-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 24, 2008, at 2:09 AM, Mikael Abrahamsson wrote:
The local antipiracy organization in Sweden needed a permit to
collect/handle IP+timestamp and save it in their database, as this
information was regarded as personal information. Since ISPs
regularily save who has an IP at what time, IP+timestamp can be
used to discern at least what access port a certain IP was at, or
in case of PPPoE etc, what account was used to obtain the IP that
that time.
I still think IP+timestamp doesn't imply what person did something
it doesn't, no any more than the association of your cell phone with
a cell tower conclusively implies that the owner of a telephone used
it to do something in particular. However, in forensic data retention
and wiretap procedures, the assumption is made that the user of a
telephone or a computer is *probably* a person who normally has
access to it.
In the EU Data Retention model, I will argue that the only thing that
makes sense to use as a "Session Detail Record" is an IPFIX/Netflow
record correlated with with any knowledge the ISP might have of the
person using the source and/or destination IP address at the time.
When the address is temporarily or "permanently" assigned to a
subscriber, such as a wireless address in a T-Mobile Hotspot (which
one has to identify one's account when logging into, which
presumptively identifies the subscriber) or the address assigned to a
Cable Modem subscriber (home/SOHO), this tends to have a high degree
of utility.
In the wiretap model, one similarly selects the traffic one
intercepts on the presumption that a surveillance subject is probably
the person using the computer.
For them, it's all about probability. It doesn't have to be "one" if
it is reasonable to presume that it is in the neighborhood.
What I find interesting here is the Jekyll/Hyde nature of it.
European ISPs are required to keep expensive logs of the behavior of
subscribers for forensic data mining, accessible under subpoena, for
extensive periods like 6-24 months (last I heard it was 7 years in
Italy, but that may now be incorrect), but the information is deemed
private and therefore inappropriate to keep under EU privacy rules.
ISPs are required to keep inappropriate information at their own
expense in case forensic authorities decide to pay an occasional
pittance to access some small quantity of it.
-----BEGIN PGP SIGNATURE-----
iD8DBQFHmA3hbjEdbHIsm0MRAhsKAJ4+xXkJm/JM/lDL1YpufmUYZdhClACgrvxD
keX0Zsm+QtJG6RcCMrJcVqk=
=DpcR
-----END PGP SIGNATURE-----