Fed Bill Would Restrict Web Server Logs

Date: Tue, 14 Feb 2006 09:47:50 -0500
From: "Jon R. Kibler" <Jon.Kibler@aset.com>

> Date: Thu, 09 Feb 2006 00:14:23 -0800
> From: Declan McCullagh <declan@well.com>
> I've posted the text here:
> http://www.politechbot.com/docs/markey.data.deletion.bill.020806.pdf
> A summary is here:
> http://news.com.com/2100-1028_3-6036951.html
> "A bill just announced in Congress would require every Web site operator
> to delete information about visitors, including e-mail addresses, if the
> data is no longer required for a "legitimate" business purpose.
> An open question is whether Rep. Ed Markey's bill would require that
> Internet addresses be deleted by default from Apache and other web
> server logs. One reading is that it would be. But it's not clear whether
> an IP address falls under the definition of personal information.
> This bill applies to anyone running a web site, including individuals
> and bloggers. So it's not just companies that have to worry.

Original posting from Declan McCullagh's PoliTech mailing list.
Thought NANOGers would be interested since, if this bill passes, it
would impact almost all of us. Just imagine the impact on security of
not being able to login IP address and referring page of all web
server connections!


The proposed bill states to delete when data is no longer required for
"legitimate" business purposes.

If you business model requires that you keep the logs for some
"tracking" function, then keep them. As long as the logs are required
for business purposes. Once the business purpose finishes, then delete

How is this different that the way we operate now? Except that, if the
bill passes, then - possible/probably - our "privacy policy" (such as
they are) will have to state the business purposes...

IANAL, but my $0.002 worth.

Gregory Hicks