[global-south] Source Port Logging on Web Servers in Brasil
drebs at riseup.net
Mon Mar 25 22:43:38 UTC 2019
I think it's important to flag a subtlety of the brazilian law: it makes
a difference between "connection" and "application" providers and, in
the case of application providers, it also makes a difference for the
ones whose activities are "organized, professional and with economic
purposes". According to federal law 12.965/2014 (a.k.a. "Marco Civil da
Internet), a non-commercial application provider is not obliged to
retain data, unless a judge, the "police or administrative authority" or
the public ministry requires it to.
Quoting Vasilis (2019-03-25 09:22:00)
> I stumbled upon an interesting discussion at LACNOG (Latin America and Caribbean
> Region Network Operators Group) mailing list.
> Quoting from https://mail.lacnic.net/pipermail/lacnog/2019-March/006914.html :
> "The use of CGNAT by access providers is increasing and with this comes a
> greater difficulty to comply with legal determinations to identify a user who
> may have committed a crime.
> As we know for this to be effective it is mandatory that both the access
> provider and the content provider register the source ports used in the connection.
> Here in Brazil we have a specific Internet Law that says among many things about
> the need for keeping these records and user identification in these situations."
> Apart from Brazil do you know of other ISPs in LATAM that have similar requirements?
> Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
> Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162
> global-south mailing list
> global-south at lists.torproject.org
More information about the global-south