YouGov :"POLL - Blunkett's proposals on internet privacy: for or against"

Ken Brown k.brown at ccs.bbk.ac.uk
Mon, 17 Dec 2001 12:40:54 +0000 

Which brings us back to academic institutions - we aren't ISPs, we are
end-users, but we do a lot of the same technical things that ISPs do.
So, for that matter, do the central IT departments of large companies,
who often act as very arms-length service providers to other
departments, and often supply IT services to contractors, business
partners, suppliers et.c, sometimes on a very ad-hoc and informal basis
- last place I worked we had hundreds of users who were not employees.
But Universities, unlike  companies, are traditionally very open to the
Net, and very tolerant of what people use our computers for.

I suppose I should be deleting logs as soon as I don't want them.  

We are drafting new IT security policies and we don't want to leave
ourselves open to criticism (never mind litigation!)  Does anyone have
any suggestions for a written policy on the retention of data?

Ken Brown

Charles Lindsey wrote:
> 
>         On Fri, 14 Dec 2001 23:14:19 -0000
>         "Alison Wheeler \(crypto\)" <crypto@creative.org.uk> said...
> 
> > As a working hypothesis, I've rather concluded that the act as passed
> > requires ISPs, relayers, TELCOs (effectively everyone by the time you follow
> > it through) to KEEP all data but NEVER look at it for ANY purpose unless
> > Blunkett asks to see it (sic).
> 
> Yes, I think that's about it. It is even workable.
> 
> First of all, you keep it for as long as you need it for your own
> purposes (billing, or enabling your abuse department to LART spammers).
> Call it one month for the sake of argument. If Plod wants to see it
> during that time, for investigating shoplifting, or something, then he
> serves a notice under Chapter II of RIPA. That is all covered (well,
> more or less) under existing law.
> 
> After the month is up, you still keep it, but embargoed as you said
> above (but under RIPA, they still cannot ask you to keep more detail
> than is reasonably practicable - I haven't heard that the new Bill
> changes that). Now, if Plod comes along with his notice, and the notice
> mentions "National Security" (these notices HAVE to specify a purpose,
> and "National Security" is already one of the official purposes under
> RIPA), then he can have the data. Otherwise, he cannot.
> >
> > How you locate the requisite piece of data requested should, of course, be
> > left as an exercise to be carried out when the request is made <g>
> 
> Just say "grep" :-) .
> 
> Charles H. Lindsey ---------At Home, doing my own thing------------------------
> Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
> Email: chl@clw.cs.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
> PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5