[AusNOG] Govt wants ISPs to record user history

Sat Jun 12 10:14:43 EST 2010

According to the EU data retention directive http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF, which the article mentions as an example that AU government might want to follow, it basically requires the IPS' to capture user ID, destination (for web traffic as well as VoIP), duration, log on and off, etc.

More interestingly the Article 4 (2) specifically states that "No data revealing the content of the communication may be retained pursuant to this Directive".

I still think it is impractical and costly to retain all source/destination/session data for several years and not sure anyone can come up with a rational reason to do this when AG already has the power to intercept, in real time, any user traffic with probable cause.  Skeeve also makes good point that it wouldn't be too difficult to surf/email through proxy and encryption anyway.

I do hope that if the government does decide to do this at least they do follow the EU model and respect the private data content.

Does anyone have different interpretation of the EU directive?

Patrick

From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Skeeve Stevens
Sent: Saturday, 12 June 2010 9:53 AM
To: phil colbourn; ausnog at ausnog.net
Subject: Re: [AusNOG] Govt wants ISPs to record user history

Pretty much the same way as most ideas to bypass the filtering system:

-          Servers outside .au that you can proxy off - different to port 80 (which I already use to get to US tv shows that stop .au addresses watching them)

-          Servers outside .au that you can VPN to then surf - all encrypted (which millions of business people already use day-to-day)

o   Example: In China Facebook/Twitter is banned, but worked fine for me on my Blackberry happily as it uses an encrypted tunnel back to my BES server to surf the net from my office connection in Sydney.

-          Use the many tools that will no doubt appear to proxy/VPN off servers outside .au 'as a service' that will most likely use all manner of secure connections

The wanting to record web traffic would essentially be very similar to the filtering project, except it would be more 'IDS' than 'IPS' where the filtering 'prevents', but the recording 'detects' (and records).

Unless I am missing something here?

...Skeeve

--
Skeeve Stevens, CEO/Technical Director
eintellego Pty Ltd - The Networking Specialists
skeeve at eintellego.net / www.eintellego.net
Phone: 1300 753 383, Fax: (+612) 8572 9954
Cell +61 (0)414 753 383 / skype://skeeve
www.linkedin.com/in/skeeve ; facebook.com/eintellego
--
NOC, NOC, who's there?

From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of phil colbourn
Sent: Saturday, 12 June 2010 9:45 AM
To: ausnog at ausnog.net
Subject: Re: [AusNOG] Govt wants ISPs to record user history

On Sat, Jun 12, 2010 at 8:30 AM, Skeeve Stevens <Skeeve at eintellego.net<mailto:Skeeve at eintellego.net>> wrote:
Sorry, I haven't read the entire thread in case this has been commented on already.

But isn't this just like the filtering situation - can't most people still bypass this sort of thing?

How would most people be able to bypass this?

Going over the ZDNet article again, it looks like they want email stored as well.

Now the Australian Privacy Foundation is very vocal about the Google incident but they are currently silent on this one.

--
Phil

http://philatwarrimoo.blogspot.com
http://code.google.com/p/snmp2xml

"Someone has solved it and uploaded it for free."

"If I have nothing to hide, you have no reason to look."

"Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke - Who does magic today?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100612/0ebc3592/attachment.html>