Quit logging! (or, data minimization in Debian) -- Daniel Kahn Gillmor

2014-08-26 13:30..14:15 in Room 327

Computer users leave traces of data on local and remote machines that record their activity. These records can cause problems for people who do not want their activities tracked, and they facilitate both mass and targeted surveillance. Service operators are put in an uncomfortable position because of the existence of this data: they have a responsibility to protect their users, but they may also be at risk of compelled data disclosure against their users' interests.

One way to avoid this problem is to reduce or eliminate the quantity of data generated and stored by any system by default in its regular operations. If you don't have the data, it can't be used against you or against your users.

Debian is in a good position to shape norms around this -- we can configure default logging levels; we can tune what specifically gets logged, and we can determine how long logs are kept by default.

This is a discussion about how to achieve the goal of data minimization within Debian, while considering the tradeoffs and consequences of this sort of change.

We should cover at least:

  • what kind of statement (if any) about default levels of logging for debian packages might belong in Debian Policy
  • points of convenient control for minimizing logging on standard debian systems
  • different system logging architectures and how they can support data minimization
  • how to provide both data minimization and useful debugging information at a system level

Speaker

Daniel Kahn Gillmor