More serious TOS stuff

IAM has had two suicides and one murder, that we know of. IAM has had multiple lawsuits, from light ones where one IAM member sues another for rent on TV court, to multiple IAM members being charged for performing surgery on other IAM members. It's a big community, so none of this should be a surprise though… If anything it's surprising how RARE these events are, and that speaks highly for the people here.

However, things like this do put me in a very uncomfortable position from time to time. In some of these cases IAM is the primary means of communication for the people involved, and is sometimes their only source of contact. That means that I start getting asked by the authorities for my logs and data files (which I have a lot of). I've recently been asked to hand over records on a certain user to the police here in Canada regarding an ongoing murder investigation, so I thought I should clarify how I handle things like this, and what I have records of.

Here is what I know about users on IAM at a minimum (I'm telling you this because I strongly feel people have a right to know what others know about them — even if you trust me, you still should be aware of this):

  • IP records and timestamps when the user adds themselves, and creates or deletes entries. If you log in from work, that means you're quite likely identified. If you log in from a fixed connection (DSL, cablemodem), odds are you're caught. If you're logging in from AOL, then the numbers are probably fairly meaningless.
  • Their submissions to BME (usually). However, there are timeperiods where I've deleted my mail, so in some cases these records are not complete.
  • If they are a credit card paid user, their complete credit card billing information. If a paid user committed a crime, they'd be instantly identified. In addition, if the person ever had a paid account linked to their email address, they'd be easily found.
  • If they shopped at BMEshop, full contact information as well as whatever other records were generated. However, BMEshop is a separate company and it would take a separate warrant for that information I assume.
  • If they submitted their address for a shirt, that information (although there'd be no way for me to confirm its validity).
  • Their message inbox, archive, and the last 25 messages they sent (so if you send 25 messages after an incriminating one, and the person you sent it to deleted it, you've cleared the outbox and it's permanently gone).
  • Their complete IAM diaries and data files, possibly including deleted entries, depending on the state of the data files (and the system/account load). It should generally be assumed that if you write something, it's permanent, at least buried away somwhere. At a minimum, the title (which is separately logged) will be recorded.

When users are deleted, an IP/Timestamp is recorded, and the users messages, diaries, and all logs except the add log are permanently deleted (although this may change in the future). There are some ways to obfuscate connections between records such as changing your email address on IAM to one that I don't know about, but that's just going to make it more difficult to look you up, not impossible.

As far as when I will co-operate with the authorities, there are probably situations where I'd delete the logs when presented with a warrant. If I was presented with a warrant for a practising medicine without a license type charge, I might very well delete the logs. If however it's related to a murder, rape, hate crime, etc., I will hand over the records to the police (although I'd delete the logs if they tried to force a complete set out of me, rather than just a single specified user).

If anyone has concerns about this, or feels that I need to ammend these generalities, feel free to let me know.

Post/View Comments

Wow Shannon, that's really annoying! What is it, 1997 on Geocities? Retroweb is NOT cool!

Post a Comment

Your email is never published nor shared. Required fields are marked *