dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer

Search Topic:
uniqs
8985
share rss forum feed

Samgee

join:2010-08-02
canada
kudos:2
reply to Funky_

Re: Why is Tek still keeping logs???

said by Funky_:

I guess I'm wrong. If the only evidence the police have is the users IP well... they are out of luck. But if they they actually have the users name and address they could as you to enable the logging to gather further evidence...

I guess I think that someone should have a court order on them first before the logging happens. But hey... it's just my opinion.

Thanks for responding.

There may be something missing here. Teksavvy has not said they log online activity (what websites you visit, how much data is transferred). What they do have is the ability to link an IP address to a user account. Those are very very different things.

globus9991

join:2004-11-14
Argelia
reply to TSI Gabe
said by TSI Gabe:

Speaking of which, we do also get child pornography court requests. I won't go into details obviously but every single one of them have been a few months in the past.

But yes Mongoose is correct on that point.

Right!
And all of these people get prosecuted and found guilty right?
My point is that if there is a would-be offender, they will continue to do so and hence they are susceptible to logging going forward. There is no need for retroactive logs.

Samgee

join:2010-08-02
canada
kudos:2
said by globus9991:

said by TSI Gabe:

Speaking of which, we do also get child pornography court requests. I won't go into details obviously but every single one of them have been a few months in the past.

But yes Mongoose is correct on that point.

Right!
And all of these people get prosecuted and found guilty right?
My point is that if there is a would-be offender, they will continue to do so and hence they are susceptible to logging going forward. There is no need for retroactive logs.

Again, how do they know who the person is if IP logs don't exist to begin with?

Clarify what you think they should or should not be keeping track of please.


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
reply to Samgee
And yes, I should probably clarify that. WE DON"T LOG what activity/web sites/whatever you browse.

Only that you were online using x IP at a certain time and downloaded X MB

BrianON

join:2011-09-30
Ottawa, ON
Reviews:
·TekSavvy Cable
reply to The Mongoose
Logging of IP address to subscriber/device information results in pretty small logs, often a kilobyte or less per subscriber/device over 90 days.

The basic information is useful for at least in the short term (14 days or less) in responding to or acting upon abuse complaints sent to the ISPs abuse email address which is listed against all the IP address blocks it owns. (example of registration information for one of Teksavvy's IP Addr blocks: »whois.domaintools.com/24.212.186 ··· 12.186.0). To ignore such messages risks getting address blocks or addresses added to various block lists.

Live monitoring of customer's activity seems worse to me than letting the traffic pass as is and responding to complaints.


TSI Gabe
Router of Packets
Premium,VIP
join:2007-01-03
Gatineau, QC
kudos:7
said by BrianON:

Logging of IP address to subscriber/device information results in pretty small logs, often a kilobyte or less per subscriber/device over 90 days.

The basic information is useful for at least in the short term (14 days or less) in responding to or acting upon abuse complaints sent to the ISPs abuse email address which is listed against all the IP address blocks it owns. (example of registration information for one of Teksavvy's IP Addr blocks: »whois.domaintools.com/24.212.186 ··· 12.186.0). To ignore such messages risks getting address blocks or addresses added to various block lists.

Live monitoring of customer's activity seems worse to me than letting the traffic pass as is and responding to complaints.

Exactly!
--
TSI Gabe - TekSavvy Solutions Inc.
Authorized TSI employee ( »TekSavvy FAQ »Official support in the forum )


TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:28
reply to TSI Gabe
Gabe, please get back to work

Gang, The retention of logs is for sure an issue central to all of this. 90 days, as it is now, is certainly not a long time.. for this motion that has been brought on us, it is what it is, it's too late. If you look around at what ISPs are doing... I'd assume we would be on the low range at 90 days.

Prior to this, we were planning on extending the retention to 6 months. Obviously that wont happen now or at least not without further contemplating these events.

Going forward, this is all new territory though, we need to understand exactly what's expected of us. To my mind the obvious factor is safety concerns.. past that, if we can find new ways to deal with stuff, I'm happy to do that.

Right this minute, I dont know what our ability is to make such changes. So, we need to let this play out some more.
--
Marc - CEO/TekSavvy
Expand your moderator at work

The Mongoose

join:2010-01-05
Toronto, ON
reply to Funky_

Re: Why is Tek still keeping logs???

said by Funky_:

I guess I'm wrong. If the only evidence the police have is the users IP well... they are out of luck. But if they they actually have the users name and address they could as you to enable the logging to gather further evidence...

I guess I think that someone should have a court order on them first before the logging happens. But hey... it's just my opinion.

Thanks for responding.

When it comes to copyright, I don't think the police ever get involved. A copyright troll logs an IP as being engaged in downloading copyrighted material. Said troll gets a court order for the ISP to reveal the name and address of the person who was using that IP at that time. The troll then attempts to extort money from the person who had the IP (who is probably the person downloading the content, though not definitely).

The copyright troll can only get the name and address from the ISP. Unfortunately the new laws make it easier for them to obtain that information. Clearly if the ISP kept no logs the trolls would be completely out of luck...but such a policy would have other, highly negative effects, as Gabe has pointed out. There's not perfect answer, unfortunately.

The Mongoose

join:2010-01-05
Toronto, ON
reply to BrianON
said by BrianON:

Logging of IP address to subscriber/device information results in pretty small logs, often a kilobyte or less per subscriber/device over 90 days.

The basic information is useful for at least in the short term (14 days or less) in responding to or acting upon abuse complaints sent to the ISPs abuse email address which is listed against all the IP address blocks it owns. (example of registration information for one of Teksavvy's IP Addr blocks: »whois.domaintools.com/24.212.186 ··· 12.186.0). To ignore such messages risks getting address blocks or addresses added to various block lists.

Live monitoring of customer's activity seems worse to me than letting the traffic pass as is and responding to complaints.

Damn right.
Expand your moderator at work

Funky_

join:2004-06-05
Canada
reply to The Mongoose

Re: Why is Tek still keeping logs???

said by The Mongoose:

said by Funky_:

I guess I'm wrong. If the only evidence the police have is the users IP well... they are out of luck. But if they they actually have the users name and address they could as you to enable the logging to gather further evidence...

I guess I think that someone should have a court order on them first before the logging happens. But hey... it's just my opinion.

Thanks for responding.

When it comes to copyright, I don't think the police ever get involved. A copyright troll logs an IP as being engaged in downloading copyrighted material. Said troll gets a court order for the ISP to reveal the name and address of the person who was using that IP at that time. The troll then attempts to extort money from the person who had the IP (who is probably the person downloading the content, though not definitely).

The copyright troll can only get the name and address from the ISP. Unfortunately the new laws make it easier for them to obtain that information. Clearly if the ISP kept no logs the trolls would be completely out of luck...but such a policy would have other, highly negative effects, as Gabe has pointed out. There's not perfect answer, unfortunately.

I understand. I was talking about child porn in this case I think. Honestly I couldn't care less about the trolls.

The Mongoose

join:2010-01-05
Toronto, ON
said by Funky_:

I understand. I was talking about child porn in this case I think. Honestly I couldn't care less about the trolls.

Fair enough. And I tend to agree. Screw the copyright trolls, but I also don't want my ISP getting put on blacklists all over the internet for massive illegal activity on their network.

Funky_

join:2004-06-05
Canada
said by The Mongoose:

said by Funky_:

I understand. I was talking about child porn in this case I think. Honestly I couldn't care less about the trolls.

Fair enough. And I tend to agree. Screw the copyright trolls, but I also don't want my ISP getting put on blacklists all over the internet for massive illegal activity on their network.

What kind of illegal activity are we talking about? Spam? What else?

The Mongoose

join:2010-01-05
Toronto, ON
said by Funky_:

said by The Mongoose:

said by Funky_:

I understand. I was talking about child porn in this case I think. Honestly I couldn't care less about the trolls.

Fair enough. And I tend to agree. Screw the copyright trolls, but I also don't want my ISP getting put on blacklists all over the internet for massive illegal activity on their network.

What kind of illegal activity are we talking about? Spam? What else?

Good question. I would think spam is one of them, but I'm not an expert on this. Gabe would know but it sounds like Marc is standing behind him with a whip right now. "What are you, my network engineer or my publicist?! Optimize that subnet! OPTIMIZE IT!"

Samgee

join:2010-08-02
canada
kudos:2
reply to Funky_
said by Funky_:

What kind of illegal activity are we talking about? Spam? What else?

Credit card/financial fraud, death/bomb threats, unauthorized access attempts. There are lots of illegal things you can do online.

Funky_

join:2004-06-05
Canada
said by Samgee:

said by Funky_:

What kind of illegal activity are we talking about? Spam? What else?

Credit card/financial fraud, death/bomb threats, unauthorized access attempts. There are lots of illegal things you can do online.

I've been thinking about it. I don't believe it is possible for TekSavvy to completely dissasociate a users IP with their account information without losing the ability to handle illegal activity and prevent the degradation of the network due to blacklisting. etc.

I was thinking about encrypting the logs and only giving the key to decrypt them to the users themselves and then passing the torch to the user when getting a court order... but that wouldn't work either.

It's a tough situation...

voxframe

join:2010-08-02

1 recommendation

reply to globus9991
Gabe and Marc thanks very much for all the input on this.

See that's the thing too as you said Gabe, if you guys allowed it to be a freeforall, things would get really bad really fast. You probably risk being nullrouted, having your AS or IP blocks pulled, etc.

It's a hell of a fine line to walk. I wish there was a way to selectively walk it as well. I'd love to log in the name of keeping assholes (people causing problems for others in the world) off my network... But I wish there was a way to do it where I wouldn't have to cater to anyone corporate with it (Copyright pricks).

Even in the name of child porn, I'm not a fan of logging, but I'd do it and comply with it. I'm disgusted by the amount of other trolling entities that hide their reasoning behind the CP boogeyman as well. How the hell am I supposed to know or judge if it's a legit request?

That said, I've had to deal with court orders for child porn users on our network. The same as Gabe, I can't give further info. But it's one of the few times I would ever cooperate and give up a user's info. Also MUCH to the shagrin of the people I was dealing with, it took nearly a week for them to get through the gauntlets of questioning and checking up on them from my end. It's amazing how much they figure a document stamped with important looking seals will scare you into giving up info in seconds. Simply put, you want my user's info, you better have your ducks in line.

*Sigh* I wish there was a way to cut this with a black and white, clearcut line. But truth be told there isn't. As operators, we need to protect our network to an extent. If we become a cesspool, we risk loosing our connectivity etc. At the same point, we're supposed to be a carrier and nothing more. If the police, or some copyright jerk wants to get their hands on our clients, they should be doing it in other ways. We don't hold the department of transit responsible for drunk drivers, we don't hold them responsible for accidents or street racing. We just build and maintain the roads. You want protection and law enforcement on those roads? Put your own squad cars on it and deal with it yourselves.


PSurge

@teksavvy.com
reply to The Mongoose
said by The Mongoose:

If you want total anonymity, get a VPN. Don't expect an ISP to change everything they do in order to help hide your illegal activities.

+1!

Samgee

join:2010-08-02
canada
kudos:2
said by PSurge :

said by The Mongoose:

If you want total anonymity, get a VPN. Don't expect an ISP to change everything they do in order to help hide your illegal activities.

+1!

A VPN will be keeping IP connection logs where required as well. They may say they don't keep traffic logs, but they know who (your connecting IP) is on their systems and when for the same reason ISP's do.

If you want to hide your illegal activity, don't do it online.


Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
kudos:23
reply to TSI Marc
said by TSI Marc:

Gabe, please get back to work

Gang, The retention of logs is for sure an issue central to all of this. 90 days, as it is now, is certainly not a long time.. for this motion that has been brought on us, it is what it is, it's too late. If you look around at what ISPs are doing... I'd assume we would be on the low range at 90 days.

Prior to this, we were planning on extending the retention to 6 months. Obviously that wont happen now or at least not without further contemplating these events.

Going forward, this is all new territory though, we need to understand exactly what's expected of us. To my mind the obvious factor is safety concerns.. past that, if we can find new ways to deal with stuff, I'm happy to do that.

Right this minute, I dont know what our ability is to make such changes. So, we need to let this play out some more.

I think most customers would be happy with TekSavvy trying to balance retention needs and requirements with customer privacy. Most people realize that having no logs at all isn't realistic, and that by the same token eternal logging isn't practical or necessary. What most customers want is just for TekSavvy to try to find the minimum span of time that is required to meet all the legitimate needs for such information. I don't want to say what that is or should be, because I don't know. I suspect that at this moment, you don't know either. I could say that Sonic's policy of 14 days is a good target, but I don't know if that's actually practical. Sonic doesn't operate in the same environment (or even the same country) as TekSavvy.
--
Developer: Tomato/MLPPP, Linux/MLPPP, etc »fixppp.org

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to The Mongoose
said by The Mongoose:

And therein lies the second-tier legal problem. Let's say there's no obligation to keep logs, so an ISP doesn't keep any. As a result a massive child pornography operation takes hold on their network. The RCMP busts it, and then mentions that had the ISP done even the least bit of due diligence this would never have happened, or at least would have made it far easier to stop.

Their reputation is destroyed by the press, and the RCMP decides to charge them with criminal negligence just for fun. So even though there was no requirement to keep logs, the law comes down on you anyways.

And this is just a simple scenario I came up with in 2 minutes. I bet Gabe can think of way, way worse.

It always comes back to the same canard, doesn't it? Think of the children.
We have Godwin's for nazi's -- what's the name of rule for "the children"?

Sonic in the US has it about right - 2 weeks of logs with details, after which they only keep what they need for network demand analysis & design.

Remember that the minute they regulate log retention, they have effectively made internet service into a regulated utility like telco, and that would make Dear Leader Most Benevolent & Divine George Cope crap his pants because he wouldn't be able to play bullshit games @ the CRTC any more vis-a-vis indies.

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to TSI Gabe
said by TSI Gabe:

And yes, I should probably clarify that. WE DON"T LOG what activity/web sites/whatever you browse.

Only that you were online using x IP at a certain time and downloaded X MB

Gabe,

Is that strictly d/l or does it include u/l?


rodjames
Premium
join:2010-06-19
Gloucester, ON
reply to globus9991
I'm pretty sure they're legally bound at this point to keep some kind of log or record. I know in the federal government they are bound to keep everything, including email, for a period of 3 years.


TwiztedZero
Nine Zero Burp Nine Six
Premium
join:2011-03-31
Toronto, ON
kudos:5
reply to MaynardKrebs
said by MaynardKrebs:

Remember that the minute they regulate log retention, they have effectively made internet service into a regulated utility like telco, and that would make Dear Leader Most Benevolent & Divine George Cope crap his pants because he wouldn't be able to play bullshit games @ the CRTC any more vis-a-vis indies.

+1
--
IF TREE = FALL AND PEOPLE = ZERO THEN SOUND = 0
Nine.Zero.Burp.Nine.Six
Twitter = Twizted
Chat = irc.teksavvy.ca


TilhasBB
Premium
join:2000-08-05
canada
reply to TSI Marc
Can you outsource the logging to an outside company? One in let's say China.

You can access the logs if you need for urgent matters but for legal matters they need to follow due diligence and going to an outside company in say China ... let them have fun with that one !


Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
kudos:23
said by TilhasBB:

Can you outsource the logging to an outside company? One in let's say China.

You can access the logs if you need for urgent matters but for legal matters they need to follow due diligence and going to an outside company in say China ... let them have fun with that one !

Then the court will require TekSavvy to access the logs. It doesn't matter where the logs are stored in the world, it only matters where the company with access to them is located.

This is the same reason why servers in Europe often fall under the jurisdiction of US courts. The server is outside US jurisdiction, but the courts can order the US company to access the server.
--
Developer: Tomato/MLPPP, Linux/MLPPP, etc »fixppp.org


rodjames
Premium
join:2010-06-19
Gloucester, ON
reply to TilhasBB
why? logging would be a matter of flicking a switch on the router, bgp, or whatever, and archiving once a whenever.


TilhasBB
Premium
join:2000-08-05
canada
reply to Guspaz
The logs are outsourced and managed by the other company.
They OWN the logs. Doesn't the rules then apply to the country of the company?

Ares45
Premium
join:2007-11-14
Toronto, ON
reply to TSI Marc
Hey Marc,

90 days may seem like a short duration, but it's far longer than at least one ISP.

Sonic, in the US, is keeping logs for 2 weeks.

»www.forbes.com/sites/andygreenbe ··· uld-too/