2. log *every* connection at TCP/UDP level from the local IP assigned to every username (username, local IP, local port, remote IP, remote port, and protocol are to be logged);
3. store the logs for *at least* five years.
Do italian broadband providers do this?
Do you imagine the quantity of data this is?
Simply create a virus that will scan ports everywhere on the internet, and this will make italian ISPs crazy.
Why do you need to know the LAN local IP? How can this be useful?
How can you identify the protocol under SSL?
Why wouldn't terrorists use their own protocols?
Believe me, this is not realistic.
In france, there are these kinds of laws. But in mac donalds, you can connect simply by clicking "connect". Then you can access any VPN or proxy server in the world and make whatever you want.
Maybe you should check that these laws are followed.
In practice, if the Police asks for the logs, they have to know who (identified by valid ID card) is gone where on the Internet (as logs state).
Recent interpretations and modifications to the law have made possible to authentify via credit card, but the name and the card number have to be logged and binded to your username, just as an ID card.
If the police ask, simply give the paypal transaction number which is available. They will then ask paypal for the credit card number.
I agree that identifying your clients is useful and enough. This is why SMS identification feature is planned.
PS: I really don't see where VPNs are implied in the discussion, nor why a VPN should not work with such a configuration.
Because if you want to identify all connections and protocols, you have to block all encrypted and unknown protocols.
A malicious users simply have to use an encrypted https proxy anywhere in the world to keep its privacy.
Why making so many useless efforts when it is so easy to bypass these rules?
Even if you are forced to use a proxy server, the malicious user can easily setup a vpn through the proxy through https.
It isn't possible to control internet access without blocking any encrypted communication, which is NOT realistic.
Even if not encrypted, simply create a custom protocol over http, and you can do whatever you want.
To get VPNs or proxies, create a virus or simply buy a list of them to pirates for cheap.
It is SO easy to go through all these checks.