I have to disagree. When discussing security and insurance then return on investment is a perfectly valid term.

Security and insurance are opposites. Security is stopping something going wrong and insurance is getting some money so you can rebuild/replace after it does.

Increasing your security can decrease your insurance costs; bang you've got a return on the investment.

You say month day year because that is how is written in short hand. In countries that write it dd/mm/yy you'll hear 1st of April 2009 more often than April 1st 2009,

If they'd make the coins a reasonable size there wouldn't be all these OH&S problems.

"I'll sell you this random picture for $20 that comes with a Steam account that includes the Orange Box for free."

That would be against the second half of the sentence: "...or otherwise transfer your account." Nice work on the reading comprehension though,

That explains the fear of liquid explosives.

If the guy is in there regularly then you probably know who he is and can find them or put surveillance on them if something fishy happens or starts to happen. The problem is if a one off visitor who you will most likely not have as good knowledge of their identity.

There's some decent security out there. Private companies that have large amounts of fungible goods and do their own security will tend to have it together.

Morning, I'd like to introduce you to Mr Warranty.

Oh, you two have already met and broken up.

OK then forget I ever spoke.

Sorting in computerised systems is harder because it's usually done on a much larger scale than you would reasonably attempt in the real world. There are also issues with items covering other items and misidentification.

Sorting a few thousand items in reasonably contained batches would take a long while. Even if there are 100 items in a batch it would require 40 batches to sort 4,000 items.

Sorting coins is harder than you think. That's why coin sorters and counters were invented. It takes people ages to sort large amounts of coin. Sure about 20-30 coin is easy, but 4000?

Seriously dude you're making some of the legal interpretations by judges sound sensible.

None of that is any different from that experienced by a financial institution: criminal penalties for compliance and potential testifying.

I don't imagine organisations have found themselves in civil court for the reason you cite. However, the potential is there for a financial institution too. People are very protective of their financial records.

Can't you expect to do a few IP lookups a year and roll that into the costs of the ISP? Look at how many you did last year and figure that as your best guess.

There's also an unknown number of suspicious transaction reports that must be filed (depends on how many suspicious transactions you find - there are consequences for not finding them).

Look here AUSTRAC for an overview of what's required in Australia.

The fact is that financial institutions have been a conduit for illegal activity (money laundering and funding of illegal/terrorist operations) for quite a while. As a result governments have introduced legislation to mandate reporting of certain things to aid in finding and prosecuting. To operate in the financial realm you need to comply with these legal requirements.

The internet is also a conduit for illegal activity. It's only a matter of time before governments catch up and also create rules mandating reporting. Like financial institutes the financial burden will lie with the company providing the service and by necessity passed onto the customer.

You say keeping call logs should be part of a telco's daily operations. Maybe keeping track of which customer is on which IP at which time should be part of an ISPs daily business. After all that's the data they are after. They want to know who was on which IP at certain times. That doesn't sound like terribly complex information to keep. The article even says some ISPs do it for free so evidently the technology exists.

Financial institutes also do that kind of thing. Looking for ancient transactions - possibly since some major upgrades. You've got to hit the databases manually: the software doesn't work with this DB version. It's a PITA, but just part of being in business.

I just don't see why an ISP should be able to charge for generating a few ad hoc reports a year when other companies are required to generate reports a large number of reports all the time. Generating these reports often requires operational changes to ensure all the required data is captured. Maybe the ISP should do the same thing and create some processes that create the reports without all the complex manual processes and then pass the development onto their clients. That's what other companies did when creating these types of reports.

That's exactly what some governments do. Everything over $10K, reported weekly with full details of the parties involved.

(sorry about the double post)

Does this go for every police investigation?

What about phone companies providing call logs for cell phones engaged in criminal activities?

What about the store being asked did you sell product x to this guy? Can we have the receipt?

The security company asked for the tapes for some date six months ago?

What about the private citizen being asked questions about something they may or may not have witnessed?

Why are we singling out ISPs to be compensated for assisting with enquiries? Why not every company?

I disagree, most businesses are not paid for compliance with legal requirements or helping police/government with enquiries.

It's quite common for businesses to have to pay to comply with the law. For example when financial institutes have to report details to counter terrorism agencies. The cost of this compliance is just a part of doing business in this area.

Similarly the retention of records for a certain amount of time (as is often legislated for medical and legal practices). The law says you gotta store the data, but governments don't pay you to do it.

Similarly the checks that pharmacies/chemists have to do when giving out certain medications. The government doesn't install the systems or remunerate the people for their time. Even though the only reason it's there is for compliance.

I guess an IT company should be different?