On May 10, 2011, at 3:02 33PM, Owen DeLong wrote:
On May 10, 2011, at 11:49 AM, Michael Holstein wrote:
In the EU you have Directive 2006/24/EC:
But I'm not, and neither are most of the ISPs in the linked document.
Regards,
Michael Holstein Information Security Administrator Cleveland State University
In the US, I believe that CALEA requires you to have those records for 7 years.
Source, please -- I've never heard of this, nor can I find anything like it at askcalea.com. All I've found is that you have to keep records of *interceptions*. I've also seen numerous news stories about how the FBI wants that to be added to the law, thus implying that it isn't there now. See, for example, http://news.cnet.com/8301-13578_3-10448060-38.html --Steve Bellovin, https://www.cs.columbia.edu/~smb