dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
22

TSI Marc
Premium Member
join:2006-06-23
Chatham, ON

TSI Marc to m3chen

Premium Member

to m3chen

Re: Discussion about log retention

said by m3chen:

@TSI_Marc / All:

Here's a question for you / the judge of the current court case, as a result of this lawsuit against the un-named does, wouldn't it be possible under PIPEDA for users to send in a request to TekSavvy to see and have their private information be removed from such logs?

I / every TekSavvy customer (any ISP really) could request that their individual IP be deleted from such logs or databases because it contains data that could be used for other purposes other than what it was originally intended for (i.e. technical support vs potential court liability) and could be incorrect based on what TSI encountered in terms of its technical problems while gathering data for Voltage. This would be based on the fact that PIPEDA does allow for us (all teksavvy / other ISP customers) to request this to be done and since there were inaccuracies in the information gathering process for the trial which resulted in people being falsely notified.

Please do comment on this as I would be interested in creating a document that could be sent in every 90 days to request not only to see my data but have it corrected / removed if it did not meet PIPEDA guidelines.

BTW for those interested; PIPEDA defines IP addresses as being a part of personal information:

snippet of PIPEDA
"Your personal information includes your...

• name, race, ethnic origin, religion, marital status, educational level
• e-mail address and messages, IP (Internet protocol) address
• age, height, weight, medical records, blood type, DNA code, fingerprints, voiceprint
• income, purchases, spending habits, banking information, credit/debit card data, loan or credit reports, tax returns
• Social Insurance Number (SIN) or other identification numbers."


Snippet of "Your rights under PIPEDA"

PIPEDA requires private-sector organizations to collect, use or disclose your personal information by fair and lawful means, with your consent, and only for purposes that are stated and reasonable.

They’re also obliged to protect your personal information through appropriate security measures, and to destroy it when it’s no longer needed for the original purposes.

You have the right to expect the personal information the organization holds about you to be accurate, complete and up-to-date. That means you have a right to see it, and to ask for corrections if they got it wrong.

If you think an organization covered by PIPEDA is not living up to its obligations, you should try to address your concerns directly with the organization. If that doesn’t work, you have the option of lodging a complaint with the Privacy Commissioner.

Not avoiding this thread as mentioned previously..

I think this is your question:

"Here's a question for you / the judge of the current court case, as a result of this lawsuit against the un-named does, wouldn't it be possible under PIPEDA for users to send in a request to TekSavvy to see and have their private information be removed from such logs?"

Without going into details, the very short answer is: no.

Once this is all done, I'll gladly talk about these things more openly. I'd rather stay the course for now, It's the course that best serves those alleged of infringement IMHO.
funny0
join:2010-12-22

funny0

Member

said by TSI Marc:

said by m3chen:

@TSI_Marc / All:

Here's a question for you / the judge of the current court case, as a result of this lawsuit against the un-named does, wouldn't it be possible under PIPEDA for users to send in a request to TekSavvy to see and have their private information be removed from such logs?

I / every TekSavvy customer (any ISP really) could request that their individual IP be deleted from such logs or databases because it contains data that could be used for other purposes other than what it was originally intended for (i.e. technical support vs potential court liability) and could be incorrect based on what TSI encountered in terms of its technical problems while gathering data for Voltage. This would be based on the fact that PIPEDA does allow for us (all teksavvy / other ISP customers) to request this to be done and since there were inaccuracies in the information gathering process for the trial which resulted in people being falsely notified.

Please do comment on this as I would be interested in creating a document that could be sent in every 90 days to request not only to see my data but have it corrected / removed if it did not meet PIPEDA guidelines.

BTW for those interested; PIPEDA defines IP addresses as being a part of personal information:

snippet of PIPEDA
"Your personal information includes your...

• name, race, ethnic origin, religion, marital status, educational level
• e-mail address and messages, IP (Internet protocol) address
• age, height, weight, medical records, blood type, DNA code, fingerprints, voiceprint
• income, purchases, spending habits, banking information, credit/debit card data, loan or credit reports, tax returns
• Social Insurance Number (SIN) or other identification numbers."


Snippet of "Your rights under PIPEDA"

PIPEDA requires private-sector organizations to collect, use or disclose your personal information by fair and lawful means, with your consent, and only for purposes that are stated and reasonable.

They’re also obliged to protect your personal information through appropriate security measures, and to destroy it when it’s no longer needed for the original purposes.

You have the right to expect the personal information the organization holds about you to be accurate, complete and up-to-date. That means you have a right to see it, and to ask for corrections if they got it wrong.

If you think an organization covered by PIPEDA is not living up to its obligations, you should try to address your concerns directly with the organization. If that doesn’t work, you have the option of lodging a complaint with the Privacy Commissioner.

Not avoiding this thread as mentioned previously..

I think this is your question:

"Here's a question for you / the judge of the current court case, as a result of this lawsuit against the un-named does, wouldn't it be possible under PIPEDA for users to send in a request to TekSavvy to see and have their private information be removed from such logs?"

Without going into details, the very short answer is: no.

Once this is all done, I'll gladly talk about these things more openly. I'd rather stay the course for now, It's the course that best serves those alleged of infringement IMHO.

seeing your data as said in above is mandated marc....its like requesting medical data and costs the end user for them to prepare it for you so reasonable might mean it costs us to get a peek....

TypeS
join:2012-12-17
London, ON

TypeS

Member

I may understand this wrong but I believe there isn't much data in the logs to begin with?

The logs everyone are debating here are IP addreses and what account numbers they were assigned to at a particular time.

The account numbers then can be linked to a the information on that account (billing, address, name, etc).

The logs and the account database are two separate entities. You're asking TekSavvy to wipe you whole account information?

d4m1r
join:2011-08-25

d4m1r

Member

said by TypeS:

I may understand this wrong but I believe there isn't much data in the logs to begin with?

The logs everyone are debating here are IP addreses and what account numbers they were assigned to at a particular time.

The account numbers then can be linked to a the information on that account (billing, address, name, etc).

The logs and the account database are two separate entities. You're asking TekSavvy to wipe you whole account information?

Totally wrong. While TSI doesn't record exactly what websites you visit themselves, they do the next worst thing....Record IP assignments which enable them to pin point which customer had a specific IP at a specific time.

For example if a 3rd party (government/police/mpaa/etc) has an IP and time stamp of when that IP accessed the content (websites/download/etc), all they merely have to do is ask TSI to look into their logs TSI and can identify you. That's why they actually DO play a role in tracking which websites you visit because if a website owner gives them your IP, TSI will know you visited that website once they look you up.

I don't care how long TSI keeps logs for, as long as they are anonymous (striped of all personal/account identifiable data), INCLUDING IP -> account assignment info.

drjp81
join:2006-01-09
canada

drjp81

Member

said by d4m1r:

said by TypeS:

I may understand this wrong but I believe there isn't much data in the logs to begin with?

The logs everyone are debating here are IP addreses and what account numbers they were assigned to at a particular time.

The account numbers then can be linked to a the information on that account (billing, address, name, etc).

The logs and the account database are two separate entities. You're asking TekSavvy to wipe you whole account information?

Totally wrong. While TSI doesn't record exactly what websites you visit themselves, they do the next worst thing....Record IP assignments which enable them to pin point which customer had a specific IP at a specific time.

For example if a 3rd party (government/police/mpaa/etc) has an IP and time stamp of when that IP accessed the content (websites/download/etc), all they merely have to do is ask TSI to look into their logs TSI and can identify you. That's why they actually DO play a role in tracking which websites you visit because if a website owner gives them your IP, TSI will know you visited that website once they look you up.

I don't care how long TSI keeps logs for, as long as they are anonymous (striped of all personal/account identifiable data), INCLUDING IP -> account assignment info.

I'm not sure somone brought this up. I'm not going through 30 pages, I'm too lazy.

I'm all for privacy, but there are simple civil if not criminal accountability reasons ISPs should maintain a log of clients VS IPs. Otherwise how could they track down spammers, black hat hackers, botnets and all sorts of people with criminal intent. While it may be desirable they be, a somewhat dumb pipe, even the phone company keeps a call log and have for decades.

I doubt TSI wants to have the reputation of being a safe haven for nefarious net users.

d4m1r
join:2011-08-25

d4m1r

Member

Also wrong. Those are merely "administrative" tasks that risk the privacy of all users to make it easier for TSI to carry out those administrative tasks....

Marc has acknowledged the argument I put forward which basically states that all the reasons they claim they keep logs for now, can still be carried out tomorrow if they wanted to, even if they switched to a 0 day logging policy. In such cases, those tasks could still be accomplished AND users privacy is not put as risk. In the EU, where there are REAL consumer privacy protection laws, ISPs have switched to 0 day logging policies to protect themselves and their users and have found alternative methods to do all the things Marc stated TSI needs to keep logs for...
UK_Dave
join:2011-01-27
Powassan, ON

2 edits

UK_Dave to drjp81

Member

to drjp81
"I'm all for privacy, but there are simple civil if not criminal accountability reasons ISPs should maintain a log of clients VS IPs. Otherwise how could they track down spammers, black hat hackers, botnets and all sorts of people with criminal intent. While it may be desirable they be, a somewhat dumb pipe, even the phone company keeps a call log and have for decades."

------------------------

Hi.

Those of you following this thread since the original issue occurred know that I've been active in it. However, I've taken a back seat over the Christmas following two deaths in the family.

I also feel we are regurguating old information, to new people. We haven't progressed that much since the first hearing whilst we wait.

I CAN however contribute to the above as I was the original person who confirmed that THERE IS NO LEGAL REQUIREMENT to keep logs. The decision is taken by the ISP on grounds of their own choosing.

I checked this with the CRTC, the Office of the Privacy Commisioner, the Department of Trade and Industry, the CAIP, an SC Lawyer, and a couple more.

The answer was 100% conclusive. There is no need to keep them, and no charges could be brought against the ISP if their response to every legal warranted request was "I'm sorry, we don't have that information."

That said, Marc is within his rights as the CEO to set the level at whatever he feels is necessary to run the business the way he wants to, and I support that 100%.

Cheers,
Dave

drjp81
join:2006-01-09
canada

drjp81

Member

I was merely stating that I do not think TSI would likely want to be a pioneer in that field. It might actually ake good business sense to keep logs to filter out "bad users". So though they have no legal obligation it might still be desirable.
UK_Dave
join:2011-01-27
Powassan, ON

UK_Dave

Member

I think you might be right - I certainly wouldn't want to be. But as I've said a few times, neither do I have any desire to run an ISP.

Marc may find himself in a situation where the Voltage case shocks enough people into making Log Retention time a critical part of their assessment criteria when choosing an ISP.

At which point, like it or not, he may find himself in a commercial race-to-the-bottom - competing on log time AND price.

Or, he may find that maintaining his current stance on 90 days in the face of competition offering zero logs, gets rid of a large majority of his high-bandwidth unlimited customers to the competition.

Cheers,
Dave