| |
to Anonymous225
Re: Why is Tek still keeping logs???A lot of people continuously download Linux distress, daily. |
|
1 recommendation |
I had a really useful chat with Tom (Copeland, the Chair of the Canadian Association of Internet Providers).
I asked him if I could quote him, and after further legal checks, he was happy for me to quote him confirming the following:
"I have confirmed that the recent copyright legislation
(or any other legislation/regulation) does not require ISPs to maintain logs for any specific period. It's a business decision on the part of the
provider based on their needs/abilities."
The Office of the Canadian Privacy Commissionier has also confirmed they have no legislation in that area.
No response from the CRTC yet.
No response from Trade and Industry yet.
Cheers,
Dave |
|
 your moderator at work
 hidden :
|
| UK_Dave |
Re: Why is Tek still keeping logs???In light of the recent Voltage issues, and given the clarification we now have on Legal Mandatory Minimums, or rather the lack of them, I'm wondering if ISP Log retention times might well become a point on which different ISP's might compete?
Similarly, might it become possible to send a message to these copyright speculators by reducing log retention times to such a small window that it becomes impossible for them to expect ISP's to deliver the information?
I understand that there are many other reasons why ISP's might keep longer records, one of which is mitigating charges of aiding and abetting, but right now I feel we are at a tipping point and such a change sends a strong message.
If, before the date a warrant is granted, an ISP reduced log times to 14 days, would they be found in contempt? (I'm using terms here in a loose way, I know - but you get the drift). Does the initial letter from Voltage force an ISP to cease all regular purging of the logs?
Any thoughts appreciated.
Cheers
Dave |
|
mlord
join:2006-11-05
Kanata, ON |
mlord
Member
2012-Dec-13 9:54 am
There's no way an ISP can safely "dump" relevant logs while legal proceedings are underway to acquire said logs. But all of the the non-relevant logs could be dumped.
Other than that, it appears that an ISP could make a statement up front about changes to log retention, and then gradually phase in the changes without trouble. |
|
| |
Need2Know to UK_Dave
Anon
2012-Dec-13 10:09 am
to UK_Dave
said by UK_Dave:I had a really useful chat with Tom (Copeland, the Chair of the Canadian Association of Internet Providers).
I asked him if I could quote him, and after further legal checks, he was happy for me to quote him confirming the following:
"I have confirmed that the recent copyright legislation
(or any other legislation/regulation) does not require ISPs to maintain logs for any specific period. It's a business decision on the part of the
provider based on their needs/abilities."
The Office of the Canadian Privacy Commissionier has also confirmed they have no legislation in that area.
No response from the CRTC yet.
No response from Trade and Industry yet.
Cheers,
Dave
Hey Dave, I do believe the guy from CAIP is also the owner of eagle.ca (an ISP). Maybe you can ask him this question for all of us here: Since Eagle (as well as Teksavvy via CNOC) is part of the "secret working group" that is "Secretly Supporting Internet Surveillance Legislation, how does the "no requirement to log" fit in with this secret agenda they are part of? If he doesn't know anything about this, just point him here which clearly shows him part of the secret group (as well as CNOC members): How Canada's Telecom Companies Have Secretly Supported Internet Surveillance Legislation» www.michaelgeist.ca/cont ··· 505/135/What were the logging requirements stipulated in their secret meetings in support of spying on people? That is, if he can share this secret. Or maybe TSI can share it with us? Let us know what he says, Dave. Another question I have, but this one is for teksavvy: Since we know CNOC & teksavvy (by association) are part of the secret group that is secretly supporting Net Spying, is this the reason why you were thinking of bumping the log retention to 6 months or longer? TSI_Marc stated he is thinking of not doing this anymore (increasing log retention times). Will TSI (via CNOC) bring this up in other secret meetings they will have in support of Net Spying? |
|
| |
to mlord
Lets do this, the log thing  (clap) go! |
|
1 edit |
to Need2Know
HI there Need2Know.
I know nothing of that to which you refer.
I also don't feel it is relevant to the conversation I had with Tom.
For what it's worth, Tom was extremely forthright, very approachable, and knowledgeable on the subject. The only reason for the delay in my posting his comments, was that I asked for permission to quote him directly, and he asked if I could give him just a little time to be absolutely sure that his opinion was 100% accurate.
I asked him about the legislation, as it stands now. He answered me.
What he as a business owner does/wants, and what Marc as a business owner does/wants - is a different issue. |
|
| |
Need2Know
Anon
2012-Dec-13 10:54 am
Dave,
What I'm getting at is that some people are speaking from one side of their mouth yet saying something else from the other side of their mouth.
It's all gravy.
There will be no such thing as "no logging" or reduced logging. Only increased logging. Mr. Copeland is very well aware of this since he is part of the secret working group in favour of capturing what IP you have and what you say on facebook (as well as CNOC).
There is no minimum requirement, as we already know, except for revenue purposes (tax records) and these records, logs and transactions are retained already for a minimum of 7 years by law. So those ISP's who have IP info on accounting records with your name basically keep those records for a decade already. Like maybe someone paying for a static IP or VOIP, or IP with B/W usage, as an example.
The "no logging" thing is a pipe dream. A kids fantasy. |
|
| |
to globus9991
Here is an interesting idea...
What about the concept of logging "For internal/business use only"
Meaning an ISP can keep logs all they want to reduce problems on their network (Hackers, DDOS, assholes, etc), but essentially "screw you" to anyone external who wants them. It IS a corporate decision after all right? That means there's zero legal obligation to provide those logs to anyone outside of the company.
"Sorry we keep limited logs for internal usage and troubleshooting, but they are not available outside of the company due to privacy/security reasons"
I don't know how that flies in regards to a law enforcement request, but I DO know that if you run a NATed address and are unable to provide customer info because it's a 1 in 300 chance of who it is, there is nothing they can do and the issue is closed. So the obligation to "try" is there, but the obligation to actually "DO" is not. |
|
| |
to Need2Know
Hi N2K,
I see what you are saying, given the Geist piece from May.
However, it would only be relevant to the discussion I had with Tom if I was discussing the topic of "What do you want the law to be?".
The topic was "What is the law now?".
I for one, did not know that the Minimum Legal Retention didn't exist - that's why I called a few places to try and learn something.
We all have our opinions on what the law/best practice should be, or could be.
This was an exercise in finding out what it is. |
|
| UK_Dave |
to voxframe
Voxframe:
I'm no legal expert as you've probably gathered already.
However, my view on your comments is that such a Chinese Wall seperating "internal" records, from "warrantable" records, isn't workable.
The whole point of going to a court to get the users names (putting aside the issue of IP does not equal a person), is to gain access to the "internal" records.
The only way I can see a defence against this whole approach right now, is to not have the records in the first place, and to have a policy saying that in advance.
I wanted to find out if such a policy would be *legal*.
How *practical* it is to run an ISP on such a basis, I have no idea. I'm not smart enough or ballsy enough to run one.
Cheers,
Dave |
|
| |
to voxframe
said by voxframe:Meaning an ISP can keep logs all they want to reduce problems on their network (Hackers, DDOS, assholes, etc), but essentially "screw you" to anyone external who wants them. It IS a corporate decision after all right? That means there's zero legal obligation to provide those logs to anyone outside of the company.
The second the courts are involved, I don't think that's true anymore. Same concept as internal emails - deleting them once you're notified is potentially destroying evidence, which could get the ISP in serious legal hot water. |
|
| |
to globus9991
Yeah that's a tough one too. You can't destroy them, but there must be some way to "selectively" decide who gets them and who doesn't.
Granted that's perhaps not the "moral" thing to do either.
Just wish there was a way to have your cake and eat it too. |
|
|
| |
bt
Member
2012-Dec-13 11:37 am
said by voxframe:there must be some way to "selectively" decide who gets them and who doesn't.
Yeah - requiring a court order. After that point, no internal policy will let you pick and choose who gets them. |
|
2 edits
1 recommendation |
to voxframe
I think that is the heart of what this is about for me.
We would hope, that the distinction between "fair access" and "unfair access", would be the remit of the legal system.
However the encroachment of entertainment industry corporatism into, for example, the US legal system - has moved that line.
First it's "for the cheeeeeldren", then it's "to fight terrorism", and before you know it, the courts and law enforcment are busting down doors, stealing 14 year old girls laptops, utilising a foreign country's Secret Security Services for domestic civil cases, sentencing people to multi million dollar settlements, and acting like Walt Disney's private security force.
I don't want that to happen here, in our Canada. |
|
| |
to TSI Gabe
said by TSI Gabe:We need logs for many other reasons.
Spammers, abuse, troubleshooting. Usage.
We also get court ordered abuse/hacking cases unrelated to copyright.
one doesnt need an to keep ip addresses 90days to make a nice pie chart or chart on usage.... if you get court order on a person then log them spammers and abuse again if you get a complaint then log said ip/abuse. No need of 90days or more for everyone. webalizer in fact can use said data make a chart and after the chart is made it/you can dispense with any logged ips. in fact by default all https traffic on apache web servers is not logged HOWEVER if one wants logging you can turn it on and get a feel of usage for a time, a script can be written at the end of a month to clean out logs , and i bet 1 3rd of the logs would be a heck of a lot easier on whatever systems you are using. im pretty sure most people would agree with most of what i say. |
|
| funny0 |
to The Mongoose
said by The Mongoose:Gabe has made it very clear that he believes the logs are necessary for a number of reasons. There's not going to be a change to this policy. TSI logs. That's their business decision and my guess is it's the right one. We have to react accordingly as individual customers.
We might get lucky and see TSI reduce the logging window, but given that they were planning to go to 180 days instead of 90 before this all started, I wouldn't count on it.
6 months ? no reason for that period unless your under legal threats constantly ergo majority of your userbase is up to no good and im not talking about filesharing.... |
|
| funny0 |
to The Mongoose
said by The Mongoose:said by TilhasBB:The logs are outsourced and managed by the other company.
They OWN the logs. Doesn't the rules then apply to the country of the company?
If a court order compels you to release information that you have access to and you refuse, you're going to jail. It doesn't matter where the information is, or who you're paying to collect it. Guspaz is right. No court is going to accept the flimsy claim that you can't access your own logs. and if you have 2 weeks of logs its not very useful to them to ask for is it and because lawful access was defeated too bad so sad 464000 people inside 4 days signed up and had the conservatives not dropped that it may a well been in the millions by time they realized it. YOU CANT FIGHT the people when they rise up... that law would also have given the minister the right to give those agencies that illegally collect private data the right to do so and then use it in a court. As they are not private investigators i'd argue in court that no justification for this hurt lockers data should be admissible in court. ITS private data ....and i'll add how does an ip address prove commercial use of a file/movie? it doesn't so there case is lost before it began.... |
|
| funny0 |
to HiVolt
said by HiVolt:Is there a defined legal requirement?
» www.justice.gc.ca/eng/co ··· faq.htmllawful access we all fought would have put mandatory logging in place. NOW you see some reasons why it was fought so hard.... |
|
| funny0 |
to mlord
said by mlord:There's no way an ISP can safely "dump" relevant logs while legal proceedings are underway to acquire said logs. But all of the the non-relevant logs could be dumped.
Other than that, it appears that an ISP could make a statement up front about changes to log retention, and then gradually phase in the changes without trouble.
don't be so sure, if the law says i dont have to wait for a red light to cross the street ( true in canada ) and you want proof at court i did it makes it no less legal that i did or didnt cross the street. as has been stated there is no law requireing marc to keep them.... if he says oh when you asked i decided to toss them in garbage what can court do? NO really there is no law requiring logs ....at worst he gets a contempt of court pays a fine and i bet all hte tsi users will donate to pay it off... hows that and i got a 100$ bill for it right here ( waves hand ) |
|
| funny0 |
to voxframe
said by voxframe:Here is an interesting idea...
What about the concept of logging "For internal/business use only"
Meaning an ISP can keep logs all they want to reduce problems on their network (Hackers, DDOS, assholes, etc), but essentially "screw you" to anyone external who wants them. It IS a corporate decision after all right? That means there's zero legal obligation to provide those logs to anyone outside of the company.
"Sorry we keep limited logs for internal usage and troubleshooting, but they are not available outside of the company due to privacy/security reasons"
I don't know how that flies in regards to a law enforcement request, but I DO know that if you run a NATed address and are unable to provide customer info because it's a 1 in 300 chance of who it is, there is nothing they can do and the issue is closed. So the obligation to "try" is there, but the obligation to actually "DO" is not.
voltage isnt law enforcement , and like a user said i'd be telling marc to see what verizon is doing and investigating voltage and its business and practices....perhaps some press on the kinds a things they do in courts to game the system , bring up other stories and posts and get real um er nasty about it.... |
|
|
your moderator at work
hidden :
|
| |
to globus9991
Re: Why is Tek still keeping logs???Here's a better question.
Marc, Gabe... What realistically do you guys see needing as far as logs go for keeping troublemakers off your network?
For me I only see the need of keeping a max of 5 days of logs at the most, if there's a problem user on my network, I know about it quickly as something gets blacklisted, alarms go off, or the phone is ringing.
The only time I've seen a need for an older log is from law enforcement
(Who incidentally is F***ING SLOW in my personal opinion), and if their shit takes that long, that's their problem.
(I'm talking looking for stuff 4+ months old... Where were ya when this shit was happening???)
What is the problem with cutting your logs down to a max of 5 days? It would pretty much eliminate giving out client info for copyright trolls as their legal process alone would tie them up long enough for the logs to be destroyed, and I would think that would give easily enough time to deal with network jerks. Law enforcement kinda gets shafted, but ya know, that's their problem really. Chasing ancient logs isn't going to be a major help to them. |
|
| |
to Anonymous225
said by Anonymous225 :My personal suggestion here would be to pay for the content, or do without. I remember coming here years ago and seeing someone suggest that the people who used torrents and were complaining about throttling on Bell's end were torrenting for reasons that were less than legal. It was vehemently denied. It seems that individual has been vindicated by what I see here.
Though I agree for the first half, if you don't like it don't pay (do without). There are other considerations. If everytime there are internet legal issues, the extreme case of child pornography rears it's head, I think that for argument's sake we must also bring up privacy. Simply put, it is a business model to use person's activity on the net, to police it and to extort money. Some adult film reps went so far as to threaten to publish names on the net, of people alleged to have shared their copyrighted media, unless they payed up. They can only do this, because names were handed down, without any consideration for their proper use, if not legally, becasue of a court order. In essence, they were given a green light to blackmail. And I don't know of a civilized society that can say it upholds copyright but condones blackmail with a good conscience. And personally, I would want no part of it. That's the first thing off the top of my head and given a day that my brain is not working on 15 other tasks, I'm sure I could come up with others. |
|
| |
to UK_Dave
said by UK_Dave:In light of the recent Voltage issues, and given the clarification we now have on Legal Mandatory Minimums, or rather the lack of them, I'm wondering if ISP Log retention times might well become a point on which different ISP's might compete?
Dave
They already do...In Europe. Unfortunately, like many things, they are light years ahead of us. Several ISPs across the bond adamently advertise they keep NO logs and are still able to deal with spammers etc just fine. If they are approached by the Police or government officials requesting information in relation to a crime, well...They don't have any so while they might love to hand it over, they can't. And they are perfectly within their right to do so, as TSI would be in Canada, but I don't think they realize this yet... Sure things would have to change (dealing with spammers and billing issues apparently) but it would be possible for TSI to implement, and beneficial to them as a business (imho). Privacy should trump spam related issues, copyright notices, and all other things logs are currently being kept to deal with. |
|
1 edit |
The EU directives (not yet passed in each country) call for retaining this type of information for not less than 6 months and not more than 2 years. In addition it lists some requirements to log the traffic/activity of the user which goes far beyond just logging the information to match users with ip addresses assigned to them for a given time period that is being talked about in this thread. Though content of the communications is still off limits (No data revealing the content of the communication may be retained pursuant to this Directive.) |
|
2 edits |
to Samgee
He's referring to legal implications if they decided not to log. All the investigations would stop at them, and the pressure that could be placed on them because they are in a way obstructing an investigation aren't worth the benefits.
----------------------------------
EDIT: None of the below came from my discussion with the CAIP
If there is no law whatsoever mandating minimum record keeping, what would the implications be for an ISP that had a published zero-day record keeping policy, when for example facing a warrant for customer information.
The answer is that they would respond to the court with their stated Retention Policy, legal by all Provincial and Federal law, and that, would be that. I have had this confirmed, today.
That would be that, in a legal sense.
It was also pointed out, informally, that when that request is a 4 hour Orange Alert, and it will be allowed to slip into the news which ISP could not cooperate. That's a lot of people with pitchforks in the letters columns. And of course, something, would have to be done.
Something, would probably be a group to discuss the way to prevent "it" ever happening again. And the way, would be to propose a mandatory legal minimum data retention policy.
Anyhow, I am led to believe that there is no legal sanction that could be applied to an ISP following a stated policy under current legislation. I'm not saying this is possible, or that it's desired.
It's the way the law stands right now. |
|
 sm5w2
Premium Member
join:2004-10-13
St Thomas, ON |
to globus9991
I've asked this question (legal requirements to log IP assignments) before here on dslr (and on usenet - can.internet.highspeed) and have never gotten any coherent answer.
But I'll tell you why TS and Bell and any other ISP does it. It's a very simple concept.
The telco / ISP industry wants as few laws / rules / regs as possible.
Law enforcement and the courts want to know IP assignments from time to time. So you keep logs and you give them the info they want. They are happy.
If you did not keep logs, they would be unhappy - AND THEY WOULD SIMPLY ENACT LAWS TO COMPEL YOU TO KEEP LOGS. Maybe throw in other rules or requirements while they're at it. Then the telco's / ISP's would be unhappy.
It's just that simple.
Now answer me this:
There is no technical or billing reason why a telco would need to keep logs of any local (non-billable) calls you make with your land-line. But - are there any laws on the books that require such logging?
If the answer is no, then the same logic and rational should apply to logging IP assignments. |
|
| |
to globus9991
Hell I'd keep logs to see who's messing with my wireless... imagine if I had a ISP. |
|
(clap) go!
