
Log-free email provider Posteo: 'You must log user IP addresses', court rules - AdmiralAsshat
https://www.zdnet.com/article/log-free-email-provider-posteo-you-must-log-user-ip-addresses-court-rules/
======
Zekio
isn't the solution then to make a database table that contain just the ip
addresses and nothing else with no relations to anything therefor the ip
addresses would be completely useless but still logged none the less.

~~~
gregmac
The law is generally concerned with intent, not technicalities, so that likely
wouldn't satisfy what they were asking.

> In 2016, a local court came to Posteo with a warrant, demanding all existing
> and future data relating to the suspect's email account. Posteo implemented
> surveillance of the account but told the cops that, as it doesn't log
> traffic data, there was nothing on that front to share.

> Prosecutors complained that Posteo had the IP addresses and was discarding
> them [...]

> The local court told Posteo to collect all future IP addresses. [...]

> Posteo's lack of users' IP addresses is not the result of "a lack of
> available data", the court ruled, but rather because of its "decision to
> hide this data from its internal system and to refrain from recording it due
> to data-protection concerns". "Thus, the situation at hand was created
> solely by the business and system model that was deliberately chosen by the
> complainant," the court said.

So basically, they had a warrant to monitor all data on an account, but the
court found they deliberately were not complying with the warrant by not
logging some of the data they had.

They are not being asked to always log IP addresses, but rather to comply with
the warrant.

> "To put it bluntly, we will not start logging the IP addresses of our
> respectable customers," the post read. It went on to say [...] Posteo would
> only gather IP addresses in relation to a mailbox that is subject to a
> surveillance warrant.

> So would what Posteo is proposing satisfy the courts? According to Carlo
> Piltz, an information privacy lawyer with Reusch Law in Berlin, it probably
> would.

It seems to me this is very different than being required to always log IP
addresses of every account.

