[Dshield] Fed Bill Would Restrict Web Server Logs

Paul Marsh pmarsh at nmefdn.org
Wed Feb 15 14:26:18 GMT 2006


Enough said, you hit the nail on the head!

Thanx, Paul

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of John B. Holmblad
Sent: Tuesday, February 14, 2006 3:54 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Fed Bill Would Restrict Web Server Logs

Paul,

it seems pretty straightforward to me. Keeping out intruders (aka
defending your assets)  is a "legitimate business purpose" and the need
to do so never goes away.


Best Regards,



John Holmblad



Televerage International

GSEC Gold, GCWN Gold, GGSC-0100, NSA-IAM, NSA-IEM



(H) 703 620 0672

(M) 703 407 2278

(F)  703 620 5388



primary email address:  jholmblad at aol.com

backup email address:  jholmblad at verizon.net



www page for texting:   www.vtext.com/users/jholmblad

text email address:        jholmblad at vtext.com



Paul Marsh wrote:
> I'd love to know what got Mr. Markeys pants all in a bunch?  I'm not a

> lawyer and nope I don't play one on TV but it looks a little weak.
>
> SEC. 3. DESTRUCTION OF DATA WITH PERSONAL INFORMATION BY INTERNET
> WEBSITES.
> An owner of an Internet website shall destroy, within a reasonable
> period of time, any data containing personal information if the
> information is no longer necessary for the purpose for which it was
> collected or any other legiti mate business purpose, or there are no
> pending requests or orders for access to such information pursuant to
> a court order.
>
> What's "reasonable period of time"?
> Who determines when "the information is no longer necessary for the
> purpose for which it was collected"?
>
>
> Thanx, Paul
>
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Jon R. Kibler
> Sent: Tuesday, February 14, 2006 9:50 AM
> To: list at lists.dshield.org
> Subject: [Dshield] Fed Bill Would Restrict Web Server Logs
>
>  
>> Message: 3
>> Date: Thu, 09 Feb 2006 00:14:23 -0800
>> From: Declan McCullagh <declan at well.com>
>> Subject: [Politech] Delete web server logs, or get fined by the Feds?
>>         Ed Markey's new bill [fs]
>> To: politech at politechbot.com
>> Message-ID: <43EAF9DF.2000602 at well.com>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> I've posted the text here:
>> http://www.politechbot.com/docs/markey.data.deletion.bill.020806.pdf
>>
>> A summary is here:
>> http://news.com.com/2100-1028_3-6036951.html
>> "A bill just announced in Congress would require every Web site
>> operator to delete information about visitors, including e-mail
>> addresses, if the data is no longer required for a "legitimate"
>>    
> business purpose.
>  
>> An open question is whether Rep. Ed Markey's bill would require that
>> Internet addresses be deleted by default from Apache and other web
>> server logs. One reading is that it would be. But it's not clear
>> whether an IP address falls under the definition of personal
>>    
> information.
>  
>> This bill applies to anyone running a web site, including individuals

>> and bloggers. So it's not just companies that have to worry.
>>
>>    
>
> >From Declan McCullagh's PoliTech mailing list. Thought U.S. members
> >of
> DShield would be interested since, if this bill passes, it would
> impact almost all of us. Just imagine the impact on security of not
> being able to login IP address and referring page of all web server
connections!
>
> Jon Kibler
> --
>
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
>
>
>
>
> The information in this transmittal (including attachments, if any) is
privileged and confidential and is intended only for the recipient(s)
listed above. Any review, use, disclosure, distribution or copying of
this transmittal is prohibited except by or on behalf of the intended
recipient. If you have received this transmittal in error, please notify
me immediately by reply email and destroy all copies of the transmittal.
Thank you.
>
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
>
> _______________________________________________
> send all posts to list at lists.dshield.org To change your subscription
> options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
>  
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own
couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



The information in this transmittal (including attachments, if any) is privileged and confidential and is intended only for the recipient(s) listed above. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. Thank you.



More information about the list mailing list