0

Whenever I read something like "ISPs store your data" or "ISPs delete your data after 6 months" or anything like that, I imagine data to be the following things:

(1) At what time I accessed the Internet, got what IP address (in case of dynamic IPs) and accessed what website with it.

(2) How long I remained on that website.

(3) And of course, regarding the "I" in (1), they also know everything about me, including my name, phone number, actual address etc.. (i.e., the subscriber's details)

So, when the police subpoena ISPs to resolve an IP address at a particular time on a particular day to a real person (the subscriber) and their details, they do have all the records regarding who had what IP and when? This is how police find criminals, right?

What happens when ISPs delete logs (as most ISPs do due to financial constraints), and police approach them asking to resolve an IP address at a particular time on a particular day to a real person and their details (contact, address etc..)?

Does "deleting logs" mean deleting the record of which subscriber was assigned what dynamic IP address and when? Or ISPs never delete data about who had what IP and when, but just delete what they had accessed and for how long?

I suppose that merely keeping records forever of who had which IP and when is cheap (compare with keeping a record of all the videos someone has ever watched), and beneficial to law enforcement.

Related questions that I checked:

What are the laws regarding ISP recording IP addresses? How would they know who had which?

Do ISP’s in America keep IP assignment logs forever?

The answers did not specifically address whether "deleting" means deleting the record of who had which IP and when (which is a cheap but extremely useful thing to keep indefinitely).

schroeder
  • 123,438
  • 55
  • 284
  • 319
Jay Shah
  • 339
  • 2
  • 4
  • 10

2 Answers2

1

In a nutshell, the duration and scope of data retention is dictated by legal requirements, and then operational/business decisions may come into play. ISPs may or may not be allowed to keep logs for longer than legally necessary but storage and maintenance has a cost. Unless there is value in mining that particular data, the incentive for an ISP to keep logs forever is low.

The most important (and possibly the only) information that the ISP can provide is whose connection was assigned what IP address at a given time. The aim being to identify a customer from an IP address recorded somewhere else (eg in web servers logs).

The ISP probably doesn't have so much insight into your browsing activity. If you use their DNS they may figure out what websites you visited, but many people use a third-party DNS like Google, Quad9 etc. Even if the ISP tapped your whole traffic because you are a "person of interest" most of it would be encrypted anyway (https mostly).

If the police need more details about what you did on some website where your IP address was recorded, then the police would have to subpoena the webhost or whatever. The ISP has only part of the information, which is crucial for investigations but very limited at the same time.

Read the terms and conditions of your ISP and see if there is any mention of what data is logged.

Kate
  • 6,967
  • 20
  • 23
  • So it is cheap to maintain IP assignment logs? I found answers on quora, where they say that ISPs usually delete IP assignment logs after 18-24 months. What according to you, is the common practice, to delete after some time, or to keep forever? – Jay Shah Nov 08 '20 at 16:30
  • Again, it depends on jurisdiction and legal obligations first, for instance the US and Europe have quite different regimes. It should be pointed out that different types of data may be subject to different retention periods. For example billing data may have to be retained for longer than technical data. So there is no one size fits all answer given that the question is extremely broad. – Kate Nov 08 '20 at 17:27
  • Right, right. The question is broad indeed. Is it cheap to store simply IP assignment logs, by the way? – Jay Shah Nov 08 '20 at 17:30
  • And by the way, is this "IP assignment logs" thing stored separately from the metadata (that has a deletion date)? I imagined that the data (which IP address was assigned to whom at what time and what website did they visit with it.) is stored together at one single place, so when they mean deletion, they mean deleting everything altogether. – Jay Shah Nov 08 '20 at 17:35
  • Broadly speaking, storage is cheap. But compliance is not, and it requires human labor. Backups/archiving should be automated but you still need sysadmins to control that systems are working properly and fix the problems that inevitably occur. From time to time you have to expand storage, so someone may have to physically add drives to a disk array. At some point there is always a human being involved and he/she has to be paid a salary. When you think of it, even a car that stays in the garage all year long still requires maintenance. Cheap is not free. – Kate Nov 08 '20 at 17:40
  • Hmm. Thank you for explaining. I do not know any ISP that stores anything indefinitely. Do you know any? – Jay Shah Nov 08 '20 at 17:42
0

The answer for any specific data will depend on the particular ISP and the regulations/laws they are subjected to.

And you are making some assumptions about "retention periods".

If they need the data, for themselves or for legal reasons, then they will define the retention period for it. When they no longer need it, then they can and might delete it all.

So, different data related to your activity might have different retention periods from others. But once a particular data's period is over, then by definition, it is due for deletion.

And, by this way of looking at it, after the retention period, it can all get deleted.

But it appears that you want to know how long the retention period is for a very specific set of data. And as I said at the start, that might be different for each ISP.

schroeder
  • 123,438
  • 55
  • 284
  • 319