On Mon, Oct 21, 2013 at 10:49 PM, Jim Bell
My (Bell's) comments follow: A phone company which announces that it WILL NOT record phone metadata
Would get my business. Of course many such policies are full of holes and drift anyway.
Why not x-out the last 3-4-7 digits...
There's no reason to hold CDR's more than the last fully paid billing cycle, and, yes, further limited by the type of calling plan you have. And if you believe ''exigency' is some last remaining reason to hold them, try calling in a gunfight to 911 and see how long it takes for them to come scrape up your already dead bits. Same for 'threats', unless you're prepared to hire people to keep watch. No more than a week would be necessary, 30 days if you're slow to make the call.
and that phone company was beholden to the government rather than any individual customer, now phone companies have a legitimate motivation to compete on the issue of metadata privacy.
Of course instead of fighting back and just dropping their records which they could do tomorrow (to the extent there is no affirmative law that requires keeping), all we see are these big co's 'begging' the gov if they can publish subpoena statistics. Bunch of sheep and fishy practices. Also try to match up recent whitepapers listing retention/LEA periods of major telecoms with the decade or more worth of CDR's these co's/gov seem to have. Someone's lying, or has been feeding to the secret bigdata pools all along, or both. What's the big payoff for keeping (against the cost of keeping)? Favorable regulations? Some order of magnitude more business or debugging insight beyond rollover to aggregating in RRDB? And Instead of what negatives for not keeping in absence of such laws? Any independent audits yet of some of these VPN's, services, etc that say they don't keep records that indeed do confirm no records practice as of the audit? [Substitute herein any type of record about you as appropriate.]