North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fed Bill Would Restrict Web Server Logs

  • From: Bill Nash
  • Date: Tue Feb 14 12:30:22 2006

On Tue, 14 Feb 2006, Hyunseog Ryu wrote:

I guess the question is how to read "legitimate" word. ^.^
I guess the bill was written in mind of privacy concern.
But also there is some requirement for security/law-enforcement viewpoint.
I received the request from some law-enforcement about actual user of IP
address 3 year ago or older.
Without all log info, how can I tell it?
In the context of the legislation in question, if the user is still a current customer, you have a legitimate business use for the data. If the user was no longer a customer, I would surmise that you should have purged it, as you would no longer have a need for that user's personal data.

I'm really curious whether this was a kind of post-action to the
cell-phone use log business such as or something like that.
An exploration of the side effects would be interesting. I think it'll provide a legal cudgel for mailing lists and opt-in tracking, as well as ensuring that your information is purged when/if you opt-out. It may also have dampening effects on the sale/trade of personal information, as it would now be questionably criminal to possess the personally identifying information of a person you have engaged in zero business with.

From the text of the bill, there are some pretty loose points that'll give
lawyers a lot of vine to swing from, including the definition of 'legitimate business practice'. Associating all of it to 'Internet website', as defined, is another loophole waiting to happen.

I think the single best element of the bill is the declaration that consumers have an ownership in interest in their personal information. Owndership implies control, and by extension, some amount of control in who gets to have it. I'd like to see what happens when the final bill is mated with US Federal CAN-SPAM law.

- billn