jordan> What I want to know is why a place like IMC keeps web logs?
For security, aggregate (that is, benign) usage tracking, and debugging? As you know, if you run a web server, logs are remarkably handy things to have. Nice to know if, say, 40% of your traffic is oringinating from .ca domains or the like.
I take the point of your question, however. It's being discussed on IMC-tech lists presently.
The problem is, of course, the conflict between what's technically possible and what's legally obligatory. The logs are less useful from a sysadmin's point of view w/out the IP addresses, but if you log them, a court can order them to be produced.
I suppose the only solutions are to 1) have IMC's web server, Apache, stop logging IPs, or 2) write a script that purges the IPs from the logs after, say, 12, 24, or 36 hours. The latter would be a bit machine intensive, but it would prevent all but the fastest law enforcement fishing expeditions (but also diminish the log's usefulness; and it's enough time to produce aggregate traffic reports). (Of course, 3) store the logs on a cryptographic filesystem, and then defy a court order by "losing" the key, though that's not much better than just defying the court order and erasing the logs.)
And if things get really crazy, IMC can always turn /var/log/httpd into a Rubberhose(.org) filesystem:
Rubberhose transparently and deniably encrypts disk data,
minimising the effectiveness of warrants, coersive
interrogations and other compulsive mechanims, such as U.K RIP
legislation. Rubberhose differs from conventional disk
encryptio systems in that it has an advanced modular
architecture, self-test suite, is more secure, portable,
utilises information hiding (steganography / deniable
cryptography), works with any file system and has source
freely available. Currently supported ciphers are DES, 3DES,
IDEA, RC5, RC6, Blowfish, Twofish and CAST.
Best, Kendall Clark