[AusNOG] Metadata retention... it's now (almost) a thing

[Chris Chaundy]

Hi Narelle,

I find that the last sentence in the obligations listed in 'B' below and the requirements in '3' to be totally contradictory.

Cheers, Chris

Sent from my iPhone

> On 31 Oct 2014, at 13:18, Narelle <narellec at gmail.com> wrote:
> 
> [Provisor IANAL and I haven't gone through the legislation yet... N]
> 
>> On Thu, Oct 30, 2014 at 3:40 PM, Matt Perkins <matt at spectrum.com.au> wrote:
>> I would be interested to see paragraph 187A(4) of the act.  It seems to
>> indicate that
>> 
>> This item will only apply to the service provider operating the relevant
>> service: So does that mean we need to know who chatted to who on facebook
>> for example but facebook is the service provider so they would be the people
>> that would need to get the info. Not the ISP. The ISP could not be expected
>> to break an encryption do get the info.
>> 
>> So im thinking a lot of this will be "who is the service provider" .  Is it
>> skype, Is it facebook, Is it the guy providing the copper ?
>> 
>> Matt.
> 
> 
> Matt
> in the discussion paper it says: "Nothing in this data set applies to
> or requires the retention of destination web address identifiers, such
> as destination IP addresses or URLs."
> 
> Thus given facebook is accessed via a "web address" it would be out of scope.
> 
> Of course, by extension, if you want your activities to stay unlogged
> or obfuscated, you change mac addresses, use other people's wifi, and
> wrap things via http or some other vpn.
> 
> BUT
> 
> the paper also requires a LOT more than just radius logs.
> 
> It does apply to "all entities that provide communications services to
> the public".
> "Who will data retention apply to?
> Data retention obligations, consistent with existing legal and
> regulatory obligations, should be able to apply to all entities that
> provide communications services available to the public in Australia.
> Therefore, data retention obligations should not be limited to
> licenced carriers but should also extend to any entity that provides
> communications services to the Australian public."
> 
> 
> 
> 
> Here is the full text of the "requirements" egs not included, but copy attached.
> 
> B. Obligations for data retention—data set
> The data set described in the following pages has been developed for
> consultation with the telecommunications industry. It reflects the key
> requirements of security and law enforcement agencies, is designed to
> be technologically-neutral, and is broadly consistent with the
> categories of data set out in Article 5 of the former Directive
> 2006/24/EC; and ETSI Standards TS 102 656 (V1.2.1) Retained Data:
> Requirements of Law Enforcement Agencies for handling Retained Data,
> and TS 102 657 (V1.15.1) Retained Data Handling: Handover interface
> for the request and delivery of retained data.
> The explanatory information in section B provides further information
> including examples of how these requirements would apply to particular
> technologies and services.
> Nothing in this data set applies to or requires the retention of
> destination web address identifiers, such as destination IP addresses
> or URLs.
> 
> 1. Information necessary to identify, and supplementary information
> regarding, the subscriber of a service:
> (a) the current and historical name and address of the subscriber of
> the account, service and/or device
> (b) any current or historical account, service and/or device
> registered to the account
> (c) any current or historical permanent or transient identifier(s)
> allocated by the provider to an account, service and/or device
> (d) any current or historical supplementary identification, billing
> and payment, or contact information
> (e) current and historical account, service and/or device status
> (f) current and historical information about the usage of the account,
> service and/or device
> 2. Information necessary to trace and identify the source of a
> communication (including unsuccessful or untariffed communications):
> (a) the identifier(s) allocated to an account, service and/or device
> from which a communication is sent or attempted to be sent.
> 3. Information necessary to identify the destination of a
> communication (including unsuccessful or untariffed communications):
> (a) the identifier(s) allocated to an account, service and/or device
> to which a communication is sent or attempted to be sent
> (b) in cases where a communication is forwarded, routed or
> transferred, the identifier(s) allocated to an account, service and/or
> device to which a communication is forwarded etc, or attempted to be
> forwarded etc.
> 4. Information necessary to accurately identify the date, time of
> start and end or duration of a communication (including unsuccessful
> or untarriffed communications)
> (a) the time and date of the start and end of the communication, or
> attempted communication
> (b) the time and date of the connection to and disconnection from the service
> 5. Information necessary to identify the type of communication:
> (a) the type of service used
> (b) service features used by or enabled for the communication
> 6. Information necessary to identify subscribers communication
> equipment or what purports to be their equipment:
> (a) the identifier(s)of the line, device and equipment connected to
> the service from which a communication is sent or attempted to be sent
> (b) the identifier(s) of the line, device and equipment connected to
> the service to which a communication is sent, including a device or
> equipment to which a communication is forwarded or transferred.
> 7. Information necessary to identify the location of communications equipment:
> (a) the location of the device or equipment used to send or receive a
> communication, based on the device’s or equipment’s connection to the
> service at the start and end of a communication or session.
> <AGD - Revised Industry consultation paper - Data retention - (23 Septemb....pdf>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog