The larger point being simply that they (logs files) exist. On every computer. And they contain so much data and information that it would make your head spin.

I'm an absolute pissant in the email hosting world, and I have about 12 gigabytes of log data, with for a rough count 400 million individual entries, and this data is for the past 6 months or so.

At least thats how Ive always looked at it. Seems to be the consensus in the field, afaik. Your server, your data created by your server. Your clients dont even have access to it. Imagine giving them access to server logs? It'd be a nightmare.

Probably more than just the error logs, but that's enough to make the point. Unless you as the server admin want to debug every ones work in the organization, it's not just your data. It seems as if it is the collective data of the users groups. They at least need read access.

I agree with you. Thanks for pointing that out.

wouldn't the whole system eventually break down?

And which whole system? (Just want to be clear what you're asking)

and the data belongs to the user. I would snoop in someone's mailbox as soon as I would crash it on purpose. You are to be a priest or priestess with that data - it's not yours, and you don't snoop without probable cause.

That's the way I've always looked at it, and that's why my users trust me.

And besides, there are some things I don't want to know, a la Harriet the Spy.

I'm talking about the logs in /var/log that record the email traffic to and from my server.

I said I wouldn't look in their mailboxes.

You are a private person that is maintaining a mailbox. People can opt not to work with you. They can't opt to not be under surveillance of the US Government. That's the difference.

One has the ability to provide you with a livelihood, the other has the ability to take your life away. That's what makes the difference to me, in my mind. And your /var/log records can glean far more information than just knowing a person or working with them, and we both know it.

I don't entertain horseshit arguments that logs don't provide more information than a user ever intended, and that's why we have to be careful about it. Web logs provide enough data because users use the same password over and over again that it would stun them. That doesn't mean I have to get on board with the "violate your privacy" train.

It's a question of whether the government has the right to compel delivery of the data. The PA and the FISA Amendment say that it's perfectly legal for the government to seize (compel delivery of) the data. Whether or not that violates the 4th Amendment is the question, and we desperately need some new guidance from the SCOTUS on that question.

Personally, I don't think the FISA warrant leaked by Snowden meets the test of the 4th Amendment. Before such data can be Constitutionally seized, the government must procure a warrant issued "upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The warrant that the NSA uses to collect all this data is far too broad to meet the 4th Amendment's test, imho.

-Laelth

records of activity on a a machine. No different than if you wrote notes or a report of your work activities or logged your project time on a piece of paper and passed it in to HR or whoever. As far as I can see it is simply a different mechanism.

But here is the issue, data logs are so very efficient, so very capable of recording such minute detail, that people construe it as a breech of privacy. I think that the real issue is people are simply unaware of the extent to which computers record their activities. And are unable to prevent other people from accessing that data.

I guess the bottom line is that the data effectively belongs to whoever can access it. Not that I think that is right, but technical know how seems to be the trump card.

As far as it (the accessing of log files) being in violation of the fourth amendment, I am not sure. On the one hand surreptitiously accessing data on a private machine would in itself be a breech. But if the company I work for agrees to allow government access to all employee machines then I have no reasonable expectation of my log files being protected by the fourth amendment.

They can be subpoenaed as business records.

Depending on your user's contracts, you may have an obligation to deliver RFC 822 header info to POP and IMAP mail clients. Webmail? I'm not so sure. Probably the user has no expectation of getting header information.

After 6 months, if the user has not retrieved and removed the email contents, it is now abandonded and it is yours. After 6 monts it is your business records. There was a court decision to that effect that you can look up.