[Dshield] Fed Bill Would Restrict Web Server Logs

jayjwa jayjwa at atr2.ath.cx
Wed Feb 15 21:47:30 GMT 2006

On Tue, 14 Feb 2006, Jon R. Kibler wrote:

-> > I've posted the text here:
-> > http://www.politechbot.com/docs/markey.data.deletion.bill.020806.pdf
-> > 
-> > A summary is here:
-> > http://news.com.com/2100-1028_3-6036951.html
-> > "A bill just announced in Congress would require every Web site operator 
-> > to delete information about visitors, including e-mail addresses, if the 
-> > data is no longer required for a "legitimate" business purpose.

-> > This bill applies to anyone running a web site, including individuals 
-> > and bloggers. So it's not just companies that have to worry.

Another grey-area and virually unenforcable law if it passes. There's no 
hard-defined terms, so I could say that almost any info I have from a 
webserver log is "required for a legitimate business purpose". (If it was for 
an illegitimate purpose, do you think they'd say so, or be quicker to delete 
it?) Looks like yet more poorly defined laws to serve as ammo against future 
and as-yet unannounced advisaries rather than an honest and serious attempt to 
protect people.

When I picture this law coming into effect, I envision a bunch of cron jobs 
running 'touch /var/log/apache/*' every night/week. ;)


More information about the list mailing list