http://www.wired.com/politics/onlinerights/news/2007/05/isp_privacyWired News, with help from some readers, attempted to get real answers from the largest United States-based ISPs about what information they gather on their customers' use of the internet, and how long they retain records like IP addresses, e-mail and real-time browsing activity. Most importantly, we asked what they require from law-enforcement agencies before coughing up the data, and whether they sell your data to marketers.
Only four of the eight largest ISPs responded to the 10-question survey, despite being contacted repeatedly over the course of two months. Some ISPs wouldn't talk to us, but gave answers to customers responding to a call for reader help on Wired's Threat Level blog.
Marc Rotenberg, the executive director of the Electronic Privacy Information Center, says ISPs should be more circumspect about keeping user data. Maintaining detailed data for long periods of time makes any internet company a huge target for law enforcement fishing expeditions.
"From a user perspective, the best practice would be for ISPs to delete data as soon as possible," Rotenberg said. "(The government) will treat ISPs as one-stop shops for subpoenas unless there is a solid policy on data destruction," Rotenberg said.
The results:
AOL, AT&T, Cox and Qwest all responded to the survey, with a mix of timeliness and transparency.
But only Cox answered the question, "How long do you retain records of the IP addresses assigned to customers."
Snip