[AusNOG] Data Retention

Fri Sep 25 10:00:49 EST 2015

Ross, we get it.  The legislation is self-contradictory.  This is a
government document for a technical field - that it is poorly written is
not a revelation.

If there is no such thing to you as a 'simple' reading then I'd
respectfully suggest you're not trying hard enough.  It doesn't have to be
hard unless you want to make it such.  Covering off 95% of the cases where
you may be questioned by turning on logging on everything that supports it
is smart business; you'd have to be unlucky in the first place to have a
problem, but then if you did it would be up to your commercial guys to
justify it.  Aside from that, for your 5% of risk you could simply apply
for an exemption.  You'd have the justification of having taken all steps
reasonable to comply, and wouldn't be in a position where you could have
been retaining metadata but were choosing not to (which seems to be where
this legislation originated from in the first place).

Worrying yourself sick over technical semantics when it's the functional
rather than technical outcome that will determine whether you're going to
have a problem in the future doesn't make sense.  A lot of it seems to be
down to attitude - we have been ordered to do something that we don't want
to do, so we're going to pick at the legislation and make it sound as hard
as possible in the hope that we can avoid doing it.  If there were
something in it for us as an industry I'd say people would be a lot keener
to find a solution.  It may sound like I'm in favour of it, which is not
the case.  I just don't think recursion is getting anybody anywhere.

James.

On Fri, Sep 25, 2015 at 9:49 AM, Ross Wheeler <ausnog at rossw.net> wrote:

>
>
> Okay, I'll ask the question.  Why does this have to be made to sound so
>> hard?
>>
>
> Because the legislation is self-contradictory, and reading it doesn't
> actually tell you what you have to do?
>
>
> If you take a simple reading of what's required
>>
>
> I'm not sure there is any such thing as a "simple" reading.
>
>
> Stash the log file.
>>
>
> Simply stashing log files might get you most of the way there. But most of
> the way may not be good enough.
>
>
> The worst that can happen is your request is rejected, right?
>>
>
> No.
>
>
> There seems to be a lot of worry about submitting a DRIP, but do you really
>> need to?
>>
>
> No. NOT submitting a DRIP = "declaring you are fully compliant"
>
>
> and made a few tweaks that you could be reasonably compliant and therefore
>> don't need to worry about doing so.
>>
>
> "reasonably compliant" isn't "fully compliant".
>
>
> Sure, from where we sit the legislation is poorly written.  The process has
>> been poorly handled.
>>
>
> Yup, and yup.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150925/c1b2916f/attachment.html>