[AusNOG] News: Telstra to clamp down on peer-to-peer

Narelle narellec at gmail.com
Fri Feb 8 14:34:53 EST 2013


This is reminding me of the famous Laurel Lane ads that were around when
DSL first came out.

See https://www.youtube.com/watch?v=tn5Q2BIAcQY for a a sample.


On Fri, Feb 8, 2013 at 12:32 PM, Mark Newton <newton at atdot.dotat.org> wrote:

>
> There have been a few cases of late where it seems to me that
> various interests have been skating very close to the meaning
> of section 6 of the Telecommunications (Interception and Access)
> Act.
>
> Considering the broadness of the definition in that clause
> ("... listening to or recording, by any means..."), how far down
> the rabbit hole do we have to go before an automated system which
> inspects packet payload is considered to be "any means"?
>


I see the issue as being: where does this stop?

Today's trial proposal might geniunely be for one approach to managing
congestion on the network, but what next?

It looks clearly like a DPI implementation at the customer edge - not on
the costly international links, but at the edge and potentially linked to
customer login controls. If you read their blog on the topic:
http://exchange.telstra.com.au/category/telstra-news/

it says individuals can opt out. That can only be done by either:
- assigning opting out customers to a separate VLAN over which the
throttling scheme does not apply, or
- integrating with the BRAS and radius systems

I am concerned with either, but once you integrate with the BRAS, all sorts
of controls, logging and interception becomes available.

Who gets access? [All Tier 3 engineers? All Operations? Product Management?
Or just those authorised with security clearances as Law Enforcement
Liason?]
What HR practices are in place to prevent abuse?
What training is in place to reinforce these rules?

And with this being 'metadata' will it be required for two years when the
AG's division gets their way (don't kid yourself this is only this AG or
this government) will there be any controls?

Will anyone who asks, including the RSPCA get access?

While I'm at it, what redress is there for the customer whose application
traffic is wrongly classified, like the Singaporean stock trader who lost
revenue and ultimately won his case in court? The detection system thought
his stock market application traffic was peer to peer file sharing and it
was throttled.



> It seems to me that if an Australian telco employed teams of staff
> to wiretap phone lines to listen to PSTN calls to glean intelligence
> which they could secretly exploint for their commercial advantage,
> people would go to jail.
>

I'm not convinced of this.

Then again, surely there has been enough incentive:
"Hey, it looks like you're having high value conversations with your stock
broker/love interest/business partner, if you pay an extra $10/call we can
guarantee they will only be dropped under extreme circumstances."

Oh, yes, that's what led to the whole concept of this being a common
carrier...




> The AFP doesn't seem remotely interested in investigating institutional
> breaches of that particular law even though it's a Commonwealth offence
> carrying a term of imprisonment of up to two years.
>
> So a wider question becomes, what is the point of the Parliament
> setting limits on interception if the limits have no practical
> effect?
>
> Funny ol' world.
>


It gets down to the perception of 'damage'. If there is a belief that this
is costing large anounts of money or causing major harm, the AFP might be
pressed to act.

[While I think of it would the ACCC act if any ISPs were degrading
competitor traffic or applications? eg skype, video services etc?]

Until then people will get away with it.

So how many folks use DPI techniques today? I bet quite a few. At the edge?
Very few.

If they do, they need to be open and transparent with their customers.

That's what I'd like to see.


Regards


Narelle
President, Internet Society of Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130208/55c80258/attachment.html>


More information about the AusNOG mailing list