 TSI MarcPremium,VIP
join:2006-06-23
Chatham, ON
kudos:14 | Discussion about log retention Hey all,
I've been monitoring various threads and I've noticed that many are wondering why we keep log records at all. I'd like to talk about that a bit and open it up for discussion.
Currently it is our policy to keep log files for 90 days. After that they are deleted. Leading up to this, we were planning on extending that to 6 months. Now, though, we are asking ourselves, what is the right length of time to retain logs? This request for information by Voltage has us carefully considering all aspects of this question and I think it's a good discussion to have.
Under Federal Privacy law it is a requirement to minimize the retention of personal information generally to what is reasonably required to be retained for legal or business purposes. For us this means that we keep logs to be able to enforce our own policies, troubleshoot service issues and settle disputes over charges involving usage, outages, and operation of services. Aside from that, there isn't a law that requires us to keep logs.
There are other factors though why keeping logs is important, in fact there could be a significant downside to not having log files at all.
If for example they were needed to identify a situation that was urgently required for reasons of danger to health, life, public safety, etc. If, as an extreme, we were to keep no logs at all, what happens when you get a call indicating an anonymous user just made a post suggesting they were going to kill themselves, or harm people in their workplace, etc.? And how well would it play if police were urgently trying to locate a victim in a case of a child exploitation crime-in-progress, but weren't able to proceed because we made it a policy not to keep logs, largely in order to protect customers from copyright claims. And let's be clear: while there are certainly copyright trolls who are inappropriately trying to squeeze people for damages well beyond what they might actually be able to obtain in court, there are internet users who are regularly engaging in activity that is contrary to Canadian law, copyright, defamation, hate crimes, fraud... you name it. I for one do not want to adopt retention policies driven by the objective of making it impossible for police to apprehend suspects or rights holders to enforce their legitimate legal rights.
ISPs that adopt very short term log retention (or no log retention) risk becoming havens for people that intend to break the law. Once an ISP has that kind of reputation, it will likely face even more attention from law enforcement and civil litigants, and more invasive, and potentially ex parte court orders.
I think the notion of not having any logs just doesn't make sense at all.
Ok, so, lets assume we can agree on that. Lets get back to the original question. What is the right length to retain logs?
I have to say that I'm not sure. This is why I'm initiating this as a discussion. The obvious reasons are simple.. We need them for the reasons stated above. In the case of law enforcement. In many cases its a multi month process. Over the years, our retention policy has changed and we used to have logs for a very long time. Over the last ten years, we've had police requests that were for logs over a year old. But then recently we've had one that was just a few weeks old. To me this safety factor is the most critical.
After that its a matter of the proper functioning of the business. Most things are dealt with in semi real time so a couple weeks is sufficient for most things.
After that we get into disputes for services rendered. Many times, we use logs to show that the connection was used or not. So it helps to have logs to show this. After that we have usage concerns.. How much usage and in what time frame... But that's only true for accounts that are not unlimited.
It's all a question of balance. I completely agree that TekSavvy should have a clear and considered retention policy and in fact, privacy law requires it. However, it should be established based on a thorough review of all factors, not just the potential abuse by trolls and other opportunists.
At 90 days, to my knowledge, that is already a short retention policy. Like i mentioned previously, we had planned to extend it to 6 months. Some of the factors for that were related to potential disputes but also for monitoring usage trends over time but that can be achieved without keeping IP addresses.
I leave it open for discussion.
--
Marc - CEO/TekSavvy |
|
 elitefx
join:2011-02-14
London, ON
kudos:1
1 edit | Well, English common law is based upon the age old concept of what a reasonable person, under reasonable circumstances, would do in a given situation.
This forms a sound basis for any decisions that need to be made......... |
|
| reply to TSI Marc
Personally, I think 90 days is respectable.
I would not, however, want to see it extended beyond that.
Even better, I'd prefer to see it shortened to 60 days.
Two months of logs should be enough for most, if not all, technical issues and usage/billing disputes, and it's obviously suitable for emergency legal/life & death issues.
Plus, I would think that law enforcement has the option of getting a court order to not only obtain all logs currently available, but to also have TSI provide future logs as time goes by for a specified period.
My 2¢. |
|
TSI MarcPremium,VIP
join:2006-06-23
Chatham, ON
kudos:14 | For law enforcement. It's generally a very specific time and IP they are looking for. Many times its longer than 90 days they are looking for.
--
Marc - CEO/TekSavvy |
|
Reviews:
 ·voip.ms
 ·TekSavvy Cable
| reply to TSI Marc
i think 90 days is acceptable but i think 60 days would i the ideal amount of time.
just my 2c
keep up the great work.....mark maybe make a poll
(i think if the crime was that big of a deal, (child exploitation etc etc) 2 months is more than enough time for the police to contact an isp for information.) |
|
 InssomniakThe GlitchPremium
join:2005-04-06
Cayuga, ON
kudos:1 | reply to TSI Marc
I also do 90 days. And agree that its a short retention policy. I used to have them for a year or more.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca |
|
Reviews:
·TekSavvy Cable
| reply to TSI Marc
»torrentfreak.com/how-long-does-y···-120629/
Seems to vary but it is a short list.
However, from another article...
»www.forbes.com/sites/andygreenbe···uld-too/
suggests two weeks is enough |
|
Reviews:
·voip.ms
 ·TekSavvy DSL
| reply to TSI Marc
You've made a number of convincing arguments about why it's important to keep logs. Certainly, emergencies, a crime in progress and disputes about services rendered are important. However, I'm wondering why the police would request logs from more than 90 days ago.
You seem to be very familiar with how copyright trolls operate. Sometimes they appear to obtain the correct IP address but sometimes they don't. Their methods are questionable and the amount of money they try to extort from their targets and their harassment and intimidation techniques are unacceptable.
Would you consider shortening the time from 90 to 30 days? This way, you can still respond to emergencies and crimes in progress and you would be able to have enough information to settle disputes about services rendered.
In scenarios where someone is repeatedly reporting downtime or you are contacted by law enforcement about an account, you can keep the logs from those account holders for a longer period of time while maintaining your new 30 day policy for everyone else. |
|
elitefx
join:2011-02-14
London, ON
kudos:1 | reply to TSI Marc
Just had another thought:
This log retention time limit issue is a moot point.
It cannot be considered a "Statute of Limitations". A "Get out of jail free card" so to speak. Real life situations don't work that way.
A time limit that might seem beneficial to one party may only be a disadvantage to the next.
Who can predict what chain of events would need to happen, and in what order, for any set minimum time limit to be of an advantage or disadvantage to anybody? |
|
 hm
@videotron.ca | reply to TSI Marc
The copyright extortionists will just play to whatever tune you have playing.
If you keep logs for two weeks, instead of making a mass 2500 person file-sharing lawsuit every 3 months, they will do expedited ones (like the first hurt locker case in Canada was) on a 2 to 3 week basis. In which case, as we saw in the first hurt locker case, ISP's just don't have the time to inform people, worse case scenario, as we saw with Bell.
If you keep it as is, then the story continues as is.
So in terms of copyright trolling, it just doesn't affect them. At all. The system can handle them if log retention is 3 months or two weeks.
The only losers are the people. |
|
 twizlarI dont think so.Premium
join:2003-12-24
Brantford, ON
kudos:3 | reply to TSI Marc
We rotate all logs every 30 days. Over the years we have found 30 days to be a great balance for all services we offer.
30 days has generally been plenty for any emergency type information. Most police requests we have received are generally over a year old anyways and would not benefit from us having a longer retention period of 90 days or something similar.
Lets not kid ourselves and pretend that people don't use their connections to download copyrighted material. It isn't our job to police the online activities of our users, nor will we ever spend resources and time to do so.
--
Broadline Networks Inc. |
|
ep80
join:2008-08-11
Montreal, QC | reply to TSI Marc
I understand the reasons to keep logs and they are totally legitimated in cases you specified (someone's life in danger, child protection, etc).
What I don't understand is, and this is not Teksavvy fault or whatever, but why do the copyright trolls have the same level of access to ISP logs than the police!
Ideal would be that logs would be available to the police for X months old, but copyright troll or any other entity that is not law enforcement would not have access to these logs and specially not when asking a bunch of IP identification!
At a very extend, they should be able to ask to identify 1 or 2 IP from which they identified a person who is the original content seeder and with very solid proof of it.
I think this is the kind of situation where you have to find the right balance since as of now, it wouldn't be acceptable to keep no logs at all and neither to keep them for more than few months. |
|
| reply to TSI Marc
60 days should be more then enough for 99% of cases for troubleshooting and police.
You already have the ability to narrow down which POI the IP came from with or without logs.
Better Yet:
Wipe the logs of all the IP addresses in all troll cases, and keep your 90 day or new 6 month policy :P.
Problem solved. |
|
 Txbronx cheers from cheap seatsPremium
join:2008-11-19
kudos:3
·FreePhoneLine
·Rogers Hi-Speed
·TekSavvy DSL
| reply to twizlar
said by twizlar:We rotate all logs every 30 days. Over the years we have found 30 days to be a great balance for all services we offer.
30 days has generally been plenty for any emergency type information. Most police requests we have received are generally over a year old anyways and would not benefit from us having a longer retention period of 90 days or something similar.
Lets not kid ourselves and pretend that people don't use their connections to download copyrighted material. It isn't our job to police the online activities of our users, nor will we ever spend resources and time to do so.
have to ask...for broadline networks i was a little surprised to see you using a crappy software such as whmcs...cause of that i'm not sure if what you offer is resold? odd choice decent site.
i do agree with this post though, 30 dys is good...anything more is an excuse. plenty of time for troubleshooting, police and so on.
i have to say marc im surprised you were even considering 6 months...thats nuts |
|
| I'm going to have to agree 30 days seems more than enough for emergencies. 6 months I think is a little insane. |
|
Reviews:
·Start Communicat..
·TekSavvy Cable
·Rogers Hi-Speed
| reply to TSI Marc
I think the premise of your post is incorrect....If you guys wanted to go to the no logs approach, you could do it tomorrow. Just ask any number of European ISPs how they deal with spam, billing, and other issues without logs...Its 100% technically possible but yes, some of your current procedures would obviously have to be changed.
Whether you guys want to or not, is another subject all together and it seems this topic is a formal answer, being "no". While I am disappointed in that, I'd like to remind you of all the benefits to TSI if they would adopt this approach;
1) No other ISP in Canada has such an approach currently, so for other privacy concious individuals, they'd most likely make the switch to TSI as privacy would be a key selling point.
2) Keeping no logs relieves TSI of any legal issues regarding logs, copyright notices, etc. If you guys do not have logs (which you are fully in your right to do), you cannot be held liable for anything.
3) Again, no logging would NOT create a "dark net". Do you believe it did in the case of Sonic? All they got in return for their 2 week policy was a bunch of new subscribers....If you ever did get requests for logs from law enforcement in the future lets say, it doesn't mean you don't want to hand them over...It would just mean you don't have any to hand over, even though you'd love to (logs were a legal risk so you choose to stop keeping any). This would NOT make you liable to legal action nor would you be impeding any criminal case as you wouldn't have the logs in the first place...
--
www.613websites.com ● Budget Canadian Web Design and Hosting
|
|
twizlarI dont think so.Premium
join:2003-12-24
Brantford, ON
kudos:3 | reply to Tx
We have various services, the only portion that is resold is wholesale dsl and cable products, however that is a tiny portion of our business.
What about whmcs makes it crappy to you? It is pretty good as a client management and billing solution.
--
Broadline Networks Inc. |
|
Txbronx cheers from cheap seatsPremium
join:2008-11-19
kudos:3 Reviews:
·FreePhoneLine
·Rogers Hi-Speed
·TekSavvy DSL
| said by twizlar:We have various services, the only portion that is resold is wholesale dsl and cable products, however that is a tiny portion of our business.
What about whmcs makes it crappy to you? It is pretty good as a client management and billing solution.
It's rather amature. (not you guys as a whole) just the software. As soon as i seen it i left your site. When Matt created WHMCS years ago we tried it out and thought it had great potential, years passed and it's still stuck in an old design with lackluster features for your clients.
We moved to a far more advanced billing solution (2 different ones actually). We are also a provider of services and such with 11,000 or so customers (colo, dedi servers, hosting and domains). When we moved away from WHMCS the feedback was tremendous among our users. WHMCS just isn't there yet, he user interface is really unprofessional. Great for invoicing and paying the invoices but that's as far as it goes. Design wise do some research. Decent sized businesses avoid it. Several other solutions available and for a business such as yours (after i seen your other sites which are also nice by the way), i'd make a move away from it. It really hurts the image of a business as serious as yours (yours is far more serious then mine)
Can discuss further in PM if you like but i thought it'd be a friendly FYI as my eyes popped when i seen it |
|
| reply to TSI Marc
Why don't you just turn off logging and flip them off, I don't see how this is a debate. |
|
|
|
twizlarI dont think so.Premium
join:2003-12-24
Brantford, ON
kudos:3 | reply to Tx
Eh, whmcs is really just a user portal and billing system. We have several other (free) software packages that tie in with it to provide a full suite of management capabilities. Most of the all-in-one solutions out there are far too expensive for what they provide and they aren't nearly flexible enough. We have tested most of the solutions out there and none of them really fit our needs so we mostly rolled our own, with the exception of using whmcs as a frontend and automating billing.
Anyways, we are taking this quite a bit OT now 
--
Broadline Networks Inc. |
|
