I would love to ask the EFF just what you do when you don't log stuff, and then need to troubleshoot someone causing a DDoS or something from your network in a hurry.
Not that I'd get any sort of a useful answer from them, beyond random propaganda that spam filtering is evil, DPI is demoniacal etc etc. On Fri, Jan 6, 2012 at 3:54 AM, John Adams <j...@retina.net> wrote: > > OSPs cannot be forced to provide data that does not exist. EFF suggests > that OSPs draft an internal policy that states that they collect only > limited information and do not retain any logs of user activity on their > networks for more than a few weeks. If a court order requests data that is > more than a few weeks old, the OSP can simply point to the policy and > explain that it cannot furnish the requested data. Likewise, if unnecessary > PII is regularly deleted, the OSP cannot supply what it does not retain. > This saves the OSP time and money, while also providing the OSP with > sufficient data for its own administrative and business purposes. -- Suresh Ramasubramanian (ops.li...@gmail.com)
