[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
question regarding US requirements for journaling public email (possible legislation?)
- Subject: question regarding US requirements for journaling public email (possible legislation?)
- From: ops.lists at gmail.com (Suresh Ramasubramanian)
- Date: Fri, 6 Jan 2012 09:11:30 +0530
- In-reply-to: <CAO9uaO0CjwOjFMbwNkfSNDCaL=AAEyYFw42NSJE1_wK+9j7Rvg@mail.gmail.com>
- References: <D2D37F15EBBD524693E9F3CB32D02080430C79A5C9@exchange.corp.fpu-tn.com> <CAO9uaO0CjwOjFMbwNkfSNDCaL=AAEyYFw42NSJE1_wK+9j7Rvg@mail.gmail.com>
I would love to ask the EFF just what you do when you don't log stuff,
and then need to troubleshoot someone causing a DDoS or something from
your network in a hurry.
Not that I'd get any sort of a useful answer from them, beyond random
propaganda that spam filtering is evil, DPI is demoniacal etc etc.
On Fri, Jan 6, 2012 at 3:54 AM, John Adams <jna at retina.net> wrote:
>
> OSPs cannot be forced to provide data that does not exist. EFF suggests
> that OSPs draft an internal policy that states that they collect only
> limited information and do not retain any logs of user activity on their
> networks for more than a few weeks. If a court order requests data that is
> more than a few weeks old, the OSP can simply point to the policy and
> explain that it cannot furnish the requested data. Likewise, if unnecessary
> PII is regularly deleted, the OSP cannot supply what it does not retain.
> This saves the OSP time and money, while also providing the OSP with
> sufficient data for its own administrative and business purposes.
--
Suresh Ramasubramanian (ops.lists at gmail.com)