[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: German data rentention law



Roger Dingledine schrieb:
> On Sun, Oct 19, 2008 at 02:30:32AM +0200, Sven Anderson wrote:

>> All sources I know don't let any doubt that ISPs will _only_ keep
>> data, which they log anyways, that is which IP has been assigned
>> to which user at which time.
IMHO it is not true, that ISPs will only have to retain data, they
anyway log. Until now, they weren't even allowed to log the IP address
if they don't need it for billing purposes. The DR law defines, what
they have to log.
If you are e.g. a re-seller, than you don't have to log yourself, if
the data they ask for does not fall into your responsibility. But in
that case, you may have to prove upon request, that your contractor
logs that data.

> So: if it turns out that German ISPs don't log anything related to
> traffic headers, then the only remaining concern is the 
> Germany-specific clause about anonymizing services.
I guess, we will see a noticeable drop in the number of exit nodes in
germany on the 1/1/09, because operators downgrade to middle-man. As
middle-man, the risk of being asked for log data decreases
significantly, so you may get away with a violation of that law at
least for some time (if Tor nodes have to log, which is unclear, as
the current discussion already showed).

The call to shut down the node rather than to install 'logging
infrastructure' is probably in any case a good thing to do.

Dominik