dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
15776
share rss forum feed


d4m1r

join:2011-08-25
Reviews:
·Start Communicat..
reply to drjp81

Re: Discussion about log retention

Also wrong. Those are merely "administrative" tasks that risk the privacy of all users to make it easier for TSI to carry out those administrative tasks....

Marc has acknowledged the argument I put forward which basically states that all the reasons they claim they keep logs for now, can still be carried out tomorrow if they wanted to, even if they switched to a 0 day logging policy. In such cases, those tasks could still be accomplished AND users privacy is not put as risk. In the EU, where there are REAL consumer privacy protection laws, ISPs have switched to 0 day logging policies to protect themselves and their users and have found alternative methods to do all the things Marc stated TSI needs to keep logs for...
--
www.613websites.com Budget Canadian Web Design and Hosting


dcorban

join:2003-07-13
Newmarket, ON
reply to TSI Marc

I don't know what is logged, but it would seem to me that any data logged for more than a week is excessive. This would only be used for troubleshooting purposes. Any technical problems should be resolved within a week, so the data would not be needed.



davegravy

@iasl.com
reply to TSI Marc

Crazy idea...

I've skimmed most of this thread but due to it's length this may have already been thrown out there for consideration:

Take a page out of Mega's book - you store the logs, but your clients hold the keys.

Beyond logs needed for emergency situations, encrypt log data specific to each client with a password known only to the client. If law enforcement needs access to logs relating to your client, you have plausible deniability, and they are required to use courts to compel your client to decrypt the information.


The Mongoose

join:2010-01-05
Toronto, ON
Reviews:
·TekSavvy Cable

That's actually very cool/innovative. You could even have the encryption only become active after a reasonable troubleshooting window.

However, it doesn't solve a couple of the major long-term issues (no solution really does). The big one is that law enforcement would not look kindly on this sort of a behaviour by an ISP...likely leading to a push for much tighter regulations forcing ISPs to retain data. This is often why companies go beyond what is legally required of them...failure to do so often leads to extremely unwelcome changes in the law.

In the end, I would be shocked if TekSavvy or any other significant ISP decided to eliminate current logging practices or trim the window back to a couple of weeks. We are probably going to have to learn to live with it.



davegravy

@iasl.com

said by The Mongoose:

This is often why companies go beyond what is legally required of them...failure to do so often leads to extremely unwelcome changes in the law.

In my opinion, having a law spell out the requirements is better because:

a) companies like Teksavvy no longer need to concern themselves with walking a privacy-accountability tightrope. They can just follow the requirements of the law to the letter and be done with it.
b) all ISPs will be on the same playing field with regards to a)
c) the public will (should) have an opportunity to have a say in what the appropriate balance is.

I don't think the threat of a law being formed should deter ISPs from implementing a reasonable policy. Worst case, if we end up with an extreme law (like you say), Canadians will be marched that much closer to losing their tolerance with the powers that be and to taking back their country.

It's Teksavvy's prerogative in this case, of course.

Weaver2

join:2012-03-10
reply to TSI Marc

Personally, if logs are not legally required, I wouldn't have them at all.

If European ISPs are adopting 0 day logs, I'd like that here as well.
I, personally, see my privacy as absolutely paramount. I don't even torrent illegally; I'm fortunate enough that I can afford to buy all my music, games and movies.

I'm just a very private person. I'm actually learning German as I'm considering making the move to Germany once the eurozone financial problems are over (or if Harper and Towes finally snap). For all the countries problems, they have fantastic privacy laws.

In my opinion, at the end of the day, your job is to provide internet to people. That's it. It is not your responsibility to stop people from killing themselves, to catch predators, or to prevent copyright infringement.

If your going to keep logs, I'd like a way, as a customer, to be able to view what is being stored about me. Obviously, in a read only format.


MaynardKrebs
Premium
join:2009-06-17
kudos:4
reply to davegravy

said by davegravy :

Take a page out of Mega's book - you store the logs, but your clients hold the keys.

Beyond logs needed for emergency situations, encrypt log data specific to each client with a password known only to the client. If law enforcement needs access to logs relating to your client, you have plausible deniability, and they are required to use courts to compel your client to decrypt the information.

Great idea.
Store each client log in a single text file per day per client.
Then have the client have the option to specify the number of days they want the log file(s) kept via a user set parameter on their MyWorld page. TSI's system then overwrites any files (35-pass Guttmann) older than the # of days set in the customer profile.

Bet you the normal number customers set == 0.


jsmaster

join:2008-03-16
Montreal, QC
reply to TSI Marc

Lol total BS

There is no law nor any obligations for an ISP to keep logs files.


UK_Dave

join:2011-01-27
Powassan, ON
kudos:2
Reviews:
·TekSavvy DSL
·Bell Sympatico

2 edits
reply to drjp81

"I'm all for privacy, but there are simple civil if not criminal accountability reasons ISPs should maintain a log of clients VS IPs. Otherwise how could they track down spammers, black hat hackers, botnets and all sorts of people with criminal intent. While it may be desirable they be, a somewhat dumb pipe, even the phone company keeps a call log and have for decades."

------------------------

Hi.

Those of you following this thread since the original issue occurred know that I've been active in it. However, I've taken a back seat over the Christmas following two deaths in the family.

I also feel we are regurguating old information, to new people. We haven't progressed that much since the first hearing whilst we wait.

I CAN however contribute to the above as I was the original person who confirmed that THERE IS NO LEGAL REQUIREMENT to keep logs. The decision is taken by the ISP on grounds of their own choosing.

I checked this with the CRTC, the Office of the Privacy Commisioner, the Department of Trade and Industry, the CAIP, an SC Lawyer, and a couple more.

The answer was 100% conclusive. There is no need to keep them, and no charges could be brought against the ISP if their response to every legal warranted request was "I'm sorry, we don't have that information."

That said, Marc is within his rights as the CEO to set the level at whatever he feels is necessary to run the business the way he wants to, and I support that 100%.

Cheers,
Dave



drjp81

join:2006-01-09
canada
reply to drjp81

I was merely stating that I do not think TSI would likely want to be a pioneer in that field. It might actually ake good business sense to keep logs to filter out "bad users". So though they have no legal obligation it might still be desirable.
--
Cheers!


UK_Dave

join:2011-01-27
Powassan, ON
kudos:2
Reviews:
·TekSavvy DSL
·Bell Sympatico

I think you might be right - I certainly wouldn't want to be. But as I've said a few times, neither do I have any desire to run an ISP.

Marc may find himself in a situation where the Voltage case shocks enough people into making Log Retention time a critical part of their assessment criteria when choosing an ISP.

At which point, like it or not, he may find himself in a commercial race-to-the-bottom - competing on log time AND price.

Or, he may find that maintaining his current stance on 90 days in the face of competition offering zero logs, gets rid of a large majority of his high-bandwidth unlimited customers to the competition.

Cheers,
Dave


MaynardKrebs
Premium
join:2009-06-17
kudos:4
reply to TSI Marc

Marc,

I wanted to bring something to your attention about logs & retention.

There is a new-ish company called Silent Circle
»silentcircle.com/web/home/

Its founders are people whose technical accomplishments are deserving of immense respect:
Phil Zimmermann, inventor of PGP, co-founder of PGP Corporation, and a whole lot more
Jon Callas, Co-founder of PGP Corporation, Creator Apple’s Whole Disk Encryption, PGP Universal Server, SCIMP
both of whom have built their careers on protecting people's privacy.

Their law/compliance section is here
»silentcircle.com/web/law-compliance/
and in it they state:

We retain the following information as part of our normal business functions:

Authentication information — your user name and hashed password. We hash passwords with a twelve-character random salt and 20,000 iterations of HMAC-SHA256 via PBKDF2.
Your contact email address.
Your Silent Phone number that we issue you
Server IP Logs for login only. We currently retain these for 7 days, and are working to reduce this to 24 hours

Our Credit Card processor Stripe holds the customer credit card data--not us. We wanted it this way for greater customer security.

We are a law-abiding company, and US law (the Communications Assistance for Law Enforcement Act, CALEA) makes it clear that communications service providers can deliver products to their customers that use encryption to protect their communications without having the ability to decrypt those communications. This means no Government-mandated backdoors. Indeed, history has shown that backdoors created for law enforcement interception are themselves a security liability, and present an irresistible target for hackers and state sponsored attackers.

In providing this service, however, it’s also important to recognize that a small number of people will use our products and services to do unlawful, bad things. We obviously don’t want that--it hurts everyone, but we know it will happen. Various law enforcement agencies will therefore make demands, on a case by case basis, that we disclose existing subscriber data, and preserve data that we would not normally keep. Such legal demands are inevitable and come with the territory. We must and will comply with valid legal demands for the very limited information we hold. Thus, we want to make it clear that when legally compelled to do so, we will turn over the little information we hold, described above. Before turning it over, however, we will evaluate the request to make sure it complies with the letter and spirit of the law. And, consistent with best privacy practices followed by other companies, when possible and legally permissible, we will notify the user in order to give him or her the opportunity to object to the disclosure.

We believe that the general public and policy makers benefit from transparency regarding the scale of law enforcement requests for subscriber data. We will therefore follow the lead of other privacy-minded companies in posting aggregate reports online that detail the number of requests we have received, from whom, and how many customers were affected. We will clearly post this information on our website every 6 months or sooner.


On their Privacy page
»silentcircle.com/web/privacy/
they state:

Our servers generate log files that contain IP addresses. Typically we hold log files for seven days. However, as part of network maintenance, we may need to hold anonymized extracts for slightly longer. We will delete these files as soon as they are no longer required.

In many respects, TSI's policies and Silent Circle's match well, but in some there are differences. You and I have had discussions about log retention, and while I understand the differences between Silent Circle's raison d'etre & TSI's - and of the reason why there is a difference in log retention, I still urge you to reduce your log retention to the bare minimum you can possibly live with.



dr_oak

@torland.is
reply to TSI Marc

Hi gang, I was looking allover the place what information TSI stores in its logs and could not find it. Too many posts I guess. Could someone remind what exact information TSI stores in its logs? Does TSI store URLs that users are visiting? Contents (file name, file size, URL) of downloads? What exactly is logged?

Cheers


MaynardKrebs
Premium
join:2009-06-17
kudos:4

Date, time, IP address assigned, your login ID


MrMazda86

join:2013-01-29
Kitchener, ON
reply to TSI Marc

For what it's worth, I personally am not fond of any type of log retention other than what is necessary for informational purposes (like usage statistics, etc) and for the purposes of service delivery.

I completely agree with the concept of keeping such informational logs (like usage) for a 180 day period, however I can't help but be a little uneasy about anything beyond that. In my opinion, the logging of more in-depth usage such as sites visited, DNS requests, files downloaded, etc. is just as much a gross violation of personal privacy as Telus' policy to keep logs of every text message ever sent or received from your cell phone.

Don't get me wrong though... I do NOT support criminal activity such as that mentioned in the OP, however, I do not believe that this justifies a potential breach of privacy for the rest of us. Unfortunately, I have seen and experienced just how far such logs can be used to destroy an innocent person when they fall into the hands of the law. As such, it is my opinion and personal belief that log keeping beyond the 90-day period, or log keeping of a nature that creates a potential to be used either for extortion or for defamation is a gross violation of FIPPA (aka R.S.O. 1990, c. F.31) s.21(1) (f). That being said however, it also outlines the extenuating circumstance factor in sub section b of the same clause.

It reads:

quote:
A head shall refuse to disclose personal information to any person other than the individual to whom the information relates except,
...
(b) in compelling circumstances affecting the health or safety of an individual, if upon disclosure notification thereof is mailed to the last known address of the individual to whom the information relates;
...
(f) if the disclosure does not constitute an unjustified invasion of personal privacy.
In the case of an allegation of attempted suicide or child molestation, I completely agree that this would be a justified invasion of personal privacy, particularly when a reasonable ground can be established. In such cases, it would stand to reason that there must be some sort of physical evidence to support the claim. Anything other than an extreme situation like a suicide claim, death threat, bomb threat, act of terrorism or conspiracy to commit an act of terrorism, or a threat to public safety just does NOT constitute a "reasonable" invasion of privacy.

One can also reasonably conclude from this that the simple existence of such records beyond what is absolutely necessary for the delivery of service impedes on the consumer's rights as defined in the Canadian Charter of Rights and Freedoms s.8 where it states:

quote:
8. Everyone has the right to be secure against unreasonable search or seizure.
Just my 2 cents worth. Take from it what you will, but perhaps this may give you a bit of an idea where a lot of people are coming from.


shrug

@videotron.ca
reply to MaynardKrebs

said by MaynardKrebs:

Date, time, IP address assigned, your login ID

Did you submit a formal request to see any and all data stored in association with your account, and/or what they can see in real time?

Care to paste?

InvalidError

join:2008-02-03
kudos:5
reply to jsmaster

said by jsmaster:

Lol total BS

There is no law nor any obligations for an ISP to keep logs files.

Without logs, ISPs who have usage-based billing would be unable to defend themselves when people dispute usage bills since they no longer have detailed records of that usage ever occurring for double-checking.

So they may not have obligations to external parties but they may have some obligations to themselves.

MaynardKrebs
Premium
join:2009-06-17
kudos:4
reply to shrug

said by shrug :

said by MaynardKrebs:

Date, time, IP address assigned, your login ID

Did you submit a formal request to see any and all data stored in association with your account, and/or what they can see in real time?

Care to paste?

I'm taking Marc at his word, and so far it's pretty good, AFAIK.