 man hours wasted vs zero man hours wasted if there are no logs. Yep, sure is handy to keep those logs around!!

Canadian/America version? (0)

Anonymous Coward | more than 7 years ago | (#16748241)

Is there someone who is a lawyer and is able to make a version for us Canadians/Americans?

Australia.. (5, Interesting)

swordfishBob (536640) | more than 7 years ago | (#16748323)

It should work in Australia. Privacy laws here state that:
- If I ask a company operating in Australia what information they have about me, they are obliged to tell me
- If I ask where they got this information, again they must answer
- If I ask the same company to remove such records, AFAIK they must, though there are reasonable exceptions to this one. (e.g. if i've done business with them, they have to keep financial records. if it's my bank, they might have to cancel the mortgage to comply..)
- Companies operating here are not supposed to pass on private information without consent, which is why so many competitions and things have clauses in tiny writing to get your consent.

Re:Australia.. (0)

Mattwolf7 (633112) | more than 7 years ago | (#16748411)

I nominate a motion from this point forward Australia and Austria will be noted in the following fashion:

Australia (AU)
Austria (EU)

Cause I was totally reading this comment and since my mind was on Europe and Germany immediately thought you were talking about Austria (EU) and not Australia (AU) the country in a different hemisphere...

Re:Australia.. (3, Funny)

Heir Of The Mess (939658) | more than 7 years ago | (#16748543)

You must be from America. Americans often send us Australians instruction manuals in German because they think everyone speaks German in Austraya.

Re:Australia.. (1)

rastos1 (601318) | more than 7 years ago | (#16748617)

>Privacy laws here state that: ...

Good for you. Basically the same laws are valid in my country. The problem is that they do not work.

I got good offer from a bank for a credit card (they are not so common here, most people use debit cards). I applied and I had to supply some information about my backround, so the bank knows I can pay back my debts. (that was the 1st strange thing because they aproached me because of my account history). After one manth I got a written balance statement and I saw that the offer is not that good as advertisied. The clerk in bank simply told me something what turned out not to be true. I said: ok, cancel the credit card. And I formally asked for list of informations they received as part of application, list of 3rd parties they provided this info to and I asked them to delete that information. The reply: You are right that based on the "privacy law" you can request deletion of that data, but based on "archiving law" we and "National credit bureau" can keep the data for next 5 years. "National privacy protection office" confirmed this. I never heard about "archiving law" before.

So, don't trust laws in your country unless you get a chance to test them on your own.

Re:Australia.. (0)

Anonymous Coward | more than 7 years ago | (#16749271)

i'm guessing this is just your run-of-the-mill all financial records hould be kept for 5 years.
And even worse!!!!1 i bet your school still has all your grades/projects since they are required to keep them for about 11 years or so. (this includes that wonderfull little science project you made)
(it's been a while since i went to school though, but 15 years ago my school had a big room stuffed with all the science projects done ever at that school, and apparently there are only so many ways you can make a papermasche hindenburg type blimp)

This making the assuption you live in the netherlands btw.

all because of accountabilty i guess

Re:Australia.. (1)

Timbotronic (717458) | more than 7 years ago | (#16748627)

Unfortunately the laws don't work very well with small companies. I filed a complaint against a Sydney real estate agency who sent multiple unsolicited text messages to my mobile phone. They just ignored my requests to 1. stop and 2. tell me where they got my number from.

The Office of the Privacy Commissioner [privacy.gov.au] will only launch investigations against larger companies (IIRC they need to have an annual turnover >$500K) and they told me as much when I complained. So that leaves a fair bit of room for unscrupulous companies to flaunt the law without fear of reprisal.

Data Retention Directive? (1)

aleph (14733) | more than 7 years ago | (#16748341)

Isn't there an EU Directive regarding data retention that went through in response to "the terrorist threat"? How does that gel with this ruling?

Re:Data Retention Directive? (1)

mxs (42717) | more than 7 years ago | (#16748431)

The laws resulting from that directive will not be in effect before Jan 1, 2007.

Motherfucking bureaucratic world... (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16748359)

Why the fuck does a letter need to be sent in order for the logs to be deleted? Why the fuck are these piss-ant kind of logs created in the first place? Why the fuck can't people have privacy automatically?

Re:Motherfucking bureaucratic world... (2, Interesting)

aeschenkarnos (517917) | more than 7 years ago | (#16748471)

Because: (a) some people commit actual crimes (like, the kind with victims) on the internet, and the ISP's logs are equivalent to the film from the CCTV camera across the street from a robbed bank; (b) there are good technical reasons, ie statistical data used for load-balancing purposes, network expansion, upgrade scheduling etc, for keeping logs (although obviously, stripping out identifying data ought to be done wherever this doesn't interfere with that purpose); (c) to some extent, keeping "logs" as such is an unavoidable consequence of doing what an ISP does. Functions like billing depend on logs. If they didn't keep logs, what recourse do you have if they bill you for 100GB over-quota usage during the month?

As with any other business you deal with, the difference between "monitoring customers" and "keeping business records" gets a bit blurry. A plumber keeps a "log" of whose house he visits, what he does in each house, what materials he uses, and how much he charges each householder. He probably calls this log a "receipt book". Obviously this book is unlikely to contain evidence of a crime, but that's due to the different nature of the plumber's business, not the fact that he keeps logs.

Re:Motherfucking bureaucratic world... (1)

Gunnut1124 (961311) | more than 7 years ago | (#16748641)

So you are saying that it is a valid and reasonable argument that we should give up privacy because someone COULD commit a crime? I think this is the root of the problem many folks see with monitoring today. People like you, who are presumably good folks, think that it's cool if the gov't looks over your shoulder and watches everything you do. Others, presumably good folks too, want to have a private and less-observed life away from the cameras, recorders, logs, biometric-scanners, and databased-identities of your Orwellian dream. Monitoring never directly prevented crime, it has only been used to established that a crime was committed. If you want to prevent crime by monitoring, I hope you have no problem with the gov't putting GPS in your car to make sure you drive the speed limit, then mailing you a ticket when you do. If you want to prevent crime by monitoring, you better hope that camera on your street corner jumps in the way of the bullet before it hits you in the chest, cause all it's likely to do is tell them a person in a hoodie blasted you. (Not a threat on you at all, i don't even know you...)

Does that clear up how monitoring goes afoul? Does that show you how monitoring isn't going to HELP you? If not... Then I guess I have failed here.

Re:Motherfucking bureaucratic world... (0)

Anonymous Coward | more than 7 years ago | (#16748887)

"some people commit actual crimes (like, the kind with victims) on the internet" Like what?

Re:Motherfucking bureaucratic world... (1)

Pofy (471469) | more than 7 years ago | (#16748957)

>a) some people commit actual crimes (like, the kind with victims) on the internet,

Yet in almost no country does the post office keep track and logs of who mail who despite crimes both in the past and present probably occur thorugh mail. Further, many countries does not have any law requiring ISPs to keep logs, yet they do it anyway.

>b) there are good technical reasons, ie statistical data used for load-balancing purposes,
>network expansion, upgrade scheduling etc, for keeping logs (although obviously, stripping
>out identifying data ought to be done wherever this doesn't interfere with that purpose);

Which would be about every time or almost every time.

>(c) to some extent, keeping "logs" as such is an unavoidable consequence of doing what an
>ISP does. Functions like billing depend on logs. If they didn't keep logs, what recourse
>do you have if they bill you for 100GB over-quota usage during the month?

Which would only ever be important if you are billed by ammount of traffic which, at least in my country is almost non existant. Further, it requires no point in logging the IP number for example, you only need to keep track of ammount of data used (like electricity companies do for example).

Re:Motherfucking bureaucratic world... (1)

slimey_limey (655670) | more than 7 years ago | (#16749211)

Which would only ever be important if you are billed by ammount of traffic which, at least in my country is almost non existant.

In my country home users generally are billed by the month; colo-ed, peered, and commercial users are generally billed by the bit.

You Can Delete the Logs Present Now... (2, Insightful)

MSTCrow5429 (642744) | more than 7 years ago | (#16748373)

...but what happens when the user logs on again, after the IP log purge? Are they back in the records from that point on?

Blurb text misleading (4, Informative)

mxs (42717) | more than 7 years ago | (#16748375)

Not /exactly/ true. The sample letter speaks of a complaint, but T-Online has every choice not to comply.
The linked webpage then recommends sueing T-Online in that case. If/Once you win that lawsuit, T-Online has no choice but to comply. This is a tad different from what the blurb here would have you believe.

(All this is based on rather strict privacy laws that require a provider not to collect any data not relevant to accounting; since IP addresses and data volume is not needed for accounting on plans with a flat fee per month, T-Online has no right to do so; they, however, save that data for 80 days.)

Data retention directive (1)

stefanb (21140) | more than 7 years ago | (#16749149)

Regardless of this ruling, the EU data retention directive will force providers to retain connection info, such as IP assignment to DSL accounts, for up to six months. So unless the directive gets repealed (IIRC Ireland has brought it before the EU court of justice), providers will have to keep all this info anyway.

Of course! (1)

bblboy54 (926265) | more than 7 years ago | (#16748403)

The A in AT&T stands for American.... You don't exactly see GT&T do you?

formerly, it did (2, Funny)

misanthrope101 (253915) | more than 7 years ago | (#16749111)

You didn't get the memo, it seems. The A now means "All." Big merger. They also are the CIA now. Analysts were fired to free up office space for shredders, and all raw intel is funneled into Dick Cheney's office, where it is sorted into two piles, "reality," and "tomorrow's talking points." The first pile is thrown out, where Colbert Report operatives posing as facts (so they won't be noticed) smuggle the reality over to Comedy Central, where it is broadcast and uploaded just in time to highlight the perspicacity of today's (formerly tomorrow's) talking points.

And no, I have no idea how that tangent ended up the way it did. Good or bad, I had to follow it. My muse isn't very talented, but she's mine, and I love her.

Re:Of course! (0)

Anonymous Coward | more than 7 years ago | (#16749297)

Dude. Don't know why you think German Telecom should be spelt with a 'G'. Try Deutsche Telekom. And it does exist, it's just not allowed to have such a monopolistic market share as the large american carriers.

After Deleting the Logs... (1)

DavidD_CA (750156) | more than 7 years ago | (#16748409)

After deleting the logs, does the ISP have to delete the letter that requested the logs be deleted?

Re:After Deleting the Logs... (1)

EveLibertine (847955) | more than 7 years ago | (#16748585)

No, I believe it goes something like this:

"This message will self destruct in 5...4...3...2...*!"

Google Language is a real boon :) (1)

glowworm (880177) | more than 7 years ago | (#16748445)

Sometimes tools like Google language or Babelfish are an absolute necessity when dealing with texts in a language other than your own...

Othertimes though... [google.com]

The deplored one is condemned to omit it with the use of the Internet entrance
Machine translation just isn't up to task.

Re:Google Language is a real boon :) (1)

boraugurlu (450638) | more than 7 years ago | (#16748667)

german laws can be really complicated you know..

Over here we force deletion of election logs (1, Funny)

Anonymous Coward | more than 7 years ago | (#16748459)

Thanks Diebold!

Good and bad. (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16748521)

The main problem, as I see it, is that a huge load of users will be infected by malware, which is used to spam. If these same users have requested that all their IP logs should be deleted after disconnect - things get rather tricky.

Also, what if a spammer signs up, requests all logs to be deleted .. waits .. and then starts spamming? Pretty damn difficult to track down if a lot of users have requested that their IPs should not be logged.

On the other hand, I hate that the spam problem should be solved by violating privacy. It was all okay for me when ISPs logged what they wanted, but didn't hand it over to anyone except when they found it necessary to investigate something themselves - due to complaints which would hurt the ISP itself (i.e spammers.. RBL's .. and so forth).

Re:Good and bad. (1)

nath_de (535933) | more than 7 years ago | (#16748981)

I don't think this will happen. All other ISPs always deleted the IP logs for flat fee users, only T-Online didn't.

er (1)

mr.cbaker (669550) | more than 7 years ago | (#16748699)

99 luftballoons?

Not quite as good as it looks (4, Insightful)

njdj (458173) | more than 7 years ago | (#16748797)

The original article [spiegel.de] points out that keeping logs is incompatible with existing German law. But the law will soon be changed, because Germany will have to comply with an EU directive mandating that logs be kept for at least 6 months. Germany has already asked for an extension of the deadline to comply with this, but the strong likelihood is that the German privacy laws will be changed to comply with the EU-mandated snooping.

EU pols and bureaucrats are as hostile to personal privacy as US pols and bureaucrats.

Reminds me of something... (0, Flamebait)

Analein (1012793) | more than 7 years ago | (#16749097)

"Quick, Heinz! Delete ze data before ze Allierten kan find it! Zere muzt not be äny evidence!"

The interesting political spin... (2, Insightful)

phooka.de (302970) | more than 7 years ago | (#16749113)

The ISP is germany's biggest ISP, the "Telekom". By the law, they were only entitled to keep logs that are required for billing. If you have a flatrate, no IP-logs are needed for billing and other ISPs didn't keep them, but the Telekom did.


Now here's the interesting bit: The entity that owns most of Telekom's shares is - the Bundesrepublik Deutschland, the German gouvernment. The "Innenminister", the guy responsible for the justice system, police etc. was one of the kind of politicians who'd like to know everything about everyone for the sake of "security". (Who needs freedom if they are secure? Oh wait, that was prison.)


So, while by the law he could not force ISPs to retain that data, the biggest german ISP that just happened to be controlled by... him(!)... did so anyway, aiding law enforcement in trivial (and here: unfounded) cases with said data.


Unfortunately, even in germany, noone seems to bother about privacy anymore.

would this work in the UK? (1)

ken-doh (663781) | more than 7 years ago | (#16749165)

technically the data protection act says that any company must remove all your details and information they have on you upon your request... any ideas?

Some additional facts... (1)

Analein (1012793) | more than 7 years ago | (#16749335)

It was not made clear in the article, why this was fought out up to the supreme court. Initially, this whole process was started by a posting in Telepolis, the political webzine of heise.de

heise.de is somewhat comparable to slashdot. It's the biggest IT news site in German language. Trolling is even worse.

http://en.wikipedia.org/wiki/Holger_Voss [wikipedia.org] Wikipedia article on the incident

After all, this is an achievment, yes. However there's an http://www.heise.de/newsticker/meldung/77185 [heise.de] EU law (pdf) being considered that not only allows but forces ISPs to save logs starting 2009. Oh, and did I mention that some politicians are actually trying to incriminate so called "hacker tools", here? Oh, surely they will think of Nessus and Wireshark as needed security tools. They are politicians, they know that.

you insensit1ve Clod! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16749363)

And pe8sonal [goat.cx]
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...