Forgot your password?
typodupeerror
Privacy Security The Internet Your Rights Online

Sonic.net's CEO On Why ISPs Should Only Keep User Logs Two Weeks 190

Posted by timothy
from the privacy-has-value dept.
Sparrowvsrevolution writes "Dane Jasper's tiny Internet service provider Sonic.net briefly took the national spotlight last October, when it contested a Department of Justice order that it secretly hand over the data of privacy activist and WikiLeaks associate Jacob Appelbaum. But Sonic.net has actually been quietly implementing a much more fundamental privacy measure: For the past eighteen months it's only kept logs of user data for two weeks before deletion, compared with 18 to 36 months at Verizon, AT&T, Comcast, Time Warner and other ISPs. In a lengthy Q&A, he explains how he came to the decision to limit logging after a series of shakedowns by copyright lawyers attempting to embarrass users who had downloaded porn films, and he argues that it's time all ISPs adopt the two-week rule."
This discussion has been archived. No new comments can be posted.

Sonic.net's CEO On Why ISPs Should Only Keep User Logs Two Weeks

Comments Filter:
  • Props to him (Score:3, Interesting)

    by netwarerip (2221204) on Monday June 25, 2012 @05:50AM (#40436807)
    Kudos for having the balls to do this in the face of (gov't) adversity. Too bad it's unlikely for the big ISPs to do the same. They rely too much on gov't help/assistance/looking-the-other-way to want to rock the boat.
  • by MikeRT (947531) on Monday June 25, 2012 @06:00AM (#40436869) Homepage

    18-36 months for user activity logs? Really? If they do that voluntarily, they have no credible argument from a cost perspective to ever say "no" to the government. None. Period. The amount of data they're freely taking on there is so high that the government can easily justify telling them that they must warehouse all activity, all users (past and present) indefinitely at their cost.

    I simply cannot believe the bean counters are ok with this.

  • by QQBoss (2527196) on Monday June 25, 2012 @06:55AM (#40437143)

    If the US passes a bill requiring ISP's to retain the data it would mean that their data (US Congress) would also be retained and possibly be subject to FOIA requests. I doubt that many in Washington DC want their data held for any longer than it takes to complete the http request.

    Congress commonly exempts itself from complying with laws, since prosecutable offenses are for the little people usually.

    In 1994/5, the Republican-led (under Newt Gingrich) Congress changed that somewhat by passing the Congressional Accountability Act [compliance.gov], but once the Republicans were out of power the Democrats resumed business as usual.

    To be fair, though, the Republicans probably would have done the same, if only a little slower, and no one made any moves to every fix up the insider trading [cbsnews.com] issues back then, either. And Congress has always been exempt from FOIA requests [foxnews.com] and other petty laws that as an employer I could have been heavily fined for if I ignored.

  • Someone always want to be able to ask if a particular person has read "Steal This Book", or "How to Build an Atom Bomb". Librarians get that kind of demand all the time, and have successfully fought it at the personal and also at the technical level.

    I once worked on library software, and it was a prerequisite in the business that, as soon as a book was returned or the non-return fine was paid, the record that "user X borrowed book Y" was deleted, and a counter of completed transaction was incremented. The latter was necessary for funding and statistical purposes.

    This was a norm because the library community actively went out and found a number of states, Germany among them, that protected library patrons from snooping without a warrant. They then made that know to their software suppliers. As the software had to be legal in all the countries where it was to be sold, it was written to meet the highest legal standards, which included the highest privacy standards.

    If a legitimate investigation needed to track a library patron's reading, and the investigator could convince a judge, then the library could put a watch on a patron in exchange for a warrant. The watch could not start in the past, of course, but a daily sql query could find out the books a patron currently had out.

    There is at least one DHCP program around, written by an ex-librarian, that behaves just this way...

    --dave

  • by wvmarle (1070040) on Monday June 25, 2012 @10:01AM (#40438879)

    Well, of course. The shorter the better, privacy-wise.

    That said: can anyone tell me the arguments for keeping logs that much longer (other than legal requirements)?

    Many ISPs as the summary mentions keep logs for up to three years; there must be a reason for them to do this - as I understand from other commenters there is no legal requirement in the US to keep them this long. Logs can be quite bulky, there is an immense amount of data to log for a largish ISP, so keeping those logs costs money, and quite a bit of it. So, why do they do this? Is there any technical/managemental need or use for that? Another reason?

Support bacteria -- it's the only culture some people have!

Working...