On May 10, 2011, at 3:02 33PM, Owen DeLong wrote:
>
> On May 10, 2011, at 11:49 AM, Michael Holstein wrote:
>
>>
>>> In the EU you have Directive 2006/24/EC:
>>>
>>
>> But I'm not, and neither are most of the ISPs in the linked document.
>>
>> Regards,
>>
>> Michael Holstein
>> Information Security Administrator
>> Cleveland State University
>
> In the US, I believe that CALEA requires you to have those records for 7
> years.
>
Source, please -- I've never heard of this, nor can I find anything like it
at askcalea.com. All I've found is that you have to keep records of
*interceptions*. I've also seen numerous news stories about how the FBI
wants that to be added to the law, thus implying that it isn't there now.
See, for example, http://news.cnet.com/8301-13578_3-10448060-38.html
--Steve Bellovin, https://www.cs.columbia.edu/~smb
