2012-02-08 - Re: [GRASE-Hotspot] Save log on remote server

Header Data

From: Johnny Solbu <so***u@solbu.net>
Message Hash: 92079104510a216cfee0ceb3d3cf17949a2e72956944741ae54355c0f3df162a
Message ID: <201202081340.02471.solbu@solbu.net>
Reply To: <4F326480.2040706@gmail.com>
UTC Datetime: 2012-02-08 05:39:55 UTC
Raw Date: Wed, 08 Feb 2012 13:39:55 +0100

Raw message

On Wednesday 08 February 2012 13:03, Tim White wrote:
> Even if you explicitly state you are monitoring? Wow. I would have 
> thought that in a school situation for example, where you state you are 
> explicitly monitoring, it wouldn't be a problem. 

Well, if you are monitoring, you must disclose that you do. Secret monitoring are prohibited and can result in hefty fines, and in some cases prison sentence.

The general rule on logging is that if you don need it, you are not allowed to store it.


> For example, if kids  
> are using the internet for purposes other than they are allowed (i.e. 
> playing games on the net), then their internet privileges can be 
> revoked, and hence monitoring is needed to enforce the policy.

That is a valid use case, but that doesn't mean you can store the logs much more beyond 3 weeks or so. And you are not allowed to log what they are doing. e.g. You can't log which pages they read, as that is a violation of privacy. (Yes, even children and students have right to privacy.)


This will unforunatey change in the comming summer however, unless we can stop in in courts.
Last year it was decided in our parlament that Norway is to implement the EU Data Retention Directive. Which means that providers wil be required by law to log these things. and store it for Minimum 6 months. Teh only good thing is that the logs are required to be encrypted by a key the ISPs and providers don't have access to the private key. They are required to encrypt it at All stages of storage. If it is possible to get to the logs without using decryton, they are not in clompliance with the law. 
A counter argument that was used in the various media debates before the decition last year, is the fact that currently it is illegal to log most of the things the directive require us to start logging.

> These are actually good questions that need to end up in the 
> FAQ on trac.grasehotspot.org when I get around to it. 

Perhaps also it should be included in the documentation accompanying the installation.

-- 
Johnny A. Solbu
web site, http://www.solbu.net
PGP key ID: 0xFA687324
********************************
Kom Arbeidslyst og treng deg på,
her skal du motstand finne.

Thread