nanog mailing list archives

Re: Fed Bill Would Restrict Web Server Logs

From: Hyunseog Ryu <r.hyunseog () ieee org>
Date: Tue, 14 Feb 2006 10:38:25 -0600



I guess the question is how to read "legitimate" word. ^.^
I guess the bill was written in mind of privacy concern.
But also there is some requirement for security/law-enforcement viewpoint.
I received the request from some law-enforcement about actual user of IP
address 3 year ago or older.
Without all log info, how can I tell it?
It seems this bill will bring more ISP/ASP to the court to clarify what
is legitimate or not.

From privacy viewpoint, I guess people wants to remove all their trace

from the Internet.
But from security and practical concerns from ISP/ASP, they want to have
all traces from the people.

I think the government needs to enforce ISP/ASP to keep all trace for
certain level, but with more stricted access method.

I'm really curious whether this was a kind of post-action to the
cell-phone use log business such as locatecell.com or something like that.

Hyun

Jon R. Kibler wrote:

Message: 3
Date: Thu, 09 Feb 2006 00:14:23 -0800
From: Declan McCullagh <declan () well com>
Subject: [Politech] Delete web server logs, or get fined by the Feds?
        Ed Markey's new bill [fs]
To: politech () politechbot com
Message-ID: <43EAF9DF.2000602 () well com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

I've posted the text here:
http://www.politechbot.com/docs/markey.data.deletion.bill.020806.pdf

A summary is here:
http://news.com.com/2100-1028_3-6036951.html
"A bill just announced in Congress would require every Web site operator 
to delete information about visitors, including e-mail addresses, if the 
data is no longer required for a "legitimate" business purpose.

An open question is whether Rep. Ed Markey's bill would require that 
Internet addresses be deleted by default from Apache and other web 
server logs. One reading is that it would be. But it's not clear whether 
an IP address falls under the definition of personal information.

This bill applies to anyone running a web site, including individuals 
and bloggers. So it's not just companies that have to worry.


Original posting from Declan McCullagh's PoliTech mailing list. Thought NANOGers would be interested since, if this 
bill passes, it would impact almost all of us. Just imagine the impact on security of not being able to login IP 
address and referring page of all web server connections!

Jon Kibler

Current thread:

Re: Fed Bill Would Restrict Web Server Logs, (continued)
- Re: Fed Bill Would Restrict Web Server Logs Suresh Ramasubramanian (Feb 14)
  - Re: Fed Bill Would Restrict Web Server Logs Andy Davidson (Feb 14)
    - Re: Fed Bill Would Restrict Web Server Logs Valdis . Kletnieks (Feb 14)
    - Re: Fed Bill Would Restrict Web Server Logs bmanning (Feb 14)
- Re: Fed Bill Would Restrict Web Server Logs David G. Andersen (Feb 14)
  - Re: Fed Bill Would Restrict Web Server Logs Frank Louwers (Feb 14)
    - Re: Fed Bill Would Restrict Web Server Logs Suresh Ramasubramanian (Feb 14)
    - RE: Fed Bill Would Restrict Web Server Logs Mark Borchers (Feb 14)
    - Re: Fed Bill Would Restrict Web Server Logs Jeff Shultz (Feb 14)
    - Re: Fed Bill Would Restrict Web Server Logs Florian Weimer (Feb 14)
- Re: Fed Bill Would Restrict Web Server Logs Hyunseog Ryu (Feb 14)
  - Re: Fed Bill Would Restrict Web Server Logs Bill Nash (Feb 14)
- Re: Fed Bill Would Restrict Web Server Logs Steven M. Bellovin (Feb 14)
- Re: Fed Bill Would Restrict Web Server Logs Owen DeLong (Feb 14)
- RE: Fed Bill Would Restrict Web Server Logs David Hubbard (Feb 14)
  - RE: Fed Bill Would Restrict Web Server Logs Bill Nash (Feb 14)
- Re: Fed Bill Would Restrict Web Server Logs Gregory Hicks (Feb 14)