Forgot your password?
typodupeerror
The Courts Government Privacy News

Swedish ISP Deletes Customer ID Info 177

Posted by ScuttleMonkey
from the putting-tread-on-the-slippery-slope dept.
NewYorkCountryLawyer writes "A Swedish internet service provider, Bahnhof, has begun deleting customer identification information in order to prevent it from being used as evidence against its customers under Sweden's new legislation against copyright infringement via peer-to-peer file sharing. According to this report on 'The Local,' it is entirely legal for it to do so. The company's CEO, Jon Karlung, is identified as 'a vociferous opponent of the measures that came into force on April 1st,' and is quoted saying that he is determined to protect the company's clients, and that 'It's about the freedom to choose, and the law makes it possible to retain details. We're not acting in breach of IPRED; we're following the law and choosing to destroy the details.'"
This discussion has been archived. No new comments can be posted.

Swedish ISP Deletes Customer ID Info

Comments Filter:
  • Wow (Score:5, Insightful)

    by Spazztastic (814296) <spazztasticNO@SPAMgmail.com> on Friday April 17, 2009 @12:57PM (#27615823)
    Buy the guy who made that decision a beer. Kudos, Bahnhof.
    • Re:Wow (Score:5, Insightful)

      by Aladrin (926209) on Friday April 17, 2009 @12:59PM (#27615885)

      While I love this decision also, I find it sad that we now applaud people who want to take care of their customers... Didn't that used to be a given?

      • Re: (Score:2, Insightful)

        find it sad that we now applaud people who want to take care of their customers..

        modern age: 2 kinds of 'customers':

        - the ones that pay the bills by buying your products or services
        - the other kind that shows up with as a band of thugs bearing guns and badges

        the first one you can abuse and refuse. the 2nd one, well, not so much.

        welcome to the brave new world.

      • Didn't that used to be a given?

        No. Only in some romanticized version of the past.

      • Re:Wow (Score:5, Interesting)

        by Samschnooks (1415697) on Friday April 17, 2009 @01:49PM (#27616911)

        While I love this decision also, I find it sad that we now applaud people who want to take care of their customers... Didn't that used to be a given?

        Speaking as someone that handles consumer's problems - you are correct. There's nothing I hate more than hearing "Sorry for your inconvenience." - especially from airline employees!

        Oh yeah! How about, the next time you're on strike and bitching about how you're not making enough, I walk up to you and say, "Sorry about the inconvenience!"

        Here's the thing, with this shitty economy, companies are seeing the light! Amen! They're paying attention to customers. Just walk into a Home Depot now. I got asked 4 times if I found what I'm looking for! Now, they're pissing me off for being so helpful. Talk about the pendulum swinging!

        P.S. To you Aladrin: I see that big orange ball by your userID. For what it's worth, whatever I said, I meant nothing personal, but I stand by my opinions. I take responsibility for what I've said that has offended you. Judge me as you will.

    • Re:Wow (Score:4, Insightful)

      by TheGratefulNet (143330) on Friday April 17, 2009 @12:59PM (#27615891)

      I'll buy an ACCOUNT on his server. even though I don't live anywhere near there.

      this guy IS a hero!

    • by XPeter (1429763) *
      Make it two. That guy definitely has some balls. If only the rest of the ISP's thought like them...
    • Re:Wow (Score:5, Informative)

      by Sporkinum (655143) on Friday April 17, 2009 @01:00PM (#27615905)

      Those were the guys with the James Bond villain data center. Just from watching the video, you get the impression they are a good group of nerds.

      • Re:Wow (Score:5, Insightful)

        by Jugalator (259273) on Friday April 17, 2009 @02:18PM (#27617451) Journal

        Actually, that, combined with this, has made me consider a switch from Bredbandsbolaget (a major Sweidsh ISP) to them. They have pretty decent pricing too, and I have no problems at all with BBB -- rather to the contrary. But it would simply feel good to be an ISP customer where the CEO shared my ideals. :-) And know that they at least try to protect the privacy of their customers. That's so little of a given these days that it's scary.

    • Re:Wow (Score:5, Insightful)

      by MozeeToby (1163751) on Friday April 17, 2009 @01:03PM (#27615967)

      Better yet, if you live in Sweden move your Internet connection over to his ISP. This is a very rare chance to financially support someone who is trying to protect your privacy while having little net cost for yourself.

      • Re:Wow (Score:5, Interesting)

        by J Isaksson (721660) on Friday April 17, 2009 @01:35PM (#27616679)
        I don't actually fileshare, but Bahnhof, you have my support and the day you support e-faktura (electronic bills & payment) I'll support you with my business too. /Actual Swede
        • Re: (Score:2, Insightful)

          by Jared555 (874152)
          Why is this considered Troll? Because they say they don't fileshare or because they are mentioning a problem with a privacy supporting ISP?
    • Re:Wow (Score:5, Interesting)

      by PopeRatzo (965947) * on Friday April 17, 2009 @03:00PM (#27618189) Homepage Journal

      I hope all the teabaggers who were at the big Fox News Tea Bag Rallies here in the US on Wednesday take note that this head of a company who is striking a blow for the privacy of his customers and liberty in general is acting in what they deridingly refer to as a "European Socialist" country.

      If this is European Socialism, I want some of that right here in America and the sooner the better.

      What was the last time an American CEO did something like this for his customers?

  • This guy is a hero (Score:5, Insightful)

    by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Friday April 17, 2009 @12:59PM (#27615877)

    And sometimes heroes get arrested and thrown in jail for obstructing justice.

    • by AmiMoJo (196126) <mojo@world3AAA.net minus threevowels> on Friday April 17, 2009 @01:24PM (#27616449) Homepage

      Deleting all non-essential personal data sounds like a good way to limit the possibility of having the data stolen and used for identity fraud. That sounds like a pretty compelling argument.

      In fact, here in the UK, data protection laws require each piece of information kept to be justified. If they rules on justification were tightened up...

      I'd love to know how they can bill people without even knowing their name though. It would seem to rule out credit cards.

      • Re: (Score:2, Informative)

        You can bill them for the connections without recording the IP or how they are connected.
      • by Andy Dodd (701) <atd7NO@SPAMcornell.edu> on Friday April 17, 2009 @01:49PM (#27616919) Homepage

        You don't need DHCP server logs for billing purposes.

        You do need them for hunting file sharers.

        • by greed (112493) on Friday April 17, 2009 @01:54PM (#27616997)

          Heck, if you sell uncapped, un-metered always-on connectivity, you don't need any logs at all. You need to set up a user name and password, or authorize a MAC address, or energize a particular port on a switch, or something. But it doesn't _matter_ if it ever gets used... the bills are because "you signed up and the month has ended." So you don't need to log it; you just need a way of turning it on when someone starts paying, and off when they stop.

        • by AmiMoJo (196126)

          I wish ISPs could do that here in the UK, but they are required to keep those kinds of logs for at least a year. The government even pays for the equipment to do the logging. Unfortunately I suppose Sweden will be passing similar laws soon.

      • Re: (Score:3, Interesting)

        by Kjella (173770)

        I'd love to know how they can bill people without even knowing their name though. It would seem to rule out credit cards.

        Provide service but don't keep DHCP logs? Pretty much all broadband in Sweden is unmetered, so there's no need to keep any traffic details at all.

      • by Thaelon (250687)

        If the ISP is getting paid and the customer isn't complaining, the business relationship could be said to be satisfactorily established to the satisfaction of both parties.

        There's no legal need to tie usage information from IT to customer information from billing.

      • by Culture20 (968837)
        If they don't get a wad of cash with an account number attached, then they cut off service for that account. Doesn't matter who pays, so long as the account number is valid. Maybe some people could pay with credit cards, but they just pay for a different account each month (maybe theirs, maybe not). No need for bills, although it leaves the customer with no recourse if they cut off service illegitimately.
      • by number11 (129686)

        I'd love to know how they can bill people without even knowing their name though.

        The headline is a little deceptive. It sounds like what's actually going on is that they don't retain logs. From a comment to the article:

        To clarify, we (Bahnhof) have not "begun deleting information" of any kind, we have always discarded this sort of informationcouplings in the earliest stage possible in our ongoing efforts to provide iNTeGriTY-marked(swedish language ahead) broadband for our customers.

      • Considering all that customer data is to the company is a potential liability, why would any ISP in Sweden choose to retain that information?? Especially considering it is perfectly legal for them to get rid of it. Keeping the data around will do absolutely no good for the company, and could possibly harm their customers. Last I heard, you want to keep you customers happy if you want them to keep paying for your services.
    • by Pinckney (1098477) on Friday April 17, 2009 @01:41PM (#27616769)
      He'll probably be ok. From the article:

      Stefan Johansson, deputy director at the Swedish justice ministry, confirmed that Bahnhof was not breaking the law by choosing to destroy IP address details.
      "The IPRED regulations do not entail any obligation of this kind. They are only concerned with the retrieval of existing information," he said.

      • by TheSpoom (715771) *

        He'll probably be ok until they change the law in response.

        Fixed that for you.

        • by Pinckney (1098477)
          Again from the article:

          If the legislation is enacted, Karlung said Bahnhof would continue to stay within the bounds of the law.
          "If the state decides that everything has to be handed over to various private organisations[sic], then we will of course comply, even if I think it's unfortunate and hope public opinion pushes the matter in a different direction," he said.

          According to wikipedia, the Swedish constitution prohibits Ex Post Facto criminal laws, so again, they should be just fine.

    • Re: (Score:2, Insightful)

      by JohnnyKrisma (593145)
      I doubt that could be the actual charge. Obstructing justice usually means there's an ongoing case with actual defendants. This is more like obstructing potential justice... or witch hunts.
  • I hope... (Score:5, Insightful)

    by Narnie (1349029) on Friday April 17, 2009 @12:59PM (#27615889)
    I hope this won't be like what happens in the US where the company deletes data, but when pressured by the courts, they happen to recover a backup.
    • Re:I hope... (Score:5, Interesting)

      by Jah-Wren Ryel (80510) on Friday April 17, 2009 @02:24PM (#27617567)

      I hope this won't be like what happens in the US where the company deletes data, but when pressured by the courts, they happen to recover a backup.

      It's worked out GREAT for libraries in the US. The PATRIOT act requires that libraries give up book borrowing records without even a warrant. So within a year or two pretty much all of the common library management software packages were updated to delete all record of who/where/when/what was borrowed as soon as the book is returned. Few people would ever guess it, but most librarians are almost militant about patron privacy.

    • Re: (Score:3, Insightful)

      by rts008 (812749)

      I hope this won't be like what happens in the US where the company deletes data, but when pressured by the courts, they happen to recover a backup.

      And when the courts pressure the gov't. for data, it's lost/unrecoverable.

      Sometimes I just have to wonder....

  • by Dan667 (564390) on Friday April 17, 2009 @01:01PM (#27615913)
    They take care of their customers and can still run after a nuclear war. (and you know some guy in there is doing the maniacal laugh every once in a while) http://www.datacenterknowledge.com/archives/2009/04/15/inside-the-james-bond-villain-data-center/ [datacenterknowledge.com]
  • by vivaoporto (1064484) on Friday April 17, 2009 @01:01PM (#27615915)
    Judging by the recent trial of TPB, following the letter of the law in Sweden is not enough to defend yourself if the case ends up in court.
    • Judging by the recent trial of TPB, following the letter of the law in Sweden is not enough to defend yourself if the case ends up in court.

      TPB's trial is the norm rather than the exception. If you think the letter of the law is enough to keep you safe in court try getting out of a traffic ticket where you know you're in the right. This applies in any country.

      • by rthille (8526)

        I got out of a traffic ticket, and I was guilty. I hired flesh-eating bacteria to infect the leg of the officer so he couldn't show up in court. Ok, I'm making up the 'hired' part, but flesh-eating bacteria is why my ticket got thrown out. (I think I would have won anyway, because the signal was defective, but it really was red when I went thru it...)

  • Agreed. (Score:5, Funny)

    by A. B3ttik (1344591) on Friday April 17, 2009 @01:01PM (#27615917)

    The company's CEO, Jon Karlung, is identified as 'a vociferous opponent of the measures that came into force on April 1st'

    I'm not a fan of the new slashdot achievement system, either.

  • That's it... (Score:3, Insightful)

    by Chabo (880571) on Friday April 17, 2009 @01:01PM (#27615929) Homepage Journal

    I'm moving to Sweden.

    Anyone want to hire me?

  • Another law (Score:5, Informative)

    by drstock (621360) on Friday April 17, 2009 @01:05PM (#27616035)

    They are actually claiming to follow another law from 2003 called the Swedish Electronic Communications law. It states that traffic information should be deleted or anonymized when it is no longer needed to transmit the electronic message.

  • by DarrenBaker (322210) <darren@fl i m . net> on Friday April 17, 2009 @01:06PM (#27616061) Homepage

    ... and you'll be charged with destruction of evidence, and obstruction of justice, and almost assuredly, they'll think you complicit, because silence = guilt here.

    • It isn't that bad yet, but it will be if they pass that stupid law about archiving data.

      But I don't think they will. Too much hassle for the ISPs.
    • Offer prepaid internet access. It could be cost-effective for a new player in either a densely populated area without high-rises, or in the boonies using WiFi and clever antennae.

  • Even if the copyright police came, they'd have a hard time breaking in to the coolest Bond villain data center in the world [gizmodo.com].
  • There is a fine line between merely caring for your customers and helping them get away with wrongs (be that wrong a crime [telegraph.co.uk] or just a civil offense).

    It is surprising, that it is legal, and they may be mistaken too — The Pirate Bay crew was just sentenced to a year in jail, however long them claimed, they did "nothing wrong".

    • Re: (Score:3, Informative)

      by mea37 (1201159)

      I suppose I don't know how it is in Sweden, but I beileve in America for there to be 'destruction of evidence', the destruction has to occur in the context of an actual investigation.

      In fact, this is why companies have "data retention" policies (which typically have more to do with which data to destroy than which to retain) -- when an investigation does come up, if you already don't have the information and it was destroyed in accordance with standing company policy, then there is normally no recourse agai

      • by drinkypoo (153816)

        In fact, this is why companies have "data retention" policies (which typically have more to do with which data to destroy than which to retain)

        That's what Sarbanes-Oxley was about: to make companies start retaining data on purpose. Previously companies attempted to walk the line between destroying everything that could be used against them, and keeping anything that could ever be useful. Now they have a third issue to worry about: legal compliance with data-retention laws.

        A law requiring connection of users to addresses is going to be technically unworkable, so if it happens it's a sign that it's time to run for the hills. Or at least another coun

        • by Firehed (942385)

          Yes, and as a result there's been about one IPO since SOX was introduced (Rackspace), and their stock immediately tanked. Despite SOX's noble intentions, all it's really done is make the criminals get more creative while giving a lot of companies incentive to stay privately held.

          • by drinkypoo (153816)

            all it's really done is make the criminals get more creative while giving a lot of companies incentive to stay privately held.

            I don't have a problem with that last part. The criminals will always get more creative. But if they are prevented from doing it on the backs of shareholders, then something has been gained. Anything that discourages the creation of more public corporations which are beholden to only majority shareholders and legally obligated to turn a profit is okay in my book.

    • Re: (Score:2, Insightful)

      by hesaigo999ca (786966)

      They did nothing wrong, you were the one that did when you decided to torrent a file, not them, they did not twist your arm did they. If i build something and you use it for something of an evil nature, then who is the wrong one here?

  • by roman_mir (125474) on Friday April 17, 2009 @01:20PM (#27616379) Homepage Journal

    Well, these guys have a nuclear bunker for a data-center [datacenterknowledge.com], they probably think that even if the government comes and attacks them, they can just ride it out inside. They'll probably survive even if US decides to blast them with a nuke (I wonder what the rest of the world would think of the USA if that happened though - US blasting an entrance into a datacenter with a thermo-nuclear weapon in a populated Swedish area. Oh well, just pretend there are WMDs in there and anything would go...

  • by IanHurst (979275) on Friday April 17, 2009 @01:24PM (#27616453)
    in 3... 2... 1...
  • by javakah (932230) on Friday April 17, 2009 @01:32PM (#27616609)

    Preview of next months news:

    Swedish authorities discover that ISPs deleting cutomer ID info has led to them being unable to determine the ID of file sharers, but also child pornographers, terrorists, people threatening suicide, etc.

    New laws will be up for debate trying to outlaw deleting this kind of customer ID info, with privacy groups outraged.

    (Not advocating anything here, just figuring this is where this is going.)

    • Re: (Score:3, Insightful)

      Welcome to the world of Government intrusion into every aspect of our lives.

      The camel is in the tent. The Elephant is in the living room. We are sliding down the slippery slope. The Frog in the pan is getting well done.

      The problem is, one cannot have privacy, if the government controls everything, because they will claim a need to know.

      And how many of you people want government run health care? You think the government will want to keep your health info private?

      Progressives want what they want, until it is

      • by Pig Hogger (10379) <pig.hogger@gmBOHRail.com minus physicist> on Friday April 17, 2009 @11:10PM (#27623327) Journal

        And how many of you people want government run health care? You think the government will want to keep your health info private?

        You goddammed fucking stupid moronic yankee. Only a yankee would be that stupid in his irrational stupid hatred of government.

        Everywhere there is GOVERNMENT HEALTH-INSURANCE (repeat: GOVERNMENT HEALTH-INSURANCE), the health info is KEPT PRIVATE (repeat yet again so it goes through your thick cranium: KEPT PRIVATE) because THE FUCKING GOVERNMENT IS ***NOT*** PROVIDING THE HEALTH-CARE, JUST PAYING FOR IT.

        And there is NO FUCKING NEED for the insurer to "share" private patient information, BECAUSE EVERYONE GETS THE SAME COVERAGE BY THE SAME INSURER, SO THERE IS NO NEED TO SNOOP IN ORDER TO FIND PRE-EXISTING CONDITIONS (as a manner to be able to deny coverage) BECAUSE PRE-EXISTING CONDITIONS CANNOT BE USED TO DENY COVERAGE (I repeat again: BECAUSE PRE-EXISTING CONDITIONS CANNOT BE USED TO DENY COVERAGE).

        • Re: (Score:3, Funny)

          by u38cg (607297)
          Hi. I'm sorry, but your subtle use of language has me rather confused. Do you think you could get off the fence and tell us how you actually feel about this issue? You seem a bit undecided.
    • by Andy Dodd (701)

      The linked article already talks about this. Data retention laws for antiterrorism purposes are already going through the legislative pipeline in Europe apparently.

    • Swedish authorities discover that ISPs deleting cutomer ID info has led to them being unable to determine the ID of file sharers, but also child pornographers

      Mostly teenagers these days.

      terrorists

      What terrorists? The ones you need to worry about don't use the internet.

      people threatening suicide, etc.

      How is that an ISP's business at all?

    • by shentino (1139071)

      perhaps not applicable outside the US, but...

      Why don't big bro just get a warrant for that crap...like they should be doing to begin with?

      Only exigent circumstances allow you to get a warrant after the fact. You still have to show probable cause to keep evidence from getting tossed by a motion to suppress.

  • by Andtalath (1074376) on Friday April 17, 2009 @01:32PM (#27616625)

    They use dynamic IP-addresses and do not refresh them unless there's good reason.
    You can choose to renew your IP address any time you choose though.

    It's a really neat system and I really hope the data storage directive fails and that I can switch to them.
    Cause they are awesome.

  • After I'd submitted the article, I was contacted by a spokesman for Bahnhof who advised me that they hadn't just "begun" deleting the customer linkage information, that they have been doing it all along. So the report in "The Local" was not exactly accurate.
  • Unfortunately I can't read Swedish. Anyone know if they offer VPN service?
  • by TrevorB (57780) on Friday April 17, 2009 @02:12PM (#27617379) Homepage

    US Libraries started doing something similar after the passing of the Patriot Act: deleting customer's borrowing history so that their information couldn't be subpoenaed for the data by the government.

  • by Xest (935314) on Friday April 17, 2009 @02:12PM (#27617383)

    A fairly recent round of laws to come into play for all EU member states specifies that data like this must be retained for 6months.

    But fuck the legality of it, he may be in the wrong legally, but he's one of the few ISPs in the right morally. It's just a shame more wont stand up across the industry and do this.

    I find it odd that the EU recognises that storing people's DNA on a DNA database when they're innocent and haven't been convicted of any crime is clearly wrong, but that on the flip side of it they support the storage of what people did and where on the internet.... even if people are innocent and haven't been convicted of any crime.

    It's just a shame they don't understand technology and the implications of their decisions related to it as well as they do real world justice.

    • It may be some kind of "requirement" for EU member states, but does the EU override the actual laws of Sweden, which he is following? I have a feeling that only Sweden itself can impose its laws on him. At the very least, he seems willing to find out.
    • Yeah, I'm confused, too. 2006/24/EG is pretty clear that the source of a internet message has to be identifiable for at least 6 month.

      OTOH, there's a lawsuit pending against the directive in Ireland and the German constitutional court has granted a temporary injunction against it*, so it maybe not all is lost. It's pretty controversial politically.

      * Except in cases of serious crimes, which is how they were able to bust a child porn ring recently. Next thing you know the 5 major German ISPs sign a contract t

      • by he-sk (103163)

        Correcting myself here, but on further reading I've just found out that the Irish lawsuit was denied in February. Bummer!!

  • Summary Got it Wrong (Score:5, Informative)

    by Nom du Keyboard (633989) on Friday April 17, 2009 @02:14PM (#27617413)
    Summary got it wrong - AGAIN! They haven't started deleting logs, they've been doing it that way since 1994. This story has been out for a couple days and somehow - in typical Internet fashion - one person got it wrong and everyone else has copied the wrong data. They never saved this data from the beginning because they didn't have to. It's only mentioned now that they're continuing to do what they've done all alone, not that the suddenly started doing something different.

Your own mileage may vary.

Working...