there is no requirement for maintaining log files (unless specifically
directed otherwise.) log files contain either marketing value or sysadmin
value -- in both cases specific ip addr info isn't necessary to maintain
that value (except in case of anomalous activity). one could collect info
without identifying information.
same principle applies to e-mail. once mail is deleted from a pop or imap or
whatever server, there is no requirement to keep the backup tapes of e-mail.
in fact the larger isps no longer keep deleted e-mail...they maintain only
e-mail headers for up to six months. smaller isps should follow in these
steps (though i'd argue you shouldn't even keep header info.)
don't save it if you don't really truly need it.
phillip
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Declan McCullagh
> Sent: Saturday, April 28, 2001 11:46 PM
> To: Anonymous
> Cc: [EMAIL PROTECTED]
> Subject: Re: layered deception
>
>
>
> I rather like the idea of encrypting the logs on the fly and shipping them
> offshore. Your offshore partner will be instructed to turn over the
> logs only if you are not asking for them under duress. (A reasonable
> protocol can probably be worked out. Would a court order instruct you
> to lie? If so, would it be valid?)
>
> -Declan
>
>
> On Sat, Apr 28, 2001 at 03:45:38PM -0600, Anonymous wrote:
> > In view of the recent "gimme-the-logs-or-we-fuck-you" activities
> > of armed men
> > (http://www.indymedia.org/front.php3?article_id=36912&group=webcast ,
> > http://seattle.indymedia.org/display.php3?article_id=3013 )
> > what would be the legal consequence of the following:
> >
> > 1. A virus is designed that spreads itself in some standard way and that
> > deletes log files of popular http server implementations.
> >
> > 2. Files are deleted when virus receives a packet on a known port.
> >
> > 3. Detection of virus requires more than average admin can do.
> >
> > So when logs are requested an outside "3rd" party can maliciously
> > remove logs. The first several ISPs to contract this virus will
> > probably get fucked, but by then it should become obvious that the
> > ISP cannot effectively control the virus.
>
>
