Fed Bill Would Restrict Web Server Logs
Bill Nash
billn at odyssey.billn.net
Tue Feb 14 17:20:25 UTC 2006
On Tue, 14 Feb 2006, Hyunseog Ryu wrote:
> I guess the question is how to read "legitimate" word. ^.^
> I guess the bill was written in mind of privacy concern.
> But also there is some requirement for security/law-enforcement viewpoint.
> I received the request from some law-enforcement about actual user of IP
> address 3 year ago or older.
> Without all log info, how can I tell it?
In the context of the legislation in question, if the user is still a
current customer, you have a legitimate business use for the data. If the
user was no longer a customer, I would surmise that you should have purged
it, as you would no longer have a need for that user's personal data.
> I'm really curious whether this was a kind of post-action to the
> cell-phone use log business such as locatecell.com or something like that.
An exploration of the side effects would be interesting. I think it'll
provide a legal cudgel for mailing lists and opt-in tracking, as well as
ensuring that your information is purged when/if you opt-out. It may also
have dampening effects on the sale/trade of personal information, as it
would now be questionably criminal to possess the personally identifying
information of a person you have engaged in zero business with.
>From the text of the bill, there are some pretty loose points that'll give
lawyers a lot of vine to swing from, including the definition of
'legitimate business practice'. Associating all of it to 'Internet
website', as defined, is another loophole waiting to happen.
I think the single best element of the bill is the declaration that
consumers have an ownership in interest in their personal information.
Owndership implies control, and by extension, some amount of control in
who gets to have it. I'd like to see what happens when the final bill is
mated with US Federal CAN-SPAM law.
- billn
More information about the NANOG
mailing list