Solved

Can i get internet activity or browsing history from my ISP

Posted on 2016-08-04
18
114 Views
Last Modified: 2016-08-06
I have a client that is in need of the browsing history for a location due to legal issues with an employee.  I was asked if I could get the browsing history from the ISP as there is no equipment onsite that has any of this data stored.  I called the ISP (Windstream) and was told that they do not store this information and that it would be illegal for them to do that as it would be an invasion of privacy.  Now, much of what I read online says differently.  Since I am not an expert on these issues I thought I would come here.  Does anyone have any information on whether that information indeed exists and, if so, how to obtain that information.

Thanks,
karislove
0
Comment
Question by:karislove
  • 9
  • 4
  • 3
  • +2
18 Comments
 
LVL 10

Accepted Solution

by:
ecarbone earned 500 total points
Comment Utility
Some of the large ISPs (Windstream, Comcast, Verizon) may collect information within their legal limits, but they only use it for their own BI. Highly unlikely that they would give you this data - even if they WERE recording it.

Smaller ISPs (like host.net) offer this as a paid service (just like managed firewall or managed router service). You would have had to sign a contract for this service, and there is a monthly fee.

It doesn't help you now, but in my opinion your best bet is to install something internally.

There are appliances you can purchase (Cisco, SonicWALL, etc) or there are software solutions you can install on your network (Untangle, GFI WebMonitor)

Final thoughts - I supposed your company would also have to update their employee policy to let everyone know that this type of monitoring is in effect. Not sure what the privacy laws are, but there are solutions for monitoring and filtering content within an organization.
1
 

Author Comment

by:karislove
Comment Utility
ecarbone,

Thanks for the reply.  I appreciate you taking the time.  I would like to accept your answer but it doesn't sound like you are speaking from first hand experience.  Do you have experience in dealing with this matter directly?  Can that nut be cracked with a court order?  I understand that law enforcement can compel this information.  However, that is just what I think I know.

Also, your advice is good advice.  I gave my client the same speech a while ago.
0
 
LVL 10

Expert Comment

by:ecarbone
Comment Utility
I have never called a major ISP to demand that they give me data which I cannot even prove they have. So you're correct in your assumption. You'd have to consult with an attorney.

As I mentioned, my advice doesn't help you now, but for this type of situation going forward I recommend putting something in place, internally.
0
 
LVL 10

Expert Comment

by:ecarbone
Comment Utility
One other thing to consider - most likely all of the computers on your internal network are going out through the same 'pipe' to the Internet, through the same IP Address. So EVEN IF they were monitoring such information, how would they know WHICH computer it came from and furthermore, how would they even be able to prove it was a specific person on that specific computer at that specific time? The information you're looking for seems very granular, and I am sure any information your ISP had, would be at a 10,000 foot view.
0
 

Author Comment

by:karislove
Comment Utility
ecarbone,

This location only has one computer that connects to the Windstream router.  The high level view would be fine.

Thanks
0
 
LVL 10

Expert Comment

by:ecarbone
Comment Utility
Still no way to prove that person was on that computer though, right? I'm just offering my non-attorney opinion.  ;-)     I think your best bet is to consult with an attorney.
0
 

Author Comment

by:karislove
Comment Utility
ecarbone,

Oddly enough there is video of the time in question so placing the employee at the computer is rather easy.  Sadly, at least for this specific instance, the camera was not pointed at the screen.  

Consulting an attorney could be the next step.  I was hoping that someone would be able to help me avoid that.

Thanks,
karislove
0
 
LVL 5

Expert Comment

by:Antzs
Comment Utility
Instead of getting it from the ISP, which I think is a dead end anyway.

Is there anything left on the PC itself?  Even though it has been deleted, it may be worth recovering depending on how important the case is.

Browsing history maybe?
0
 
LVL 25

Expert Comment

by:nickg5
Comment Utility
I can tell you that a local computer shop that builds systems and is involved in computers related to local authorities told me that the user (in this case your employee) can delete browsing history all day long.
But it will always be retrievable from the hard drive unless the hard drive is literally taken apart and destroyed.
So if it is a serious security issue and you do not mind buying a new system or new hard drive, then remove the hard drive and based on what I was told the data is there.

Lawyer? Why not confront the person, re-install a good camera and tell them that if they do not reveal their browsing history, then they will lose their job and you will take the computer to the police internet department.

They might give you what you want and then resign to keep from having a firing on their record.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:karislove
Comment Utility
Anthony,

PC is a dead end.  The PC was upgraded to W10 and reset with the clean wipe feature before the issue was detected.

Thanks,
karislove
0
 

Author Comment

by:karislove
Comment Utility
nickg5,

The employee had already been terminated for other reasons before this issue came to light.

Thanks,
karislove
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
karislove

You said:
"The PC was upgraded to W10 and reset with the clean wipe feature before the issue was detected"

I assume that you are referring to the Windows 10 upgrade where you choose not to retain any files.  This may or may not be a complete "wipe" as offered by utilities that are designed to "nuke" all data on a hard drive.  It is more likely to be a simple format or even just a file deletion, but I cannot say this with certainty.

You probably already know this, but when files are deleted from a hard drive they are not actually removed.  The areas on the drive where they existed as chunks are only marked as free to be re-used, and the files are no longer visible.  There are some great file recovery applications that are able to recover deleted files from hard drives, and some can even recover data from drives that have been formatted (not securely "wiped" though).

The main rule for file recovery is to immediately stop using the computer that is to be examined, because even normal use creates new files that may overwrite the data that you want to try and recover.  The other rule is that a data recovery application should be run from another computer to which the affected drive as been temporarily connected, or use a bootable CD that runs the application from its own operating system that does not write files to the computer's hard drive.

I have used GetDataBack (https://www.runtime.org/data-recovery-software.htm) for many years with good results.  It is free to run and determine what has been recovered, but to copy the files out to another storage medium you need to buy a licence.  They offer a bootable Linux CD (https://www.runtime.org/data-recovery-live-cd.htm), but under the same conditions as the installable software.

The problem with "undelete" programs and other data recovery applications is that they recover so many files that it is extremely time consuming to try and sift through them all looking for relevant ones.  Depending on the browser and how it stores its history, you may also need additional tools to analyse the data for evidence.

If this is of sufficient importance that you would be willing to spend what could amount to a fair amount of money (and possibly little or no proof in the end), I would recommend that you hand the PC over to a fully qualified Forensics Data Analyst.  An expert follows procedures that retain file time and date stamps, whereas casual users can ruin these essential elements of proof while tinkering.
0
 

Author Comment

by:karislove
Comment Utility
BillDL,

W10 has a clean wipe reset feature.  This is not an upgrade feature.  It cleans\wipes the drive and reloads a clean copy of the OS.  This is not a simple delete operation or reformat operation.

The PC has been taken offline for the time being.  Although, it is currently being classified as a long shot last option source of information.

My guess is it will boil down to a question of whether recovery will be < or > the loss.  Explains the attempt to get the data from the ISP.

Otherwise, good tutorial on the drawbacks of "delete".

Thanks,
karislove
0
 

Author Closing Comment

by:karislove
Comment Utility
Thanks for the assist.  Other conversations have led to the conclusion that the Windstream tech was not correct.  If the other conversations are to be believed, Windstream does record and retain this information.  However, it is only available to law enforcement or the courts with a court order.  It is not available to the customer.  It is in the hands of the attorneys and accountants now.

Happy computing,
karislove
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
From what I understand the Win10 "wipe > reset" feature has 2 options that do as follows:

1. Just Remove My Files = Quick Format i.e. data still available for recovery using a simple "undelete".
2. Fully Clean The Drive behaves differently for encrypted and unencrypted drives:
    (a) Encrypted = Quick Format.  The info necessary to decrypt the disk is unavailable so data is effectively lost.
    (b) Unencrypted = Full Format writing zeros to every sector.  Same as    format c:\ /P:0    command.

From what you have described, you chose the "Fully clean my drive" option, in which case recoverying anything from the drive is more than a long shot.
0
 

Author Comment

by:karislove
Comment Utility
BillDL,

Yup.  I pretty much put it aside just to make others feel better.  I don't think it is even possible (NSA magic excepted) to recover anything after that.

Hope is a crazy thing in corporate decision making.  That is how accountants earn their keep.  They rip hope to shreds with dollar signs and keep hopeful people from making expensive stupid decisions.

Thanks,
karislove
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
Clearly the company I work for does not have a very competent accountant, because a lot of expensive decisions have been put into the hands of some incredibly stupid people over the past few months :-(
0
 

Author Comment

by:karislove
Comment Utility
BillDL,

I feel your pain.  If I had the money spent on every project that was able to be clearly and concisely defined, in advance, as "stupid" I would be a very wealthy man.

However, I probably wouldn't be here on a Saturday typing weekend rants to you.  I would be relaxing in a hammock somewhere with cool breezes.

So, not all bad then...

Thanks,
karislove
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Suggested Solutions

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
The Bounty Board allows you to request an article or video on any technical topic, or fulfill a bounty request to earn points. Watch this video to learn how to use the Bounty Board to get the content you want, earn points, and browse submitted bount…
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now