7

Since most internet users have ISPs using dynamic IP addresses (e.g. someone gets a new external IP address every few days) are there any laws requiring the ISPs to keep logs associating an IP address on a certain day with a certain individual? For example if someone hacks a website and their IP address is found, can anything be done about it? If ISPs do keep logs, what is associated with a persons IP address? I mean does DHCP somehow know the geographical location of who gets what IP, and then that information is stored?

curiousguy
  • 5,028
  • 3
  • 25
  • 27
Celeritas
  • 10,039
  • 22
  • 77
  • 144

4 Answers4

11

  • Some ISPs force a connection reset every 24h and you get a new IP address assigned, others don't force you and yet others give you a fixed ip address.

  • There are laws requiring the ISPs to log the User - IP association (which in turn is associated with your contract)... but e.g. in the EU there is the data retention directive that requires ISPs to even log individual connections. (Actually the EU directive is a "contract" between the European Council/Parlament and member nations, not between EC/EP and ISPs. The nations must adopt the directives in local law themselves. Usually they either adopt it as is, adopt it and extend it, have already adopted it or refuse to do so (this usually works by ruling that it conflicts with constitution).) read more at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:HTML. There is a visualisation for retained mobile phone connection metadata at http://www.zeit.de/datenschutz/malte-spitz-data-retention

    • Concerning your question about geographical location: There is a limited number of IP adresses available. They are goverened and distributed by organisations like http://www.iana.org and (?) http://www.ripe.net/ . Now your ISP buys IP addresses (whole ranges and networks) and uses them to connect you to the internet. They are not sitting there and free to use like on a private network with DHCP. (Try looking up your IP address and looking it up at https://apps.db.ripe.net/search/query.html)

There are databases like http://www.geoiptool.com/ that try to provide location information for any given ip address, but their accuracy greatly depends on different factors (e.g. if your ISP only operates in a small regional area or in the entire USA). Usually those databases are only good for associating IPs to countries.

Tie-fighter
  • 755
  • 6
  • 8
  • The Data Retention directive was declared invalid in April 2014. [Wikipedia](https://en.wikipedia.org/wiki/Data_Retention_Directive) and one specific source [Court of Justice of the European Union Press Release No 54/14](http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf). – user Dec 04 '14 at 15:40
7

Yes. ISPs do store all DHCP ip assignment logs. They know exactly who had what IP address and when. For them it is a legal obligation to harvest this information to facilitate any legal queries and investigations. In the US, they have to follow The Federal Communications Commission (FCC) regulations.

In the US, ISPs keep track of these items (as available) associated from IP assignment logs and their billing system records for any IP address they assign…

  • Subscriber's name
  • Subscriber's billing address, and service address
  • Subscriber's contact number, phone and email whichever are available
  • Date and time range of when a particular IP address was assigned to the subscriber
  • Service account number and account status any particular time frame, along with their hardware details (modem etc).

They do not keep track of who accessed what site or what IP address and when, no tracking of subscriber's online activities/traffic. It is against privacy laws.

ISP are obligated to provide this information to Law Enforcement Agencies (Police, FBI etc) for any given investigations of frauds, hacking, online crimes, threats to the society and to prevent loss of a life.
Every ISP has their own procedure to provide this information to law enforcement agencies, some do it quicker, some take longer time.

Also take a look at Customer Proprietary Network Information (CPNI). It is a compliance requirement for all ISPs to protect network propitiatory information of every subscriber. It includes, call records, IP address, service details and also Personally Identifiable Information (PII) to some extent.

EDIT: To add more into this, A good example is - ISP has all subscriber IP information, If a subscriber uploads a pirated content on a site, or make it freely available on internet, the content owner can request investigation on this to the ISP and the ISP will dig through their DHCP lease history and actually send the subscriber a Piracy Act violation notice.

EDIT: A correction - For them is it a legal obligation to harvest this information is wrong. I couldn't find any document to support this. Though from my day to day experience I know almost all ISPs harvest client IP information.

e-sushi
  • 1,296
  • 2
  • 14
  • 41
Majoris
  • 890
  • 6
  • 12
  • "They do not keep track of who accessed what site or what *IP address* and when" are you refering to the IP address of the website (etc.) they visited or their own ip address? – Celeritas Jul 17 '12 at 05:46
  • Website's IP address that they visited. Not their own IP. – Majoris Jul 17 '12 at 05:48
  • Even if the ISP's were not required to keep this information for legal reasons, they likely would still keep said logs, for the simple fact they would want to be able to track this information for quality control reasons. – Ramhound Jul 17 '12 at 11:28
  • @KapishM "the ISP will dig through their logs and actually send the subscriber a Piracy Act violation notice."? What information are they consulting? Just DHCP lease records? – chao-mu Jul 17 '12 at 12:45
  • 1
    @Ramhound Citation? No offense intended, it is a claim I have seen frequently. – chao-mu Jul 17 '12 at 12:48
  • @chao-mu - Just the dhcp logs. – Majoris Jul 17 '12 at 17:31
  • Do you have a citation for the statement that ISPs are required to record and retain this information? and how long they must store it? While many ISPs may indeed store this information today, I am skeptical of the claim that it is legally required in the US. – D.W. Jul 17 '12 at 18:18
  • @D.W. - No I don't. This is from my daily experiences, I handle these types of investigations daily basis. – Majoris Jul 17 '12 at 23:52
  • Edited my answer with a correction! – Majoris Jul 22 '12 at 00:17
  • "_For them is it a legal obligation to harvest this information is wrong_" in which jurisdiction? – curiousguy Jul 22 '12 at 01:53
  • At least here in US. Couldn't find a document that says there is a law in US for this. But ISPs do store this on their own. – Majoris Jul 22 '12 at 07:08
6

As the owner and operator of an ISP, I can say that most of us (90%) keep connection logs. We need these internally for troubleshooting purposes. From these logs I can tell you exactly which user account was assigned what IP address and how long they had that address for (start stop times). I further have MAC address information on the device that made the connection to me. I keep these logs for 7 years and only provide information to law enforcement when provided with a court order commanding it so provided. We usually get a court order per month. When we do, law enforcement provides the time of date range, IP address used, any other pertinent info they have. They ask for just about the kitchen sink on the suspect. We by law only provide exactly what they ask for.

Marco
  • 61
  • 1
  • 1
2

You need to specify the legal jurisdiction, when asking a question about the law.

In the US, I do not know of any legal requirement to record and retain this information (there have been some proposals but I do not believe any were enacted into law), but I believe most ISPs do anyway. In the EU, I believe there is a requirement to retain and record this information.

For further information:

D.W.
  • 98,420
  • 30
  • 267
  • 572