Eircom Business Broadband, what details are logged and available to client?

2RockMountain

Hello

I need to understand more about what level of detail is recorded and retained by Eircom Business Broadband on internet usage by end users. I presume that they log all URL details for 2 or 3 years and can make these available to the Gardai under a Court order. In my case, there wouldn't be a court order as we are dealing with a case of misuse of corporate facilities and possible collusion with a supplier. To make things a bit more complicated, the person under investigation is the main contact with Eircom for the broadband service at the moment, so I don't want to approach them until I understand exactly what they can do.

I have access to the router control panel (Asus router) and I don't see any logging or reporting facilities there. Does anyone know what level of history Eircom could provide (if any) where a company director makes a formal request for this? Would it be fair to say that at best, this will show URL history, but wouldn't show anything about the content - such as the gmail account involved or the content of emails sent or received?

Thanking you in advance.

azzeretti

The Data Retention Directive states they must retain data for a minimum of 6 months and a maximum of 24. Access to the information can only be granted by an EU Court of Justice. It seems a little vague but the ISP will need to provide IP information as well as other application information. There is mention of emails but I find this difficult to believe, especially with the SSL aspect to popular webmail accounts. Bear in mind, an ISP could, technically, peek inside your encrypted traffic but it would take a lot of resources and would get them in a bit of trouble if exposed.

In your case though, you'll need to bare in mind that all your internet traffic will (might, depending on your setup) appear to originate from the one public IP address, with all your work PCs and devices , NATing out of your router. Even if the ISP did have some evidence it would be tricky to prove which PC/user on your network accessed which external site (unless you've any internal logs and/or proxy to cross reference times and resolve to internal IP/MAC).

So, I would say, while it might be possible (with a fair bit of cost to yourself) the chances of being able to prove, without doubt, the person you suspect did what you suspect, are very low given your current setup (I'm making some assumptions about your setup!)

jd

presume that they log all URL details for 2 or 3 years and can make these available to the Gardai under a Court order

Pretty sure they don't! They do archive logfiles (authentication and eir's own email servers)

ED E

RADIUS knows what IP was leased to who when. That's it.

If you hack the pentagon say, the pentagons logs show the IP not eircoms. Then DoD gets a court order to find out from eir who was using that IP at the indicated time.

If you want the kind of audit trail you seem to suggest you need to install a transparent proxy in your premises.

syklops

Would it be fair to say that at best, this will show URL history, but wouldn't show anything about the content - such as the gmail account involved or the content of emails sent or received?

At best? Have you any idea how much storage would be required to store all that information? As another poster said, if you wanted that kind of paper trail you should have implemented the system yourself.

If the individual was using your business broadband to access these URLs, surely they were using company IT devices, e.g. phones, laptops and tablets. You could cease these and look at their histories - unless the individual has already wiped them. Then check with your IT department for any backups, emails sent etc.

testicles

This post has been deleted.

2RockMountain

Thanks folks, this has been very helpful. I had forgotten the fairly obvious point (in hindsight) that Eircom wouldn't have details of the particular device used to access any URL, which obviously creates a particular problem in deducing who did what.

testicles wrote: »

This post has been deleted.

Wasn't aware of that - thanks for the update.

syklops wrote: »

If the individual was using your business broadband to access these URLs, surely they were using company IT devices, e.g. phones, laptops and tablets. You could cease these and look at their histories - unless the individual has already wiped them. Then check with your IT department for any backups, emails sent etc.

The target of the investigation IS the IT department! So if they have half a brain, they will be wiping history regularly, though you never know, I guess.

Khannie

2RockMountain wrote: »

The target of the investigation IS the IT department! So if they have half a brain, they will be wiping history regularly, though you never know, I guess.

Worth trying.

You might be able to use the freedom of information act with Eir - in that way you will find out if they are retaining URL's (not as massive a data store as you might think, but still pretty massive and they probably had the infrastructure in place before the removal of the data retention directive). That will force them to release any information related to the company, to the company. They may charge you for it though.

edit: As others have pointed out though, it wont show you the device that made the request. Only that it came from your network.

jd

Eir are not a state body so Freedom of Information act does not apply.
You may be thinking of Data Protection Act? That only applies to individuals - data about a person (yourself)!

Khannie

I was thinking the data protection act. A company is a legal person though, right?

gizmo555

testicles wrote: »

This post has been deleted.

Not exactly so. The directive was struck down by the Court of Justice of the European Union in April 2014, as a result of a case taken by Digital Rights Ireland.

However, the Communications (Retention of Data) Act 2011 remains in force in Ireland. It remains to be seen what the final outcome of the Digital Rights Ireland case will be in the Irish courts in respect of this legislation.

The Act requires telecoms and internet service providers to retain metadata about phone usage for two years and internet usage for one year. Data must be provided on foot of a valid request to the Gardaí, Defence Forces or Revenue.

jd

Khannie wrote: »

I was thinking the data protection act. A company is a legal person though, right?

But not living!
https://www.dataprotection.ie/viewdoc.asp?m=&fn=/documents/FAQ2012/1.1.htm

The definition in the Act reads:
"personal data" means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller."
It covers any information that relates to an identifiable, living individual

Khannie

Interesting stuff. Thank you. I wonder how that would work if I put in a request for data for my home connection. If it's just metadata retained it's basically impossible to tell if the request was myself, my wife or even our kids.

gizmo555

Khannie wrote: »

Interesting stuff. Thank you. I wonder how that would work if I put in a request for data for my home connection. If it's just metadata retained it's basically impossible to tell if the request was myself, my wife or even our kids.

The data would be provided to the person(s) in whose name the account is.