Roger Dingledine schrieb: > A fine question. Hopefully as we learn more about what ISPs will > log, The EU directive http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:01:EN:HTML
originally defines what data has to be retained. An interesting term in that document seems to be 'communication'. With respect to pure access/service providers, that could be a specific login session, a TCP connection or every single packet. Every single packet seems to be practically impossible. Every TCP connection doesn't make sense either, as 'the bad guys' would just use a connectionless protocol. The german law contains therefore: (http://dejure.org/gesetze/TKG/113a.html) (4) Internet service providers retain: 1. the assigned IP address of each user per dial-in session. 2. the unique identifier of end point of the originator of the communication (e.g. phone number, DSL) 3. begin and end timestamp of each dial-in session. Of course, additionally they have to have the possibility to correlate that to the name and address of the customer. So this part (logs at ISPs) is pretty much harmless with respect to Tor, as it 'only' eases finding the operator of an exit node. As already said, much more difficult is the part about anonymizing services, which brings us right to the still missing 'technical directive'. That will define the specifics: who is exempted (e.g. WLAN hotspots in hotels are said to be exempted, WLAN hotspots at airports not), what format has to be used for transmitting the data to law enforcement, what precision the timestamps must have, what 'immediate response' to a request from a law enforcement actually means, what availability the systems for data retrieval must have and so on... Most of that will be defined first by the European Telecommunications Standards Institute. Then the german agency, which has to supervise the implementation of the law, will adopt that directive. That is expected to happen in spring 2009. Curiously, the telecommunication service providers in germany now have to log stuff, but know nearly nothing about the technical implementation and that is even worse for small service providers or private persons. The conclusion is more or less: nobody knows for sure if Tor relays have to log or not. It seems, that some courts will have to decide that. Dominik