question regarding US requirements for journaling public email (possible legislation?)

Suresh Ramasubramanian ops.lists at gmail.com
Thu Jan 5 21:41:30 CST 2012


I would love to ask the EFF just what you do when you don't log stuff,
and then need to troubleshoot someone causing a DDoS or something from
your network in a hurry.

Not that I'd get any sort of a useful answer from them, beyond random
propaganda that spam filtering is evil, DPI is demoniacal etc etc.

On Fri, Jan 6, 2012 at 3:54 AM, John Adams <jna at retina.net> wrote:
>
> OSPs cannot be forced to provide data that does not exist. EFF suggests
> that OSPs draft an internal policy that states that they collect only
> limited information and do not retain any logs of user activity on their
> networks for more than a few weeks. If a court order requests data that is
> more than a few weeks old, the OSP can simply point to the policy and
> explain that it cannot furnish the requested data. Likewise, if unnecessary
> PII is regularly deleted, the OSP cannot supply what it does not retain.
> This saves the OSP time and money, while also providing the OSP with
> sufficient data for its own administrative and business purposes.



-- 
Suresh Ramasubramanian (ops.lists at gmail.com)



More information about the NANOG mailing list