nanog mailing list archives
Re: ISP CALEA compliance
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Fri, 11 May 2007 17:05:20 -0400
On Fri, 11 May 2007 12:47:56 -0700 (GMT-07:00) Todd Glassey <tglassey () earthlink net> wrote:
Gee Steven, that's what everyone thought prior to a Federal Judge ordering Microsoft to produce seven years of Email...
We're getting off-topic here, but I'll respond. First -- the context of the conversation is wiretap law, including the stored communications and customer records provisions. This covers what communications providers do for their customers, not internal emails. Second: (a) The judge's order was for a civil lawsuit, under discovery procedures; (b) The order was for records that they apparently had. If Microsoft had had and enforced a policy, prior to that lawsuit, of not retaining internal email older than 30 days, they'd have been in the clear. Microsoft got in trouble because the judge believed they were not complying with his order to turn over data he believed they had, either deliberately or by not exerting sufficient effort; (c) you may have business reasons to retain certain records for longer, including the requirements of external auditors. For example, if you do usage-sensitive billing, you may need to retain certain records for a while so that your accounting firm can verify that your financial records accurately reflect actual customer behavior. (d) What doesn't exist can't be subpoenaed; what does exist, in general, can be, subject to other specialized exceptions (i.e., attorney work product) Third -- that isn't what I'm talking about. Please see, among others, http://news.com.com/Gonzales+pressures+ISPs+on+data+retention/2100-1028_3-6077654.html http://www.theregister.co.uk/2006/09/20/gonzales_calls_for_data_retention/ http://news.com.com/2100-1028_3-6156948.html Note especially that last one, since it's only 3 months old and provides for jail time for "employees of any Internet provider who fail to store that information", and not just fines for the company. I've tried hard to keep this discussion factual, with copious references. But I think I've run out of things to say that are even vaguely on-topic, so I'll shut up. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Current thread:
- Re: ISP CALEA compliance, (continued)
- Re: ISP CALEA compliance Donald Stahl (May 11)
- Re: ISP CALEA compliance Joe Provo (May 10)
- Re: ISP CALEA compliance Sean Donelan (May 10)
- Re: ISP CALEA compliance David Lesher (May 10)
- Re: ISP CALEA compliance Stephen Satchell (May 10)
- Re: ISP CALEA compliance William Allen Simpson (May 11)
- Re: ISP CALEA compliance Steven M. Bellovin (May 11)
- Re: ISP CALEA compliance Sean Donelan (May 11)
- Re: ISP CALEA compliance Joe Provo (May 12)
- Re: ISP CALEA compliance Randy Bush (May 23)
- Re: ISP CALEA compliance Albert Meyer (May 23)
- Re: ISP CALEA compliance Owen DeLong (May 23)
- Re: ISP CALEA compliance Suresh Ramasubramanian (May 23)
- Re: ISP CALEA compliance Valdis . Kletnieks (May 23)
- Re: ISP CALEA compliance Suresh Ramasubramanian (May 23)
- Re: ISP CALEA compliance Andy Davidson (May 24)