• @[email protected]
    link
    fedilink
    English
    4010 months ago

    IANAL but withholding evidence from a court order can hold you in contempt of court. I remember hearing a story of a person who was accused of having CSAM on an encrypted hard drive, and refused to decrypt it, and is in jail until he decrypts it. Just because you’re a person doesn’t mean you can ignore a warrant.

    • originalucifer
      link
      fedilink
      4610 months ago

      information itself is a liability. best to have a policy of ‘we keep no IPs in logs, so are happy to hand over whatever’… dump data the moment you dont require it

      • @Tangent5280
        link
        English
        2910 months ago

        yeah, this sounds like a much more sustainable solution. Do it the way signal does it. Collect as little as necessary, and delete it as soon as you dont need it.

      • @[email protected]
        link
        fedilink
        English
        910 months ago

        Just store what logs you need on a ram drive. The logs will be gone the instant the server shuts down and there is no way to recover them.

        • @nevemsenki
          link
          English
          810 months ago

          Downsides include : if any intrusion happens on the server, red team just needs to reboot it to wipe evidence.

          • Perhyte
            link
            English
            5
            edit-2
            10 months ago

            If they have the root access typically needed to reboot a server1 they could also just wipe the logs without rebooting.

            1: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.

    • Davel23
      link
      fedilink
      710 months ago

      I looked into that guy somewhat recently, he was in jail for something like five years then eventually released. Kind of a sickening situation all around.