True necessity of Records? [was: CryptoSeal]
grarpamp
grarpamp at gmail.com
Thu Oct 24 20:15:07 PDT 2013
On Thu, Oct 24, 2013 at 3:29 PM, Dan White <dwhite at olp.net> wrote:
> there are a few scenarios where we "give up" information:
> * Customer billing dispute, in which case we'll provide or confirm
> information that a customer already has printed on their bill, perhaps in
That's common sense before a bill is paid, or at least within a few
fully paid billing
cycles. Even beyond then, a small personal customer account in good standing
could be taken care of with a few keystrokes and a word about not keeping things
to ensure privacy, call it positive accomodation. So that's not really
in question here.
> * Trap and trace. This is triggered by a customer entering a star
> code on their POTS phone, which stores the caller information
The customer asked for that by punching in VSC *57 after the last call.
And the average inter-call timeframe is likely never more than a week
before last call becomes 2nd last. So that's not in question either.
> (even if the caller attempted to block their information)
(People wrongly think VSC *67 shields them from things other than
the callee's view of their end of a plain old POTS/cell line.
Toll free numbers, programmed PBX trunks, etc are often
set up differently in this regard.)
> we only store CDR records of calls which
> cross tolls trunks (calls which leave our switch). Local on-switch calls are
> not billable, so we don't bother to store them. I assume this is standard policy
> for other small ILECs.
This is an interesting policy. I'd not bet on it being a universal thing,
especially with the big regionals and with their history of billing
for everything.
> The same goes for the ISP (broadband) side of the house. We've been
> subpoenaed for information about who used what IP and when.
The Tor relay operators field a lot of what seem to be informal inquiries,
a few subpoenas, and fewer orders and search warrants. Once Tor is explained
as having no records, they go away. In that example of a provider not keeping
records, there's not really a negative consequence other than time going
through the process of showing that there are none. That can be troubling
in some cases, but it's not really meant or directed at the provider.
More information about the cypherpunks
mailing list