[Dshield] Fed Bill Would Restrict Web Server Logs

Paul Marsh pmarsh at nmefdn.org
Tue Feb 14 15:26:43 GMT 2006


I'd love to know what got Mr. Markeys pants all in a bunch?  I'm not a
lawyer and nope I don't play one on TV but it looks a little weak. 

SEC. 3. DESTRUCTION OF DATA WITH PERSONAL INFORMATION BY INTERNET
WEBSITES.
An owner of an Internet website shall destroy, within
a reasonable period of time, any data containing personal
information if the information is no longer necessary for
the purpose for which it was collected or any other legiti
mate business purpose, or there are no pending requests
or orders for access to such information pursuant to a
court order.

What's "reasonable period of time"?
Who determines when "the information is no longer necessary for the
purpose for which it was collected"?


Thanx, Paul

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Jon R. Kibler
Sent: Tuesday, February 14, 2006 9:50 AM
To: list at lists.dshield.org
Subject: [Dshield] Fed Bill Would Restrict Web Server Logs

> Message: 3
> Date: Thu, 09 Feb 2006 00:14:23 -0800
> From: Declan McCullagh <declan at well.com>
> Subject: [Politech] Delete web server logs, or get fined by the Feds?
>         Ed Markey's new bill [fs]
> To: politech at politechbot.com
> Message-ID: <43EAF9DF.2000602 at well.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> I've posted the text here:
> http://www.politechbot.com/docs/markey.data.deletion.bill.020806.pdf
>
> A summary is here:
> http://news.com.com/2100-1028_3-6036951.html
> "A bill just announced in Congress would require every Web site
> operator to delete information about visitors, including e-mail
> addresses, if the data is no longer required for a "legitimate"
business purpose.
>
> An open question is whether Rep. Ed Markey's bill would require that
> Internet addresses be deleted by default from Apache and other web
> server logs. One reading is that it would be. But it's not clear
> whether an IP address falls under the definition of personal
information.
>
> This bill applies to anyone running a web site, including individuals
> and bloggers. So it's not just companies that have to worry.
>

>From Declan McCullagh's PoliTech mailing list. Thought U.S. members of
DShield would be interested since, if this bill passes, it would impact
almost all of us. Just imagine the impact on security of not being able
to login IP address and referring page of all web server connections!

Jon Kibler
--

Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.




The information in this transmittal (including attachments, if any) is privileged and confidential and is intended only for the recipient(s) listed above. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. Thank you.



More information about the list mailing list