On Wed, Feb 05, 2003 at 07:44:00PM -0800, Horst wrote: > Ben, you put together some interesting thoughts and links (I just > finished the motherjones article and had to resist the temptation of > quoting about half of it right here. > Instead, let's get concrete and ask the best ISP in town (EFN) a few > questions:
I can't really answer your questions in any official capacity since I do
not (yet) work for EFN (and don't happen to know the answers anyway..)
> ~~~~~~~~~~~~~ for EFN ~~~~~~~~~~~~~~~~~~~
>
> - Have your records, logs, etc. ever been subpoenaed ?
I have heard of a case where EFN was contacted and asked to produce
information regarding someone who had done something nasty on someone
else's machine(s). Can't offer much information, but here's what I know
about it:
1. The alleged abuse was criminal in nature
2. EFN's machine{,s} were used in the act (probably garcia)
3. Local police (there, not Eugene, outside of Oregon) were involved
4. Given the above, EFN was cooperating as would be expected.
Had the individual been smarter than indicated by the form and method of
the abuse, EFN would have had a harder time identifying anyone as being
responsible. Doing something nasty on someone else's shell box is a good
way to get caught since shell boxes DO keep logs just in case.
I do not know if information necessary to identify a person was found,
though clearly EFN staff were able to trivially check who was using the
machine at the time of the attack. Had this information been subpoenad,
I'd expect EFN to hand it over. And had their logs indicated anyone in
particular was likely doing something bad, I'd expect them to investigate
further and report what they found to the appropriate authorities.
If you're doing it using EFN's own machines, EFN could be held responsible
for what was done. The only way they could possibly not be held so is to
offer whatever logs they have when police come knocking. I think this is
probably the right thing for EFN to do, without getting into the questions
of what's legally wrong and what's morally wrong. I think I would suggest
any planning to do anything illegal should not depend on their ISP to keep
what they did a secret. An ISP the size of EFN has a lot of customers who
are obeying the law to think about. If a few choose not to, and get
caught doing something they shouldn't be, it's their ass on the line and
theirs alone. EFN should not risk charges of hindering prosecution or
witholding evidence.
Of course most of us here know that it is possible to do things that are
illegal online while being discrete enough to not leave traces back to
EFN. Obviously these are the more dangerous threat, but since they would
likely not leave any traces, nobody at EFN is likely to hear about such
people. They probably have little to fear as long as they are careful and
don't become sloppy. Not that they need me to remind them of this fact.
> - Are you legally able, and willing to comment on such issues ?
> (I understand, that's pretty generally phrased (I am not a lawyer) -maybe
> EFN has some general policy on the subject that is public ? )
It may require a lawyer to review their reply to this just to make sure
any reply does not expose them to any sort of lawsuit or whatever. =p
I expect EFN staff likely share my opinion that if you're stupid enough to
do something illegal from EFN's own machines and wind up logged doing it,
you'd better not expect much sympathy from the admins. You also had
better not expect them to ensure secrecy of your actions since even if you
did nothing morally wrong, they could be compelled to give up what they
know.
> - For how long are dialup logs kept (the userID-dynIP-timestamp
> connection) ?
This I cannot answer.
> I don't question that there are reasons to subpoena some of the
> information we are talking about here under *specific* circumstances (e.g.
> the fairly recent bust of a cyber child-porn ring in our area) -in
> contrast, the Poindexter project is just a big fishing expedition.
In regard to the above case where a list of people online at the time of
the attack was known ... Once the admins had the list, they could have
probably gone and sifted through various files owned by those people to
see if anything incriminating existed. I did not ask why this was not
done; I know why it was not already. Without specific evidence pointing a
finger in the general direction of someone in particular, nobody is going
to invade a user's privacy. I think that's the difference between being a
good ISP doing what is necessary to obey the law and an ISP which spies on
its users.
--
Joseph Carter <[EMAIL PROTECTED]> You expected a coherent reply?
"It isn't pollution that's harming the environment. It's the impurities in
our air and water that are doing it."
-- Al Gore
msg12855/pgp00000.pgp
Description: PGP signature
