On Thu, Oct 24, 2013 at 1:53 PM, coderman wrote:

this had the convenient effect of masking the origin of a caller through our network. needless to say, we were strongly encouraged to keep all CDR records for years, precisely because some many months later a request would come in asking for the calling party information associated with one of these outbound legs.

And per the topic... what was the positive/negative effect in cases where that data wasn't available for a request? Who did the encouragement? Why? And what stick did they wield? Were such requests even legal court orders?

this is not even considering the "data analytics" reasons why carriers keep these detail records indefinitely...

Putting some thought into how to aggregate and roll them up into what amounts to anonymous RRDB summary metrics is that hard and costly? No one likes deleting source data out of fear of not being able to produce some miracle report that will make them 10% more profit someday. But in the end, this is technology biz, if you can't come up with that edge within a year or less of raw data, you're already too old and slow and don't need it anyways. You could just continue keep rates higher and buying your entrenchment.

On Thu, Oct 24, 2013 at 3:29 PM, Dan White wrote:

there are a few scenarios where we "give up" information:

* Customer billing dispute, in which case we'll provide or confirm information that a customer already has printed on their bill, perhaps in

That's common sense before a bill is paid, or at least within a few fully paid billing cycles. Even beyond then, a small personal customer account in good standing could be taken care of with a few keystrokes and a word about not keeping things to ensure privacy, call it positive accomodation. So that's not really in question here.

* Trap and trace. This is triggered by a customer entering a star code on their POTS phone, which stores the caller information

The customer asked for that by punching in VSC *57 after the last call. And the average inter-call timeframe is likely never more than a week before last call becomes 2nd last. So that's not in question either.

(even if the caller attempted to block their information)

(People wrongly think VSC *67 shields them from things other than the callee's view of their end of a plain old POTS/cell line. Toll free numbers, programmed PBX trunks, etc are often set up differently in this regard.)

we only store CDR records of calls which cross tolls trunks (calls which leave our switch). Local on-switch calls are not billable, so we don't bother to store them. I assume this is standard policy for other small ILECs.

This is an interesting policy. I'd not bet on it being a universal thing, especially with the big regionals and with their history of billing for everything.

The same goes for the ISP (broadband) side of the house. We've been subpoenaed for information about who used what IP and when.

The Tor relay operators field a lot of what seem to be informal inquiries, a few subpoenas, and fewer orders and search warrants. Once Tor is explained as having no records, they go away. In that example of a provider not keeping records, there's not really a negative consequence other than time going through the process of showing that there are none. That can be troubling in some cases, but it's not really meant or directed at the provider.

coderman writes:

we always had the data; i can't speak to negative effects.

[...]

to be clear, this was not a direct LEO mandate.

I got the same response from talking to techies at a large telco, they kept the records just in case they needed them (not for any specific LEO use, but just in case they needed the info at some point in the future), and because it was easier to keep them than to delete them. In other words, throwing a few more drives into a server farm was relatively straightforward compared to figuring out what to delete, when, under what conditions, and how (lots of different formats, data all over the place, etc). (This issue isn't unique to telcos, it seems to be near-universal, it's always easier to keep data lying around than to figure out what to delete). Peter.

At 11:14 PM 10/24/2013, Peter Gutmann wrote:

(This issue isn't unique to telcos, it seems to be near-universal, it's always easier to keep data lying around than to figure out what to delete).

I've seen that as well. The phenomenon would seem to be a hallmark of poor design. The system should keep track of what went where and automatically delete it unless prevented from doing so. That was certainly the case with the systems and data I have personal experience with, poor design leading to irresponsible retention of user financial (credit card) data in particular.

On 2013-10-26 02:56, Lance Cottrell wrote:

It is not an easy problem. It is hard to make reliable and maintainable systems without keeping the kinds of logs and records that law enforcement might later want. Even if it is your policy to delete records, it is easy for a court to order you to maintain any records that you are producing. The only safe posture is to architect systems so as to never keep those records. Unfortunately that makes all kinds of other tasks more difficult. Therefor the whole service is more expensive to run, and may be less reliable. For a dedicated privacy service like Anonymizer, that is a reasonable tradeoff, but it will be a hard sell to phone companies and such.

A mountain of records is a pain, and makes stuff harder to find. Therefore automatic log rotation, where records that are unlikely to be of use are automatically deleted within a reasonable time, is optimal. How many times have you gone looking for something, and there is a pile of crap? OK, you could keep the pile of crap properly organized, but it is lot easier to just delete it than to properly organize it.

On 2013-10-25 04:57, grarpamp wrote:

And per the topic... what was the positive/negative effect in cases where that data wasn't available for a request?

Show me the man, and I will find you the crime.

Who did the encouragement?

Unidentified authority

Why?

Authority does not answer questions. And what stick did they wield? The state

Were such requests even legal court orders?

Whatever a government employee does is legal, whatever a private citizen does is illegal.