dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11
share rss forum feed

Bhruic

join:2002-11-27
Toronto, ON
kudos:2
Reviews:
·TekSavvy DSL
reply to TSI Marc

Re: Discussion about log retention

There are really two issues at play here, at least from my perspective. The issue that's most directly related is how to handle the situation with companies like Voltage. My hope is that the court system will be reasonable and come to the sane conclusion that simply having an ip address is not indication of any guilt for the person to whom that ip address was assigned. If that conclusion is indeed reached, that side of things is dealt with completely.

The other side is the issue of privacy. Honestly, I can't understand where people are coming from in trying to make this a privacy issue. Privacy should protect your online activities. ISPs shouldn't (and as far as I know, Teksavvy doesn't) track what you do online. But the idea they should log what ip you were assigned for "privacy" reasons strikes me as extremely silly. How many other areas of life do you have a number assigned to you? Driver's license, SIN, health card, etc. You get a number with all of those. How many of the places that gather such information delete them in a 90 day period? None that I know of. Heck, the ones that gather my health card have a 20 year retention policy.

As long as we get decent legal protection from copyright trolls, I don't have any issue with Teksavvy keeping logs for as long as they see fit.


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

1 edit

said by Bhruic:

As long as we get decent legal protection from copyright trolls, I don't have any issue with Teksavvy keeping logs for as long as they see fit.

The problem is that just one false positive can ruin your whole day, if not your life.

I can tell you that if I were accused of d/l (which I don't do), I would sue everyone, including my ISP. The problem is that my ISP then has motive & means to 'prove' that my IP's (which I don't keep track of) are on the 'naughty' list. It's then up to me to try to 'prove' two negatives - one to the copyright troll and one to the ISP - that I didn't do it, and that ain't possible. Game, set, and match to the copyright troll, the ISP, and money out the door to leech lawyers.

In criminal law, Blackstone's formulation (also known as Blackstone's ratio or the Blackstone ratio) is the principle:
"better that ten guilty persons escape than that one innocent suffer",
expressed by the English jurist William Blackstone in his Commentaries on the Laws of England, published in the 1760s.

Or as some would otherwise know the same principle -- in the Bible (Genesis 18:23-32):
Abraham drew near, and said, "Will you consume the righteous with the wicked? What if there are fifty righteous within the city? Will you consume and not spare the place for the fifty righteous who are in it? ... What if ten are found there?" He [The Lord] said, "I will not destroy it for the ten's sake."

So Marc, you have to decide who you want to be.......
do you want to be as notorious as the Hindu 'Shiva' - "I am become Death, the destroyer of worlds",
or do you prefer to be somewhat more benign? Statistically, innocent lives will be in your hands and inevitably TSI will screw up and provide false positive information, and the longer you keep logs the larger the likelihood of that happening will be.

Marc, if you don't see that is the inevitable outcome in some cases then by all means keep all logs forever, for thou art infallible -- and you'll of course *never* suffer a single or double-bit error.

TFSnameless

join:2004-10-17
Can

said by MaynardKrebs:

This pretty much echo's my feelings on it. So long as companies like Voltage are suing everyone and everything they can, keeping logs (which certainly ma not be 100% accurate) is just inviting serious problems for your users.

Bhruic

join:2002-11-27
Toronto, ON
kudos:2
Reviews:
·TekSavvy DSL
reply to MaynardKrebs

said by MaynardKrebs:

said by Bhruic:

As long as we get decent legal protection from copyright trolls, I don't have any issue with Teksavvy keeping logs for as long as they see fit.

The problem is that just one false positive can ruin your whole day, if not your life.

Sure it can, but that's irrelevant to the point I was making. The problem with them keeping logs at this point in a single one - copyright trolls. Barring a few of the more paranoid, few people had any problem with them keeping logs of whatever length before this popped on to the radar. So if the courts can manage to squelch the current business model of the copyright troll (ie, make it either impractical or unfeasible to operate the way they are trying to), then we go back to the situation where very few people would care about the length of log retention, simply because it'd have no impact on most people's lives.

Or, to put it differently, the problem isn't the logs, it's the trolls. Get them dealt with, and the logs don't matter.

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

Agreed, to a point.

My 'response' to you was more directed at Marc - I was just using your post as a starting point.

Logs do have to be kept for legit business purposes - but just make sure that the length of time they are kept is the bare minimum. That way the probability of unintended collateral damage is kept to a minimum.


UK_Dave

join:2011-01-27
Powassan, ON
kudos:2
Reviews:
·TekSavvy DSL
·Bell Sympatico

Hey MK.

I think there's a lot of discussion to be had here. We have a few camps forming:

TYPE A: "I don't believe ISP's should keep logs, because my privacy is paramount. Full stop."

TYPE B: "I believe ISP's should keep logs to help law enforcement in life or death situations. I don't want those logs used for cases like intellectual property."

TYPE C: "All ISP's should keep logs, because unless you do something wrong you have nothing to fear."

Up until recently, the TYPE B folks have been happy in the knowledge that their data was safe, unless warranted by a court for life or death cases - and they don't mind that because they aren't committing those offences.

We're all familiar with the term Moral Hazard I would guess. To me, the moral hazard here is that if a judge opens up the logs and allows civil claims on the basis of logs, we might see polarisation of the TYPE B people into becoming either:

TYPE A: "In that case, screw logs, this is more important."
or
TYPE C: "We suck it up, because we must protect children, help the legal system with serious crime".

We then might see an ISP decide that "No logs!" is a competitive advantage, to cater to the larger TYPE A population.

We will then get many cases where this ISP is "blamed" for various cases where logs "would have helped us catch this guy earlier".

We then see the law respond with mandatory data retention.

Cheers
Dave


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

Why stop at logs?
Make DPI mandatory 100% of the time and make the ISP keep it forever.

Oh wait, that's what organizations like the NSA and CSIS are for.


UK_Dave

join:2011-01-27
Powassan, ON
kudos:2
Reviews:
·TekSavvy DSL
·Bell Sympatico

1 edit

I know - I get it.

I don't think it would suprise people to know that ISP's have PROBABLY handed over customer information to Law Enforcement without a warrant.

If the case was serious, time critical, and the stance is "we are getting a warrant but can you help now?".

I don't expect an ISP to own up to this, but I'm sure it's been done.

I'm not expressing an opinion either way on the rights and wrongs,as I said to you in the other thread when you asked me what my defence would be if I were wrongly accused.

In order to remain a TYPE B, I need to have faith that the legal system does not kill the golden goose.

A prosecution on the basis of this trolling case, would make me a TYPE A.


qewey

join:2007-10-04

1 edit
reply to UK_Dave

said by UK_Dave:

We will then get many cases where this ISP is "blamed" for various cases where logs "would have helped us catch this guy earlier".

We then see the law respond with mandatory data retention.

Except in those cases serious enough to sway public opinion towards full blown trampling of charter protected privacy rights (stuff like 911), it involves law enforcement with all the surveillance tools available to them. Not civil parties out for profit.

You can be sure the CSIS/RCMP investigating a terrorist cell wont rely on a measly log of past IP .... they will have wiretaps and DPI on everything. Actually the ISP wont even have to do anything like keeping miserable logs .... the ISP would probably be required to dump all packets to them and CSIS will have the resources to decrypt/analyze them.

The point is for really SERIOUS crimes, logs dont even matter ... you are at a whole other level.

For the rest you have to balance constitutionally protected privacy rights vs the severity/remote chances of alleged wrongdoing. And this is done in Parliament. It is NOT the job of the ISP to substitute itself and do one better than what the law requires, ESPECIALLY when doing so put the privacy of their customers at risk from for-profit extortionists.