<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 6/08/2014 11:51 PM, Skeeve Stevens
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAEUfUGMajpbeD4+ZScKRAR6+NoJtSH6tBaL-EYBGNwpS1ei94g@mail.gmail.com"
      type="cite">
      <div dir="ltr">For email, it is amusing... who uses ISP email
        anymore?  The ISP's I am building at the moment have no email
        facilities for end-users at all.
        <div><br>
        </div>
        <div>They can talk to google/microsoft/yahoo.</div>
      </div>
    </blockquote>
    They do. That bit isn't a problem for them at all, they already have
    very good links with those parties.<br>
    <br>
    Traditionally, the metadata that has been required to be provided to
    answer a warrant has been data the provider has had to keep anyway
    for their own billing purposes - length of call, date/time,
    destination - all the stuff you needed to report to put on a
    telephone bill, and being financial data, that the provider needed
    to keep for 7(?)  years to provide evidence for the tax return etc.<br>
    The provider didn't need to do anything extra.<br>
    <br>
    Now, they are wanting data you may not currently record or keep or
    need to use for billing.<br>
    <br>
    A couple of questions - <br>
    for those who's equipment produces RADIUS logs or DHCP logs - how
    long do you currently keep those logs before purging/overwriting?<br>
    <br>
    for those running SMTP/POP3/IMAP services - how long do you
    currently keep the logs coming out of those servers?<br>
    <br>
    Put another way - if the Government didn't mandate a time period,
    how long are you currently voluntarily keeping your logfile
    information for anyway? How far back could they go if they asked you
    for the data today?<br>
    <br>
     Paul.<br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <blockquote
cite="mid:CAEUfUGMajpbeD4+ZScKRAR6+NoJtSH6tBaL-EYBGNwpS1ei94g@mail.gmail.com"
      type="cite">
      <div dir="ltr">
      </div>
      <div class="gmail_extra"><br clear="all">
        <div>
          <div dir="ltr">
            <div><br>
              ...Skeeve</div>
            <div><br>
            </div>
            <div>
              <div><b style="font-size:13px;font-family:Calibri">Skeeve
                  Stevens - </b><span
                  style="font-size:13px;font-family:Calibri">eintellego
                  Networks Pty Ltd</span></div>
              <div>
                <div><span style="font-family:Calibri;font-size:13px"><a
                      moz-do-not-send="true"
                      href="mailto:skeeve@eintellegonetworks.com"
                      target="_blank">skeeve@eintellegonetworks.com</a> ; <a
                      moz-do-not-send="true"
                      href="http://www.eintellegonetworks.com/"
                      target="_blank">www.eintellegonetworks.com</a></span><font>
                    <p
                      style="font-family:Calibri;font-size:13px;margin:0px">
                      Phone: 1300 239 038; Cell +61 (0)414 753 383 ; <a
                        moz-do-not-send="true">skype://skeeve</a></p>
                    <p
                      style="font-family:Calibri;font-size:13px;margin:0px"><a
                        moz-do-not-send="true"
                        href="http://facebook.com/eintellegonetworks"
                        target="_blank">facebook.com/eintellegonetworks</a> ; <a
                        moz-do-not-send="true"
                        href="http://linkedin.com/in/skeeve"
                        target="_blank">linkedin.com/in/skeeve</a> </p>
                    <p
                      style="font-family:Calibri;font-size:13px;margin:0px"><a
                        moz-do-not-send="true"
                        href="http://twitter.com/theispguy"
                        target="_blank">twitter.com/theispguy</a><span
                        style="color:rgb(0,0,0)"> ; blog: </span><a
                        moz-do-not-send="true"
                        href="http://www.theispguy.com/" target="_blank">www.theispguy.com</a><br>
                    </p>
                    <p
                      style="font-family:Calibri;font-size:13px;margin:0px"><img
                        moz-do-not-send="true"
                        src="http://eintellegonetworks.com/logos/ein09.png"><br>
                    </p>
                    <p style="margin:0px"><span
style="color:rgb(127,0,127);font-family:Calibri,sans-serif;font-size:13px">The
                        Experts Who The Experts Call</span></p>
                  </font></div>
                <div
style="font-family:Calibri,sans-serif;font-size:14px;color:rgb(127,0,127)"><span
                    style="color:rgb(0,32,96);font-size:13px">Juniper -
                    Cisco </span><span
                    style="color:rgb(0,32,96);font-size:13px">- Cloud</span><span
                    style="color:rgb(0,32,96);font-size:13px"> </span><span
                    style="color:rgb(0,32,96);font-size:13px">-
                    Consulting</span><span
                    style="color:rgb(0,32,96);font-size:13px"> </span><span
                    style="color:rgb(0,32,96);font-size:13px">- IPv4
                    Brokering</span></div>
              </div>
            </div>
          </div>
        </div>
        <br>
        <br>
        <div class="gmail_quote">On Wed, Aug 6, 2014 at 7:13 PM, Mark
          Dignam <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:mark@innaloo.net" target="_blank">mark@innaloo.net</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div link="blue" vlink="purple" lang="EN-AU">
              <div>
                <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Narelle.</span></p>
                <p class="MsoNormal">
                  <span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
                <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Great
                    post – the shame of it is, the questions are only
                    going to be answered with sound bytes … two of which
                    I heard on Sky News this morning..</span></p>
                <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
                <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">“its
                    just the data the ISP already collects for billing”
                    and …</span></p>
                <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
                <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">“Its
                    just like the front of an envelope, there’s no harm
                    in that.”</span></p>
                <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
                <p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
                      lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""
                    lang="EN-US"> AusNOG [mailto:<a
                      moz-do-not-send="true"
                      href="mailto:ausnog-bounces@lists.ausnog.net"
                      target="_blank">ausnog-bounces@lists.ausnog.net</a>]
                    <b>On Behalf Of </b>Narelle<br>
                    <b>Sent:</b> Wednesday, 6 August 2014 4:28 PM<br>
                    <b>To:</b> <a moz-do-not-send="true"
                      href="mailto:ausnog@ausnog.net" target="_blank">ausnog@ausnog.net</a><br>
                    <b>Subject:</b> [AusNOG] Fwd: Ten questions about
                    metadata retention</span></p>
                <p class="MsoNormal"> </p>
                <div>
                  <div>
                    <p class="MsoNormal"> </p>
                  </div>
                  <p class="MsoNormal">FYI</p>
                  <div>
                    <p class="MsoNormal"> </p>
                    <div>
                      <p class="MsoNormal" style="margin-bottom:12.0pt">
                        ---------- Forwarded message ----------<br>
                        From: <b>Narelle Clark, President ISOC-AU</b>
                        <<a moz-do-not-send="true"
                          href="mailto:president@isoc-au.org.au"
                          target="_blank">president@isoc-au.org.au</a>><br>
                        Date: Wed, Aug 6, 2014 at 6:22 PM<br>
                        Subject: Ten questions about metadata retention<br>
                        <br>
                        <br>
                      </p>
                      <div>
                        <p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">6
                              August 2014</span></b></p>
                        <p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></b></p>
                        <p class="MsoNormal" style="text-align:center"
                          align="center"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Ten
                              questions about metadata retention</span></b></p>
                        <p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></b></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">The
                            Australian Government has announced that it
                            will mandate the retention of communications
                            metadata for two years in order to assist
                            law enforcement and national security
                            agencies to improve the detection of
                            terrorism offences and reduce the risk of a
                            terrorist attack within Australia or which
                            affects Australians or their interests.</span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">There
                            has been criticism of this proposal on the
                            grounds of interference with the privacy of
                            the vast majority of Australians who are not
                            terrorists as well as the cost and risks of
                            implementation.</span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Reassuringly,
                            the Attorney General and Minister for
                            Communications have made it clear that, as a
                            general principle, the Government will seek
                            to minimise the cost impact and risk of
                            interference with the privacy of ordinary
                            Australians to the extent possible.</span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">However,
                            unfortunately at this point there appears to
                            be insufficient information in the public
                            domain about the detail of the proposal to
                            understand how it is to be implemented in
                            practice and to reach informed conclusions
                            as to whether the benefits of the proposal
                            outweigh its cost and risk.</span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">The
                            Government has criticised previous
                            governments for the implementation of major
                            communications projects without adequate
                            consideration, planning and design including
                            a formal business case identifying and
                            weighing the benefits of the project against
                            its costs and risks. It is arguable that
                            this is indeed fair criticism.</span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Accordingly,
                            the Internet Society of Australia expects
                            the Government to ensure that the design and
                            implementation of the metadata retention
                            proposal is not rushed, chaotic or
                            inadequate, by requiring a rigorous business
                            case and/or regulatory impact assessment
                            process which takes into account the costs
                            and risks of the proposal across industry
                            and the economy as a whole, as well as the
                            direct costs to the Commonwealth budget and
                            risks to the Commonwealth.</span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">We
                            also recommend that the Government conduct a
                            full privacy impact assessment of the
                            proposal in accordance with the Office of
                            the Australian Information Commissioner's
                            guidelines, in addition to any usual
                            parliamentary processes to scrutinise and
                            improve legislation before it is adopted.</span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></p>
                        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Based
                            on the technical and policy experience of
                            its members, the Internet Society of
                            Australia has posed the following questions
                            in relation to the proposal which will
                            require further consideration as part of the
                            various policy, legislation and technical
                            development and assessment processes for the
                            proposal:</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">1.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">What
                              is the definition of metadata to be
                              retained?</span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> 
                            If carriers or other organisations are to be
                            obliged to retain metadata, they need to
                            know what metadata is to be retained. The
                            scope of the data required to be retained
                            will have significant impact on the cost and
                            risk in implementing the proposal.  Is it
                            only Internet connection duration and
                            location information, such as that from
                            authentication systems? Is it IP packet
                            headers, or a subset of the information
                            contained in the packet header, or the full
                            content of some of the packets, for example
                            the contents of the packets which include
                            email subject headings?  Will information
                            about the content of the packets themselves
                            be required to be retained?  Must the
                            metadata of every packet be retained or only
                            session information?</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">2.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Which
                              entities are required to retain metadata
                              (Retention Entities)? </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> Will
                            it be restricted to only licensed carriers
                            transmitting information across the public
                            Internet?  Will organisations which operate
                            private internal IP networks or virtual
                            private networks be required to retain the
                            metadata of information passing across their
                            private networks, or only if and once the
                            communication leaves the private network to
                            the public Internet?</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">3.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Whose
                              metadata is required to be retained?</span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">
                            Is it the metadata of all individuals,
                            companies, media organisations, members of
                            parliament, political parties, governments
                            and agencies (including the law enforcement
                            and national security agencies themselves)? 
                            Will it apply to the metadata of
                            communications by autonomous devices, like
                            smart meters?  If there are to be
                            exceptions, what is the basis for those
                            exceptions and how will the exceptions be
                            implemented in practice?</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">4.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">What
                              method of metadata retention must a
                              Retention Entity employ?  </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Will
                            it be sufficient for Retention Entities to
                            maintain records in a large range of devices
                            across their networks or will the metadata
                            need to be centralised into a single server
                            or data centre? If so, will the
                            centralisation need to occur in real time
                            (which might considerably increase the
                            network overhead and thus require capacity
                            upgrades across the entire network) or can
                            it be batched and transmitted in periods of
                            lower network traffic?  If so, how
                            frequently must it be batched and
                            transmitted?  What will be the consequences
                            of failing to do?  What format is the
                            metadata required to be collected and stored
                            in?  Will the format be standardised or
                            different for different types of
                            communications and storage medium or vendor
                            equipment?  What minimum level of security
                            must the Retention Entity establish and
                            maintain in relation to retained metadata?
                            Will a Retention Entity be restrained from
                            outsourcing and/or offshoring the
                            performance of its retention obligations? 
                            If not, does the Retention Entity remain
                            primarily liable for those obligations?</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">5.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">When
                              must metadata retention commence?</span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> 
                            The Government has indicated that there is
                            an immediate serious risk to the Australian
                            community from terrorism which metadata
                            retention and access will assist to
                            mitigate.  Accordingly the Government will
                            seek to implement some form of voluntary
                            informal metadata retention arrangements by
                            direct discussions with the communications
                            industry prior to the introduction of
                            legislation.  However, implementation of a
                            metadata retention system is likely to
                            require adequate time to properly plan,
                            design, implement and test before it 'goes
                            live'.  Too rapid implementation is likely
                            to:</span></p>
                        <p style="margin-left:85.1pt"><span
style="font-family:"Verdana","sans-serif";color:#095261">5.1</span><span
                            style="font-size:7.0pt;color:#095261">           
                          </span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">unexpectedly
                            incur or bring forward capital costs which
                            have not been previously budgeted for or
                            funded which may create short term
                            competitiveness or even liquidity issues,
                            particularly for smaller Retention Entities;
                          </span></p>
                        <p style="margin-left:85.1pt"><span
style="font-family:"Verdana","sans-serif";color:#095261">5.2</span><span
                            style="font-size:7.0pt;color:#095261">           
                          </span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">increase
                            total costs of implementation due to
                            uncertainties in the specification of the
                            form of metadata retention required to be
                            implemented and changing requirements
                            through the various review and parliamentary
                            processes; and</span></p>
                        <p style="margin-left:85.1pt"><span
style="font-family:"Verdana","sans-serif";color:#095261">5.3</span><span
                            style="font-size:7.0pt;color:#095261">           
                          </span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">increase
                            the risk of unidentified defects in design
                            and implementation, thereby increasing the
                            total risk of project failure, loss or
                            disclosure of retained metadata and future
                            requirements to incur additional costs of
                            rectification.</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">6.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Who
                              will pay the cost of metadata retention? </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Will
                            there be some public subsidy to private
                            organisations to meet the capital and
                            operational expenses of implementing and
                            operating metadata retention?  Or, will the
                            cost need to be absorbed by customers and/or
                            shareholders?  If there is to be some form
                            of public subsidy, on what basis will it be
                            calculated and allocated between Retention
                            Entities?  What will the costs of operation
                            of the subsidy system be and how will that
                            be allocated between the public and private
                            sectors?  A practical mechanism may be to
                            require relevant law enforcement or national
                            security agencies to subsidise the Retention
                            Entities' capital implementation costs and
                            then pay the true operational cost of each
                            access request they make from their existing
                            budget allocations.  This would create a
                            practical budgetary incentive upon agencies
                            to restrict the requirements of (and thus
                            cost of) metadata retention systems and the
                            number of access requests to only the most
                            important and to limit 'fishing
                            expeditions'.</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">7.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">What
                              authorisation will be required to access
                              metadata?  </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Will
                            metadata be available only to law
                            enforcement (ie Police) and national
                            security agencies? What are the range of
                            agencies permitted to seek access to
                            retained metadata and the purposes for which
                            they may seek access? Will it be limited to
                            intelligence and policing agencies for
                            counter-terrorism purposes or extend to
                            'ordinary' criminal or civil law enforcement
                            activity.  For example, will ASIC, local
                            governments, the Victorian Taxi Directorate
                            and the RSPCA continue to have the ability
                            to access retained metadata for the
                            enforcement of the statutes for which they
                            are responsible, as currently?   In what
                            circumstances will a warrant or formal
                            authorisation be required?  Will that be an
                            independent process?  What oversight will be
                            in place?  What sanctions will be applied to
                            individual officers who inappropriately
                            authorise access?  What sanctions will apply
                            to agencies and officers who inappropriately
                            use or disclose metadata which has been
                            accessed?  Will the Retention Entity be
                            permitted to access its retained metadata
                            for its own business (including billing and
                            marketing) or other purposes?  Will private
                            parties to litigation (for example, unfair
                            dismissal, breach of confidence or divorce
                            cases) be able to demand the provision of
                            metadata upon subpoena?  Will metadata of,
                            or held by, agencies be available under
                            Freedom of Information requests?</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">8.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">How
                              long must metadata be retained and how
                              will it be disposed of?  </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Is
                            the two year period foreshadowed by the
                            government the specific, minimum or maximum
                            period for which the data is to be
                            retained?  Will agencies be authorised to
                            access metadata which is more than two years
                            old?  What obligations will Retention
                            Entities have to ensure that retained
                            metadata is disposed of and fully expunged
                            after the expiry of the two year period?</span></p>
                        <p><span
style="font-family:"Verdana","sans-serif";color:#095261">9.</span><span
                            style="font-size:7.0pt;color:#095261">              
                          </span><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">Who
                              will bear the risks of metadata retention?
                            </span></b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">It
                            is likely that any 'deep pool' of metadata
                            will pose an attractive target to hackers,
                            ranging from the purely curious through the
                            disorganised anti-social to organised crime
                            and terrorist organisations themselves.   As
                            the Manning and Snowden cases make clear, no
                            information system is ever completely
                            secure, so there is a real probability that
                            retained metadata will be accessed
                            inappropriately or without authorisation, in
                            a way that causes real personal and economic
                            harm.  Who bears the costs of that harm: is
                            it the individual whose privacy is
                            interfered with; the business who suffers
                            loss or damage from the disclosure of its
                            confidential information; the Retention
                            Entity which is retaining the data; or the
                            taxpayer through the government?  What
                            mechanisms, for example statutory
                            indemnities or immunities, will be put in
                            place to give effect to that risk
                            allocation?  What disclosure regimes will be
                            in place in order to report such breaches?</span></p>
                        <p><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">10.     
                            <b>What ongoing review and reporting of
                              metadata retention will occur? </b>Is the
                            metadata retention intended only to be in
                            place for the next five years, which the
                            Director General of ASIO has identified as
                            the peak risk period for returning
                            jihadists, or will it be in place
                            indefinitely?  This will affect the way
                            Retention Entities amortise any of their
                            unsubsidised capital costs of implementing
                            retention systems.  Will there be a review
                            of metadata retention?  Who will conduct the
                            review, by what process and when? What
                            statistics and key performance indicators of
                            the effectiveness of the proposal in
                            achieving its stated aims will be collected,
                            analysed and published to enable a review to
                            occur?</span></p>
                        <p class="MsoNormal" style="text-autospace:none"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a"> </span></b></p>
                        <p class="MsoNormal" style="text-autospace:none">
                          <b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a">About
                              the Internet Society</span></b></p>
                        <p class="MsoNormal"
                          style="margin-bottom:12.0pt;text-align:justify">
                          <span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095257">The
                            Internet Society is the world's trusted
                            independent source of leadership for
                            Internet policy, technology standards and
                            future development. Based on its principled
                            vision and substantial technological
                            foundation, the Internet Society works with
                            its members and Chapters around the world to
                            promote the continued evolution and growth
                            of the open Internet through dialogue among
                            companies, governments, and other
                            organisations around the world. See</span><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a">
                            <a moz-do-not-send="true"
                              href="http://www.internetsociety.org"
                              target="_blank">www.internetsociety.org</a>
                          </span></p>
                        <p class="MsoNormal" style="text-align:justify"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a">The
                            <b>Australian Chapter of the Internet
                              Society</b> is ISOC-AU, a non-profit
                            society founded in 1996, to promote Internet
                            development in Australia for the whole
                            community and is a peak body organisation,
                            representing the interests of Internet users
                            in Australia. See: <a
                              moz-do-not-send="true"
                              href="http://www.isoc-au.org.au"
                              target="_blank">www.isoc-au.org.au</a></span></p>
                        <p><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261"> </span></b></p>
                        <p class="MsoNormal" style="text-align:justify"><b><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a">Narelle
                              Clark</span></b></p>
                        <p class="MsoNormal"
                          style="margin-bottom:10.0pt;text-align:justify;line-height:115%"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Verdana","sans-serif";color:#18606a">President</span></b></p>
                        <p class="MsoNormal"
                          style="text-align:justify;line-height:115%"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Verdana","sans-serif";color:#18606a">Contact:</span></b></p>
                        <p class="MsoNormal" style="text-align:justify"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a">Narelle
                            Clark</span></p>
                        <p class="MsoNormal" style="text-align:justify">
                          <span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a">President</span></p>
                        <p class="MsoNormal" style="text-align:justify"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a">Ph:
                            0412 297 043</span></p>
                        <p class="MsoNormal"
                          style="text-autospace:ideograph-numeric"><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606a"><a
                              moz-do-not-send="true"
                              href="mailto:President@isoc-au.org.au"
                              target="_blank">President@isoc-au.org.au</a></span></p>
                        <p style="text-align:center" align="center"><b><i><span
style="font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261">The
                                Internet is for everyone!</span></i></b><span
                            class="HOEnZb"></span></p>
                        <span class="HOEnZb"><font color="#888888">
                            <p class="MsoNormal"><span
                                style="color:#888888"><br clear="all">
                                <br>
                                <span>-- </span><br>
                                <br>
                                <br>
                                <span>Narelle Clark</span><br>
                                <span>President</span><br>
                                <span>Internet Society of Australia</span><br>
                                <span>ph: 0412 297 043</span><br>
                                <span>int ph: <a moz-do-not-send="true"
                                    href="tel:%2B61%20412%20297%20043"
                                    target="_blank">+61 412 297 043</a></span><br>
                                <span><a moz-do-not-send="true"
                                    href="mailto:president@isoc-au.org.au"
                                    target="_blank">president@isoc-au.org.au</a></span><br>
                                <span><a moz-do-not-send="true"
                                    href="http://www.isoc-au.org.au"
                                    target="_blank">www.isoc-au.org.au</a></span><br>
                                <span>The Internet is for Everyone!</span><br
                                  clear="all">
                                <br>
                                <span>-- </span><br>
                                <br>
                                <br>
                                <span>Narelle</span><br>
                                <span><a moz-do-not-send="true"
                                    href="mailto:narellec@gmail.com"
                                    target="_blank">narellec@gmail.com</a>
                                </span></span></p>
                          </font></span></div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            AusNOG mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
            <a moz-do-not-send="true"
              href="http://lists.ausnog.net/mailman/listinfo/ausnog"
              target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>