Data retention question
Peter Fairbrother
zenadsl6186 at zen.co.uk
Tue Jul 29 09:29:41 BST 2014
On 28/07/14 10:28, Andrew Cormack wrote:
>> On Behalf Of Peter Fairbrother
>> On 25/07/14 10:46, Andrew Cormack wrote:
>>> James On the question of what might be lost, a long time ago
>>> LINX consulted Elizabeth France (yes, *that* long ago) and
>>> concluded that "necessary for security" probably covered
>>> retention of all logs for roughly six months.
>>
>> I am a little uncertain as to what "necessary for security"
>> actually means. Whose security? Security of what?
>>
>> If you mean the security of the network, why would a network need
>> to keep any customer logs at all?
>
> "Necessary for security" wasn't my phrase. Actually I suspect that a
> lot of protecting the security/availability of a network service can
> probably mostly be done using aggregated flow data.
Yes, I agree - maybe you would want to keep records of which IP was
issued to which customer, but I see no reason to keep records detailing
user's individual communications.
> But detecting and protecting breaches of end systems, whether servers
> or clients, does seem to me to be a genuinely hard privacy question.
I don't see it that way. so much, as long as the ISP, in its role as a
pure packet-passer, has nothing to do with keeping the logs.
In practice ISPs do do other things than passing packets, eg they run
email servers, webservers, and so on - and keeping logs for those may be
necessary for security and in order to maintain the service. For
instance, keeping email to-and-from logs may help if you get blacklisted
- though I don't see any need to keep them for more than a few days.
JANET is of course a different proposition from the average ISP, and I
expect you have many different roles to perform - but I don't think even
you need to keep detailed user network records in order to protect the
network.
Use of email and other services you provide, yes as needed. Packets
passed, no.
[
though of course if you keep detailed records of all traffic, including
content, that might one day allow you to trace a breach which you might
not otherwise be able to trace - however privacy must come into it
somewhere, and like keeping packet-level records, keeping att traffic
would be too much.
On the DRIP issue, Cameron said he is "not prepared to be a prime
minister who addressed people after a terrorist incident, saying he
could have done more to prevent it."
But that will always be the case, you can always do more.
The real question to ask is, is it worth the cost - how well does it
work, and is that result good value in terms of money, lost liberties,
lost privacy.
There are no absolutes here, just calculations.
Calculations of risk and reward - calculations which I do not believe
the involved politicians and civil servants actually make, or even know
how to make.
Let's see the numbers!
]
> That does need logs of activity by individual users and on individual
> records: the longer I keep the logs then the greater privacy threat
> the logs themselves become. But if I reduce the retention period then
> I increase the risk that when a breach does occur I won't be able to
> look back and find out either how it happened or who was affected.
> Depressingly, the results from the Verizon breach survey suggest that
> compromise to detection could easily be more than six months :(
The types of breaches in the report seem to be breaches in an attached
server, not in the network itself - the operators of the server may well
want to keep detailed logs, but I don't see that an ISP which does not
run the server has any need to.
> As the law heads towards mandatory reporting of breaches and also
> mandatory minimisation of data, that dilemma between keeping logs and
> not keeping them is going to get sharper, so if there's any reliable
> research on where the best balance lies I'd be interested to hear of
> it?
I don't know of any research into that specific area - but in general we
do know how to do the math behind the risk and reward calculations.
It's just hard to get people to agree on the values of the risks and
rewards.
-- Peter Fairbrother
More information about the ukcrypto
mailing list