Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

IANAL! The legal theory is that US courts can stop you from taking actions, but cannot compel you to take actions.

So they can stop you from deleting existing logs, but they cannot require you to collect logs you aren't already collecting.

I have no idea how well this idea has been tested in court, but that's the theory on which providers who don't even have hard drives are relying.



IANAL as well, but your first line is definitely not true. A writ of mandamus is one of many such ways a court can compel behavior, though typically a tool of last resort.

Courts order individuals, businesses and officials to take actions as a matter of course: to stand trial, to comply with subpoenas, to adhere to a contract, to make restitution, and so on.

I am not deeply familiar with lawful intercept law and case law around national security letters (what little there is), but I would not gamble anything of value on the principle that courts cannot compel someone to take actions.


Let's assume that your are right, which I think is true. While courts cannot compel companies to do some things, they can certainly compel them to do things that are a normal part of business, like producing paperwork, or in this case, logging activity.

With an NSL, they could approach a company and require them to start collecting logs and also to not communicate about the new requirement, at which point a privacy-focused company's only choice would be to either comply or stop offering the VPN service entirely without saying why.

Without an NSL, the company would be free to communicate about why it was no longer offering the VPN service, or to announce that they were going to be logging from that point on, giving people an option to stop using the service if that's a problem for them.

But not having a hard drive in place currently, that prevents the courts from getting information about any activity before the court order or NSL is issued, as far as I can tell, which I guess is what those companies are counting on.

Not an easy business to be in, in any case.


If the court did compel a VPN company to log compromising information, I'd imagine most companies would tell you. After all, you're just trying to be transparent to your consumers.


Possibly some fake "#1 is privacy" VPN company will continue their service with FBI logging for profit.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: