Swedish ISP Starts Deleting Log Files To Protect Users From IPRED Law
from the and-so-it-goes dept
There's been plenty of attention paid to Sweden's new IPRED law, which requires ISPs to hand over identifying information on those accused of file sharing -- but we've already noted that all the law is really doing is driving people to alternatives, such as encryption. And, now, it appears that even ISPs are recognizing that it just makes good business sense to better protect their users. Broadband Reports points out that a Swedish ISP, Bahnhof, has started destroying its own log files, rather than hand them over to authorities. The company's CEO notes that nothing in the law requires ISPs to keep log files -- but only to turn over what info has been retained. It seems likely that Bahnhof may have just convinced a bunch of folks to see if they can sign up for new broadband from the company. Any bets on how long it takes Sweden to pass a new law requiring ISPs to retain data for a certain period of time? Even the CEO admits that's likely -- but notes that it will show this is nothing more than a witch hunt by the entertainment industry:"And then the legislators will have to step up and say they want to have data storage, not to catch terrorists but to help record companies and the movie industry in the hunt for file sharers."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Good for him!
[ link to this | view in chronology ]
Re: Good for him!
That's not exactly a secret even now. But Swedish voters, it seems, are no more concerned with corruption than American ones are. In fact, I'm starting to think that American voters have come to actually admire corruption.
[ link to this | view in chronology ]
Storing the data may break the law
There are been reports of two smaller Swedish ISPs taking the same approach.
When this was uncovered it was reported in the news as Bahnhof exploiting a loophole in the legislation. The truth is however that politicians have been aware of this for a long time. Since the EU data retention directive forces Sweden to introduce data retention laws they probably await the implementation of that since they can then blame EU and the former minister of the justice department (he was one of those who most strongly pushed for the introduction of this EU directive - now he is in opposition). Since the data retention directive is meant to fight heavy crime, it's not yet certain that rights holders will be able to gain access to data upon suspicion of less serious crimes.
What's interesting is that we here in Sweden currently have a law on electronic communications that dictates that those who provide networks for eletronic communication may not store traffic data longer than necessary in order to distribute electronic messages or for billing (and IP-address logs aren't needed for billing). Hence, it would actually seem to be illegal for them to store logs of what IP-addresses were assigned to whom at what times.
So while the media has been painting a picture of Bahnhof as the black sheep or at least as a form of political protester/activist, it may be its competitors who are breaking the law when they say they do store this info.
[ link to this | view in chronology ]
No, they never created the logs in the first place.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
yes, I think it's the same in Germany. However, there's nothing in the EU directive that forces nations to disclose the information it forces them to store. In fact the directive was accused of being passed on the wrong grounds, but the european court of justice didn't agree and found the data retention was not related to police cooperation but rather establishing an even ground between ISP competitors in different EU member countries.
So in theory if the ISPs encrypted the data that they are obliged to keep, and then threw away the encryption key they would still live up to the spirit (although maybe not letter) of the directive since it is (officially at least) just meant to put an equal burdon on ISPs in all countries. In practice it would probably not be possible though, but I'd love to see some country try it. However, it's still up to the individual countries to regulate under what circumstances the data may be accessed and they are free to not release it under any circumstances if they want.
I really wonder what's next. France introduces HADOPI which limits people's right to internet access without preceeding court trial and then claim that this puts an extra burdon on french ISPs and therefore ISPs in all member countries should be obliged to do the same?
[ link to this | view in chronology ]
What's next? See ACTA, and combine it with Data Retention, the mix of BSA, MPAA and RIAA aversion to new business models and equating piracy (patch kind), terrorism and downloading, and and Sarkozy's shenanigans, and the picture is not pretty.
Article 4
Access to data
Art. 4 - Member States shall adopt measures to ensure that data retained in accordance with this Directive are provided only to the competent national authorities in specific cases and in accordance with national law. The procedures to be followed and the conditions to be fulfilled in order to gain access to retained data in accordance with necessity and proportionality requirements shall be defined by each Member State in its national law, subject to the relevant provisions of European Union law or public international law, and in particular the ECHR as interpreted by the European Court of Human Rights.
Article 8
Storage requirements for retained data
Member States shall ensure that the data specified in Article 5 are retained in accordance with this Directive in such a way that the data retained and any other necessary information relating to such data can be transmitted upon request to the competent authorities without undue delay.
[ link to this | view in chronology ]
ipred
[ link to this | view in chronology ]
Wow
[ link to this | view in chronology ]
I think those articles only confirm what I said. Read closely: "The procedures to be followed and the conditions to be fulfilled in order to gain access to retained data (...) shall be defined by each Member State"
Of course, some will look at all the stored data as children look at candy, so in practice it may not help much to let the member states regultate this on their own. At least it makes it easier to assign responsibility for the decisions.
[ link to this | view in chronology ]
IPRED
[ link to this | view in chronology ]
Logs
But Weird Harold said that Swedish law also requires the keeping of logs. That isn't true?
[ link to this | view in chronology ]
If Weird Harold said that then he's wrong. The EU directive will eventually force logs, but it has not yet been implemented into Swedish law. If IP-adress logs count as "traffic data" (I and would suppose they do) the ISPs may not store such data any longer than necessary to fulfil their service or bill the users. For IP-adress logs I would suppose it means that they may not be stored at all.
@Anonymous Coward 2:
I don't think one can compare Sweden to America in that regard since we have publicly funded elections, so we have almost none of the kind of corruption that people like Lawrence Lessig writes about. I would absolutely not call our politicians corrupt, but I do think they are out of touch and listen too much to the content industries and often have bad advisors which are too close to the industry. During the police investigation of The Pirate Bay there was a very disturbing thing though - the police responsible for the investigation (and who probably knew lots of info about TPB that he wasn't allowed to reveal) was hired by Warner Brothers just after the investigation had ended.
[ link to this | view in chronology ]