August 25, 2004 | By Annalee Newitz

No Logs Are Good Logs

Deep in the darkest heart of your servers, there live files known as logs. They contain all manner of intensely revealing information about people who use your systems. Web server logs might show which URLs somebody has visited, for how long, and what they wrote on an anonymous message board. Email server logs can even contain information about who is sending email to whom.

The truly scary thing is that many Online Service Providers (OSPs) don't realize they're collecting all this personal data in their logs. Or, if they do know, they have no policy in place to protect the privacy of the people whose online activities they've routinely been logging.

This data is of great interest to third parties, including attorneys pursuing cases, industry groups like the RIAA, and state and federal law enforcement. Under the USA PATRIOT Act, the government has greatly expanded powers to request this kind of information, and OSPs must respond to requests for private user data and logs. Yet complying with these demands threatens the OSP's goal of providing users with reliable, secure network services.

To help OSPs respond to these increasing legal pressures, EFF has written a white paper outlining best data-logging practices for OSPs. This is required reading for anyone who works at an OSP, or uses one -- in other words, just about everyone.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Tomorrow at @sfiaf in San Francisco, join EFF for "Edward Snowden Revelations and the Public Right to Know." https://eff.org/r.v9n2

May 29 @ 4:33pm

EFF supporters get 20% off registration for @ISSALA's Information Security #Summit7 next week: https://eff.org/r.s2qt

May 29 @ 1:36pm

Higher max sentences for "material support" won't prevent terrorism—but will chill First Amendment rights. https://eff.org/r.x49r

May 29 @ 1:19pm
JavaScript license information