[IMC-Process] why we cannot and must not log IPs

[Brian Szymanski]

I don't want to spam folks, so I'm going to ask you
to please distribute this far and wide (ie, you all can
do my spamming for me).

Background (for those of you who haven't heard by now):
The US Secret Service intimidated an ISP where NYC
indymedia is hosted last week and demanded access
to logs without any legal authorization whatsoever.
When our ISP refused to cooperate without the proper
authorization, they came back with a subpoena which
said he needed to give any and all contact information
he had for Indymedia to them or else appear in court
on Tuesday, August 30th.

The reason for all of this was a post on nyc imc which
listed the names of delegates and alternates to the RNC
and which hotels they would be staying at. Most of this
information was culled directly form local RNC chapters'
websites, but, apparently the SS thinks that because
this information COULD be used for criminal acts, it is
worthy of intimidation.

Fortunately, on NYC IMC, and most others, we do not keep
any IP logs whatsoever. This means that even if the SS
were to follow their subpoena against our ISP with
subpoenas against the members of NYC IMC or the IMC tech
collective, or even if they were to get a search warrant
to examine or confiscate our machine, they would be able
to find no information whatsoever on who posted that
article.

This is not the case on the vast majority of websites,
which keep IP addresses in their logs.

There is constant pressure from certain parties who want
to do demographic analysis or block trollers on the
website to keep IPs.

If we had kept IPs in this case, 4 IMCistas would be
looking at subpoenas right now, and the identity of the
original poster would be revealed. Whether or not you
agree with the tactics of the original post, the same
could be applied to people posting all sorts of
information that the government du jour decides for
one reason or another is illegal.

Not to mention that once the feds have access to our
IP logs, they can get much more information than just
who posted this one particular article.

It is crucial that we maintain a policy of not keeping
IP logs, and if there are any sites that are keeping IP
logs out of misconfiguration or to ease the job of
adminning their newswires, I strongly encourage them
to STOP THAT PRACTICE NOW, or else they could be
involved in hairy legal situations nobody wants
which divulge the identities of their posters, which
we have a moral obligation to keep private.

Cheers,
Brian

-- 
Brian Szymanski
bks10 at cornell.edu
ski at indymedia.org

I prefer pgp encrypted email:
keyid:  4E7A4703
server: keys.indymedia.org
fingerprint: 5BD3 0B0C C8E3 0746 3550 5648 0CFE 1BE7 4E7A 4703