[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: German data rentention law

Am 20.10.2008 um 15:29 schrieb Dominik Schaefer:

Roger Dingledine schrieb:
On Sun, Oct 19, 2008 at 02:30:32AM +0200, Sven Anderson wrote:

All sources I know don't let any doubt that ISPs will _only_ keep
data, which they log anyways, that is which IP has been assigned
to which user at which time.
IMHO it is not true, that ISPs will only have to retain data, they
anyway log. Until now, they weren't even allowed to log the IP address
if they don't need it for billing purposes. The DR law defines, what
they have to log.

You have to look at the details here. The law tells them what to _retain_, not what to _log_. It assumes that ISPs log that stuff anyways. I have my information from a talk of the data security officer of the Deutsche Telekom[1], but I just had a look at TKG 113a (1), and it seems indeed that if you don't log, you have to make sure somebody else logs it. Maybe they changed that paragraph after the talk has been held?

Regarding your example: I wrote the same one sentence after the one you quoted from me. With a little difference: they are allowed to log it, but they have to immediately delete it after the connection.[2]

[1] http://www.jura.uni-duesseldorf.de/institute/zfi/materialien/Informationsrechtstag5/070627-Ulmer.pdf (german)
[2] http://www.heise.de/newsticker/meldung/80614 (german)



Attachment: smime.p7s
Description: S/MIME cryptographic signature