[Imc-communication] PROPOSAL: New Principle of Unity for IMC network - IP Logging
dannyp at indypgh.org
Wed Oct 19 13:43:58 PDT 2005
There is a broader concern as to what this exactly means - currently, my
understanding of the PoU is that it is a draft document and each IMC
"responds" to it when it goes through the new IMC process- usually by
showing how their internal rules, regulations, or principles conform with
the PoU draft. My understanding is that IMCs have been allowed to reword,
rephrase, or otherwise adapt the PoU draft to their specific locale.
So, it's not clear to me that changing the draft document is the same as
having the IMCs adopt the principle verbatim. So we should clarify what
consensing on this proposal actually means- I think that what the proposal
could be phrased to do is A. modify the draft and B. require that every
IMC interpret and comply with the principle of unity, and then state their
official "response" to the PoU in X number of months.
On Wed, 19 Oct 2005, hugh trevelyan wrote:
> 11. All imc's shall be committed to protecting the privacy and anonymity
> of their users. The logging of internet protocol (IP) information about users
> shall be kept to the minimum necessary to maintain control over the server
> (i.e. in the event of an attack). In the event that logging is necessary,
> details of the logging shall be made publicly accessible, including duration
> of logging, what information was stored, and actions taken as result of the
> logging. Collectives are encouraged to have a public policy on IP logging.
> An example of such a policy can be found here:
My concerns with this are mainly technical.
"Internet protocol information" could be interpreted to include a lot of
things, including things that are not the IP address of a machine that's
connecting to the server. I'm not certain whether this could forseeably
be a problem, but I think it would be better to phrase it with what we
mean and state that information that could personally identify a user of
the website should not be recorded, and in the event that it needs to be
recorded to ensure proper function of the server or in the event of
accidental recording, the records should be destroyed as soon as possible.
people know what degree of monitoring they may be subjected to by the
folks running the server itself. That being said, in the course of a tech
working group creating logs for whatever reason, I do not feel they should
have to announce the existence of said logs. If there is some unavoidable
reason why we must create logs, announcing their existence publicly does
not seem to be prudent.
My fear is that if logs are created and kept for even 15 minutes before
being destroyed, announcing that they exist and were then destroyed may
open up the door for various law enforcement branches of various states to
claim that the techs have willfully destroyed evidence in a potential
investigation and seek criminal charges against folks from it. I'm not
comfortable enough with the laws of every state to say whether or not this
is possible, but it seems plausible to me. In the event that techs need
to create logs for whatever reason, they should be destroyed as soon as
possible and they shouldn't have to let the world - which includes law
enforcement - know that at one point, the logs existed.
Forensic analysis is also an option, so the state may attempt to seize
disks knowing that at one point they contained a log of value...
Pittsburgh Indymedia Volunteer
More information about the IMC-communication