[EMAIL PROTECTED] wrote: > > Given recent passage of the Patriot Act here in US, I'm re-evaluating > privacy policies at the ISP I run. > > I'm curious what mechanisms and policies we might keep/implement > to preserve the privacy and integrity of our clients. Some are obvious: > * gnpgp/pgp email > * quick and regular deletion of logs after our system security checks > > What about protecting client data? Suppose someone with a name like > "Saddam" signs up for a mailing list; what can be done to protect everyone > else on that mailing list. (I did not make up that example.) Are > there ways of handling data like that mailing list that would keep it > private?o What about customer databases? > > This may not be the place for this; can someone suggest other resources? > > Thanks, > > cfm
This is a very important issue, particularly in light of the draconian bill just passed and, even though not Debian specific, should be of great interest to many ISPs. Be aware that simply encrypting mail and erasing old logs will not shield your customers very well and may inadvertently create a worse situation. Whatever policies you implement, be sure to thoroughly think through the possible outcomes and be sure to have a well thought out and rational reason for them. Deleting server logs to "protect my customers' privacy" could easily be transformed by today's "witch hunt" mentality into deleting server logs to "intentionally erase evidence that could be used against the terrorists using my system" A policy to quickly erase server logs to enhance system security and maintain adequate disk space may be perceived to be more rational and "patriotic." For PGP, the government could easily recover the PGP keys from either your servers or the customers machines - perhaps even without your or the customer's knowledge since the government is allowed to ask for "secret" search warrants. Hmmm.. I wonder if the FBI would be violating the DMCA if they circumvented the encryption of your email, which after all is a "published" work and therefore copyrighted. :-) Deleting the log files, and even writing all zeros to the disk, doesn't make the files irretrievable. This policy may actually make things *worse* for your customers because law enforcement may assume, because of your actions, that you are attempting to hide something. The "innocent until proven guilty" thing is just lip service. Law enforcement may even more deeply invade your customers privacy by doing a more thorough search then they would have done otherwise. They may seize the computer to do forensic work to recover the logs, which means your customers lose data all their data and service or they may shut you down completely to prevent you from destroying more "evidence." Perhaps writing logs to /dev/shm would be a way to go, if you are really intent on total erasure of the logs, but that has security ramifications. <Paranoia Mode: off> Having said all the above, I'd hope that all ISPs have a policy to discontinue service to anyone using their system for "wrong" purposes and that includes terrorism and SPAM! Pete Billson -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
