[eurleif]

There are two types of data here: traffic data, and data used to identify a customer given their IP address. The former seems obviously excessive to me. However, identifying customers from their IPs is pretty much only useful when there's a specific crime being investigated, which greatly reduces the potential for abuse. I think it's worth discussing the privacy implications of these two types of data separately.

I run a chat Web site. On multiple occasions, my moderation team has found people raping children live on webcam and reported them. People have been arrested, and children have been saved from abuse. That was only possible because they could be tracked down via their IP address. This isn't a hypothetical "think of the children" argument; it's something that has actually happened, multiple times, in the course of running my site.

[mercurial]

I don't see the big issue with storing IPs as long as the only way to getting the data is through a court order. My problem is that I don't trust most ISPs not to hand over the data to the police if they simply show up and ask for it "in the interest of the children/national security/etc". Also, the data should be stored for a relatively short amount of time (the EU data retention directive called for a period between six months and twenty-four months, that's way too long).

Of course, when you hear about how the French DGSE was getting raw data from Orange anyway, it's clear that it's not the police overstepping you should feel the most worried about, it's these agencies whose entire purpose involves breaking the law.

[mschuster91]

For this, one could introduce a "quick freeze" scheme: providers don't store anything (or, if needed for billing etc., delete after 7 days).

Only if police knocks up and tells you "we might need the data from IP address x.y.z.a in the foreseeable future", you store the requested data on secure material.

Then, police goes to court and gets a formal warrant for the data, which the provider then needs to provide the data to the police.

[eurleif]

The need is to identify a subscriber given an IP address they used in the past (to commit a crime). Knowing who is using a dynamic IP address now doesn't necessarily tell you who was previously using it.

[bigbugbag]

A moderation team catching a criminal act while it is happening is certainly not the same as storing everybody's IP address for up to 2 years so third parties can access it.

[eurleif]

A moderation team catching a criminal act and reporting the IP address of the criminal doesn't do much good if there's no way to determine whose IP it is.