IP Technical question

Richard Clayton ukcrypto at chiark.greenend.org.uk
Thu, 29 Jan 2009 11:21:36 +0000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <sAzJGIX8JOgJFAqx@perry.co.uk>, Roland Perry <lists@internetp
olicyagency.com> writes

>In article <05759896-B363-4185-BC34-955C2A591E50@batten.eu.org>, Ian 
>Batten <igb@batten.eu.org> writes
>>>  * the user ID allocated (this means a unique identifier allocated to
>>>    persons when they subscribe to or register with an internet access
>>>    service or internet communications service).
>>
>>The LLU operator I'm using doesn't use usernames or passwords: Eth OA, 
>>so there's no real way to do so.
>
>So it's more like a leased line: a permanent connection without the need 
>for you to "log in" at all?
>
>Of course, many of the parameters defined in Data Retention documents 
>don't really apply to certain types of connection. 

If they specify things that don't exist, or you cannot possibly collect
the data on your machines then there is no obligation to retain -- the
Regulations don't make you do the impossible.

>What use is the "log 
>in" and "log off" times for even those ADSL connections that do have a 
>username/password?

This is precisely the point I was making yesterday -- the Regulations
are _not_ about what might be useful in answering questions posed by Law
Enforcement, they are solely about having a prescriptive list of
information that ISPs may have, useful or not, and insisting that they
retain it. One might almost suggest that its really a reflection of Home
Office culture!

So, for example, it is necessary to retain not only the log on/off times
for ADSL (which for many people will merely measure how stable the sync
is between their house and the exchange), but also the start and stop
times of all of their POP3 sessions, whether or not any email was
collected, whether or not the collection is done every 3 minutes by a
robot...

Similarly, although unanswered calls don't have to be recorded, traffic
data for email spam has to be retained by the ISP, even if they never
delivered it to the customer, and the customer is unaware that it even
existed !  Since there's no obvious requirement to document what was or
was not delivered, this means that a police officer who requests a list
of email correspondents will be presented with about 10 times as much
data as necessary, with no indication as which tenth is relevant.

Mind you, maybe the real Regulations will differ from the draft ones ?

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSYGRQJoAxkTY1oPiEQJlIwCdGNBdHzvilthIgrtgYVBy30GzgMAAoK0n
EfkX6OVSq2WsYxjdKJ+sVABC
=syC1
-----END PGP SIGNATURE-----