August 25, 2004 | By Annalee Newitz

No Logs Are Good Logs

Deep in the darkest heart of your servers, there live files known as logs. They contain all manner of intensely revealing information about people who use your systems. Web server logs might show which URLs somebody has visited, for how long, and what they wrote on an anonymous message board. Email server logs can even contain information about who is sending email to whom.

The truly scary thing is that many Online Service Providers (OSPs) don't realize they're collecting all this personal data in their logs. Or, if they do know, they have no policy in place to protect the privacy of the people whose online activities they've routinely been logging.

This data is of great interest to third parties, including attorneys pursuing cases, industry groups like the RIAA, and state and federal law enforcement. Under the USA PATRIOT Act, the government has greatly expanded powers to request this kind of information, and OSPs must respond to requests for private user data and logs. Yet complying with these demands threatens the OSP's goal of providing users with reliable, secure network services.

To help OSPs respond to these increasing legal pressures, EFF has written a white paper outlining best data-logging practices for OSPs. This is required reading for anyone who works at an OSP, or uses one -- in other words, just about everyone.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

The British are coming! One, if by land, two, if by a mandated backdoor in end-to-end crypto. https://eff.org/r.xwry

May 28 @ 2:40pm

EFF strongly objects to the US proposed Wassenaar implementation. We're drafting comments and you should too! https://eff.org/r.sg5g

May 28 @ 12:21pm

There's just 3 days, 9 hours, and 45 minutes until Section 215 of the Patriot Act sunsets. Time to call Congress: https://eff.org/r.88yz 

May 28 @ 11:14am
JavaScript license information