I think it's important to flag a subtlety of the brazilian law: it makes a difference between "connection" and "application" providers and, in the case of application providers, it also makes a difference for the ones whose activities are "organized, professional and with economic purposes". According to federal law 12.965/2014 (a.k.a. "Marco Civil da Internet), a non-commercial application provider is not obliged to retain data, unless a judge, the "police or administrative authority" or the public ministry requires it to.

--

Quoting Vasilis (2019-03-25 09:22:00)

Hello,

I stumbled upon an interesting discussion at LACNOG (Latin America and Caribbean Region Network Operators Group) mailing list.

Quoting from https://mail.lacnic.net/pipermail/lacnog/2019-March/006914.html : "The use of CGNAT by access providers is increasing and with this comes a greater difficulty to comply with legal determinations to identify a user who may have committed a crime. As we know for this to be effective it is mandatory that both the access provider and the content provider register the source ports used in the connection. Here in Brazil we have a specific Internet Law that says among many things about the need for keeping these records and user identification in these situations."

Apart from Brazil do you know of other ISPs in LATAM that have similar requirements?

[], ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162

---

global-south mailing list global-south@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/global-south