dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


Powassan, ON
·TekSavvy DSL
reply to drjp81

Re: Discussion about log retention

I think you might be right - I certainly wouldn't want to be. But as I've said a few times, neither do I have any desire to run an ISP.

Marc may find himself in a situation where the Voltage case shocks enough people into making Log Retention time a critical part of their assessment criteria when choosing an ISP.

At which point, like it or not, he may find himself in a commercial race-to-the-bottom - competing on log time AND price.

Or, he may find that maintaining his current stance on 90 days in the face of competition offering zero logs, gets rid of a large majority of his high-bandwidth unlimited customers to the competition.


Heave Steve, for the good of the country
reply to TSI Marc

I wanted to bring something to your attention about logs & retention.

There is a new-ish company called Silent Circle

Its founders are people whose technical accomplishments are deserving of immense respect:
Phil Zimmermann, inventor of PGP, co-founder of PGP Corporation, and a whole lot more
Jon Callas, Co-founder of PGP Corporation, Creator Apple’s Whole Disk Encryption, PGP Universal Server, SCIMP
both of whom have built their careers on protecting people's privacy.

Their law/compliance section is here
and in it they state:

We retain the following information as part of our normal business functions:

Authentication information — your user name and hashed password. We hash passwords with a twelve-character random salt and 20,000 iterations of HMAC-SHA256 via PBKDF2.
Your contact email address.
Your Silent Phone number that we issue you
Server IP Logs for login only. We currently retain these for 7 days, and are working to reduce this to 24 hours

Our Credit Card processor Stripe holds the customer credit card data--not us. We wanted it this way for greater customer security.

We are a law-abiding company, and US law (the Communications Assistance for Law Enforcement Act, CALEA) makes it clear that communications service providers can deliver products to their customers that use encryption to protect their communications without having the ability to decrypt those communications. This means no Government-mandated backdoors. Indeed, history has shown that backdoors created for law enforcement interception are themselves a security liability, and present an irresistible target for hackers and state sponsored attackers.

In providing this service, however, it’s also important to recognize that a small number of people will use our products and services to do unlawful, bad things. We obviously don’t want that--it hurts everyone, but we know it will happen. Various law enforcement agencies will therefore make demands, on a case by case basis, that we disclose existing subscriber data, and preserve data that we would not normally keep. Such legal demands are inevitable and come with the territory. We must and will comply with valid legal demands for the very limited information we hold. Thus, we want to make it clear that when legally compelled to do so, we will turn over the little information we hold, described above. Before turning it over, however, we will evaluate the request to make sure it complies with the letter and spirit of the law. And, consistent with best privacy practices followed by other companies, when possible and legally permissible, we will notify the user in order to give him or her the opportunity to object to the disclosure.

We believe that the general public and policy makers benefit from transparency regarding the scale of law enforcement requests for subscriber data. We will therefore follow the lead of other privacy-minded companies in posting aggregate reports online that detail the number of requests we have received, from whom, and how many customers were affected. We will clearly post this information on our website every 6 months or sooner.

On their Privacy page
they state:

Our servers generate log files that contain IP addresses. Typically we hold log files for seven days. However, as part of network maintenance, we may need to hold anonymized extracts for slightly longer. We will delete these files as soon as they are no longer required.

In many respects, TSI's policies and Silent Circle's match well, but in some there are differences. You and I have had discussions about log retention, and while I understand the differences between Silent Circle's raison d'etre & TSI's - and of the reason why there is a difference in log retention, I still urge you to reduce your log retention to the bare minimum you can possibly live with.


reply to TSI Marc
Hi gang, I was looking allover the place what information TSI stores in its logs and could not find it. Too many posts I guess. Could someone remind what exact information TSI stores in its logs? Does TSI store URLs that users are visiting? Contents (file name, file size, URL) of downloads? What exactly is logged?


Heave Steve, for the good of the country
Date, time, IP address assigned, your login ID


Kitchener, ON
reply to TSI Marc
For what it's worth, I personally am not fond of any type of log retention other than what is necessary for informational purposes (like usage statistics, etc) and for the purposes of service delivery.

I completely agree with the concept of keeping such informational logs (like usage) for a 180 day period, however I can't help but be a little uneasy about anything beyond that. In my opinion, the logging of more in-depth usage such as sites visited, DNS requests, files downloaded, etc. is just as much a gross violation of personal privacy as Telus' policy to keep logs of every text message ever sent or received from your cell phone.

Don't get me wrong though... I do NOT support criminal activity such as that mentioned in the OP, however, I do not believe that this justifies a potential breach of privacy for the rest of us. Unfortunately, I have seen and experienced just how far such logs can be used to destroy an innocent person when they fall into the hands of the law. As such, it is my opinion and personal belief that log keeping beyond the 90-day period, or log keeping of a nature that creates a potential to be used either for extortion or for defamation is a gross violation of FIPPA (aka R.S.O. 1990, c. F.31) s.21(1) (f). That being said however, it also outlines the extenuating circumstance factor in sub section b of the same clause.

It reads:
A head shall refuse to disclose personal information to any person other than the individual to whom the information relates except,
(b) in compelling circumstances affecting the health or safety of an individual, if upon disclosure notification thereof is mailed to the last known address of the individual to whom the information relates;
(f) if the disclosure does not constitute an unjustified invasion of personal privacy.
In the case of an allegation of attempted suicide or child molestation, I completely agree that this would be a justified invasion of personal privacy, particularly when a reasonable ground can be established. In such cases, it would stand to reason that there must be some sort of physical evidence to support the claim. Anything other than an extreme situation like a suicide claim, death threat, bomb threat, act of terrorism or conspiracy to commit an act of terrorism, or a threat to public safety just does NOT constitute a "reasonable" invasion of privacy.

One can also reasonably conclude from this that the simple existence of such records beyond what is absolutely necessary for the delivery of service impedes on the consumer's rights as defined in the Canadian Charter of Rights and Freedoms s.8 where it states:

8. Everyone has the right to be secure against unreasonable search or seizure.
Just my 2 cents worth. Take from it what you will, but perhaps this may give you a bit of an idea where a lot of people are coming from.


reply to MaynardKrebs
said by MaynardKrebs:

Date, time, IP address assigned, your login ID

Did you submit a formal request to see any and all data stored in association with your account, and/or what they can see in real time?

Care to paste?


reply to jsmaster
said by jsmaster:

Lol total BS

There is no law nor any obligations for an ISP to keep logs files.

Without logs, ISPs who have usage-based billing would be unable to defend themselves when people dispute usage bills since they no longer have detailed records of that usage ever occurring for double-checking.

So they may not have obligations to external parties but they may have some obligations to themselves.

Heave Steve, for the good of the country
reply to shrug
said by shrug :

said by MaynardKrebs:

Date, time, IP address assigned, your login ID

Did you submit a formal request to see any and all data stored in association with your account, and/or what they can see in real time?

Care to paste?

I'm taking Marc at his word, and so far it's pretty good, AFAIK.