dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16273
share rss forum feed


TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:28

Discussion about log retention

Hey all,

I've been monitoring various threads and I've noticed that many are wondering why we keep log records at all. I'd like to talk about that a bit and open it up for discussion.

Currently it is our policy to keep log files for 90 days. After that they are deleted. Leading up to this, we were planning on extending that to 6 months. Now, though, we are asking ourselves, what is the right length of time to retain logs? This request for information by Voltage has us carefully considering all aspects of this question and I think it's a good discussion to have.

Under Federal Privacy law it is a requirement to minimize the retention of personal information generally to what is reasonably required to be retained for legal or business purposes. For us this means that we keep logs to be able to enforce our own policies, troubleshoot service issues and settle disputes over charges involving usage, outages, and operation of services. Aside from that, there isn't a law that requires us to keep logs.

There are other factors though why keeping logs is important, in fact there could be a significant downside to not having log files at all.

If for example they were needed to identify a situation that was urgently required for reasons of danger to health, life, public safety, etc. If, as an extreme, we were to keep no logs at all, what happens when you get a call indicating an anonymous user just made a post suggesting they were going to kill themselves, or harm people in their workplace, etc.? And how well would it play if police were urgently trying to locate a victim in a case of a child exploitation crime-in-progress, but weren't able to proceed because we made it a policy not to keep logs, largely in order to protect customers from copyright claims. And let's be clear: while there are certainly copyright trolls who are inappropriately trying to squeeze people for damages well beyond what they might actually be able to obtain in court, there are internet users who are regularly engaging in activity that is contrary to Canadian law, copyright, defamation, hate crimes, fraud... you name it. I for one do not want to adopt retention policies driven by the objective of making it impossible for police to apprehend suspects or rights holders to enforce their legitimate legal rights.

ISPs that adopt very short term log retention (or no log retention) risk becoming havens for people that intend to break the law. Once an ISP has that kind of reputation, it will likely face even more attention from law enforcement and civil litigants, and more invasive, and potentially ex parte court orders.

I think the notion of not having any logs just doesn't make sense at all.

Ok, so, lets assume we can agree on that. Lets get back to the original question. What is the right length to retain logs?

I have to say that I'm not sure. This is why I'm initiating this as a discussion. The obvious reasons are simple.. We need them for the reasons stated above. In the case of law enforcement. In many cases its a multi month process. Over the years, our retention policy has changed and we used to have logs for a very long time. Over the last ten years, we've had police requests that were for logs over a year old. But then recently we've had one that was just a few weeks old. To me this safety factor is the most critical.

After that its a matter of the proper functioning of the business. Most things are dealt with in semi real time so a couple weeks is sufficient for most things.

After that we get into disputes for services rendered. Many times, we use logs to show that the connection was used or not. So it helps to have logs to show this. After that we have usage concerns.. How much usage and in what time frame... But that's only true for accounts that are not unlimited.

It's all a question of balance. I completely agree that TekSavvy should have a clear and considered retention policy and in fact, privacy law requires it. However, it should be established based on a thorough review of all factors, not just the potential abuse by trolls and other opportunists.

At 90 days, to my knowledge, that is already a short retention policy. Like i mentioned previously, we had planned to extend it to 6 months. Some of the factors for that were related to potential disputes but also for monitoring usage trends over time but that can be achieved without keeping IP addresses.

I leave it open for discussion.
--
Marc - CEO/TekSavvy



elitefx

join:2011-02-14
London, ON
kudos:2

1 edit

Well, English common law is based upon the age old concept of what a reasonable person, under reasonable circumstances, would do in a given situation.

This forms a sound basis for any decisions that need to be made.........



NytOwl

join:2012-09-27
canada
reply to TSI Marc

Personally, I think 90 days is respectable.

I would not, however, want to see it extended beyond that.

Even better, I'd prefer to see it shortened to 60 days.

Two months of logs should be enough for most, if not all, technical issues and usage/billing disputes, and it's obviously suitable for emergency legal/life & death issues.

Plus, I would think that law enforcement has the option of getting a court order to not only obtain all logs currently available, but to also have TSI provide future logs as time goes by for a specified period.

My 2¢.



TSI Marc
Premium,VIP
join:2006-06-23
Chatham, ON
kudos:28

For law enforcement. It's generally a very specific time and IP they are looking for. Many times its longer than 90 days they are looking for.
--
Marc - CEO/TekSavvy


mikefallen

join:2010-01-27
Scarborough, ON
reply to TSI Marc

i think 90 days is acceptable but i think 60 days would i the ideal amount of time.

just my 2c

keep up the great work.....mark maybe make a poll
(i think if the crime was that big of a deal, (child exploitation etc etc) 2 months is more than enough time for the police to contact an isp for information.)



Inssomniak
The Glitch
Premium
join:2005-04-06
Cayuga, ON
kudos:2
reply to TSI Marc

I also do 90 days. And agree that its a short retention policy. I used to have them for a year or more.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca



enzymes

join:2003-11-29
Brampton, ON
Reviews:
·TekSavvy Cable
reply to TSI Marc

»torrentfreak.com/how-long-does-y···-120629/

Seems to vary but it is a short list.

However, from another article...

»www.forbes.com/sites/andygreenbe···uld-too/

suggests two weeks is enough


Rastan

join:2007-04-25
Canada
Reviews:
·TekSavvy DSL
·voip.ms
reply to TSI Marc

You've made a number of convincing arguments about why it's important to keep logs. Certainly, emergencies, a crime in progress and disputes about services rendered are important. However, I'm wondering why the police would request logs from more than 90 days ago.

You seem to be very familiar with how copyright trolls operate. Sometimes they appear to obtain the correct IP address but sometimes they don't. Their methods are questionable and the amount of money they try to extort from their targets and their harassment and intimidation techniques are unacceptable.

Would you consider shortening the time from 90 to 30 days? This way, you can still respond to emergencies and crimes in progress and you would be able to have enough information to settle disputes about services rendered.

In scenarios where someone is repeatedly reporting downtime or you are contacted by law enforcement about an account, you can keep the logs from those account holders for a longer period of time while maintaining your new 30 day policy for everyone else.



elitefx

join:2011-02-14
London, ON
kudos:2
reply to TSI Marc

Just had another thought:

This log retention time limit issue is a moot point.

It cannot be considered a "Statute of Limitations". A "Get out of jail free card" so to speak. Real life situations don't work that way.

A time limit that might seem beneficial to one party may only be a disadvantage to the next.

Who can predict what chain of events would need to happen, and in what order, for any set minimum time limit to be of an advantage or disadvantage to anybody?



hm

@videotron.ca
reply to TSI Marc

The copyright extortionists will just play to whatever tune you have playing.

If you keep logs for two weeks, instead of making a mass 2500 person file-sharing lawsuit every 3 months, they will do expedited ones (like the first hurt locker case in Canada was) on a 2 to 3 week basis. In which case, as we saw in the first hurt locker case, ISP's just don't have the time to inform people, worse case scenario, as we saw with Bell.

If you keep it as is, then the story continues as is.

So in terms of copyright trolling, it just doesn't affect them. At all. The system can handle them if log retention is 3 months or two weeks.

The only losers are the people.



twizlar
I dont think so.
Premium
join:2003-12-24
Brantford, ON
kudos:3
reply to TSI Marc

We rotate all logs every 30 days. Over the years we have found 30 days to be a great balance for all services we offer.

30 days has generally been plenty for any emergency type information. Most police requests we have received are generally over a year old anyways and would not benefit from us having a longer retention period of 90 days or something similar.

Lets not kid ourselves and pretend that people don't use their connections to download copyrighted material. It isn't our job to police the online activities of our users, nor will we ever spend resources and time to do so.
--
Broadline Networks Inc.


ep80

join:2008-08-11
Montreal, QC
reply to TSI Marc

I understand the reasons to keep logs and they are totally legitimated in cases you specified (someone's life in danger, child protection, etc).

What I don't understand is, and this is not Teksavvy fault or whatever, but why do the copyright trolls have the same level of access to ISP logs than the police!

Ideal would be that logs would be available to the police for X months old, but copyright troll or any other entity that is not law enforcement would not have access to these logs and specially not when asking a bunch of IP identification!

At a very extend, they should be able to ask to identify 1 or 2 IP from which they identified a person who is the original content seeder and with very solid proof of it.

I think this is the kind of situation where you have to find the right balance since as of now, it wouldn't be acceptable to keep no logs at all and neither to keep them for more than few months.


hmph

join:2012-10-23
reply to TSI Marc

60 days should be more then enough for 99% of cases for troubleshooting and police.
You already have the ability to narrow down which POI the IP came from with or without logs.

Better Yet:
Wipe the logs of all the IP addresses in all troll cases, and keep your 90 day or new 6 month policy :P.
Problem solved.



Tx
bronx cheers from cheap seats
Premium
join:2008-11-19
Mississauga, ON
kudos:12
Reviews:
·TekSavvy DSL
·FreePhoneLine
·Rogers Hi-Speed
reply to twizlar

said by twizlar:

We rotate all logs every 30 days. Over the years we have found 30 days to be a great balance for all services we offer.

30 days has generally been plenty for any emergency type information. Most police requests we have received are generally over a year old anyways and would not benefit from us having a longer retention period of 90 days or something similar.

Lets not kid ourselves and pretend that people don't use their connections to download copyrighted material. It isn't our job to police the online activities of our users, nor will we ever spend resources and time to do so.

have to ask...for broadline networks i was a little surprised to see you using a crappy software such as whmcs...cause of that i'm not sure if what you offer is resold? odd choice decent site.

i do agree with this post though, 30 dys is good...anything more is an excuse. plenty of time for troubleshooting, police and so on.

i have to say marc im surprised you were even considering 6 months...thats nuts

Insilin1i

join:2010-07-15
Toronto, ON

I'm going to have to agree 30 days seems more than enough for emergencies. 6 months I think is a little insane.



d4m1r

join:2011-08-25
Reviews:
·Start Communicat..

1 recommendation

reply to TSI Marc

I think the premise of your post is incorrect....If you guys wanted to go to the no logs approach, you could do it tomorrow. Just ask any number of European ISPs how they deal with spam, billing, and other issues without logs...Its 100% technically possible but yes, some of your current procedures would obviously have to be changed.

Whether you guys want to or not, is another subject all together and it seems this topic is a formal answer, being "no". While I am disappointed in that, I'd like to remind you of all the benefits to TSI if they would adopt this approach;

1) No other ISP in Canada has such an approach currently, so for other privacy concious individuals, they'd most likely make the switch to TSI as privacy would be a key selling point.

2) Keeping no logs relieves TSI of any legal issues regarding logs, copyright notices, etc. If you guys do not have logs (which you are fully in your right to do), you cannot be held liable for anything.

3) Again, no logging would NOT create a "dark net". Do you believe it did in the case of Sonic? All they got in return for their 2 week policy was a bunch of new subscribers....If you ever did get requests for logs from law enforcement in the future lets say, it doesn't mean you don't want to hand them over...It would just mean you don't have any to hand over, even though you'd love to (logs were a legal risk so you choose to stop keeping any). This would NOT make you liable to legal action nor would you be impeding any criminal case as you wouldn't have the logs in the first place...
--
www.613websites.com Budget Canadian Web Design and Hosting



twizlar
I dont think so.
Premium
join:2003-12-24
Brantford, ON
kudos:3
reply to Tx

We have various services, the only portion that is resold is wholesale dsl and cable products, however that is a tiny portion of our business.

What about whmcs makes it crappy to you? It is pretty good as a client management and billing solution.
--
Broadline Networks Inc.



Tx
bronx cheers from cheap seats
Premium
join:2008-11-19
Mississauga, ON
kudos:12
Reviews:
·TekSavvy DSL
·FreePhoneLine
·Rogers Hi-Speed

said by twizlar:

We have various services, the only portion that is resold is wholesale dsl and cable products, however that is a tiny portion of our business.

What about whmcs makes it crappy to you? It is pretty good as a client management and billing solution.

It's rather amature. (not you guys as a whole) just the software. As soon as i seen it i left your site. When Matt created WHMCS years ago we tried it out and thought it had great potential, years passed and it's still stuck in an old design with lackluster features for your clients.

We moved to a far more advanced billing solution (2 different ones actually). We are also a provider of services and such with 11,000 or so customers (colo, dedi servers, hosting and domains). When we moved away from WHMCS the feedback was tremendous among our users. WHMCS just isn't there yet, he user interface is really unprofessional. Great for invoicing and paying the invoices but that's as far as it goes. Design wise do some research. Decent sized businesses avoid it. Several other solutions available and for a business such as yours (after i seen your other sites which are also nice by the way), i'd make a move away from it. It really hurts the image of a business as serious as yours (yours is far more serious then mine)

Can discuss further in PM if you like but i thought it'd be a friendly FYI as my eyes popped when i seen it

ultramancool

join:2004-12-22
Schenectady, NY
reply to TSI Marc

Why don't you just turn off logging and flip them off, I don't see how this is a debate.



twizlar
I dont think so.
Premium
join:2003-12-24
Brantford, ON
kudos:3
reply to Tx

Eh, whmcs is really just a user portal and billing system. We have several other (free) software packages that tie in with it to provide a full suite of management capabilities. Most of the all-in-one solutions out there are far too expensive for what they provide and they aren't nearly flexible enough. We have tested most of the solutions out there and none of them really fit our needs so we mostly rolled our own, with the exception of using whmcs as a frontend and automating billing.

Anyways, we are taking this quite a bit OT now
--
Broadline Networks Inc.


chrisl83

join:2011-06-21
Almonte, ON
reply to TSI Marc

I think it would be neat if we could opt in or out of logs


ultramancool

join:2004-12-22
Schenectady, NY

That would probably make those of us who turn them off look extra sketchy.


hmph

join:2012-10-23

It's worth looking suspicious as long as you are not getting sued based on the grounds of being accused by some high end "forensic" software in the hands of "experts".


paulwye

join:2007-02-17
Toronto, ON

2 edits
reply to TSI Marc

Marc, first off, I don't think it can be said enough: thanks for your efforts on this and all the other matters over the past few years. I can't help but think that you could be somewhere earning a comfortable salary with a tiny fraction of the stress you were dealing with *before* the lawsuit surfaced. I can't imagine how that buried the needle. Same goes for Gabe, Martin, and everyone else whose userid starts with 'TSI' (it's impossible to put together a comprehensive list here, but you guys know who you are).

Second, before anyone jumps on me: yes, I know TSI is for-profit. But I seriously doubt Marc is getting rich over in Chatham, nor is anyone else associated with TSI. Someone please disabuse me of the notion if I'm mistaken, but I just don't see how it's possible. You know who is getting rich, though, and who you won't ever--not ever--find on a forum like this, opening up a debate about something as banal (until last week, anyway) as log retention policy? The CEOs of Rogers, BCE, Shaw, Telus.

Marc doesn't need to be anywhere near as open about this whole thing has he has been. If this were any of the ISPs mentioned above, we would almost certainly have a bland, useless statement issued by a team of lawyers and PR people. Instead, we're getting a discussion that's far more open than I would ever have expected.

Okay, on to the actual discussion: I tend to agree that a 'no-log' policy is a tough sell on the face of it. Policy can't be shaped to protect infringing users. Really, when you think about it, it's just that simple. Logs exist for all sorts of useful purposes, and without them it would make things a LOT harder for everyone who legitimately needs them. No doubt there is a principled, legitimate argument against keeping them (see below), but there are some seriously practical considerations here. The world can't always run on principles.

That being said, I'm frustrated by the notion that not wanting records of my online activities kept must automatically mean I'm up to no good; it's the first step toward Vic Toews' stupid 'with us or with the child pornographers' argument. (Marc, to be clear, I'm not saying you're making that argument; rather, I'm lamenting the perception that anyone who goes with 'the no-log ISP' can't possibly have a legitimate reason for doing so.) An encrypted /home folder is not necessarily filled to the brim with illicit material, and an ISP that takes its commitment to privacy ultra-seriously should not have to be synonymous with some sort of 'internet ghetto'.

If we're being honest here, TSI is already the ISP with the biggest data caps (or complete lack of same, depending on your plan). Nobody needs 300GB for mail, web and Linux ISOs (Angelo notwithstanding). In that sense, the company has already attracted a certain type of user. That is NOT to discount all the other solid reasons for choosing TSI (local/sane tech support, transparency, great peering/routing, support for oddball setups, political muscle to fight UBB, etc.), but doubtless it's all some users are thinking about when they subscribe. I don't think that's had a negative impact on the company's image; the name is a lot more common now than it was four years ago, it's running a better-than-decent ad campaign, and the subscriber base has grown at what could be considered a literally painful rate.

Ultimately, we shouldn't need to have this discussion at all. If a person wants to continue to engage in activities that are at odds with Canadian law, well...there are a myriad of ways to do it without risking exposure to things like the Voltage suit, and without putting TSI in this position.

There are a lot of other things that could be said on this matter that don't directly relate to logs, but I suppose there are other threads.

TL;DR: 60 days would be nice, but I think 90 days is pretty reasonable and seems to be generally acceptable.

EDITS: 1) missed an apostrophe, 2) deleted a superfluous period. Ugh.


ultramancool

join:2004-12-22
Schenectady, NY
reply to hmph

This is true. Though I don't see any reason why they'd bother keeping logs in the first place. People who want to get away with illegal things of all sorts on the internet already can. Through VPN, hacked servers, Tor , etc. The only thing they're doing by logging is making life more difficult for their customers.


qewey

join:2007-10-04
reply to TSI Marc

said by TSI Marc:

If for example they were needed to identify a situation that was urgently required for reasons of danger to health, life, public safety, etc. If, as an extreme, we were to keep no logs at all, what happens when you get a call indicating an anonymous user just made a post suggesting they were going to kill themselves, or harm people in their workplace, etc.? And how well would it play if police were urgently trying to locate a victim in a case of a child exploitation crime-in-progress, but weren't able to proceed because we made it a policy not to keep logs, largely in order to protect customers from copyright claims. And let's be clear: while there are certainly copyright trolls who are inappropriately trying to squeeze people for damages well beyond what they might actually be able to obtain in court, there are internet users who are regularly engaging in activity that is contrary to Canadian law, copyright, defamation, hate crimes, fraud... you name it. I for one do not want to adopt retention policies driven by the objective of making it impossible for police to apprehend suspects or rights holders to enforce their legitimate legal rights.

ISPs that adopt very short term log retention (or no log retention) risk becoming havens for people that intend to break the law. Once an ISP has that kind of reputation, it will likely face even more attention from law enforcement and civil litigants, and more invasive, and potentially ex parte court orders.

Thanks for the post stating TSI position more clearly.

I think it should be a few days to maximum 1 week.
I am talking about data that can identify individuals and violate their privacy.

For emergency and life and death situation or crime in progress situations, real time is probably what is needed and 3-5 days should be more than enough.

For real law enforcement detective work purposes investigating copyright, defamation, hate crimes, fraud... etc. Lets remember that past logs are not the only or best tool they have at their disposal. Law enforcements have wiretapping powers via court warrants and ISP are required to have facilities in place to allow such wiretapping when they are issued by courts. This is basically dumping everything a person do into the lap of the police which is much much better proof and surveillance than past logs. For that it requires more work, planning and preparation by law enforcement to obtain and execute a successful wiretap. And it is a good thing because we are talking about invading the privacy of canadian citizens. You need law enforcement to put in the necessary work to be able to overstep such a fundamental right, so fundamental that it is in the constitution under the Canadian Charter of Rights. Not just show up and demand logs AFTER the fact which is exactly what these civil litigants who are not law enforcements are trying to do.

For the civil litigants that are out to make money and not law enforcement, I dont think you owe them anything more than what is required by law which is nothing as the law stand on minimum data retention. Actually like you said yourself, the law actually calls for you to protect your customers personal data from 3rd civil parties out for profit.

There is a reason why mandatory data retention is not required in Canada. It is because there are other alternatives and powers at the disposition of law enforcement. And our legislature/parliament have judged that for now, those offer the best balance between protecting constitutional privacy rights and the ability for law enforcements to investigate crimes.

I think based on that stance you will not take any PR hit from adopting a smaller log retention timeframe. And I dont think you risk becoming a haven for criminals ( I mean real criminals not the 9yo downloading the latest hit song in this story : »torrentfreak.com/police-raid-9-y···-121122/) since like exposed above, law enforcements have the wiretapping tools necessary to do their jobs. It just take them more work to obtain access but that is a good thing as we are talking about transgressing a fundamental right here. The only people that do not have wiretapping powers are the civil litigants out for profit.

dm1336

join:2011-08-07
Scarborough, ON
reply to TSI Marc

90days is fine for me

Whenever I have any issues with services from another company I notice it on bill 1, I get credits on bill 2, and back to normal (hopefully) on bill 3.


hmph

join:2012-10-23

We are not talking about billing log retention, we are talking about logging IP addresses.

At this point I don't see why over two weeks of logging would be needed. If you have mail spam issues, then close port 25 and open by request, aside from that I don't see anything stopping a large barrage of future p2p trolling. If someone is mad about their bandwidth usage, tell them to move to unmetered. The law says to keep logs for as little as time as possible. I really don't see any points that have been made that having 90 days of logging would fix over two weeks to a month of IP logging.



ryangard

join:2006-02-21
reply to TSI Marc

I'd honestly say 90 days would be reasonable business practice. Again considering the lack of safe harbor laws in Canada, outright scrapping logs could be seen as condoning shady/illegal activities, as there's no paper trail to be held accountable to.

At the end of the day, it's simply a log of an ip address to an account. It's not like the information stored shows every site you've visited within the last 90 days, or any other specifically defining usage.


hmph

join:2012-10-23
reply to hmph

forget logging stuff

Yea, just make a second unmetered only network segment with no logging on some Nlayer, Abovenet, Level3 and Inteliquent. Where do I sign up?