[Dshield] Fed Bill Would Restrict Web Server Logs
John B. Holmblad
jholmblad at aol.com
Tue Feb 14 20:53:34 GMT 2006
it seems pretty straightforward to me. Keeping out intruders (aka
defending your assets) is a "legitimate business purpose" and the need
to do so never goes away.
GSEC Gold, GCWN Gold, GGSC-0100, NSA-IAM, NSA-IEM
(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388
primary email address: jholmblad at aol.com
backup email address: jholmblad at verizon.net
www page for texting: www.vtext.com/users/jholmblad
text email address: jholmblad at vtext.com
Paul Marsh wrote:
> I'd love to know what got Mr. Markeys pants all in a bunch? I'm not a
> lawyer and nope I don't play one on TV but it looks a little weak.
> SEC. 3. DESTRUCTION OF DATA WITH PERSONAL INFORMATION BY INTERNET
> An owner of an Internet website shall destroy, within
> a reasonable period of time, any data containing personal
> information if the information is no longer necessary for
> the purpose for which it was collected or any other legiti
> mate business purpose, or there are no pending requests
> or orders for access to such information pursuant to a
> court order.
> What's "reasonable period of time"?
> Who determines when "the information is no longer necessary for the
> purpose for which it was collected"?
> Thanx, Paul
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Jon R. Kibler
> Sent: Tuesday, February 14, 2006 9:50 AM
> To: list at lists.dshield.org
> Subject: [Dshield] Fed Bill Would Restrict Web Server Logs
>> Message: 3
>> Date: Thu, 09 Feb 2006 00:14:23 -0800
>> From: Declan McCullagh <declan at well.com>
>> Subject: [Politech] Delete web server logs, or get fined by the Feds?
>> Ed Markey's new bill [fs]
>> To: politech at politechbot.com
>> Message-ID: <43EAF9DF.2000602 at well.com>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>> I've posted the text here:
>> A summary is here:
>> "A bill just announced in Congress would require every Web site
>> operator to delete information about visitors, including e-mail
>> addresses, if the data is no longer required for a "legitimate"
> business purpose.
>> An open question is whether Rep. Ed Markey's bill would require that
>> Internet addresses be deleted by default from Apache and other web
>> server logs. One reading is that it would be. But it's not clear
>> whether an IP address falls under the definition of personal
>> This bill applies to anyone running a web site, including individuals
>> and bloggers. So it's not just companies that have to worry.
> >From Declan McCullagh's PoliTech mailing list. Thought U.S. members of
> DShield would be interested since, if this bill passes, it would impact
> almost all of us. Just imagine the impact on security of not being able
> to login IP address and referring page of all web server connections!
> Jon Kibler
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC USA
> (843) 849-8214
> Filtered by: TRUSTEM.COM's Email Filtering Service
> No Spam. No Viruses. Just Good Clean Email.
> The information in this transmittal (including attachments, if any) is privileged and confidential and is intended only for the recipient(s) listed above. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. Thank you.
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list