dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
18123
chrisl83
join:2011-06-21
Almonte, ON

chrisl83 to TSI Marc

Member

to TSI Marc

Re: Discussion about log retention

I think it would be neat if we could opt in or out of logs
ultramancool
join:2004-12-22
Schenectady, NY

ultramancool

Member

That would probably make those of us who turn them off look extra sketchy.
hmph
join:2012-10-23

hmph

Member

It's worth looking suspicious as long as you are not getting sued based on the grounds of being accused by some high end "forensic" software in the hands of "experts".
paulwye
join:2007-02-17
Toronto, ON

2 edits

paulwye to TSI Marc

Member

to TSI Marc
Marc, first off, I don't think it can be said enough: thanks for your efforts on this and all the other matters over the past few years. I can't help but think that you could be somewhere earning a comfortable salary with a tiny fraction of the stress you were dealing with *before* the lawsuit surfaced. I can't imagine how that buried the needle. Same goes for Gabe, Martin, and everyone else whose userid starts with 'TSI' (it's impossible to put together a comprehensive list here, but you guys know who you are).

Second, before anyone jumps on me: yes, I know TSI is for-profit. But I seriously doubt Marc is getting rich over in Chatham, nor is anyone else associated with TSI. Someone please disabuse me of the notion if I'm mistaken, but I just don't see how it's possible. You know who is getting rich, though, and who you won't ever--not ever--find on a forum like this, opening up a debate about something as banal (until last week, anyway) as log retention policy? The CEOs of Rogers, BCE, Shaw, Telus.

Marc doesn't need to be anywhere near as open about this whole thing has he has been. If this were any of the ISPs mentioned above, we would almost certainly have a bland, useless statement issued by a team of lawyers and PR people. Instead, we're getting a discussion that's far more open than I would ever have expected.

Okay, on to the actual discussion: I tend to agree that a 'no-log' policy is a tough sell on the face of it. Policy can't be shaped to protect infringing users. Really, when you think about it, it's just that simple. Logs exist for all sorts of useful purposes, and without them it would make things a LOT harder for everyone who legitimately needs them. No doubt there is a principled, legitimate argument against keeping them (see below), but there are some seriously practical considerations here. The world can't always run on principles.

That being said, I'm frustrated by the notion that not wanting records of my online activities kept must automatically mean I'm up to no good; it's the first step toward Vic Toews' stupid 'with us or with the child pornographers' argument. (Marc, to be clear, I'm not saying you're making that argument; rather, I'm lamenting the perception that anyone who goes with 'the no-log ISP' can't possibly have a legitimate reason for doing so.) An encrypted /home folder is not necessarily filled to the brim with illicit material, and an ISP that takes its commitment to privacy ultra-seriously should not have to be synonymous with some sort of 'internet ghetto'.

If we're being honest here, TSI is already the ISP with the biggest data caps (or complete lack of same, depending on your plan). Nobody needs 300GB for mail, web and Linux ISOs (Angelo notwithstanding). In that sense, the company has already attracted a certain type of user. That is NOT to discount all the other solid reasons for choosing TSI (local/sane tech support, transparency, great peering/routing, support for oddball setups, political muscle to fight UBB, etc.), but doubtless it's all some users are thinking about when they subscribe. I don't think that's had a negative impact on the company's image; the name is a lot more common now than it was four years ago, it's running a better-than-decent ad campaign, and the subscriber base has grown at what could be considered a literally painful rate.

Ultimately, we shouldn't need to have this discussion at all. If a person wants to continue to engage in activities that are at odds with Canadian law, well...there are a myriad of ways to do it without risking exposure to things like the Voltage suit, and without putting TSI in this position.

There are a lot of other things that could be said on this matter that don't directly relate to logs, but I suppose there are other threads.

TL;DR: 60 days would be nice, but I think 90 days is pretty reasonable and seems to be generally acceptable.

EDITS: 1) missed an apostrophe, 2) deleted a superfluous period. Ugh.
ultramancool
join:2004-12-22
Schenectady, NY

ultramancool to hmph

Member

to hmph
This is true. Though I don't see any reason why they'd bother keeping logs in the first place. People who want to get away with illegal things of all sorts on the internet already can. Through VPN, hacked servers, Tor , etc. The only thing they're doing by logging is making life more difficult for their customers.
qewey
join:2007-10-04

qewey to TSI Marc

Member

to TSI Marc
said by TSI Marc:

If for example they were needed to identify a situation that was urgently required for reasons of danger to health, life, public safety, etc. If, as an extreme, we were to keep no logs at all, what happens when you get a call indicating an anonymous user just made a post suggesting they were going to kill themselves, or harm people in their workplace, etc.? And how well would it play if police were urgently trying to locate a victim in a case of a child exploitation crime-in-progress, but weren't able to proceed because we made it a policy not to keep logs, largely in order to protect customers from copyright claims. And let's be clear: while there are certainly copyright trolls who are inappropriately trying to squeeze people for damages well beyond what they might actually be able to obtain in court, there are internet users who are regularly engaging in activity that is contrary to Canadian law, copyright, defamation, hate crimes, fraud... you name it. I for one do not want to adopt retention policies driven by the objective of making it impossible for police to apprehend suspects or rights holders to enforce their legitimate legal rights.

ISPs that adopt very short term log retention (or no log retention) risk becoming havens for people that intend to break the law. Once an ISP has that kind of reputation, it will likely face even more attention from law enforcement and civil litigants, and more invasive, and potentially ex parte court orders.

Thanks for the post stating TSI position more clearly.

I think it should be a few days to maximum 1 week.
I am talking about data that can identify individuals and violate their privacy.

For emergency and life and death situation or crime in progress situations, real time is probably what is needed and 3-5 days should be more than enough.

For real law enforcement detective work purposes investigating copyright, defamation, hate crimes, fraud... etc. Lets remember that past logs are not the only or best tool they have at their disposal. Law enforcements have wiretapping powers via court warrants and ISP are required to have facilities in place to allow such wiretapping when they are issued by courts. This is basically dumping everything a person do into the lap of the police which is much much better proof and surveillance than past logs. For that it requires more work, planning and preparation by law enforcement to obtain and execute a successful wiretap. And it is a good thing because we are talking about invading the privacy of canadian citizens. You need law enforcement to put in the necessary work to be able to overstep such a fundamental right, so fundamental that it is in the constitution under the Canadian Charter of Rights. Not just show up and demand logs AFTER the fact which is exactly what these civil litigants who are not law enforcements are trying to do.

For the civil litigants that are out to make money and not law enforcement, I dont think you owe them anything more than what is required by law which is nothing as the law stand on minimum data retention. Actually like you said yourself, the law actually calls for you to protect your customers personal data from 3rd civil parties out for profit.

There is a reason why mandatory data retention is not required in Canada. It is because there are other alternatives and powers at the disposition of law enforcement. And our legislature/parliament have judged that for now, those offer the best balance between protecting constitutional privacy rights and the ability for law enforcements to investigate crimes.

I think based on that stance you will not take any PR hit from adopting a smaller log retention timeframe. And I dont think you risk becoming a haven for criminals ( I mean real criminals not the 9yo downloading the latest hit song in this story : »torrentfreak.com/police- ··· -121122/) since like exposed above, law enforcements have the wiretapping tools necessary to do their jobs. It just take them more work to obtain access but that is a good thing as we are talking about transgressing a fundamental right here. The only people that do not have wiretapping powers are the civil litigants out for profit.
dm1336
join:2011-08-07
Scarborough, ON

dm1336 to TSI Marc

Member

to TSI Marc
90days is fine for me

Whenever I have any issues with services from another company I notice it on bill 1, I get credits on bill 2, and back to normal (hopefully) on bill 3.
hmph
join:2012-10-23

hmph

Member

We are not talking about billing log retention, we are talking about logging IP addresses.

At this point I don't see why over two weeks of logging would be needed. If you have mail spam issues, then close port 25 and open by request, aside from that I don't see anything stopping a large barrage of future p2p trolling. If someone is mad about their bandwidth usage, tell them to move to unmetered. The law says to keep logs for as little as time as possible. I really don't see any points that have been made that having 90 days of logging would fix over two weeks to a month of IP logging.

Kaloni
Premium Member
join:2006-02-21
canada

Kaloni to TSI Marc

Premium Member

to TSI Marc
I'd honestly say 90 days would be reasonable business practice. Again considering the lack of safe harbor laws in Canada, outright scrapping logs could be seen as condoning shady/illegal activities, as there's no paper trail to be held accountable to.

At the end of the day, it's simply a log of an ip address to an account. It's not like the information stored shows every site you've visited within the last 90 days, or any other specifically defining usage.
hmph
join:2012-10-23

hmph

Member

forget logging stuff

Yea, just make a second unmetered only network segment with no logging on some Nlayer, Abovenet, Level3 and Inteliquent. Where do I sign up?
ultramancool
join:2004-12-22
Schenectady, NY

1 edit

ultramancool

Member

Sounds good, I'm sure teksavvy will totally be in on that. Might need to start our own ISP.
urbang33k
join:2010-02-13
Canada

urbang33k to TSI Marc

Member

to TSI Marc

Re: Discussion about log retention

Marc,

From a bell guy, who gets an employee discount on his legacy unlimited account, I'd come over to you guys in a heart beat if you advertised 1 month or less log files.
ultramancool
join:2004-12-22
Schenectady, NY

ultramancool

Member

Not only does TekSavvy log for 90 days but they're refusing to fight for us in this situation. Really doesn't make them look good in my opinion. I expect TekSavvy to stand up for my privacy. While I'm not personally affected by this, it's certainly affecting their reputation as a company in my mind and the minds of others I've talked to. Maybe Bell/Rogers/Shaw will screw you over for bandwidth but at least they'll go to court to protect you. No such thing on TekSavvy I guess.

Tx
bronx cheers from cheap seats
Premium Member
join:2008-11-19
Mississauga, ON

Tx

Premium Member

said by ultramancool:

Not only does TekSavvy log for 90 days but they're refusing to fight for us in this situation. Really doesn't make them look good in my opinion. I expect TekSavvy to stand up for my privacy. While I'm not personally affected by this, it's certainly affecting their reputation as a company in my mind and the minds of others I've talked to. Maybe Bell/Rogers/Shaw will screw you over for bandwidth but at least they'll go to court to protect you. No such thing on TekSavvy I guess.

I have to say i agree. I kind of expected them to put up more of a fight for their customers privacy and not a well too bad so sad, get legal counsel. I think what left me scratching my head was the bluntness of a "we will release all info when asked by courts" rather then be one of those very popular ISPs as there are several world wide that will fight for the customers privacy.

No if ands or butts.. Lower rentention or put up more of a stink for your customers privacy. I kind of expected that response from rogers, bell, telus not TSI honestly.
JonyBelGeul
Premium Member
join:2008-07-31

JonyBelGeul to TSI Marc

Premium Member

to TSI Marc
From a customer point of view - myself - the only length required is one that covers a period where there could be a problem with the service, especially with regards to billing period, overage charges, and service downtime.

From a citizen point of view, with regards to legal matters where evidence is gathered, I point to burden of proof, and the fundamental legal premise of innocent until found guilty. The very act of keeping tabs on citizens implies that we suspect these same citizens without prior, thereby contradicting the premise of innocent until found guilty, essentially transferring burden of proof to the suspect. Thus, the length required should not be determined by such legal matters a priori.

However, when said citizen is a suspect in a criminal investigation, and when a court orders evidence gathering, then TSI should obey the court and gather whatever evidence they are ordered to, and if need be lengthen the log period for this specific suspect IP, as the court requires of course.

But here we're not talking about hypothetical scenarios. We're talking about a real request by a real company, but without a real court order for the request. In this case, log period length is inconsequential since no evidence should be given to anybody in any circumstance whatsoever ever. Therefore here again, log retention period should not be determined by such matters a priori.

And this point is critically important. The request by Voltage should not cause TSI to lengthen log period for any of its customers, nor change its current policy, nor comply with Voltage's request, just because TSI now anticipates a court order to follow this one, or for any other reason directly or indirectly related to Voltage's request.

Consequently, the default TSI policy for log retention period should be determined exclusively by the nature of the service itself, and by the agreements that govern this service. Nothing else.

I'd like to thank you Marc for allowing us to express our opinion on the matter.
Bhruic
join:2002-11-27
Toronto, ON

Bhruic to TSI Marc

Member

to TSI Marc
There are really two issues at play here, at least from my perspective. The issue that's most directly related is how to handle the situation with companies like Voltage. My hope is that the court system will be reasonable and come to the sane conclusion that simply having an ip address is not indication of any guilt for the person to whom that ip address was assigned. If that conclusion is indeed reached, that side of things is dealt with completely.

The other side is the issue of privacy. Honestly, I can't understand where people are coming from in trying to make this a privacy issue. Privacy should protect your online activities. ISPs shouldn't (and as far as I know, Teksavvy doesn't) track what you do online. But the idea they should log what ip you were assigned for "privacy" reasons strikes me as extremely silly. How many other areas of life do you have a number assigned to you? Driver's license, SIN, health card, etc. You get a number with all of those. How many of the places that gather such information delete them in a 90 day period? None that I know of. Heck, the ones that gather my health card have a 20 year retention policy.

As long as we get decent legal protection from copyright trolls, I don't have any issue with Teksavvy keeping logs for as long as they see fit.
d0rmamu
join:2004-09-28
Toronto, ON

1 recommendation

d0rmamu to TSI Marc

Member

to TSI Marc
I appreciate the open discussion!

There is a fundamental problem with some of the justifications for retaining logs beyond the absolute minimum. The same type of argument exists for having cameras on every street corner. And why not in the living rooms of every home? It is not exaggeration or devils advocacy to recognize that criminal wrongdoing takes place on the streets and (especially) in the privacy of people's homes everyday. Law enforcement would no doubt be more effective with greater surveillance of public and private spaces. But there's a good reason why we as citizens resist this encroachment.

No offense, but I don't want my ISP internalizing too much the perspective of law enforcement at the expense of its customers' privacy. As noted by someone above, the real authorities already have at their disposal many tools for tracking the internet and real life activities of suspected criminals where there are reasonable grounds. The phoney authorities, that is to say the copyright trolls and bagmen for Hollywood, are the real concern here and the context for this debate.

I find it very hard to believe that duration of logs (say 1 mo. vs. 6 mos. or whatever) has no impact on the efficacy of Voltage style trolling practices. If nothing else these vultures would be forced to be in court that much more often with much shorter lists to keep up with rolling deletions. If their attack cannot be defeated in motions court then the least Teksavvy can do is take a lesson from this experience and reduce its logging to the bare minimum. The many European ISPs for example that have taken this approach have not done so because they are bad corporate citizens and facilitators of criminality, but because people there have fought to entrench internet privacy and it is becoming recognized as a right by European societies and governments.

I have been with Teksavvy for coming on 10 years and I generally like the service I get as well as the transparency and responsiveness of the company in these forums. But the struggle over the internet -- neutrality, privacy, criminal sanctions for IP infringements, etc. -- is coming to a head because of a concerted campaign by the Big Brothers of Voltage. I would like to see Teksavvy taking the lead in protecting internet privacy as it has been at the forefront of other battles. In this changing environment, logging policy would certainly be a part of my consideration of where to get my internet service (and I'm not even an 'unlimited plan' user).

AkFubar
Admittedly, A Teksavvy Fan
join:2005-02-28
Toronto CAN.

AkFubar to TSI Marc

Member

to TSI Marc
The main factor for long log retention seems to be law enforcement requests. Based on this you need to weigh how many such requests over 90 days you actually received. If it is not very frequent then 90 days is reasonable imo. If you look at surveillance camera video retention, in some cases it is a matter of day(s) or a week or two at the most.

lleader
join:2011-01-01
Mississauga, ON

lleader to d0rmamu

Member

to d0rmamu
TSI Marc - please reread and absorb every word of d0rmamu's response two posts above. He has very eloquently described my exact feelings on this whole issue. I fully agree with every point he makes.
Funky_
join:2004-06-05
Canada

1 edit

Funky_ to TSI Marc

Member

to TSI Marc
I would like to chime in and say that I believe logs should be kept to a bare minimum to facilitate service troubleshooting only and to help with immediate police emergencies.

A maximum of 1 week seems reasonable to me.

Edit:

Oh, and I would just like to add that I appreciate TekSavvy and Marc for talking about this with their customers. If this continues I will be a customer for a long time. Thanks.

dillyhammer
START me up
Premium Member
join:2010-01-09
Scarborough, ON

dillyhammer to TSI Marc

Premium Member

to TSI Marc
7 days. Tops.

(Though my inner-anarchist is screaming 0 days)

And for what it's worth, which 1 (or more) of the 2300+ people being sued by Voltage is going to make TSI a party to the action and/or bring suit for violating their privacy by keeping logs and releasing their info. Because that surely is going to happen.

Mike

XP
@teksavvy.com

XP to TSI Marc

Anon

to TSI Marc
2 weeks just like Sonic
kabes
join:2010-05-14
Kitchener, ON

kabes to TSI Marc

Member

to TSI Marc
Some of the arguments for keeping longer logs are the same ones people use for further regulation of the Internet and more public surveillance or a "guilty until proven innocent" attitude that seems all too common nowadays.

What other freedoms should we give up because there is pedophiles out there? I can't be the only one sick of hearing that Vic Toewes, black and white argument.

Voltage seeing regular folk as a significant revenue source are what makes them trolls. Stop enabling them. There are other methods for IP owners to protect their content, by going after the sources, just like back in the day when they went after people who sold counterfeit VHS for profit instead of friends sharing movies. I won't even go into the countless studies showing pirates as the ones who actually buy more music, etc. than non pirates or how much Netflix has reduced it (because its more convenient than pirating for a reasonable price).

I understand not wanting to be seen as a haven for wrong-doers but 90 days seems more than sufficient to me because it sounds like it would handle all emergency or crime in progress cases. If you kept logs for years those could seriously be abused.
HeadSpinning
MNSi Internet
join:2005-05-29
Windsor, ON

HeadSpinning

Member

said by kabes:

I understand not wanting to be seen as a haven for wrong-doers but 90 days seems more than sufficient to me because it sounds like it would handle all emergency or crime in progress cases.

The phone company keeps your call detail records for longer than 90 days for billing purposes. The information retained by ISPs is very much like phone call billing data. It contains your source IP address, user identification, time and duration of the session, as well as the quantity of data transferred.

It does not contain the actual data, nor what sites you visited - so in that respect, it contains LESS information than a phone call record which does include the destination of your call.

TwiztedZero
Nine Zero Burp Nine Six
Premium Member
join:2011-03-31
Toronto, ON

TwiztedZero to dillyhammer

Premium Member

to dillyhammer
said by dillyhammer:

7 days. Tops.

(Though my inner-anarchist is screaming 0 days)

And for what it's worth, which 1 (or more) of the 2300+ people being sued by Voltage is going to make TSI a party to the action and/or bring suit for violating their privacy by keeping logs and releasing their info. Because that surely is going to happen.

Mike

TSI is allready covered for this eventuality in the Terms of Service and the User Agreement Policy. And they won't violate that without a court order.

Once a court order is successfully obtained then its out of TSI's hands. Obligations are covered from a legal standpoint. After that its just a matter of how long TSI has to turn over the subscriber information, and at what cost if any that TSI might enact to do so, I don't expect them to do it for free.

I am however, optimistic that the Judge that oversee's this motion denies voltage their court order.

What happens after Monday is anyone's guess.

Sooner or later I'm sure there will be more spectulative invoicing attempts. I just wish Canada would enact legislation outlawing this detestable practice all together, and put an end to it entirely.
kabes
join:2010-05-14
Kitchener, ON

kabes to HeadSpinning

Member

to HeadSpinning
said by HeadSpinning:

said by kabes:

I understand not wanting to be seen as a haven for wrong-doers but 90 days seems more than sufficient to me because it sounds like it would handle all emergency or crime in progress cases.

The phone company keeps your call detail records for longer than 90 days for billing purposes. The information retained by ISPs is very much like phone call billing data. It contains your source IP address, user identification, time and duration of the session, as well as the quantity of data transferred.

It does not contain the actual data, nor what sites you visited - so in that respect, it contains LESS information than a phone call record which does include the destination of your call.

I never implied that it did and I do understand the logs. It doesn't stop people from asking the ISP "who was using this IP address at this time"
UK_Dave
join:2011-01-27
Powassan, ON

3 edits

UK_Dave to TSI Marc

Member

to TSI Marc
Good morning, Marc.

Thanks for keeping such an open dialogue.

We have confirmed that ALL record keeping is voluntary, and that lack of logs in the face of a warrant would have zero legal impact.

I made a post some days ago regarding log accuracy, and whether the logs you keep are accurate enough to be the SOLE determining factor in the guilt or innocence of a user in the face of an accusation of this kind.

Do you believe they are? Others people in that thread had reasons to believe that such logs are not 100% accurate - in fact, not even close to that number. I have never run an ISP, I don't know.

In the face of serious crimes, where the Law comes to you for a lookup, the chances are they are either looking for a starting point, or are looking for corroborating evidence.

The chances of a murder, child porn, rape, abduction or similar often-quoted criminal case hinging on an IP address and nothing else is highly unlikely. Even non-geographic crimes such as child porn, are followed up by a property warrant and the seizure of equipment such as hard drives.

We seem to be caught in the usual issue of protection versus privacy.

If you were to provide the information to the court, with a proviso on accuracy, it might be interesting. After all, there is no reason why you have to even have logs by law, let alone the need for them to be 100 per cent accurate for mass trawler-net lookups.

Even if disclosure was still enforced, the day in court for the individual could be a lot easier.

All the best.
Dave.
Funky_
join:2004-06-05
Canada

Funky_

Member

Excellent point UK_Dave. Doesn't Voltage need to prove that every single line of code from the users computer to the software that writes the logs at TekSavvy is completely accurate?

As a web developer I don't believe it is possible to say with 100% certainty that no mistakes can occur along this path. How can a judge do it?

hm
@videotron.ca

hm to HeadSpinning

Anon

to HeadSpinning
said by HeadSpinning:

The information retained by ISPs is very much like phone call billing data.

It does not contain the actual data, nor what sites you visited

This is not true for all ISP's.

Cogeco, for example, keeps logs of everything you do, everything you say, every place you go, every thing you download, Everything.. for 30-days minimum. This can be found in the Cogeco forum (I transcribed it from the hearings to there), and the Privacy Commissioners DPI funded website run by Parsons.

This was stated at the CRTC DPI hearings when it was revealed for the first time that Cogeco throttles and DPI's you 24/7.

So not all ISP's are equal like that statement you made.

Just an FYI. Nothing more.
buttaknife
join:2007-06-01

buttaknife to TSI Marc

Member

to TSI Marc
Yesterday, I would have said 30 days would be fine. But as of Marc post today about not stepping up to bat.... it should be 0 days. I don't trust TekSavvy much anymore.