[AusNOG] Data retention definitions

Paul Brooks pbrooks-ausnog at layer10.com.au
Wed Aug 27 22:57:52 EST 2014


On 27/08/2014 8:13 PM, Ben Grubb wrote:
> They also want "information necssary to identifiy the type of communication",
> including "the type of service used"
>
> That sounds like port information to me.
> Regards,
> Ben Grubb

Ben - perhaps it is in their minds currently, but education is key. Its one of many
things that needs to be clarified with the department.

Keep in mind this is a first draft at a discussion paper about what they want to ask
for, not what they will ultimately require to receive. They are asking for feedback,
and *should* modify subsequent papers taking into account feedback.
Some of these ambit wishlist items may be infeasible to provide - and they need to
hear that from multiple sources, in calm measured tones, backed up by technical
details and facts.

A legitimate response from members of the industry (including almost everyone on this
list) might be 'I understand you want to ask for (x), however it is
infeasible/unnecessary/contradictory/etc for some/most/all ISPs to capture, store and
ultimately provide (x) to you. Here is why.(insert pages of technical detail).." and
request that (x) be removed from the list of things they could ask for - delete
whichever does not apply.

Type of Communication/Type of Service they refer to *might* come from logging
UDP/TCP/every-other-Layer4-proto port data. However IMO this is content data,
extracted from deep within the Ethernet (maybe PPPoE segment) packet being transmitted
between your customer's link and a different link. Content data (from inside the
packet stream) is not metadata, and can't be provided without a warrant.
How many ISPs capture and log port information (or the equivalent) from every Layer 3
protocol in https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers that your
customer might push across your links? Would you even notice if your customers started
pushing significant quantities of SCPS (IP Proto 105) over their IP link, let alone
look into it for port information?

For mine, the answer to those particular points might be:

"The best we could provide you with is:
Type of Communication: Internet packet stream (as compared to 'private WAN packet stream')
Type of Service: Internet access service. Possible adding "Originated from an ADSL
service"  (as compared to a dial-up, NBN, or other form of link by which the packets
arrived into the network).
"
Because these are things you might know, independently of the packet contents or flow
data.

Treat this as an exercise in education, and educate them. This is version 1.0 - not
something you have to bend over for (yet). If the method to implement logging and
retaining (x) involves 'I'll have to install DPI' then you might perhaps legitimately
respond in your submissions to this discussion paper "I'm sorry, I regret we will not
be able to provide that. If you are looking for me to distinguish VoIP from Telnet
from web sessions, with an interception warrant I can send you the packets and you can
determine application-level aspects such as type of communication or type of service
for yourself".

Regards,
    Paul.


>
>
> On Wed, Aug 27, 2014 at 6:50 PM, Lindsay Hill <lindsay.k.hill at gmail.com
> <mailto:lindsay.k.hill at gmail.com>> wrote:
>
>     "If one is required to keep NAT presumably they need to store source and
>     destination IP addresses. The paper contradicts itself on that point no?"
>
>     No - you can just keep source  (internal) IP, and the public IP/port it was
>     translated to, at a specific time. There's a couple of different ways of
>     configuring this logging on current CGN platforms.
>
>
>     On Wed, Aug 27, 2014 at 8:32 PM, Ben Grubb <bgrubb at fairfaxmedia.com.au
>     <mailto:bgrubb at fairfaxmedia.com.au>> wrote:
>
>         If one is required to keep NAT presumably they need to store source and
>         destination IP addresses. The paper contradicts itself on that point no?
>
>         Regards,
>         Ben Grubb
>
>
>         On Wed, Aug 27, 2014 at 3:44 PM, Beeson, Ayden <ABeeson at csu.edu.au
>         <mailto:ABeeson at csu.edu.au>> wrote:
>
>             LOL wow.
>
>             "Nothing in this data set applies to or requires the retention of
>             destination web address identifiers, such as destination IP addresses or
>             URLs."
>
>             We just require everything else, no big deal. :P
>
>             For those interested,
>             http://images.smh.com.au/file/2014/08/27/5711351/Data_retention_consultation_1.pdf
>
>
>             Page 4 is where the "good stuff" starts.
>
>             Thanks,
>             Ayden Beeson
>
>             -----Original Message-----
>             From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>             <mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of James Andrewartha
>             Sent: Wednesday, 27 August 2014 3:35 PM
>             To: ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>             Subject: [AusNOG] Data retention definitions
>
>             So the consultation paper has leaked [1], and it says data retention
>             will apply to "all entities that provide communications services
>             available in Australia" and while it won't require destination IP
>             addresses or URLs, it will require NAT records to be kept.
>
>             Just which entities provide communication services isn't defined, but at
>             a guess it could include hosting providers and univerisities.
>
>             [1]
>             http://images.smh.com.au/file/2014/08/27/5710838/Data_retention_consultation.pdf
>
>             http://www.smh.com.au/digital-life/digital-life-news/secret-data-retention-discussion-paper-leaked-20140827-108yyh.html
>
>
>             -- 
>             # TRS-80 trs80(a)ucc.gu.uwa.edu.au <http://ucc.gu.uwa.edu.au> #/
>             "Otherwise Bub here will do \
>             # UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best |
>             [ "There's nobody getting rich writing ]| -- Collect and hide your |
>             [ software that I know of" -- Bill Gates, 1980 ]\ nuts." -- Acid Reflux
>             #231 / _______________________________________________
>             AusNOG mailing list
>             AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>             http://lists.ausnog.net/mailman/listinfo/ausnog
>             Charles Sturt University
>
>             | ALBURY-WODONGA | BATHURST | CANBERRA | DUBBO | GOULBURN | MELBOURNE |
>             ONTARIO | ORANGE | PORT MACQUARIE | SYDNEY | WAGGA WAGGA |
>
>             LEGAL NOTICE
>             This email (and any attachment) is confidential and is intended for the
>             use of the addressee(s) only. If you are not the intended recipient of
>             this email, you must not copy, distribute, take any action in reliance
>             on it or disclose it to anyone. Any confidentiality is not waived or
>             lost by reason of mistaken delivery. Email should be checked for viruses
>             and defects before opening. Charles Sturt University (CSU) does not
>             accept liability for viruses or any consequence which arise as a result
>             of this email transmission. Email communications with CSU may be subject
>             to automated email filtering, which could result in the delay or
>             deletion of a legitimate email before it is read at CSU. The views
>             expressed in this email are not necessarily those of CSU.
>
>             Charles Sturt University in Australia http://www.csu.edu.au The Grange
>             Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878
>             708 551; CRICOS Provider Numbers: 00005F (NSW), 01947G (VIC), 02960B
>             (ACT)). TEQSA Provider Number: PV12018
>
>             Charles Sturt University in Ontario http://www.charlessturt.ca 860
>             Harrington Court, Burlington Ontario Canada L7N 3N4 Registration:
>             www.peqab.ca <http://www.peqab.ca>
>
>             Consider the environment before printing this email.
>             _______________________________________________
>             AusNOG mailing list
>             AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>             http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>         The information contained in this e-mail message and any accompanying files
>         is or may be confidential. If you are not the intended recipient, any use,
>         dissemination, reliance, forwarding, printing or copying of this e-mail or
>         any attached files is unauthorised. This e-mail is subject to copyright. No
>         part of it should be reproduced, adapted or communicated without the written
>         consent of the copyright owner. If you have received this e-mail in error
>         please advise the sender immediately by return e-mail or telephone and
>         delete all copies. Fairfax Media does not guarantee the accuracy or
>         completeness of any information contained in this e-mail or attached files.
>         Internet communications are not secure, therefore Fairfax Media does not
>         accept legal responsibility for the contents of this message or attached files.
>         _______________________________________________
>         AusNOG mailing list
>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>         http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
> The information contained in this e-mail message and any accompanying files is or
> may be confidential. If you are not the intended recipient, any use, dissemination,
> reliance, forwarding, printing or copying of this e-mail or any attached files is
> unauthorised. This e-mail is subject to copyright. No part of it should be
> reproduced, adapted or communicated without the written consent of the copyright
> owner. If you have received this e-mail in error please advise the sender
> immediately by return e-mail or telephone and delete all copies. Fairfax Media does
> not guarantee the accuracy or completeness of any information contained in this
> e-mail or attached files. Internet communications are not secure, therefore Fairfax
> Media does not accept legal responsibility for the contents of this message or
> attached files.
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140827/3ab518ca/attachment-0001.html>


More information about the AusNOG mailing list