German ISP Forced To Delete IP Logs 202
An anonymous reader writes "A German federal court decided today that T-Online, one of the largest ISPs in Germany, was obligated to delete all IP logs of a customer upon request to guarantee their privacy. From the article: 'The decision (German) does not mean that T-Online is now obliged to delete all their IP-logs, the customers first need to complain. But, if they ask T-Online to delete their IP-logs, the ISP has no other choice than to comply. A lawyer from Frankfurt already sketched a sample letter (German) to make this process easier.'"
Blurb text misleading (Score:5, Informative)
The linked webpage then recommends sueing T-Online in that case. If/Once you win that lawsuit, T-Online has no choice but to comply. This is a tad different from what the blurb here would have you believe.
(All this is based on rather strict privacy laws that require a provider not to collect any data not relevant to accounting; since IP addresses and data volume is not needed for accounting on plans with a flat fee per month, T-Online has no right to do so; they, however, save that data for 80 days.)
Re:What type of logs? (Score:5, Informative)
Re:Requests to delete server logs (Score:4, Informative)
Re:The way it should be. (Score:3, Informative)
48 for a mac.
how big is a datetime? give it 128.
30 bytes being generous.
another datetime for disconnect.
30+30+8+6 = 74bytes
why not make it a clean 100 bytes.
If you stored the connection details for every single possible ip adress in the 64bit space.
you got 4billion connections a day at 100 bytes.Thats only 400g
So the entire worlds isps would only generate 144TB of connection data a year and only if everysingle ip in the space was used and being connected everyday.
A few thousand TB is waaaaaaaaay off mate.
Re:But no privacy in the land of the free (Score:4, Informative)
Re:But no privacy in the land of the free (Score:5, Informative)
Re:The way it should be. (Score:2, Informative)
It's not true, because you haven't presented all the connection details that have to be stored. For starters, none of that information actually identifies which user it was exactly that dialed in, or what MAC or IP address was assigned to that user.
Secondly, more information about the connection has to be kept to be useful for analyzing any problems/difficulties with the service. There's really no point in just retaining merely a list of ip addresses, usernames, and times, absent the key connection parameters.
Re:Not quite as good as it looks (Score:3, Informative)
It wouldn't be the first time that the highest German court nullifies the implementation of a EU directive [bundesverf...gericht.de].
Re:But no privacy in the land of the free (Score:4, Informative)
The fear of politicians and government of being perceived as nationalist sometimes has perverse results. Here in the Netherlands we used to have a historical curriculum that identified tolerance as a key part of national identity, but the reluctance of government to prescribe historical dogma about "our ancestors" gives license to for instance schools with a majority of muslim pupils to gloss over impopular subjects like the holocaust and the eighty years' war (1568-1648), where "our protestant ancestors" are the ones being persecuted.
Teaching children about the attack by the resistance in 1943 on the population register in Amsterdam, with the intent to burn it down in order to frustrate Nazi bureaucracy, is the best way to instill respect for privacy. Reference to this event that most people know about is a powerful antidote to suggestions that "you have nothing to fear if you are innocent": it was the Dutch government that, in better days, compiled the data that allowed the Nazis to trace most jews (population register) and gave them few places to hide (cadastral maps). What to remember and what to forget is still a policy choice.
The US and continental Europe have different experiences of, and therefore perspectives on, WWII. For the US, WWII is a license to interfere militarily in perceived Nazi regimes abroad (as they did in WWII), while formerly occupied countries, and Germany itself, are busy simply not being a Nazi regime.
Re:But no privacy in the land of the free (Score:2, Informative)
Ah, nice twist by the Scientology spin doctors. Scientology is not considered to be a "religion" in Germany. Therefore there can't be any "persecution of religious minorities". They're a company with any rights and duties each other company has in Germany.
But they're also considered to be an anti-constitutional. Their goals are against our constitution. Therefore our secret services ("Verfassungsschutz") has them on their watch list, like any other suspicious anti-constitutional organsations like NPD (german neonazi party) or Al Quaida.
And I truely welcome the above actions. We once had a fascistic regime here, no need to have another one (Scientology)Re:The way it should be. (Score:5, Informative)
This case is about deleting a particular user's records. If you don't keep them, you don't have to do anything. You seem to say you'll need to create an all-encompassing tracking system so you can selctively delete the records. Just delete them all as soon as you've abstracted any information you need for billing or debugging.
Has anyone asked what the plaintiff has to hide? hope he gets cyber-stalked by a hate group
In TFA: "The court ruling is the result of a case that was initiated by Holger Voss, a 33 year old man from Münster. Voss was sued for making a sarcastic comment in an Internet forum back in 2002."
Sarcasm? Yeah, he totally deserves to be stalked and vilified by a hate group. That'll learn him not to mouth off.
Re:A question for network admins (Score:4, Informative)
reports are for events more than a week old (typically worm type reports
come fast, but spam reports are often delayed because the recipients
don't read their email every day).
We also use long-term data for trend analysis: which POP needs more or
less dialup lines, who dialed in to a POP (with how much they pay, does
the POP make financial sense), etc.
While trend analysis doesn't require IP addresses (for the most part),
the call database has a record per call that includes the IP (same
database as used for IP abuse lookups). To not retain IP addresses,
we'd have to set up a second database, second lookup interface, and some
transfer mechanism between the "with IP" and "without IP" databases.
That's a real PITA, so we don't do that.