Currently there are no mandatory data retention laws in the United States. Unlike in Europe, Internet providers are not required to track IP-address assignments so these can be linked to specific subscriber accounts.
The question is, for how long will this remain the case, especially considering SOPA author Lamar Smith’s introduction of a new bill last year. Under his Protecting Children From Internet Pornographers Act, ISPs will be required to keep IP-address logs for a minimum of a year.
For now, however, no logs are required by law.
Earlier this week the CEO of Sonic called on fellow ISPs to protect the privacy of subscribers and purge logs after two weeks like his company does. One of the reasons cited was the massive amount of civil subpoenas that are, ironically enough, often sent by “Internet pornographers” in mass-BitTorrent lawsuits.
A refreshing stance, and one that makes users of other providers curious about the logging practices of their ISPs. Unfortunately, nearly all providers are very secretive about their data retention policies. Unlike VPN providers, all admit to logging IP-addresses, but how long they retain them remains a mystery.
In an attempt to find out more, TorrentFreak contacted several large ISPs with the seemingly simple question; How long does “company X” store IP-address assignment logs? Our findings are detailed below.
Those who value their privacy and hide their IP-address can of course always sign up with a VPN provider, one that doesn’t keep logs.
Time Warner Cable
Time Warner informed us that they store IP-address logs for up to 6 months.
Interestingly, the company is the only ISP we contacted that also posts information regarding its data retention on its website.
Comcast did not respond to our inquiries but has mentioned a 180 day retention policy for IP-addresses in BitTorrent-related court documents. On some occasions cases have been dismissed because logs were no longer available, meaning that alleged infringers could not be identified.
The 180 day policy is also mentioned in the Comcast Law Enforcement Handbook that leaked in 2007.
Verizon’s Privacy Office informed TorrentFreak by email that information about IP address assignments is retained for 18 months, the longest of all ISPs who responded to our request.
The Qwest/CenturyLink Law Enforcement Support Group informed us that IP-address logs are kept for approximately 1 year. As is also the case with other Internet Providers, Qwest/Century noted that personal details are only disclosed when the company receives a subpoena.
Cox failed to reply to our inquiry, but previously it has mentioned a 6 month retention policy for IP-address assignments in the press. In Cox’s “Lawful Intercept Worksheet” the company also mentions that logs are kept for “up to 6 months.”
Update (2014): AT&T has never responded but this document posted by ACLU suggest that they retain data for about a year.
The ISPs below were added after publication.
- DSL Extreme says they retain radius IP logs for two weeks on their DSL service.
- Teksavvy (Canada) keeps IP-assignment logs for
two years 90 days.
- Eastlink (Canada) keeps IP-assignment logs for one year
As far as we are aware, this is the first overview of IP-logging practices of the largest U.S. ISPs. However, we need help to make the list more complete as not all the providers we contacted replied.
We encourage all readers to tweet, mail or phone their Internet providers to get a more complete overview, including ISPs not listed above. This is not limited to providers in the U.S. Feel free to forward us the answers so we can expand this article.