dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8
share rss forum feed


davegravy

@iasl.com
reply to TSI Marc

Re: Discussion about log retention

Crazy idea...

I've skimmed most of this thread but due to it's length this may have already been thrown out there for consideration:

Take a page out of Mega's book - you store the logs, but your clients hold the keys.

Beyond logs needed for emergency situations, encrypt log data specific to each client with a password known only to the client. If law enforcement needs access to logs relating to your client, you have plausible deniability, and they are required to use courts to compel your client to decrypt the information.

The Mongoose

join:2010-01-05
Toronto, ON
That's actually very cool/innovative. You could even have the encryption only become active after a reasonable troubleshooting window.

However, it doesn't solve a couple of the major long-term issues (no solution really does). The big one is that law enforcement would not look kindly on this sort of a behaviour by an ISP...likely leading to a push for much tighter regulations forcing ISPs to retain data. This is often why companies go beyond what is legally required of them...failure to do so often leads to extremely unwelcome changes in the law.

In the end, I would be shocked if TekSavvy or any other significant ISP decided to eliminate current logging practices or trim the window back to a couple of weeks. We are probably going to have to learn to live with it.


davegravy

@iasl.com
said by The Mongoose:

This is often why companies go beyond what is legally required of them...failure to do so often leads to extremely unwelcome changes in the law.

In my opinion, having a law spell out the requirements is better because:

a) companies like Teksavvy no longer need to concern themselves with walking a privacy-accountability tightrope. They can just follow the requirements of the law to the letter and be done with it.
b) all ISPs will be on the same playing field with regards to a)
c) the public will (should) have an opportunity to have a say in what the appropriate balance is.

I don't think the threat of a law being formed should deter ISPs from implementing a reasonable policy. Worst case, if we end up with an extreme law (like you say), Canadians will be marched that much closer to losing their tolerance with the powers that be and to taking back their country.

It's Teksavvy's prerogative in this case, of course.

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to davegravy
said by davegravy :

Take a page out of Mega's book - you store the logs, but your clients hold the keys.

Beyond logs needed for emergency situations, encrypt log data specific to each client with a password known only to the client. If law enforcement needs access to logs relating to your client, you have plausible deniability, and they are required to use courts to compel your client to decrypt the information.

Great idea.
Store each client log in a single text file per day per client.
Then have the client have the option to specify the number of days they want the log file(s) kept via a user set parameter on their MyWorld page. TSI's system then overwrites any files (35-pass Guttmann) older than the # of days set in the customer profile.

Bet you the normal number customers set == 0.