[140363] in North American Network Operators' Group
Fwd: 23,000 IP addresses
daemon@ATHENA.MIT.EDU (Luis Marta)
Tue May 10 10:55:01 2011
In-Reply-To: <BANLkTikX-jRY2XKpdNvXoR2KDgVRooE1EQ@mail.gmail.com>
Date: Tue, 10 May 2011 15:53:34 +0100
From: Luis Marta <luis.marta@gmail.com>
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, May 10, 2011 at 3:38 PM, Michael Holstein <
michael.holstein@csuohio.edu> wrote:
>
> >
> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddress=
es.pdf
> >
>
> The dates in the timestamps are back in February. We deleted those logs
> "..in the regular course of business.."
> a LONG TIME AGO.
>
> If you didn't do that, you really ought to ask yourself why.
>
> Regards,
>
> Michael Holstein
> Information Security Administrator
> Cleveland State University
>
In the EU you have Directive 2006/24/EC:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=3DOJ:L:2006:105:0054:=
0063:EN:PDF
Article 6 - Periods of retention
Member States shall ensure that the categories of data specified in Article
5 are retained for periods of not less than six months and not more than tw=
o
years from the date of the communication.
Article 5 - Categories of data to be retained
1. Member States shall ensure that the following categories of data are
retained under this Directive:
(a) data necessary to trace and identify the source of a communication:
(...) the name and address of the subscriber or registered user to whom an
Internet Protocol (IP) address, user ID or telephone number was allocated a=
t
the time of the communication;
Each member state creates its own law, according to the directive. In
Portugal, you have to retain the data for one year.
Best Regards,
Lu=EDs Marta.
