i agree...unless you're specifically directed to do so, maintaining log
files is completely optional. there are no regs requiring isps or websites
or mail providers to do so, other than the standard 'you need to comply with
a court order or search warrant, etc.'
as for the 'encrypt it' or 'store it overseas' method, i'd be concerned that
a court would force the isp to produce the key or produce the decrypted or
stored log files. would prefer to see no log files or daily deleted log
files (which is good enough for most ids needs anyway.)
if one doesn't collect log files at all, i wonder if LE could force an isp
to turn on logging for all users (then munge the results) or if the isp
would be allowed to selectively log only the information sought in an
investigation. plus, what happens to the entire log files turned over in an
investigation? do the unrelevant entries get destroyed, or does munging a
file destroy the cyber forensics value?
phillip
> Tim May responds:
> > On Sunday, April 29, 2001, at 07:41 PM, Declan McCullagh wrote:
>
> > I think Matt is a bit too quick to conclude a court will charge the
> > operator with contempt and that the contempt charge will stick on
> > appeal. Obviously judges have a lot of discretion, but it doesn't seem
> > to me like the question is such a clear one if a system is set up in
> > the proper cypherpunkish manner.
>
> As there are no "ex post facto" laws, setting up an offshore/non-duress
> log haven in 2001 cannot result in a charge in 2003 that this was
> illegal or contempt of court.
>
> Not even today's fool judges will claim that is "contempt."
>
> (It is only "contempt" if a judge orders an action which a witness is
> _able_ to comply with but which he does not...and of course not always
> then.)
>
> Judges cannot require time machines be used to undo past actions.
>
>
> --Tim May
