Canadian Broadband → Re: Info: Length of time Canadian ISPs retain IP address logs

Rather than being concerned about the length of time that the ISP's carry logs, why not simply VPN your connection somewhere where this simply doesn't matter?

Thanks for the suggestion Hm, actually have been considering using a VPN although I do not bit torrent so I do not upload or share anything.
Although I do wish the papers would stop saying the present situation with Voltage is about downloading when it appears to me as usual it is the uploading/sharing that will get you into trouble.
As for the log retention it is for information only, mostly because of the rather lengthy thread with regards to Tek's 90 day retention, although some ISPs appear to keep logs for much longer periods, sort of curious which ISPs will let us know their policy. (btw I am not currently a Tek customer)

Based on the flack I got in another thread, people are concerned about mistakes being made. So VPN will help the people doing things they shouldn't be, but it won't help the innocent people wrongly accused (which, much like prison, makes up most of the population of dslr!)

because after they all get you on vpns cause your not fighting anyhting they will then require by law all encryption keys be handed over to them... that's the goal and why they are largely silent on said issue.
YOU Better smarten up cause the end of being nice and cosy to them is near.

All of them should (as peterboro pointed out). I'll contact privcom after New Years and ask some questions in regards to this and privacy policies. I didn't like what I saw from Ebox, so I'll use them as an example when I call privcom. And I'll use Start as an example for surpassing the need of data retention.

Have lots of questions that I am unsure of, so no choice but to call them and ask.

Or maybe you could use Start as an example of how a simple customer request asking about our retention policy was answered by the CEO within an hour, who was completely forthcoming with the current policy and committed to shortening that period upon review. I'd imagine that if I was on the other side of that conversation I would think it was pretty cool to see how responsive and customer-focused that company was.

Just say'n.

Oh i'm not knocking the openness on that part. Just answering people is above what a lot of other ISP's are doing, as we are seeing. But you are surely not the only one keeping data for a year. It wouldn't surprise me to see an ISP hanging on to data for even longer than this.

As I said, these will just be some examples. These aren't written complaints or anything. Just going to call for info. It's not like PIPEDA spells thing out either.

What is also troubling is that certain ISP's think that parts of their privacy policy are secret and for internal use only. Videotron did this (was in a press release), and it seems Ebox is similar but worse in many ways. So yeah I have a few ISP's I will be using as examples.

But if privcom tells me I can put these in writing as a complaint w/o being a customers of the various companies, then I will. Because Quite frankly, how are people suppose to know stuff if things are kept secret or the ISP owner refuses to answer (you are not in this boat).

Well.....yeah.....after you disparaged my baby face good looks by calling me a troll! LOL!

As you can see from all the posts, there is a pretty good business model brewing for a company that takes customer privacy to the next level. Now imagine all these people taking your industry leading privacy solution to multi-thousand member sports forums and social media. After all, that is how I learned about TSI and left Rogers after almost 2 decades.

Absolutely and I would not be surprised if the CRTC expanded their review on something like the 'wireless code of conduct' to all telecommunications providers in the future.

Yup.

Also, I just may try and involve the CRTC after new years as well as Privcom. Privcom stated on many occasions that the CRTC is just as involved in all this as they are and are in complimentary roles. Privcom also stated the CRTC has more power than they do when it comes down to the privacy aspect of telecom.

So I have a lot of questions to ask them after new years. Now it's all a matter of who I get on the phone.

Which of course would take it out of the political sphere. As a Conservative supporter, I can $cream in con$ervative ears...but absolutely vacuum in CRTC ears.

Big mistake was not limiting damages to simple loss of commercial value. I can see where someone downloaded a $5000 piece of software or an entire library of movies would pay the piper, but hardly a $1 business model to a 12 year old downloading a tune.

Of course, if the courts only award $100 damages, you can do something about that by charging $200 per IP for "administration".

Worse yet, politics being what it is, the next government will just leave it in place and blame the other guy.

Logs? What logs? We don't keep logs as it is just another server to have to maintain.

Back on topic......

That's it? All we can come up with is info on three providers?

I already told you why would an isp want to divulge this info to you voluntarily. It only empowers you. That's the last thing they want. They want you to be a sheep, part of the herd. You know..

If it gets bad enough I'll just drop off the net and use anon wifi everywhere.

Actually, according to PIPEDA, they don't have a choice in the matter. They have to not only provide the answers on how long they store your personal information, but also have to show it to you if you request them to do so.....

As promised, we have reduced our retention/automated purge process. It is now at 90 days.

Where is the one week?

This is no different from TSI so why would I or any other TSI customer change to you?

We feel that 90 days is a good balance of customer privacy, public safety and internal system / billing requirements. Sorry if you thought this was some competition to lure customers away from other ISP's because it wasn't. It is about responding to the question if a year was required, we said we could do it with less and reduced the period substantially.

Good luck with that. The CRTC proved how useless they are again last night when CBC could find the Air Duct Cleaning scammers in Karachi and they couldn't

As far as I know, Canadian ISP's aren't in Karachi, Pakistan. Again, as far as I know. Though with some of the horror stories we see here, and Ebox's non-existent privacy policy, it wouldn't surprise me

Started writing it up a couple of days ago. Matter of finding time to add more and finish up.

Sorry if you think that peoples privacy is secondary to your convenience or that 90 days is some kind of "protection" to privacy.

What you did is match TSI in order not to look bad in comparison. That's it. Nothing more. PERIOD. Stop spinning it as some kind of achievement when in fact, it's a marketing decision, NOT a privacy decision.

(Cue your "your a troll" because someone exposes your spin)

It's not a convenience factor, it's a balance.

I can understand if it's not sufficient in your personal opinion but we can't be everything to everyone and for those that feel they need further concealment beyond what their ISP can provide then there are plenty of easy options to accomplish that. Or you could start your own ISP, although you may quickly find that you have legitimate reasons for requiring logs.

Anyway, best wishes for your quest of a zero day logging ISP. Until then, there are lots of VPN providers with various different logging policies that can do what you need.

Sorry buddy, but it's not "further concealment", as if anyone who cares about their privacy has something to "conceal". it's an expectation of privacy and protection against trolls who make a living off it. To even use "further concealment" speaks volumes about your perception of privacy issues.

You decided as a MARKETING STRATEGY to match EXACTLY what TSI is doing. Fine. Be honest and say that. Don't try to spin it as some sort of "balance" when it comes to rights and expectations of privacy.

It has nothing to do with marketing, pretty sure you don't see it in publications, it's not on our web site, nor did I make a big splash about it here in DSLR. Simply, we were asked if a year was justified, we evaluated and decided a good balance was 3 months. Whether you agree with that duration or not is certainly your prerogative but all your other nonsense is just that.

You like to confuse 'privacy' with being 'anonymous' as if they are the same thing and that is what prompted my choice of the word concealment. It is obvious what your own personal agenda is and only zero day logging is acceptable to you. If we had come out with a 1-day policy I'm sure you would have said we were exploiting a marketing opportunity while still not protecting against copyright notices since their requests are generally within hours of downloading.

Despite your continued accusations, customer privacy is incredibly important to us and we have never revealed information in response to a copyright complaint. Further, customer privacy is protected by Canadian law for the benefit of subscribers. We do not collect any information about what our customers do, rather we only log what IP address was assigned to their account. The law however provides the requirement for ISP's to reveal that association under a court order and we are not above the law.

Personally I don't care in the slightest what you do or don't download, it's none of my business.

Anyway, we did what we committed to and it's a positive thing. But, undoubtedly you'll find some way to spin it into how evil we are.

Peace out.

Peter, there is no way you can reach an agreement with Who ... he has a very tweaked way of seeing life

WHO--how long a particular ISP holds these logs is completely irrelevant. It's what they do with the logs that matters. I could care less if my ISP holds my logs indefinitely, however I want them to be as scrupulous as possible and extremely critical of any requests for such logs, even one that comes from a court order.

If the request does not meet the burden outlined in PIPEDA, again even if that request is a court order, then I expect my ISP to fight the request as is their responsibility outlined again in PIPEDA. If they simply "roll over" and hand over the information, regardless of whether or not that request has merit, then they make themselves liable for violating PIPEDA.

That being said, the shorter duration that logs are kept, the better for everyone involved for if such a request is made but is past the threshold that logs are kept, then there is nothing to worry about as no potential PIPEDA or any other privacy acts have a chance to be violated because there is no information on record. IE, a short retention span not only protects the customer, but also saves the ISP money and could also help the ISP avoid landing themselves in court on a class action for violations of the Privacy act.

Take Teksavvy, for example. What do you think would happen if all 2000 customers turned around and sued Tek because the request for their information is without merit? What do you think would happen if suddenly the government received 2000 complaints for violation of the privacy act on both a federal and provincial scale? I think this is something that all ISP's need to consider. They are also jeopardizing themselves when they willingly turn over private customer information from a request that does not meet the guidelines outlined in the privacy act, regardless of the source of such request.

EDIT: Just because a judge issues a court order, does not mean that the judge is right, which is why there is a system in place to challenge court orders. If a judge is wrong and a person/company complies with the request and then later that request is overturned, said company can then (possibly) be held liable. In this case that liability would be for violating the privacy act, a very serious offense.

I've seen people say this in the teksavvy forum... that is, they will sue.

It's all blabbing.

Canadian courts, especially those in Ontario, have already shot down lawsuits in relation to privacy if they can't show any actual and real harm. You can see this on both Privcom and Geists site, a well as google these things.

A privacy breach alone gets you nothing. Zip. Nadda. This isn't the states where a privacy breach lands you a million dollars. Here in Canada you get zero and the case tossed.

But it does make me wonder if getting the voltage extortion letter, or being brought to court and sued by voltage and if you are deemed innocent of this copyright crime, if this would be considered "harm".

There would definitely be real financial harm and mental/physical/emotional/family harm in all that. And you would have to show this and prove it, or you get nothing. That's the way the courts here work in regards to privacy breaches, to date.

I'd have to mostly agree on a single case, however if 2000 cases flooded the court all at once, there might be a different story. But alas, maybe filing suit would not be the way to go, maybe lodging 2000 complaints with the privacy commissioner for violation of PIPEDA (which this is, BTW) would be the better avenue. There has to be something that can be done. If Teksavvy, who claims to hold their customers privacy near and dear, cannot even follow a few simple guidelines laid out in PIPEDA, either that or are choosing to ignore them, then there must be a way to hold them accountable.

As per the guidelines, a company that is requesting the information has to have an intent to sue. The sheer number of cases here (2000) shows immediately that Voltage has no intention of suing all 2000 account holders. The costs of lawyers, investigators, etc for 2000 cases would damn near bankrupt a small company such as Voltage. They do not have the right to the information.

In order to request this information they have to have to show proof that they are asking for the correct person's private information. It has already been shown that Voltage's IP information is incorrect and flawed.

Just on these 2 accounts alone, the request for the information should be turned down and staunchly refused. It is Teksavvy's duty, bound by PIPEDA, to scrutinize, challenge and, if necessary, fight against any request for customer's private information if the conditions laid out in PIPEDA are not met, regardless of the source of the request.

While Marc has always seemed to be genuine on these forums and willing to help out anyone who needs it, the spin he using saying that it is not his duty to fight on the customers behalf in this type of lawsuit, is almost laughable. No one is asking him to fight a copyright infringement case on their behalf. We haven't even gotten to that point yet. It is his duty to protect his customers privacy as outlined in PIPEDA and he has a responsibility, actually he is legally bound to fight for his customers on that front.

So Marc, and any other ISP out there reading this, this case at this point is not about piracy just yet, it is about PRIVACY. If you truly do care about your customers PRIVACY, and don't want them leaving in droves, I would suggest that today, you get your lawyer into court and challenge this nonsense request for information and fight it every step of the way. If an appeal is needed on the original court order to over-turn it, then that is what you are obligated to do for not only the good of your customers but also for the good or your company and it's reputation.

I guess the question is does Teksavvy want to retain it's image as a customer-focused and driven company or does it want to forever be known as the company that had an obligation to defend it's customer's privacy but didn't follow through?