[AusNOG] Data Retention

Fri Sep 25 09:30:55 EST 2015

Okay, I'll ask the question.  Why does this have to be made to sound so
hard?  I appreciate that for some entities it may be pretty complex, but
I'd also bet those entities have the resources to make it happen.

If you take a simple reading of what's required (that is, if you don't
spend weeks on a mailing list trying to collect as many fringe cases as you
possibly can) and also consider what a request would likely be looking for
in the future (for the most part 'tell me who had this IP at this time')
then the requirements in most cases are not overly arduous.  Do you speak
BGP to your customers?  Good, stash the log file.  Offer an email service?
Stash the log file.

I appreciate something like CGN could be troublesome if for whatever reason
it had no logging capability.  First - apply for an exemption.  Explain all
of the other great stuff you're doing to meet the requirements in good
faith and explain that this piece of hardware doesn't collect the data they
need, and show where you've written to the manufacturer to confirm this.
Explain that the book value on it is too high and that you'll need an
exemption until it's economical to replace with something that can meet the
requirements.  The worst that can happen is your request is rejected, right?

There seems to be a lot of worry about submitting a DRIP, but do you really
need to?  I'd be willing to bet if you had a quick think about your network
and made a few tweaks that you could be reasonably compliant and therefore
don't need to worry about doing so.  You wouldn't know it though, because
all I've been reading for months has been permutations on "Well, you had
your chance to do something about it, so now suck it", "No, you need to
talk to a lawyer", "Grrr.. this is stupid whyyyy...".  Some don't get it,
some don't want to get it, and some want everybody to know that they got it
before it was passed and the rest of us didn't listen.

Sure, from where we sit the legislation is poorly written.  The process has
been poorly handled.  That's government, and that's life.  Going in circles
and having paranoia set in is not helping.  The sky is not falling.

Happy Friday, folks! :)

James.

On 24 Sep 2015, at 23:36, Chad Kelly <chad at cpkws.com.au> wrote:
>
>
>
> On 9/24/2015 11:13 PM, Mark Newton wrote:
>
> On 24 Sep 2015, at 10:54 pm, Chad Kelly <chad at cpkws.com.au> wrote:
>
> CPK Web Services does not have an IP range or a network for that matter,
> as I have already stated, both publicly on social media and in our DRIP we
> have written agreements in place with Micron21 who take responsibility for
> the network and related stuff.
>
> But then we have the over the top services such as email.
>
> So why are you even talking to them at all? The legislation doesn’t cover
> you.
>
>
>
>
>
>
>
>
>
>
>
> This is why it should be moved from the AGD to the Department of
> communications, as the AGD advice varies from what most industry people
> have told me.
>
>
>
> The AGD advice doesn't matter. The legislation does. And it seems that you
> aren't talking to a lawyer about it and, perhaps, haven't even read it
> yourself.
>
>
>
> Which is that providers who don't operate their own network are not
> covered by this, but if that is the case, it would leave out a number of
> providers who co-locate servers in DCs that provide them with network
> connectivity.
>
>
>
> Yes! If they're not carriers or ISPs, they are "left out." That's what the
> law passed by the Parliament says.
>
>
>
> *"Get a lawyer, son, hope you get a real good one."*
>
>
>
>    - mark
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150925/15bf990a/attachment.html>