[AusNOG] Welcome to Metadata Retention

George Fong george at lateralplains.com
Mon Mar 2 09:09:34 EST 2015 

With Paul on this.

Paul was part of the team that put together submissions on behalf of the Internet Society of Australia. We respectfully pushed the point that the Bill was 'deeply flawed'. AGD's intentions are clear from the Explanatory Memoranda and submissions but we don't think the Bill quite matches up.

https://www.internet.org.au/index.php/news

The*intention* though is as Paul has spelled out below, although as some of you have pointed out, issues of immediate circle and same place in 187B are problematic. The intention is clear. Some provider somewhere should collect the data. Even if you do not qualify or are  exempt, there is a contemplation by AGD that somewhere along the chain someone will be required to collect and retain..

But whilst we are contemplating the legal issues (and they are complex) we should also be contemplating the issue of collection and retention. The way the argument is phrased, we'll *only* have to collect what is defined in the dataset (which the PJCIS has now recommended is defined in the legislation, not regulations).

The reality IMHO, is not so much what we have to collect, but what we have to strip out of the data we collect. And that process is going to vary significantly depending on what generates the data. Even between MTAs (eg Postfix vs Exim) the log formats are very different. If you run both then you have twice the work to do. And then you need to make sure that updates don't change the formats, or if they do, you can adjust the programs that parse the logs.

We could retain everything and not parse them for only the relevant data. There will then be a storage issue. But I am not clear in my own mind, if we hand over everything lock stock and barrel, in excess of the defined dataset requirements, whether we would be breaching other obligations to the client.

Andrew Masterson very kindly gave us a platform to outline some of these issues in the SMH:

http://www.smh.com.au/digital-life/digital-life-news/lawyers-laymen-experts-stumped-by-metadata-proposals-20150225-13myny.html

All in all I think its going to take a fair bit of debate and discussion, and as Matthew Lobb from Vodafone pointed out at the submissions to the PJCIS, it may well take a substantial amount of time and a considerable amount of consultation with industry, to work out how you get a consistent and workable process in place. IMHO this task will be substantial. Take ISP Land for example -   400+ known ISPs with 400+ discrete systems and 400+ skills sets and capabilities ........

Cheers
g.



On Sun, 2015-03-01 at 21:24 +1100, Paul Brooks wrote:
Lets make this simple - but if you think it *won't* apply to you, you should consult legal advice to make sure.

See definition of Carriage Service Provider in the Telco Act, and definition of ISP in the Broadcasting Services Act Schedule 5.

If you provide a carriage service to the public (i.e. not your own staff), you're a service provider.
If you arrange for another CSP to provide services to the public, you're a service provider
If you resell or wholesale another CSP's services to sell services to the public, you're a service provider.
if you supply, or propose to supply, an internet carriage service to the public, you're an internet service provider .
There is no registration requirement to be considered to be a Carriage Service Provider, no license - if you provide services, you are a CSP, if you provide access to the Internet, you are an ISP, which makes you a service provider, and the new legislation applies to you.

There is no size threshold - it applies to the big guys, the little guys, the single person operating from a garage with a handful of customers.

For pure hosting providers - the Broadcasting Services Act says 'Note:          If a company makes internet content available for access on the internet, and an individual obtains access to the content using an internet carriage service, the company and the individual are end-users in relation to the carriage of the content by the internet carriage service.'
....so you might not be captured, but you should consult legal advice on that.

Paul.


On 27/02/2015 6:10 PM, Shaun McGuane wrote:

Hi Gents,



A quick question on this one.



1.       What is the definition of service provider?

Is this only a requirement for licensed carriers or does it extend through the little guys
in hosting at the end of the food chain?



Regards

Shaun



From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Paul Wilkins
Sent: Friday, 27 February 2015 5:59 PM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Welcome to Metadata Retention



There's 2 recommendations that go to requirements for storage of metadata, which are very much a work in progress:

Recommendation 10


The Committee recommends that the Explanatory Memorandum to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 clarify the requirements for service providers with regard to the retention, de-identification or destruction of data once the two year retention period has expired

Recommendation 37


The Committee recommends that the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 be amended to require service providers to encrypt telecommunications data that has been retained for the purposes of the mandatory data retention regime.


To give effect to this recommendation, the Committee recommends that the Data Retention Implementation Working Group develop an appropriate standard of encryption to be incorporated into regulations, and that the Communications Access Co-ordinator be required to consider a provider’s compliance with this standard as part of the Data Retention Implementation Plan process.


Further, the Communications Access Co-ordinator should be given the


power to authorise other robust security measures in limited circumstances in which technical difficulties prevent encryption from being implemented in existing systems used by service providers.







On 27 February 2015 at 16:46, Paul Julian <paul at oxygennetworks.com.au<mailto:paul at oxygennetworks.com.au>> wrote:

It has to be encrypted as part of the legislation Kris



Regards

Paul



From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net>] On Behalf Of Kristoffer Sheather @ CloudCentral
Sent: Friday, 27 February 2015 4:44 PM
To: Phillip Grasso
Cc: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>


Subject: Re: [AusNOG] Welcome to Metadata Retention




Don't bother encrypting it, they probably either have the keys (or compel you to provide them) and/or can break the encryption.








Regards,
Kristoffer Sheather





________________________________
From: "Phillip Grasso" <phillip.grasso at gmail.com<mailto:phillip.grasso at gmail.com>>
Sent: Friday, February 27, 2015 4:42 PM
To: kris at cloudcentral.com.au<mailto:kris at cloudcentral.com.au>
Cc: "Peter Lawler" <ausnog at bleeter.id.au<mailto:ausnog at bleeter.id.au>>, "ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>" <ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>>
Subject: Re: [AusNOG] Welcome to Metadata Retention




did they specify what kind of storage conditions it needs to be stored under?




If not do it cheap as possible to keep costs to customers as long as possible; that sounds like jbod or a raid0 array[encrypted of course]




On Fri, Feb 27, 2015 at 4:39 PM, Kristoffer Sheather @ CloudCentral <kristoffer.sheather at cloudcentral.com.au<mailto:kristoffer.sheather at cloudcentral.com.au>> wrote:

That's exactly what they should do, isn't the government supposed to be all about "transparency" :) ?





Regards,
Kristoffer Sheather





________________________________
From: "Phillip Grasso" <phillip.grasso at gmail.com<mailto:phillip.grasso at gmail.com>>
Sent: Friday, February 27, 2015 4:38 PM
To: "Peter Lawler" <ausnog at bleeter.id.au<mailto:ausnog at bleeter.id.au>>
Cc: "ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>" <ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>>
Subject: Re: [AusNOG] Welcome to Metadata Retention




who's gonna pay for this? any increase in compliance costs normally end up costing the customer.




Wouldn't it be funny if most of the ISP's put on their bill notices:





Mandatory Government Metadata surcharge tax^H^H^H: ~+$2




On Fri, Feb 27, 2015 at 1:57 PM, Peter Lawler <ausnog at bleeter.id.au<mailto:ausnog at bleeter.id.au>> wrote:

On 27/02/15 13:21, Matt Perkins wrote:
>
> I have one prediction the roll out of this is going to be the biggest
> debacle since pink bats.

Loathed to mention it as it's arguably OT, but there's a piece doing the
rounds at the moment about the cost of the eHealth record stuff and how
underutilised it has been by the general population.

As such, I think you're missing the relevant debacle comparator.

Pete.


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog






Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.
http://www.mailguard.com.au/mg


Report this message as spam<https://console.mailguard.com.au/ras/1LuTwZsyWm/eN94K2dhlDZkeB5IQAug8/0.206>







_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog




_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog


--
[cid:1425246616.30830.1.camel at lateralplains.com]

GPG Fingerprint: 8BAF 3175 A1C8 BF5F 3631 BEF4 727C 784A 218B 4CE4
Just remember ...... wherever you go, there you are.








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150301/7553908d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: george-2014.png
Type: image/png
Size: 20375 bytes
Desc: george-2014.png
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150301/7553908d/attachment.png>

More information about the AusNOG mailing list