dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16213
share rss forum feed


dillyhammer
START me up
Premium,MVM
join:2010-01-09
Scarborough, ON
kudos:10
Reviews:
·WIND Mobile
·Start Communicat..
reply to TSI Marc

Re: Discussion about log retention

7 days. Tops.

(Though my inner-anarchist is screaming 0 days)

And for what it's worth, which 1 (or more) of the 2300+ people being sued by Voltage is going to make TSI a party to the action and/or bring suit for violating their privacy by keeping logs and releasing their info. Because that surely is going to happen.

Mike



XP

@teksavvy.com
reply to TSI Marc

2 weeks just like Sonic


kabes

join:2010-05-14
Kitchener, ON
Reviews:
·TekSavvy Cable
reply to TSI Marc

Some of the arguments for keeping longer logs are the same ones people use for further regulation of the Internet and more public surveillance or a "guilty until proven innocent" attitude that seems all too common nowadays.

What other freedoms should we give up because there is pedophiles out there? I can't be the only one sick of hearing that Vic Toewes, black and white argument.

Voltage seeing regular folk as a significant revenue source are what makes them trolls. Stop enabling them. There are other methods for IP owners to protect their content, by going after the sources, just like back in the day when they went after people who sold counterfeit VHS for profit instead of friends sharing movies. I won't even go into the countless studies showing pirates as the ones who actually buy more music, etc. than non pirates or how much Netflix has reduced it (because its more convenient than pirating for a reasonable price).

I understand not wanting to be seen as a haven for wrong-doers but 90 days seems more than sufficient to me because it sounds like it would handle all emergency or crime in progress cases. If you kept logs for years those could seriously be abused.


HeadSpinning
MNSi Internet

join:2005-05-29
Windsor, ON
kudos:5

said by kabes:

I understand not wanting to be seen as a haven for wrong-doers but 90 days seems more than sufficient to me because it sounds like it would handle all emergency or crime in progress cases.

The phone company keeps your call detail records for longer than 90 days for billing purposes. The information retained by ISPs is very much like phone call billing data. It contains your source IP address, user identification, time and duration of the session, as well as the quantity of data transferred.

It does not contain the actual data, nor what sites you visited - so in that respect, it contains LESS information than a phone call record which does include the destination of your call.
--
MNSi Internet - »www.mnsi.net


TwiztedZero
Nine Zero Burp Nine Six
Premium
join:2011-03-31
Toronto, ON
kudos:5
reply to dillyhammer

said by dillyhammer:

7 days. Tops.

(Though my inner-anarchist is screaming 0 days)

And for what it's worth, which 1 (or more) of the 2300+ people being sued by Voltage is going to make TSI a party to the action and/or bring suit for violating their privacy by keeping logs and releasing their info. Because that surely is going to happen.

Mike

TSI is allready covered for this eventuality in the Terms of Service and the User Agreement Policy. And they won't violate that without a court order.

Once a court order is successfully obtained then its out of TSI's hands. Obligations are covered from a legal standpoint. After that its just a matter of how long TSI has to turn over the subscriber information, and at what cost if any that TSI might enact to do so, I don't expect them to do it for free.

I am however, optimistic that the Judge that oversee's this motion denies voltage their court order.

What happens after Monday is anyone's guess.

Sooner or later I'm sure there will be more spectulative invoicing attempts. I just wish Canada would enact legislation outlawing this detestable practice all together, and put an end to it entirely.
--
IF TREE = FALL AND PEOPLE = ZERO THEN SOUND = 0
Nine.Zero.Burp.Nine.Six
Twitter = Twizted
Chat = irc.teksavvy.ca

kabes

join:2010-05-14
Kitchener, ON
Reviews:
·TekSavvy Cable
reply to HeadSpinning

said by HeadSpinning:

said by kabes:

I understand not wanting to be seen as a haven for wrong-doers but 90 days seems more than sufficient to me because it sounds like it would handle all emergency or crime in progress cases.

The phone company keeps your call detail records for longer than 90 days for billing purposes. The information retained by ISPs is very much like phone call billing data. It contains your source IP address, user identification, time and duration of the session, as well as the quantity of data transferred.

It does not contain the actual data, nor what sites you visited - so in that respect, it contains LESS information than a phone call record which does include the destination of your call.

I never implied that it did and I do understand the logs. It doesn't stop people from asking the ISP "who was using this IP address at this time"

UK_Dave

join:2011-01-27
Powassan, ON
kudos:2
Reviews:
·TekSavvy DSL
·Bell Sympatico

3 edits
reply to TSI Marc

Good morning, Marc.

Thanks for keeping such an open dialogue.

We have confirmed that ALL record keeping is voluntary, and that lack of logs in the face of a warrant would have zero legal impact.

I made a post some days ago regarding log accuracy, and whether the logs you keep are accurate enough to be the SOLE determining factor in the guilt or innocence of a user in the face of an accusation of this kind.

Do you believe they are? Others people in that thread had reasons to believe that such logs are not 100% accurate - in fact, not even close to that number. I have never run an ISP, I don't know.

In the face of serious crimes, where the Law comes to you for a lookup, the chances are they are either looking for a starting point, or are looking for corroborating evidence.

The chances of a murder, child porn, rape, abduction or similar often-quoted criminal case hinging on an IP address and nothing else is highly unlikely. Even non-geographic crimes such as child porn, are followed up by a property warrant and the seizure of equipment such as hard drives.

We seem to be caught in the usual issue of protection versus privacy.

If you were to provide the information to the court, with a proviso on accuracy, it might be interesting. After all, there is no reason why you have to even have logs by law, let alone the need for them to be 100 per cent accurate for mass trawler-net lookups.

Even if disclosure was still enforced, the day in court for the individual could be a lot easier.

All the best.
Dave.


Funky_

join:2004-06-05
Canada
Reviews:
·TekSavvy DSL

Excellent point UK_Dave. Doesn't Voltage need to prove that every single line of code from the users computer to the software that writes the logs at TekSavvy is completely accurate?

As a web developer I don't believe it is possible to say with 100% certainty that no mistakes can occur along this path. How can a judge do it?



hm

@videotron.ca
reply to HeadSpinning

said by HeadSpinning:

The information retained by ISPs is very much like phone call billing data.

It does not contain the actual data, nor what sites you visited

This is not true for all ISP's.

Cogeco, for example, keeps logs of everything you do, everything you say, every place you go, every thing you download, Everything.. for 30-days minimum. This can be found in the Cogeco forum (I transcribed it from the hearings to there), and the Privacy Commissioners DPI funded website run by Parsons.

This was stated at the CRTC DPI hearings when it was revealed for the first time that Cogeco throttles and DPI's you 24/7.

So not all ISP's are equal like that statement you made.

Just an FYI. Nothing more.

buttaknife

join:2007-06-01
reply to TSI Marc

Yesterday, I would have said 30 days would be fine. But as of Marc post today about not stepping up to bat.... it should be 0 days. I don't trust TekSavvy much anymore.


UK_Dave

join:2011-01-27
Powassan, ON
kudos:2
Reviews:
·TekSavvy DSL
·Bell Sympatico

2 edits
reply to Funky_

said by Funky_:

Excellent point UK_Dave. Doesn't Voltage need to prove that every single line of code from the users computer to the software that writes the logs at TekSavvy is completely accurate?

As a web developer I don't believe it is possible to say with 100% certainty that no mistakes can occur along this path. How can a judge do it?

Actually, I'm not sure it would have to be that stringent. But certainly, in a situation where the operator of the logs is agreeing with the defendant in front of a judge, and there is no come back because the logs are held voluntarily for mainly internal purposes - why not indeed?

EDIT: If I was personally involved in this case, I would be:

1. Prior to disclosure, I would ask the Judge on Monday to consider the chance that the privacy of an innocent customer might be breached on the basis that the logs may be wrong. Is there corroborating evidence?

2. If disclosure was granted immediately, and regardless - I would be bringing in TSI to give testimony at my trial re: the log accuracy.

3. Finally - and for what it's worth I think this will be the end game - I would be stating that I operate open WIFI, or operate WEP on my router because of legacy hardware. I also have friends of my kids over every weekend. Oh, and no your Honour, I don't keep any data logs on my router. Not for 30 days, not for 1 day.

I don't believe getting into technical arguments about whether dloading is uloading, or piracy is fair/ is not fair, with a judge is a smart move.

The simpler you make it for them, the better.

Cheers
Dave


Nagilum
Premium
join:2012-08-15
Kitchener, ON
Reviews:
·TekSavvy Cable
reply to TSI Marc

I'm not sure what sort of database interconnectivity exists at TSI, but if the usage logs were stored by customer instead of by IP address (ie. cross-reference the IP data with the customer data in real time to make the logs, but don't save the IP address component of that data), that should provide TSI with all of the usage and support info it requires while still protecting its users' privacy from blind third party IP requests.
--
"The Net interprets censorship as damage and routes around it." - John Gilmore, 1993


BrianON

join:2011-09-30
Ottawa, ON
Reviews:
·TekSavvy Cable

said by Nagilum:

I'm not sure what sort of database interconnectivity exists at TSI, but if the usage logs were stored by customer instead of by IP address (ie. cross-reference the IP data with the customer data in real time to make the logs, but don't save the IP address component of that data), that should provide TSI with all of the usage and support info it requires while still protecting its users' privacy from blind third party IP requests.

Would be useless in responding to complaints or emails to the abuse addresses for the ISP that owns an IP address block that IP address XXX.XXX.XXX.XXX is doing something that needs to be actioned like spamming.

mlord

join:2006-11-05
Nepean, ON
kudos:13
Reviews:
·Start Communicat..
·TekSavvy Cable
reply to TSI Marc

said by TSI Marc:

Some of the factors for that were related to potential disputes but also for monitoring usage trends over time but that can be achieved without keeping IP addresses.

I don't want you keeping logs at all.
But given you're not open to that idea, here's my next best offer: Keep the current ip/GB logs for 30-days, MAXIMUM. Or one billing cycle, perhaps.

After 30-days, drop the IP addresses from the logs, but keep the GB counts against CID's, perhaps just adding them to an ongoing tally, or keeping them separate. That helps you with usage/billing issues, without getting too personal about IP addresses. This data can be kept for as long as you think you need it for, say 90-days.

Gruesome

join:2007-10-18
Milton, ON
reply to TSI Marc

I don't see why more than 1 week would be needed, anything more than that couldn't be considered an emergency.
Criminals are more and more using vpn services so I don't see the point here either.


HeadSpinning
MNSi Internet

join:2005-05-29
Windsor, ON
kudos:5
reply to hm

said by hm :

said by HeadSpinning:

The information retained by ISPs is very much like phone call billing data.

It does not contain the actual data, nor what sites you visited

This is not true for all ISP's.

Cogeco, for example, keeps logs of everything you do, everything you say, every place you go, every thing you download, Everything.. for 30-days minimum. This can be found in the Cogeco forum (I transcribed it from the hearings to there), and the Privacy Commissioners DPI funded website run by Parsons.

This was stated at the CRTC DPI hearings when it was revealed for the first time that Cogeco throttles and DPI's you 24/7.

So not all ISP's are equal like that statement you made.

Just an FYI. Nothing more.

Please cite a reference, and provide links. I find it difficult to believe that Cogeco has enough online or nearline storage to keep 30 days of all data that flows through their network.
--
MNSi Internet - »www.mnsi.net


dillyhammer
START me up
Premium,MVM
join:2010-01-09
Scarborough, ON
kudos:10
Reviews:
·WIND Mobile
·Start Communicat..
reply to TwiztedZero

said by TwiztedZero:

TSI is allready covered for this eventuality in the Terms of Service and the User Agreement Policy. And they won't violate that without a court order.

Once a court order is successfully obtained then its out of TSI's hands. Obligations are covered from a legal standpoint.

Obligations are covered when a court rules that obligations are covered, and not one second before.

I did not say that the eventuality is that TSI is held liable for releasing the information, only that they are made a party to an action for keeping the logs to begin with and then releasing the information based on a court order obtained with erroneous, borderline fraudulent evidence.

This is a big pile of shit waiting to hit the fan. I can't imagine how TSI is going to walk away from this without a few turds being launched in their direction - some of which may reach the target and stick.

For example, how long before word gets out - probably already has - that TSI aided Voltage with personal information on its clients. You think people are going to give a shit how or why TSI released that info? Nope. I'm betting many hundreds are already looking for new providers, and hundreds more looking for elegant ways out of this mess.

I'm just saying... if this were me, and my company, I'd quietly hit the delete key on those fucking logs in 3 seconds flat, respond with "sorry don't have anything" and see everyone in court.

But that's just me.

Mike
--
Cogeco - The New UBB Devil -»[Burloak] Usage Based Billing Nightmare
Cogeco UBB, No Modem Required - »[Niagara] 40gb of "usage" while the modem is unplugged

qewey

join:2007-10-04

said by dillyhammer:

I'm just saying... if this were me, and my company, I'd quietly hit the delete key on those fucking logs in 3 seconds flat, respond with "sorry don't have anything" and see everyone in court.

Which TSI could perfectly decide to do going forward since there is no legal minimum data retention period in Canada (or the US). Until that changes through further legislation, TSI could keep minimal logs or none at all and tell the extortionists to go &%*$ themselves.

law enforcement on the other have other better tools (like wiretapping) so its not like TSI would be harboring criminals by keeping no logs.

It would just be TSI taking the stance saying that "our customers fundamental privacy rights are more important to us than the rights of these copyright trolls to extort people. If you are law enforcement and have legitimate investigative purposes to look at our customers data/ip then go get a warrant to wiretap but from here on, we are not going to risk our customers rights and put them at risk of extorsion just to be convenient and have logs"

That would be the stance that loyal TSI customers would expect.


hm

@videotron.ca
reply to HeadSpinning

said by HeadSpinning:

said by hm :

said by HeadSpinning:

The information retained by ISPs is very much like phone call billing data.

It does not contain the actual data, nor what sites you visited

This is not true for all ISP's.

Cogeco, for example, keeps logs of everything you do, everything you say, every place you go, every thing you download, Everything.. for 30-days minimum. This can be found in the Cogeco forum (I transcribed it from the hearings to there), and the Privacy Commissioners DPI funded website run by Parsons.

This was stated at the CRTC DPI hearings when it was revealed for the first time that Cogeco throttles and DPI's you 24/7.

So not all ISP's are equal like that statement you made.

Just an FYI. Nothing more.

Please cite a reference, and provide links.

Out of Cogeco's mouth themselves during the hearings, which, by the way, the MP3's are in this very Teksavvy forum that you an search for yourself.

However, here is what was transcribed that day as it came out of Cogeco's mouth (and within the MP3 you can find in this forum):

"Cogeco just said they throttle and check your packet payloads 24/7"

Then they stated:

CRTC said: They (Cogeco) is retaining data (on you?)

CRTC: How long:

Cogeco: 30 days.

Raises issues (as a minimum):

1. Cogeco looking inside the packet payload (equivalent to opening your Canada post snail mail to peek at whats inside)

2. Keeping this data that they illegally peeked at for 30-days (as a minimum).


Transcription as it happened and came out of Cogeco's mouth:
»Cogeco's throttle and DPI-Discussed

The CRTC then stated (as will be heard if you check the MP3's in this very forum) they are awaiting for Cogeco customers to complain and they will take the issue up. But as far as I know, no customer from Cogeco ever did, when they should have.

So no, not all ISP's are the same, as you were stating.

Neo

join:2012-03-16
reply to TSI Marc

I don't even think this should warrant a discussion. After what happened recently and what is bound to happen soon, how do you think TekSavvy's image and reputation will be affected? How many customers will you lose over these recent lawsuits and log retention decisions?

The only way for you to restore hope in you as a company would obviously to not have any logs at all.

If you think about it, the pros far outweighs the cons. Imagine the amount of profit you would make by making such an announcement. There's a lot of people out there who values privacy. Imagine the amount of new subscribers you would get JUST by changing your policy to not keep any logs.

The choice should be obvious at this point. Do you want to keep on being Internet whiteknights, or fight for you customer's privacy and ultimately profit from this?


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

1 recommendation

reply to TSI Marc

said by TSI Marc:

If, as an extreme, we were to keep no logs at all, what happens when you get a call indicating an anonymous user just made a post suggesting they were going to kill themselves, or harm people in their workplace, etc.? And how well would it play if police were urgently trying to locate a victim in a case of a child exploitation crime-in-progress, but weren't able to proceed because we made it a policy not to keep logs, largely in order to protect customers from copyright claims.

NONE of that *is* your job ...... not even on the 'what if' case. Nor is it your responsibility as a citizen or service provider. Nor is it even ethically the case.

qewey

join:2007-10-04
reply to Neo

said by Neo:

I don't even think this should warrant a discussion. After what happened recently and what is bound to happen soon, how do you think TekSavvy's image and reputation will be affected? How many customers will you lose over these recent lawsuits and log retention decisions?

The only way for you to restore hope in you as a company would obviously to not have any logs at all.

If you think about it, the pros far outweighs the cons. Imagine the amount of profit you would make by making such an announcement. There's a lot of people out there who values privacy. Imagine the amount of new subscribers you would get JUST by changing your policy to not keep any logs.

The choice should be obvious at this point. Do you want to keep on being Internet whiteknights, or fight for you customer's privacy and ultimately profit from this?

+1

but fighting for your customer's privacy and protecting them from copyright trolls actually makes you the whiteknight ...

qewey

join:2007-10-04
reply to MaynardKrebs

said by MaynardKrebs:

said by TSI Marc:

If, as an extreme, we were to keep no logs at all, what happens when you get a call indicating an anonymous user just made a post suggesting they were going to kill themselves, or harm people in their workplace, etc.? And how well would it play if police were urgently trying to locate a victim in a case of a child exploitation crime-in-progress, but weren't able to proceed because we made it a policy not to keep logs, largely in order to protect customers from copyright claims.

NONE of that *is* your job ...... not even on the 'what if' case. Nor is it your responsibility as a citizen or service provider. Nor is it even ethically the case.

Exactly ! none of the logs are required by law. But they want to be Politically Correct and suck up to law enforcement/CRTC I think.

But thing is they can keep no logs and still win the PR war if they presented/spin the case in the right light. Question is do they want to put in the effort to do it. I think just the increased business they would get from being know as a pro-privacy, pro-consumer ISP would make the effort worthwhile and thats not even counting the boost to their brand.

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

1 edit
reply to Bhruic

said by Bhruic:

As long as we get decent legal protection from copyright trolls, I don't have any issue with Teksavvy keeping logs for as long as they see fit.

The problem is that just one false positive can ruin your whole day, if not your life.

I can tell you that if I were accused of d/l (which I don't do), I would sue everyone, including my ISP. The problem is that my ISP then has motive & means to 'prove' that my IP's (which I don't keep track of) are on the 'naughty' list. It's then up to me to try to 'prove' two negatives - one to the copyright troll and one to the ISP - that I didn't do it, and that ain't possible. Game, set, and match to the copyright troll, the ISP, and money out the door to leech lawyers.

In criminal law, Blackstone's formulation (also known as Blackstone's ratio or the Blackstone ratio) is the principle:
"better that ten guilty persons escape than that one innocent suffer",
expressed by the English jurist William Blackstone in his Commentaries on the Laws of England, published in the 1760s.

Or as some would otherwise know the same principle -- in the Bible (Genesis 18:23-32):
Abraham drew near, and said, "Will you consume the righteous with the wicked? What if there are fifty righteous within the city? Will you consume and not spare the place for the fifty righteous who are in it? ... What if ten are found there?" He [The Lord] said, "I will not destroy it for the ten's sake."

So Marc, you have to decide who you want to be.......
do you want to be as notorious as the Hindu 'Shiva' - "I am become Death, the destroyer of worlds",
or do you prefer to be somewhat more benign? Statistically, innocent lives will be in your hands and inevitably TSI will screw up and provide false positive information, and the longer you keep logs the larger the likelihood of that happening will be.

Marc, if you don't see that is the inevitable outcome in some cases then by all means keep all logs forever, for thou art infallible -- and you'll of course *never* suffer a single or double-bit error.

TFSnameless

join:2004-10-17
Can

said by MaynardKrebs:

This pretty much echo's my feelings on it. So long as companies like Voltage are suing everyone and everything they can, keeping logs (which certainly ma not be 100% accurate) is just inviting serious problems for your users.

John2086

join:2012-03-09
reply to TSI Marc

quote:
If for example they were needed to identify a situation that was urgently required for reasons of danger to health, life, public safety, etc. If, as an extreme, we were to keep no logs at all, what happens when you get a call indicating an anonymous user just made a post suggesting they were going to kill themselves, or harm people in their workplace, etc.?
Urgently required? Are you telling me that if I make a complaint that someone using your service made a suicide threat on my forum, that you would be required by law to fork over the necessary info within a matter of minutes or hours?

quote:
ISPs that adopt very short term log retention (or no log retention) risk becoming havens for people that intend to break the law.
It may or may not be. But even if it did, you would be in no position to judge given the fact that (1) no logs were kept, and (2) the law wouldn't hold you responsible.

All this seems more like a personal ethical dilemma. Or is it more like a concern for how you guys will look?

quote:
After that we get into disputes for services rendered. Many times, we use logs to show that the connection was used or not. So it helps to have logs to show this. After that we have usage concerns.. How much usage and in what time frame... But that's only true for accounts that are not unlimited.
This seems to be the only legitimate reason (i.e., technical support). But even then, couldn't you guys give the option for some people to opt out? Maybe for an extra fee? Maybe give it as an option for those who have unlimited accounts?

You guys are a small business that needs to stay on the cutting-edge against the big internet service providers. Offering the option of keeping no logs is a potentially lucrative business opportunity for you guys.

Bhruic

join:2002-11-27
Toronto, ON
kudos:2
Reviews:
·TekSavvy DSL
reply to MaynardKrebs

said by MaynardKrebs:

said by Bhruic:

As long as we get decent legal protection from copyright trolls, I don't have any issue with Teksavvy keeping logs for as long as they see fit.

The problem is that just one false positive can ruin your whole day, if not your life.

Sure it can, but that's irrelevant to the point I was making. The problem with them keeping logs at this point in a single one - copyright trolls. Barring a few of the more paranoid, few people had any problem with them keeping logs of whatever length before this popped on to the radar. So if the courts can manage to squelch the current business model of the copyright troll (ie, make it either impractical or unfeasible to operate the way they are trying to), then we go back to the situation where very few people would care about the length of log retention, simply because it'd have no impact on most people's lives.

Or, to put it differently, the problem isn't the logs, it's the trolls. Get them dealt with, and the logs don't matter.

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

Agreed, to a point.

My 'response' to you was more directed at Marc - I was just using your post as a starting point.

Logs do have to be kept for legit business purposes - but just make sure that the length of time they are kept is the bare minimum. That way the probability of unintended collateral damage is kept to a minimum.


UK_Dave

join:2011-01-27
Powassan, ON
kudos:2
Reviews:
·TekSavvy DSL
·Bell Sympatico

Hey MK.

I think there's a lot of discussion to be had here. We have a few camps forming:

TYPE A: "I don't believe ISP's should keep logs, because my privacy is paramount. Full stop."

TYPE B: "I believe ISP's should keep logs to help law enforcement in life or death situations. I don't want those logs used for cases like intellectual property."

TYPE C: "All ISP's should keep logs, because unless you do something wrong you have nothing to fear."

Up until recently, the TYPE B folks have been happy in the knowledge that their data was safe, unless warranted by a court for life or death cases - and they don't mind that because they aren't committing those offences.

We're all familiar with the term Moral Hazard I would guess. To me, the moral hazard here is that if a judge opens up the logs and allows civil claims on the basis of logs, we might see polarisation of the TYPE B people into becoming either:

TYPE A: "In that case, screw logs, this is more important."
or
TYPE C: "We suck it up, because we must protect children, help the legal system with serious crime".

We then might see an ISP decide that "No logs!" is a competitive advantage, to cater to the larger TYPE A population.

We will then get many cases where this ISP is "blamed" for various cases where logs "would have helped us catch this guy earlier".

We then see the law respond with mandatory data retention.

Cheers
Dave


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

Why stop at logs?
Make DPI mandatory 100% of the time and make the ISP keep it forever.

Oh wait, that's what organizations like the NSA and CSIS are for.