<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Perhaps we are overthinking this, the
      pollies have NFI what they are talking about so make use of it.<br>
      Perhaps go on the offensive, and give them the "billing metadata"
      that you already have and nothing more ;-><br>
      <br>
      <br>
      What would probably be most useful to them really and not a bad
      thing in terms of privacy and cost would be which accounts had
      what IP address at some time and keep that for a while.<br>
      If we define "metadata" to be that, then give it to them then
      that's fine, if they want to say that isn't "metadata" then they
      will need to define what that is.<br>
      <br>
      The only real way to do the other stuff they are talking about
      would be to record the "meta-data" on every IP stream (might be
      easier than doing packet inspection or proxies perhaps?).<br>
      If the PM's "who you talk to" bit is right then really that is
      what they would be after.<br>
      It'd need to be right out at the edge to work really though. (you
      guys all run statefull routers right? <trollface>)<br>
      NFI what you do with UDP data.<br>
      <br>
      <br>
      On 06/08/14 19:13, Mark Dignam wrote:<br>
    </div>
    <blockquote cite="mid:053401cfb156$b6456a20$22d03e60$@innaloo.net"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta name="Generator" content="Microsoft Word 14 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.hoenzb
        {mso-style-name:hoenzb;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";
        mso-fareast-language:EN-AU;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Narelle.<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Great
            post – the shame of it is, the questions are only going to
            be answered with sound bytes … two of which I heard on Sky
            News this morning..<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">“its
            just the data the ISP already collects for billing” and …<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">“Its
            just like the front of an envelope, there’s no harm in
            that.”<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
              lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
            lang="EN-US"> AusNOG
            [<a class="moz-txt-link-freetext" href="mailto:ausnog-bounces@lists.ausnog.net">mailto:ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf Of </b>Narelle<br>
            <b>Sent:</b> Wednesday, 6 August 2014 4:28 PM<br>
            <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:ausnog@ausnog.net">ausnog@ausnog.net</a><br>
            <b>Subject:</b> [AusNOG] Fwd: Ten questions about metadata
            retention<o:p></o:p></span></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <div>
          <div>
            <p class="MsoNormal"><o:p> </o:p></p>
          </div>
          <p class="MsoNormal">FYI<o:p></o:p></p>
          <div>
            <p class="MsoNormal"><o:p> </o:p></p>
            <div>
              <p class="MsoNormal" style="margin-bottom:12.0pt">----------
                Forwarded message ----------<br>
                From: <b>Narelle Clark, President ISOC-AU</b> <<a
                  moz-do-not-send="true"
                  href="mailto:president@isoc-au.org.au">president@isoc-au.org.au</a>><br>
                Date: Wed, Aug 6, 2014 at 6:22 PM<br>
                Subject: Ten questions about metadata retention<br>
                <br>
                <br>
                <o:p></o:p></p>
              <div>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">6
                      August 2014</span></b><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></b><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:center"
                  align="center"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Ten
                      questions about metadata retention</span></b><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></b><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">The
                    Australian Government has announced that it will
                    mandate the retention of communications metadata for
                    two years in order to assist law enforcement and
                    national security agencies to improve the detection
                    of terrorism offences and reduce the risk of a
                    terrorist attack within Australia or which affects
                    Australians or their interests.</span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">There
                    has been criticism of this proposal on the grounds
                    of interference with the privacy of the vast
                    majority of Australians who are not terrorists as
                    well as the cost and risks of implementation.</span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Reassuringly,
                    the Attorney General and Minister for Communications
                    have made it clear that, as a general principle, the
                    Government will seek to minimise the cost impact and
                    risk of interference with the privacy of ordinary
                    Australians to the extent possible.</span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">However,
                    unfortunately at this point there appears to be
                    insufficient information in the public domain about
                    the detail of the proposal to understand how it is
                    to be implemented in practice and to reach informed
                    conclusions as to whether the benefits of the
                    proposal outweigh its cost and risk.</span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">The
                    Government has criticised previous governments for
                    the implementation of major communications projects
                    without adequate consideration, planning and design
                    including a formal business case identifying and
                    weighing the benefits of the project against its
                    costs and risks. It is arguable that this is indeed
                    fair criticism.</span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Accordingly,
                    the Internet Society of Australia expects the
                    Government to ensure that the design and
                    implementation of the metadata retention proposal is
                    not rushed, chaotic or inadequate, by requiring a
                    rigorous business case and/or regulatory impact
                    assessment process which takes into account the
                    costs and risks of the proposal across industry and
                    the economy as a whole, as well as the direct costs
                    to the Commonwealth budget and risks to the
                    Commonwealth.</span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">We
                    also recommend that the Government conduct a full
                    privacy impact assessment of the proposal in
                    accordance with the Office of the Australian
                    Information Commissioner's guidelines, in addition
                    to any usual parliamentary processes to scrutinise
                    and improve legislation before it is adopted.</span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Based
                    on the technical and policy experience of its
                    members, the Internet Society of Australia has posed
                    the following questions in relation to the proposal
                    which will require further consideration as part of
                    the various policy, legislation and technical
                    development and assessment processes for the
                    proposal:</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">1.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">What
                      is the definition of metadata to be retained?</span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> 
                    If carriers or other organisations are to be obliged
                    to retain metadata, they need to know what metadata
                    is to be retained. The scope of the data required to
                    be retained will have significant impact on the cost
                    and risk in implementing the proposal.  Is it only
                    Internet connection duration and location
                    information, such as that from authentication
                    systems? Is it IP packet headers, or a subset of the
                    information contained in the packet header, or the
                    full content of some of the packets, for example the
                    contents of the packets which include email subject
                    headings?  Will information about the content of the
                    packets themselves be required to be retained?  Must
                    the metadata of every packet be retained or only
                    session information?</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">2.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Which
                      entities are required to retain metadata
                      (Retention Entities)? </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> Will
                    it be restricted to only licensed carriers
                    transmitting information across the public
                    Internet?  Will organisations which operate private
                    internal IP networks or virtual private networks be
                    required to retain the metadata of information
                    passing across their private networks, or only if
                    and once the communication leaves the private
                    network to the public Internet?</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">3.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Whose
                      metadata is required to be retained?</span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">
                    Is it the metadata of all individuals, companies,
                    media organisations, members of parliament,
                    political parties, governments and agencies
                    (including the law enforcement and national security
                    agencies themselves)?  Will it apply to the metadata
                    of communications by autonomous devices, like smart
                    meters?  If there are to be exceptions, what is the
                    basis for those exceptions and how will the
                    exceptions be implemented in practice?</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">4.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">What
                      method of metadata retention must a Retention
                      Entity employ?  </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Will
                    it be sufficient for Retention Entities to maintain
                    records in a large range of devices across their
                    networks or will the metadata need to be centralised
                    into a single server or data centre? If so, will the
                    centralisation need to occur in real time (which
                    might considerably increase the network overhead and
                    thus require capacity upgrades across the entire
                    network) or can it be batched and transmitted in
                    periods of lower network traffic?  If so, how
                    frequently must it be batched and transmitted?  What
                    will be the consequences of failing to do?  What
                    format is the metadata required to be collected and
                    stored in?  Will the format be standardised or
                    different for different types of communications and
                    storage medium or vendor equipment?  What minimum
                    level of security must the Retention Entity
                    establish and maintain in relation to retained
                    metadata? Will a Retention Entity be restrained from
                    outsourcing and/or offshoring the performance of its
                    retention obligations?  If not, does the Retention
                    Entity remain primarily liable for those
                    obligations?</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">5.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">When
                      must metadata retention commence?</span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> 
                    The Government has indicated that there is an
                    immediate serious risk to the Australian community
                    from terrorism which metadata retention and access
                    will assist to mitigate.  Accordingly the Government
                    will seek to implement some form of voluntary
                    informal metadata retention arrangements by direct
                    discussions with the communications industry prior
                    to the introduction of legislation.  However,
                    implementation of a metadata retention system is
                    likely to require adequate time to properly plan,
                    design, implement and test before it 'goes live'. 
                    Too rapid implementation is likely to:</span><o:p></o:p></p>
                <p style="margin-left:85.1pt"><span
style="font-family:"Verdana","sans-serif";color:#095261">5.1</span><span
                    style="font-size:7.0pt;color:#095261">            </span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">unexpectedly
                    incur or bring forward capital costs which have not
                    been previously budgeted for or funded which may
                    create short term competitiveness or even liquidity
                    issues, particularly for smaller Retention Entities;
                  </span><o:p></o:p></p>
                <p style="margin-left:85.1pt"><span
style="font-family:"Verdana","sans-serif";color:#095261">5.2</span><span
                    style="font-size:7.0pt;color:#095261">            </span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">increase
                    total costs of implementation due to uncertainties
                    in the specification of the form of metadata
                    retention required to be implemented and changing
                    requirements through the various review and
                    parliamentary processes; and</span><o:p></o:p></p>
                <p style="margin-left:85.1pt"><span
style="font-family:"Verdana","sans-serif";color:#095261">5.3</span><span
                    style="font-size:7.0pt;color:#095261">            </span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">increase
                    the risk of unidentified defects in design and
                    implementation, thereby increasing the total risk of
                    project failure, loss or disclosure of retained
                    metadata and future requirements to incur additional
                    costs of rectification.</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">6.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Who
                      will pay the cost of metadata retention? </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Will
                    there be some public subsidy to private
                    organisations to meet the capital and operational
                    expenses of implementing and operating metadata
                    retention?  Or, will the cost need to be absorbed by
                    customers and/or shareholders?  If there is to be
                    some form of public subsidy, on what basis will it
                    be calculated and allocated between Retention
                    Entities?  What will the costs of operation of the
                    subsidy system be and how will that be allocated
                    between the public and private sectors?  A practical
                    mechanism may be to require relevant law enforcement
                    or national security agencies to subsidise the
                    Retention Entities' capital implementation costs and
                    then pay the true operational cost of each access
                    request they make from their existing budget
                    allocations.  This would create a practical
                    budgetary incentive upon agencies to restrict the
                    requirements of (and thus cost of) metadata
                    retention systems and the number of access requests
                    to only the most important and to limit 'fishing
                    expeditions'.</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">7.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">What
                      authorisation will be required to access
                      metadata?  </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Will
                    metadata be available only to law enforcement (ie
                    Police) and national security agencies? What are the
                    range of agencies permitted to seek access to
                    retained metadata and the purposes for which they
                    may seek access? Will it be limited to intelligence
                    and policing agencies for counter-terrorism purposes
                    or extend to 'ordinary' criminal or civil law
                    enforcement activity.  For example, will ASIC, local
                    governments, the Victorian Taxi Directorate and the
                    RSPCA continue to have the ability to access
                    retained metadata for the enforcement of the
                    statutes for which they are responsible, as
                    currently?   In what circumstances will a warrant or
                    formal authorisation be required?  Will that be an
                    independent process?  What oversight will be in
                    place?  What sanctions will be applied to individual
                    officers who inappropriately authorise access?  What
                    sanctions will apply to agencies and officers who
                    inappropriately use or disclose metadata which has
                    been accessed?  Will the Retention Entity be
                    permitted to access its retained metadata for its
                    own business (including billing and marketing) or
                    other purposes?  Will private parties to litigation
                    (for example, unfair dismissal, breach of confidence
                    or divorce cases) be able to demand the provision of
                    metadata upon subpoena?  Will metadata of, or held
                    by, agencies be available under Freedom of
                    Information requests?</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">8.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">How
                      long must metadata be retained and how will it be
                      disposed of?  </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Is
                    the two year period foreshadowed by the government
                    the specific, minimum or maximum period for which
                    the data is to be retained?  Will agencies be
                    authorised to access metadata which is more than two
                    years old?  What obligations will Retention Entities
                    have to ensure that retained metadata is disposed of
                    and fully expunged after the expiry of the two year
                    period?</span><o:p></o:p></p>
                <p><span
style="font-family:"Verdana","sans-serif";color:#095261">9.</span><span
                    style="font-size:7.0pt;color:#095261">              
                  </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Who
                      will bear the risks of metadata retention? </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">It
                    is likely that any 'deep pool' of metadata will pose
                    an attractive target to hackers, ranging from the
                    purely curious through the disorganised anti-social
                    to organised crime and terrorist organisations
                    themselves.   As the Manning and Snowden cases make
                    clear, no information system is ever completely
                    secure, so there is a real probability that retained
                    metadata will be accessed inappropriately or without
                    authorisation, in a way that causes real personal
                    and economic harm.  Who bears the costs of that
                    harm: is it the individual whose privacy is
                    interfered with; the business who suffers loss or
                    damage from the disclosure of its confidential
                    information; the Retention Entity which is retaining
                    the data; or the taxpayer through the government? 
                    What mechanisms, for example statutory indemnities
                    or immunities, will be put in place to give effect
                    to that risk allocation?  What disclosure regimes
                    will be in place in order to report such breaches?</span><o:p></o:p></p>
                <p><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">10.     
                    <b>What ongoing review and reporting of metadata
                      retention will occur? </b>Is the metadata
                    retention intended only to be in place for the next
                    five years, which the Director General of ASIO has
                    identified as the peak risk period for returning
                    jihadists, or will it be in place indefinitely?
                     This will affect the way Retention Entities
                    amortise any of their unsubsidised capital costs of
                    implementing retention systems.  Will there be a
                    review of metadata retention?  Who will conduct the
                    review, by what process and when? What statistics
                    and key performance indicators of the effectiveness
                    of the proposal in achieving its stated aims will be
                    collected, analysed and published to enable a review
                    to occur?</span><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-autospace:none"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A"> </span></b><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-autospace:none"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A">About
                      the Internet Society</span></b><o:p></o:p></p>
                <p class="MsoNormal"
                  style="mso-margin-top-alt:auto;margin-bottom:12.0pt;text-align:justify"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095257">The
                    Internet Society is the world's trusted independent
                    source of leadership for Internet policy, technology
                    standards and future development. Based on its
                    principled vision and substantial technological
                    foundation, the Internet Society works with its
                    members and Chapters around the world to promote the
                    continued evolution and growth of the open Internet
                    through dialogue among companies, governments, and
                    other organisations around the world. See</span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A">
                    <a moz-do-not-send="true"
                      href="http://www.internetsociety.org"
                      target="_blank">www.internetsociety.org</a> </span><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A">The
                    <b>Australian Chapter of the Internet Society</b> is
                    ISOC-AU, a non-profit society founded in 1996, to
                    promote Internet development in Australia for the
                    whole community and is a peak body organisation,
                    representing the interests of Internet users in
                    Australia. See: <a moz-do-not-send="true"
                      href="http://www.isoc-au.org.au" target="_blank">www.isoc-au.org.au</a></span><o:p></o:p></p>
                <p><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></b><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A">Narelle
                      Clark</span></b><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:10.0pt;text-align:justify;line-height:115%"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Verdana","sans-serif";color:#18606A">President</span></b><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify;line-height:115%"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Verdana","sans-serif";color:#18606A">Contact:</span></b><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A">Narelle
                    Clark</span><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A">President</span><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A">Ph:
                    0412 297 043</span><o:p></o:p></p>
                <p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-autospace:ideograph-numeric"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A"><a
                      moz-do-not-send="true"
                      href="mailto:President@isoc-au.org.au"
                      target="_blank">President@isoc-au.org.au</a></span><o:p></o:p></p>
                <p style="text-align:center" align="center"><b><i><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">The
                        Internet is for everyone!</span></i></b><o:p></o:p></p>
                <p class="MsoNormal"><span style="color:#888888"><br
                      clear="all">
                    <br>
                    <span class="hoenzb">-- </span><br>
                    <br>
                    <br>
                    <span class="hoenzb">Narelle Clark</span><br>
                    <span class="hoenzb">President</span><br>
                    <span class="hoenzb">Internet Society of Australia</span><br>
                    <span class="hoenzb">ph: 0412 297 043</span><br>
                    <span class="hoenzb">int ph: <a
                        moz-do-not-send="true"
                        href="tel:%2B61%20412%20297%20043"
                        target="_blank">+61 412 297 043</a></span><br>
                    <span class="hoenzb"><a moz-do-not-send="true"
                        href="mailto:president@isoc-au.org.au"
                        target="_blank">president@isoc-au.org.au</a></span><br>
                    <span class="hoenzb"><a moz-do-not-send="true"
                        href="http://www.isoc-au.org.au" target="_blank">www.isoc-au.org.au</a></span><br>
                    <span class="hoenzb">The Internet is for Everyone!</span><br
                      clear="all">
                    <br>
                    <span class="hoenzb">-- </span><br>
                    <br>
                    <br>
                    <span class="hoenzb">Narelle</span><br>
                    <span class="hoenzb"><a moz-do-not-send="true"
                        href="mailto:narellec@gmail.com" target="_blank">narellec@gmail.com</a>
                    </span></span><o:p></o:p></p>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>