Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

German ISP Forced To Delete IP Logs 202

Posted by ScuttleMonkey
from the next-the-request-will-be-used-as-evidence dept.
An anonymous reader writes "A German federal court decided today that T-Online, one of the largest ISPs in Germany, was obligated to delete all IP logs of a customer upon request to guarantee their privacy. From the article: 'The decision (German) does not mean that T-Online is now obliged to delete all their IP-logs, the customers first need to complain. But, if they ask T-Online to delete their IP-logs, the ISP has no other choice than to comply. A lawyer from Frankfurt already sketched a sample letter (German) to make this process easier.'"
This discussion has been archived. No new comments can be posted.

German ISP Forced To Delete IP Logs

Comments Filter:
  • by rolyatknarf (973068) * on Tuesday November 07, 2006 @12:40AM (#16748203)
    There's not a chance in hell that anything like this would ever happen in the United States. I hope it works for the Germans. This is the way privacy should be treated. The people have rights.
    • Re: (Score:3, Insightful)

      by LilGuy (150110)
      If it works, I envision much spam and rooting originating from German end users' machines.
    • You should have a send a letter to request being logged.
    • ... in enough english-speaking jurisdictions in North America that library software companies arrange for their programs to only keep logs while a book is actually in the hands of a patron (think: IP address is assigned by DHCP), and discard the identifying information as soon as the book is returned, or paid for if lost.

      Non-identifying information, like "book x circulated twice this year", is retained for planning and statistical purposes.

      If one happens to do business in a jurisdiction that has such a

    • Re: (Score:2, Insightful)

      by big dumb dog (876383)
      The EU is way ahead of the US on privacy laws.
  • by Neoncow (802085) on Tuesday November 07, 2006 @12:44AM (#16748219) Journal
    Requests to delete server logs, however, will be logged.
  • by Salvance (1014001) * on Tuesday November 07, 2006 @12:44AM (#16748223) Homepage Journal
    I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have? While some other freedoms (e.g. speech,press) are more limited in countries like Germany, there appears to be a strong right-to-privacy movement backed up by the government.

    Sure, our media and government pay lip service to privacy issues, but the reality is that our government wants to increase monitoring in the name of fighting terror. Compare this story of Germany forcing the ISP to delete logs for a customer to this one [msn.com] outlining yet another argument by US officials to require ISPs to maintain even more user data.

    I'd hate to see us to become a 'surveillance society' like Britain has. Unfortunately, we seem to be quickly heading down that path, particularly since our citizens haven't yet raised up to demand greater freedom.
    • by Firehed (942385)
      We know we won't get it if we ask, so we don't bother. You don't get anywhere lying down, but at least you don't get red-flagged by asking for some privacy.
    • by foobsr (693224) * on Tuesday November 07, 2006 @02:08AM (#16748623) Homepage Journal
      some other freedoms (e.g. speech,press) are more limited in countries like Germany

      Any source? Just curious, as I am living in Germany and did not really realize.

      Also:

      Press Freedom Index 2006 [rsf.org]

      CC.
      • by Jugalator (259273) on Tuesday November 07, 2006 @03:18AM (#16748991) Journal
        He may be considering hate speech [wikipedia.org] laws, but then, on the other hand, is he considering free speech zones [wikipedia.org] in the US, and so on? I'm hesitant to call freedoms more limited in countries like Germany for this reason, especially with the actions GWB has taken in the US lately.
      • by Kokuyo (549451)
        I think your parent poster has got something mixed up. What he meant was freedom of speech. And by all means, that is limited in Germany and Switzerland as far as my little swiss mind can remember. Try stating that you think jews are subhuman and see what happens (I advise you to only do that if you don't really like your life as it is all that much...).

        Of course we could argue that such sentiments are stupid anyway, but that is clearly a matter of opinion. And just because our opinion (assuming you also do
      • by dajak (662256)
        In addition to having hate speech law, Germany has also been accused of persecution of religious minorities [freedom.org.uk]. Other continental European countries (for instance the Netherlands, where I come from) still have archaic crimes like lese majeste [wikipedia.org], libelous blasphemy [wikipedia.org], and criminal libel in the books. Apparently this does not prevent most of these countries from ending up higher (shared #1 [rsf.org] for the Netherlands) in press freedom rankings than the US, which imprisons journalists for not revealing sources and generally
        • Re: (Score:2, Informative)

          by KnuthKonrad (982937)

          In addition to having hate speech law, Germany has also been accused of persecution of religious minorities

          Ah, nice twist by the Scientology spin doctors. Scientology is not considered to be a "religion" in Germany. Therefore there can't be any "persecution of religious minorities". They're a company with any rights and duties each other company has in Germany.

          But they're also considered to be an anti-constitutional. Their goals are against our constitution. Therefore our secret services ("Verfassungs

          • by dajak (662256)
            Ah, nice twist by the Scientology spin doctors. Scientology is not considered to be a "religion" in Germany. Therefore there can't be any "persecution of religious minorities". They're a company with any rights and duties each other company has in Germany.

            The government has no business deciding what is and what is not a religion, of course. Not that I am positively disposed towards Scientology, but if awarding status as a religion is apparently problematic, then maybe religion has a privileged status it sho
            • by arminw (717974)
              .......are prohibited that are allowed ......

              Germany is not alone in the idea that everything that is not expressly permitted is automatically forbidden. It's just like in many things German, the Germans are more thorough and methodical about it.
    • by Trevelyan (535381) on Tuesday November 07, 2006 @03:29AM (#16749063)
      UK does have laws protecting peoples privacy. Namely the Data Protection Act and Rights of Investigatory Powers Act. The first one controls disclosure as well as providing means for individuals to review the data kept about them. The second controls what a co. such as an ISP can do with the data (eg traffic logs) as well as what the authorities can do. The two together means that you have to be able to justify the data you keep and for how long you keep it. The network that I work for does not keep data for longer than 3 months, unless it relevent to some network issue/investigation, then its kept for 2 years; but never indefinately. Lastly there is also the Freedom of Information Act, which allows citizen access to all sorts of government and civil service information and documentation. So you can double check their procedures for example.
    • Re: (Score:3, Insightful)

      I wonder why the average American (or Brit) doesn't demand the same level of privacy that many of the mainland Europeans now have?

      Well, Germany actually had a dictator lie his way to power by using fear and patriotism as bludgeons against his opponents. They know firsthand what dangers lie at the end of that road. We still think we can have everything along the road (the exaggerated nationalism, the fear-mongering, the reduction of freedom to save freedom, etc) without necessarily arriving at the same

      • by dajak (662256) on Tuesday November 07, 2006 @07:09AM (#16750017)
        People sometimes do learn from history, though the knowledge probably gets diluted with time and distance.

        The fear of politicians and government of being perceived as nationalist sometimes has perverse results. Here in the Netherlands we used to have a historical curriculum that identified tolerance as a key part of national identity, but the reluctance of government to prescribe historical dogma about "our ancestors" gives license to for instance schools with a majority of muslim pupils to gloss over impopular subjects like the holocaust and the eighty years' war (1568-1648), where "our protestant ancestors" are the ones being persecuted.

        Teaching children about the attack by the resistance in 1943 on the population register in Amsterdam, with the intent to burn it down in order to frustrate Nazi bureaucracy, is the best way to instill respect for privacy. Reference to this event that most people know about is a powerful antidote to suggestions that "you have nothing to fear if you are innocent": it was the Dutch government that, in better days, compiled the data that allowed the Nazis to trace most jews (population register) and gave them few places to hide (cadastral maps). What to remember and what to forget is still a policy choice.

        The US and continental Europe have different experiences of, and therefore perspectives on, WWII. For the US, WWII is a license to interfere militarily in perceived Nazi regimes abroad (as they did in WWII), while formerly occupied countries, and Germany itself, are busy simply not being a Nazi regime.
    • by vidarh (309115)
      Actually, the legal basis for this decision in Germany, is the EU data privacy regulations, which each member country are required to reflect in national laws. In the UK this would be the Data Privacy Act that gives us similar protections to the Germans.
    • by jackbird (721605)
      One problem is that the legal underpinnings of the court decision guaranteeing abortion rights in America rely on there being a right to privacy enshrined in the constitution. Since privacy is not mentioned explicitly anywhere in the document, this is one of the weak points anti-abortion groups go after. In other words, USA political discussions of "the right to privacy" are actually about abortion, making it very difficult to make any headway on actual privacy rights.
  • by gaijin99 (143693) on Tuesday November 07, 2006 @12:46AM (#16748235) Journal
    I'm not an admin, and never have been so I'm working on ignorance here. But my question is, why bother with long term logs anyway? I understand a need to keep logs of activity for a week or so to deal with various attacks, zombie machines, etc, but why not set the logs to automatically wipe anything past that point? I can see maybe going nasty and selling it to advertisers, but other than stuff like that is there a use?
    • by mxs (42717)
      Yes, there is a use. Law Enforcement LOVES long data retention. Really, they do.

      The MPAA/RIAA/IFPI/etc. all LOVE long data retention as well, especially when combined with Law Enforcement.

      I'm pretty sure all manner of intelligence services also LOVE long data retention.

      I have yet to see a case of a consumer/customer loving long data retention.
      • by gaijin99 (143693)
        Yeah, but the ISP's are doing it, and they aren't compelled to do so by law (at least not yet in the US). That implies that they have reasons of their own, and I'll be buggered if I can see what those reasons might be, beyond evil stuff like selling the info to advertisers.
        • by mxs (42717)
          Did you miss that AOL and TW merged ? Many ISPs are part of larger conglomerates, or in bed with parts of the media industry. That should be enough incentive.
          Traffic usage logs are interesting as well; one broadband ISP (1&1) in Germany regularily offers some of their customers $150 if they leave for another provider, since these customers actually used the bandwidth being advertized and generated generous amounts of traffic. You can't do that without retaining information on traffic usage.
          Other ISPs mi
    • by Burdell (228580) on Tuesday November 07, 2006 @09:26AM (#16750949)
      I work for an ISP. As part of my job, I handle abuse reports. Often
      reports are for events more than a week old (typically worm type reports
      come fast, but spam reports are often delayed because the recipients
      don't read their email every day).

      We also use long-term data for trend analysis: which POP needs more or
      less dialup lines, who dialed in to a POP (with how much they pay, does
      the POP make financial sense), etc.

      While trend analysis doesn't require IP addresses (for the most part),
      the call database has a record per call that includes the IP (same
      database as used for IP abuse lookups). To not retain IP addresses,
      we'd have to set up a second database, second lookup interface, and some
      transfer mechanism between the "with IP" and "without IP" databases.
      That's a real PITA, so we don't do that.
  • by MSTCrow5429 (642744) on Tuesday November 07, 2006 @01:11AM (#16748373)
    ...but what happens when the user logs on again, after the IP log purge? Are they back in the records from that point on?
  • by mxs (42717) on Tuesday November 07, 2006 @01:12AM (#16748375)
    Not /exactly/ true. The sample letter speaks of a complaint, but T-Online has every choice not to comply.
    The linked webpage then recommends sueing T-Online in that case. If/Once you win that lawsuit, T-Online has no choice but to comply. This is a tad different from what the blurb here would have you believe.

    (All this is based on rather strict privacy laws that require a provider not to collect any data not relevant to accounting; since IP addresses and data volume is not needed for accounting on plans with a flat fee per month, T-Online has no right to do so; they, however, save that data for 80 days.)
    • Regardless of this ruling, the EU data retention directive will force providers to retain connection info, such as IP assignment to DSL accounts, for up to six months. So unless the directive gets repealed (IIRC Ireland has brought it before the EU court of justice), providers will have to keep all this info anyway.
      • by mxs (42717)
        Quite correct, but said directive has not been transformed into national law in Germany, yet, so what T-Online is doing is, put simply, illegal; whether or not it will be legal 3 months from now is a different matter.
  • After deleting the logs, does the ISP have to delete the letter that requested the logs be deleted?
    • Dear requester: Per your request, we have deleted your IP logs. The deleted records are attached to this letter, for your reference. We will keep a copy of this letter on file, as proof that your request was carried out. Thank you for your patronage.

  • Sometimes tools like Google language or Babelfish are an absolute necessity when dealing with texts in a language other than your own...

    Othertimes though... [google.com]

    The deplored one is condemned to omit it with the use of the Internet entrance

    Machine translation just isn't up to task.

  • by njdj (458173) on Tuesday November 07, 2006 @02:47AM (#16748797)

    The original article [spiegel.de] points out that keeping logs is incompatible with existing German law. But the law will soon be changed, because Germany will have to comply with an EU directive mandating that logs be kept for at least 6 months. Germany has already asked for an extension of the deadline to comply with this, but the strong likelihood is that the German privacy laws will be changed to comply with the EU-mandated snooping.

    EU pols and bureaucrats are as hostile to personal privacy as US pols and bureaucrats.

    • Re: (Score:3, Informative)

      by hweimer (709734)
      The original article points out that keeping logs is incompatible with existing German law. But the law will soon be changed, because Germany will have to comply with an EU directive mandating that logs be kept for at least 6 months.

      It wouldn't be the first time that the highest German court nullifies the implementation of a EU directive [bundesverf...gericht.de].
  • by phooka.de (302970) on Tuesday November 07, 2006 @03:38AM (#16749113)
    The ISP is germany's biggest ISP, the "Telekom". By the law, they were only entitled to keep logs that are required for billing. If you have a flatrate, no IP-logs are needed for billing and other ISPs didn't keep them, but the Telekom did.


    Now here's the interesting bit: The entity that owns most of Telekom's shares is - the Bundesrepublik Deutschland, the German gouvernment. The "Innenminister", the guy responsible for the justice system, police etc. was one of the kind of politicians who'd like to know everything about everyone for the sake of "security". (Who needs freedom if they are secure? Oh wait, that was prison.)


    So, while by the law he could not force ISPs to retain that data, the biggest german ISP that just happened to be controlled by... him(!)... did so anyway, aiding law enforcement in trivial (and here: unfounded) cases with said data.


    Unfortunately, even in germany, noone seems to bother about privacy anymore.

    • by ahillen (45680)
      Now here's the interesting bit: The entity that owns most of Telekom's shares is - the Bundesrepublik Deutschland, the German gouvernment.

      If by "most" you mean more than 50%, then you are wrong. The German state still owns about 30%, although only 15% directly, while the other 15% are parked at the "Kreditanstalt fuer Wiederaufbau". Most(!) (as in ~70%) of the shares are nowadays owned by private and institutional investors.
  • It sounds like this might be possible in the UK as well. The Data Protection Act allows an individual to request all electronically stored data about them at a company be deleted. Normally they can charge you a nominal fee (£10) to do it, but they must comply.
  • > 'The decision (German) does not mean that T-Online is now obliged to delete all their IP-logs, the customers first need to complain.

    Yes it does. Maybe not yet, but soon as German ISPs get these complaints by the hundreds daily the only way to handle the requests will be to just change their log retention policy and delete them all after n days.

    • by Cheeze (12756)
      Why even keep logs? There are plenty of other ways to track down problems and see how much your service is used. Logging is nothing but hassle. I've worked in the ISP industry for 8 years now, and every chance I get I make logrotate keep minimal logs.
  • Without logs, it seems it would be harder to track down network abuse (i.e. crackers). So you trade privacy for some protection from assholes. To me, that's a fair tradeoff, but what happens when the German courts demand that an ISP assist in some investigation and they can't because they've deleted certain logs (as the SAME courts told them they have to do)?

    Seems like it puts the ISP between a very uncomfortable rock and a hard place.

1 Billion dollars of budget deficit = 1 Gramm-Rudman

Working...