October 19, 2007

Prosecuter Demands Years of Full Web Logs From Newspaper

Update: After the publication yesterday of the story described below by the New Times, all charges in the case were dropped this afternoon, and presumably the subpoenas involved are now nullified. However, the enormous temptation represented by detailed, non-anonymized Web logs and other server-based user data for unscrupulous outside demands and subsequent abuse by outside parties remains ever present and is generally becoming even more acute as server-based applications proliferate.

Greetings. I and many others have long warned how Web logs could be abused by overzealous law enforcement. Now comes a prime example that is sweeping in its scope.

The Phoenix New Times has broken its silence regarding August grand jury subpoenas it received, which demanded essentially total access to all information in its Web site logs, including explicitly all information about every single visitor to the site, beginning in January 2004.

How this will all turn out is unclear as of now. The link above discusses the particulars of the case in detail, and I won't attempt to summarize it all here. But this is definitely a case worth following, especially if you still are of the belief that such outside abuse of logged Web data on a large scale is merely a theoretical concept.

If you run Web sites, please remember this and please remember it well: Any information that you collect regarding visitors to your sites can be demanded by a court or other officials for any reason that they can push through the legal system (in the light of day or in secret) -- your published privacy policies be damned.

All it may require is one serious breach of privacy trust with your users to shake their confidence in your operations forever, and even for the largest and most powerful of Web services, users can desert you at the flick of a URL.

Trust is at the heart of users' relationships with the Web services that they patronize. If such services put themselves in a position where they and their users may be victimized by unreasonable outside demands for log and other related data, the risks to the Web and Internet at large are immense indeed.


Posted by Lauren at October 19, 2007 02:59 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein