Wednesday, February 25, 2009

How long do I need to keep logs?

Today I talked to a guy at an ISP where I do the SQL maintenance and I asked him what they keep in their logs about what people do with their services (telephony and Internet access for companies and private persons).

For the telephony part, the law in Belgium asks them to keep which number called which number and matching them with the contracts of the customers of the telephony providers the law officers can trace your calls. I asked him if this is still the case if you use something like Skype out and according to him there is no way to trace this for the telephony provider, the cops have to have an agreement with Skype (who are based in Luxembourgh).

For the internet behavior he told me that they just keep the IP address leases for the dynamic IP customers and they don't care to what websites you go or what chatrooms you frequent. The only thing that the law requires them to do is to give the name and address of who owned that IP at that particular point in time.

I asked him what the most common case for requesting the users identity and he said that it is usually a case of copyright violation.

He wasn't aware of the TOR network and when I explained to him how it works, he said that it becomes a very difficult task for the cops to trace your particular visit to a website back to you.

One particularity he told me is that the public (companies and private persons) are responsible for keeping their own router logs and should be able to show them to the men of law in case of an investigation. For how long you have to keep them if your not an ISP he couldn't tell me.

If anybody can tell me more about this subject please post a reaction. I think that it is important for the public to know this.

No comments: