0

If authorities find access logs or some other linking between an IP address and the access of illegal materials online, in order to trace down who the owner of the IP address is any IP assignment logs that links address to customer would have to still exist before an ISP deletes them. For example, if the logs they find show a viewing from an IP several years ago, there’s a chance the suspect switched providers a long time ago and possibly no longer possesses the computer he/she used (as well as possibly destroying his/her hard drive) and the ISP would have no use for those IP assignment logs and deletes them, so that if the authorities try and subpoena the ISP for them they might come up empty (this would be well beyond the reasonable data retention period before the authorities would actually try and subpoena).

Isn’t it true that any logs linking a customer to an IP address will eventually be deleted/destroyed by the ISP (typically because holding on to data that isn’t relevant to them is a pointless expense) making it so authorities who use IP addresses to link a customer to a crime only have a limited amount of time to pursue a prosecution? For the sake of the argument, assume the access log would be the only evidence authorities are able to get.

When companies talk about how long they hold on to data in their privacy policy, are IP assignment logs part of that?

walstack
  • 101
  • 1
  • 1
    *"Isn’t it true ...."* - Yes, it is true. Is this yes/no really everything you wanted to know? But note that logs are not the only thing where evidence will vanish over time, so it is not actually a new kind of problem. – Steffen Ullrich Jun 28 '21 at 08:10
  • @SteffenUllrich I suppose other questions would be generally speaking how long do logs typically exist before being deleted, and if there are any exceptions (any cases in which they might never be deleted and for what reason) etc. – walstack Jun 28 '21 at 08:22
  • @walstack there is no "typical". Every company will have different policies, different countries have different laws around how long they must be kept, and then once the data is permitted to be deleted, they may not be deleted right away. So, there is no answer to that question. – schroeder Jun 28 '21 at 08:45
  • @schroeder When companies talk about how long they hold on to your data / when they delete your data in their privacy policy, do things like IP assignment records typically/traditionally fall in to that category of data they’re referring to? So one could find out in principle how long a company holds on to IP assignment logs by reading their privacy policy? – walstack Jun 28 '21 at 08:50
  • It depends. And the policies tend to state how long they *must* be held for (a minimum) not the max time they *can* be held for. Different regulations may compel a maximum. But, then, legal issues override privacy regulations, so it is trivial for the police to request an indefinite hold on data. So, no, you cannot be sure of anything. – schroeder Jun 28 '21 at 08:53
  • @schroeder Sure, but without any legal influence ISP’s have no incentive to waste money and manpower keeping logs indefinitely. – walstack Jun 28 '21 at 08:55
  • That's true, but that doesn't answer your question. They also have no incentive to have a specific, consistent, and complete process to dependably erase specific data .... – schroeder Jun 28 '21 at 08:56
  • 1
    *" I suppose other questions would be generally speaking how long do logs typically exist before being deleted"* - This would be a duplicate then. See [What are the laws regarding ISP recording IP addresses? How would they know who had which?](https://security.stackexchange.com/questions/17279), [How long do ISPs retain data?](https://security.stackexchange.com/questions/202699), [Do ISP’s in America keep IP assignment logs forever?](https://security.stackexchange.com/questions/202842). And regarding the laws check [law.se]. – Steffen Ullrich Jun 28 '21 at 08:56
  • @SteffenUllrich None of these mention a vague or typical retention period for IP assignment logs, just generally “data”. The last question has no upvotes for its answer so I’m not sure how reliable it is. – walstack Jun 28 '21 at 09:25

0 Answers0