Swedish ISP Deletes Customer ID Info 177
NewYorkCountryLawyer writes "A Swedish internet service provider, Bahnhof, has begun deleting customer identification information in order to prevent it from being used as evidence against its customers under Sweden's new legislation against copyright infringement via peer-to-peer file sharing. According to this report on 'The Local,' it is entirely legal for it to do so. The company's CEO, Jon Karlung, is identified as 'a vociferous opponent of the measures that came into force on April 1st,' and is quoted saying that he is determined to protect the company's clients, and that 'It's about the freedom to choose, and the law makes it possible to retain details. We're not acting in breach of IPRED; we're following the law and choosing to destroy the details.'"
Re:Wow (Score:5, Informative)
Those were the guys with the James Bond villain data center. Just from watching the video, you get the impression they are a good group of nerds.
Another law (Score:5, Informative)
They are actually claiming to follow another law from 2003 called the Swedish Electronic Communications law. It states that traffic information should be deleted or anonymized when it is no longer needed to transmit the electronic message.
Re:This guy is a hero (Score:2, Informative)
Re:Destruction of evidence... (Score:3, Informative)
I suppose I don't know how it is in Sweden, but I beileve in America for there to be 'destruction of evidence', the destruction has to occur in the context of an actual investigation.
In fact, this is why companies have "data retention" policies (which typically have more to do with which data to destroy than which to retain) -- when an investigation does come up, if you already don't have the information and it was destroyed in accordance with standing company policy, then there is normally no recourse against you.
That's what I'd say this ISP is doing -- adjusting its data retention policies. Sure, it's explicitely doing it in anticipation that the information might otherwise be evidence -- that's what data retention policies are about. This is maybe more specific since they're concerned about one law in particular, and you can agree or disagree with their moral position, but it's not destruction of evidence.
When a legal jurisdiction decides certain information needs to be around for potential investigations, they enact laws that require records of that particular information to be kept for some period of time. Will such a law follow WRT Swedish ISP customer recorsd? We'll see...
I talked to one of them (Score:3, Informative)
They use dynamic IP-addresses and do not refresh them unless there's good reason.
You can choose to renew your IP address any time you choose though.
It's a really neat system and I really hope the data storage directive fails and that I can switch to them.
Cause they are awesome.
Statement by Bahnhof (Score:5, Informative)
Re:This guy is a hero (Score:5, Informative)
Stefan Johansson, deputy director at the Swedish justice ministry, confirmed that Bahnhof was not breaking the law by choosing to destroy IP address details.
"The IPRED regulations do not entail any obligation of this kind. They are only concerned with the retrieval of existing information," he said.
Re:This guy is a hero (Score:5, Informative)
You don't need DHCP server logs for billing purposes.
You do need them for hunting file sharers.
Re:This guy is a hero (Score:5, Informative)
Heck, if you sell uncapped, un-metered always-on connectivity, you don't need any logs at all. You need to set up a user name and password, or authorize a MAC address, or energize a particular port on a switch, or something. But it doesn't _matter_ if it ever gets used... the bills are because "you signed up and the month has ended." So you don't need to log it; you just need a way of turning it on when someone starts paying, and off when they stop.
Summary Got it Wrong (Score:5, Informative)
Re:Wow (Score:3, Informative)
Joe Nacchio refused to cooperate with the NSA. On the other hand, my mom had Qwest stock.