<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.hoenzb
{mso-style-name:hoenzb;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:EN-AU;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-AU;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:861433083;
mso-list-type:hybrid;
mso-list-template-ids:1671756780 201916417 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Not sure if this has been mentioned already but I’m certainly concerned by this. Although ISP aren’t legally required to retain details upto 2 years Government agencies already have access to metadata (if available) without a warrant. What that in mind, government agencies have the potential to heavily misuse this facility. According to the SMH Agencies such as Bankstown City Council, QLD Police and the RSPCA can request metadata information without warrants. Here are some example requests from these agencies:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:11.0pt;font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Capture GPS mobile phone data to find litterbugs (Council)<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:11.0pt;font-family:Symbol;color:#1F497D'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Capture Call and Text data for staff abusing sick days (QLD Police)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>This leads to me thinking about obtaining an international VPN service and getting VOIP service in that country where metadata retention isn’t mandatory?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> AusNOG [mailto:ausnog-bounces@lists.ausnog.net] <b>On Behalf Of </b>Ben Cooper<br><b>Sent:</b> Thursday, 7 August 2014 10:49 AM<br><b>To:</b> Paul Brooks<br><b>Cc:</b> ausnog@lists.ausnog.net<br><b>Subject:</b> Re: [AusNOG] Fwd: Ten questions about metadata retention<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>What if we don't log?<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On Thu, Aug 7, 2014 at 12:08 AM, Paul Brooks <<a href="mailto:pbrooks-ausnog@layer10.com.au" target="_blank">pbrooks-ausnog@layer10.com.au</a>> wrote:<o:p></o:p></p><div><div><div><p class=MsoNormal>On 6/08/2014 11:51 PM, Skeeve Stevens wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>For email, it is amusing... who uses ISP email anymore? The ISP's I am building at the moment have no email facilities for end-users at all. <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>They can talk to google/microsoft/yahoo.<o:p></o:p></p></div></div></blockquote></div><p class=MsoNormal>They do. That bit isn't a problem for them at all, they already have very good links with those parties.<br><br>Traditionally, the metadata that has been required to be provided to answer a warrant has been data the provider has had to keep anyway for their own billing purposes - length of call, date/time, destination - all the stuff you needed to report to put on a telephone bill, and being financial data, that the provider needed to keep for 7(?) years to provide evidence for the tax return etc.<br>The provider didn't need to do anything extra.<br><br>Now, they are wanting data you may not currently record or keep or need to use for billing.<br><br>A couple of questions - <br>for those who's equipment produces RADIUS logs or DHCP logs - how long do you currently keep those logs before purging/overwriting?<br><br>for those running SMTP/POP3/IMAP services - how long do you currently keep the logs coming out of those servers?<br><br>Put another way - if the Government didn't mandate a time period, how long are you currently voluntarily keeping your logfile information for anyway? How far back could they go if they asked you for the data today?<span style='color:#888888'><br><br><span class=hoenzb> Paul.</span></span><o:p></o:p></p><div><div><p class=MsoNormal><br><br><br><br><br><br><br><o:p></o:p></p><div><p class=MsoNormal><br clear=all><o:p></o:p></p><div><div><div><p class=MsoNormal><br>...Skeeve<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>Skeeve Stevens - </span></b><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>eintellego Networks Pty Ltd</span><o:p></o:p></p></div><div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'><a href="mailto:skeeve@eintellegonetworks.com" target="_blank">skeeve@eintellegonetworks.com</a> ; <a href="http://www.eintellegonetworks.com/" target="_blank">www.eintellegonetworks.com</a></span> <o:p></o:p></p><p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>Phone: <a href="tel:1300%20239%20038" target="_blank">1300 239 038</a>; Cell <a href="tel:%2B61%20%280%29414%20753%20383" target="_blank">+61 (0)414 753 383</a> ; skype://skeeve<o:p></o:p></span></p><p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'><a href="http://facebook.com/eintellegonetworks" target="_blank">facebook.com/eintellegonetworks</a> ; <a href="http://linkedin.com/in/skeeve" target="_blank">linkedin.com/in/skeeve</a> <o:p></o:p></span></p><p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'><a href="http://twitter.com/theispguy" target="_blank">twitter.com/theispguy</a><span style='color:black'> ; blog: </span><a href="http://www.theispguy.com/" target="_blank">www.theispguy.com</a><o:p></o:p></span></p><p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'><img border=0 id="_x0000_i1025" src="http://eintellegonetworks.com/logos/ein09.png"><o:p></o:p></span></p><p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:#7F007F'>The Experts Who The Experts Call</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:#002060'>Juniper - Cisco - Cloud - Consulting - IPv4 Brokering</span><span style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:#7F007F'><o:p></o:p></span></p></div></div></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On Wed, Aug 6, 2014 at 7:13 PM, Mark Dignam <<a href="mailto:mark@innaloo.net" target="_blank">mark@innaloo.net</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Narelle.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Great post – the shame of it is, the questions are only going to be answered with sound bytes … two of which I heard on Sky News this morning..</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>“its just the data the ISP already collects for billing” and …</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>“Its just like the front of an envelope, there’s no harm in that.”</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf Of </b>Narelle<br><b>Sent:</b> Wednesday, 6 August 2014 4:28 PM<br><b>To:</b> <a href="mailto:ausnog@ausnog.net" target="_blank">ausnog@ausnog.net</a><br><b>Subject:</b> [AusNOG] Fwd: Ten questions about metadata retention</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>FYI<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'>---------- Forwarded message ----------<br>From: <b>Narelle Clark, President ISOC-AU</b> <<a href="mailto:president@isoc-au.org.au" target="_blank">president@isoc-au.org.au</a>><br>Date: Wed, Aug 6, 2014 at 6:22 PM<br>Subject: Ten questions about metadata retention<br><br><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>6 August 2014</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span></b><o:p></o:p></p><p class=MsoNormal align=center style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:center'><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Ten questions about metadata retention</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>The Australian Government has announced that it will mandate the retention of communications metadata for two years in order to assist law enforcement and national security agencies to improve the detection of terrorism offences and reduce the risk of a terrorist attack within Australia or which affects Australians or their interests.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>There has been criticism of this proposal on the grounds of interference with the privacy of the vast majority of Australians who are not terrorists as well as the cost and risks of implementation.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Reassuringly, the Attorney General and Minister for Communications have made it clear that, as a general principle, the Government will seek to minimise the cost impact and risk of interference with the privacy of ordinary Australians to the extent possible.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>However, unfortunately at this point there appears to be insufficient information in the public domain about the detail of the proposal to understand how it is to be implemented in practice and to reach informed conclusions as to whether the benefits of the proposal outweigh its cost and risk.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>The Government has criticised previous governments for the implementation of major communications projects without adequate consideration, planning and design including a formal business case identifying and weighing the benefits of the project against its costs and risks. It is arguable that this is indeed fair criticism.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Accordingly, the Internet Society of Australia expects the Government to ensure that the design and implementation of the metadata retention proposal is not rushed, chaotic or inadequate, by requiring a rigorous business case and/or regulatory impact assessment process which takes into account the costs and risks of the proposal across industry and the economy as a whole, as well as the direct costs to the Commonwealth budget and risks to the Commonwealth.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>We also recommend that the Government conduct a full privacy impact assessment of the proposal in accordance with the Office of the Australian Information Commissioner's guidelines, in addition to any usual parliamentary processes to scrutinise and improve legislation before it is adopted.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Based on the technical and policy experience of its members, the Internet Society of Australia has posed the following questions in relation to the proposal which will require further consideration as part of the various policy, legislation and technical development and assessment processes for the proposal:</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>1.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>What is the definition of metadata to be retained?</span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> If carriers or other organisations are to be obliged to retain metadata, they need to know what metadata is to be retained. The scope of the data required to be retained will have significant impact on the cost and risk in implementing the proposal. Is it only Internet connection duration and location information, such as that from authentication systems? Is it IP packet headers, or a subset of the information contained in the packet header, or the full content of some of the packets, for example the contents of the packets which include email subject headings? Will information about the content of the packets themselves be required to be retained? Must the metadata of every packet be retained or only session information?</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>2.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Which entities are required to retain metadata (Retention Entities)? </span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> Will it be restricted to only licensed carriers transmitting information across the public Internet? Will organisations which operate private internal IP networks or virtual private networks be required to retain the metadata of information passing across their private networks, or only if and once the communication leaves the private network to the public Internet?</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>3.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Whose metadata is required to be retained?</span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> Is it the metadata of all individuals, companies, media organisations, members of parliament, political parties, governments and agencies (including the law enforcement and national security agencies themselves)? Will it apply to the metadata of communications by autonomous devices, like smart meters? If there are to be exceptions, what is the basis for those exceptions and how will the exceptions be implemented in practice?</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>4.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>What method of metadata retention must a Retention Entity employ? </span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Will it be sufficient for Retention Entities to maintain records in a large range of devices across their networks or will the metadata need to be centralised into a single server or data centre? If so, will the centralisation need to occur in real time (which might considerably increase the network overhead and thus require capacity upgrades across the entire network) or can it be batched and transmitted in periods of lower network traffic? If so, how frequently must it be batched and transmitted? What will be the consequences of failing to do? What format is the metadata required to be collected and stored in? Will the format be standardised or different for different types of communications and storage medium or vendor equipment? What minimum level of security must the Retention Entity establish and maintain in relation to retained metadata? Will a Retention Entity be restrained from outsourcing and/or offshoring the performance of its retention obligations? If not, does the Retention Entity remain primarily liable for those obligations?</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>5.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>When must metadata retention commence?</span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> The Government has indicated that there is an immediate serious risk to the Australian community from terrorism which metadata retention and access will assist to mitigate. Accordingly the Government will seek to implement some form of voluntary informal metadata retention arrangements by direct discussions with the communications industry prior to the introduction of legislation. However, implementation of a metadata retention system is likely to require adequate time to properly plan, design, implement and test before it 'goes live'. Too rapid implementation is likely to:</span><o:p></o:p></p><p style='margin-left:85.1pt'><span style='font-family:"Verdana","sans-serif";color:#095261'>5.1</span><span style='font-size:7.0pt;color:#095261'> </span><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>unexpectedly incur or bring forward capital costs which have not been previously budgeted for or funded which may create short term competitiveness or even liquidity issues, particularly for smaller Retention Entities; </span><o:p></o:p></p><p style='margin-left:85.1pt'><span style='font-family:"Verdana","sans-serif";color:#095261'>5.2</span><span style='font-size:7.0pt;color:#095261'> </span><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>increase total costs of implementation due to uncertainties in the specification of the form of metadata retention required to be implemented and changing requirements through the various review and parliamentary processes; and</span><o:p></o:p></p><p style='margin-left:85.1pt'><span style='font-family:"Verdana","sans-serif";color:#095261'>5.3</span><span style='font-size:7.0pt;color:#095261'> </span><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>increase the risk of unidentified defects in design and implementation, thereby increasing the total risk of project failure, loss or disclosure of retained metadata and future requirements to incur additional costs of rectification.</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>6.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Who will pay the cost of metadata retention? </span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Will there be some public subsidy to private organisations to meet the capital and operational expenses of implementing and operating metadata retention? Or, will the cost need to be absorbed by customers and/or shareholders? If there is to be some form of public subsidy, on what basis will it be calculated and allocated between Retention Entities? What will the costs of operation of the subsidy system be and how will that be allocated between the public and private sectors? A practical mechanism may be to require relevant law enforcement or national security agencies to subsidise the Retention Entities' capital implementation costs and then pay the true operational cost of each access request they make from their existing budget allocations. This would create a practical budgetary incentive upon agencies to restrict the requirements of (and thus cost of) metadata retention systems and the number of access requests to only the most important and to limit 'fishing expeditions'.</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>7.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>What authorisation will be required to access metadata? </span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Will metadata be available only to law enforcement (ie Police) and national security agencies? What are the range of agencies permitted to seek access to retained metadata and the purposes for which they may seek access? Will it be limited to intelligence and policing agencies for counter-terrorism purposes or extend to 'ordinary' criminal or civil law enforcement activity. For example, will ASIC, local governments, the Victorian Taxi Directorate and the RSPCA continue to have the ability to access retained metadata for the enforcement of the statutes for which they are responsible, as currently? In what circumstances will a warrant or formal authorisation be required? Will that be an independent process? What oversight will be in place? What sanctions will be applied to individual officers who inappropriately authorise access? What sanctions will apply to agencies and officers who inappropriately use or disclose metadata which has been accessed? Will the Retention Entity be permitted to access its retained metadata for its own business (including billing and marketing) or other purposes? Will private parties to litigation (for example, unfair dismissal, breach of confidence or divorce cases) be able to demand the provision of metadata upon subpoena? Will metadata of, or held by, agencies be available under Freedom of Information requests?</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>8.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>How long must metadata be retained and how will it be disposed of? </span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Is the two year period foreshadowed by the government the specific, minimum or maximum period for which the data is to be retained? Will agencies be authorised to access metadata which is more than two years old? What obligations will Retention Entities have to ensure that retained metadata is disposed of and fully expunged after the expiry of the two year period?</span><o:p></o:p></p><p><span style='font-family:"Verdana","sans-serif";color:#095261'>9.</span><span style='font-size:7.0pt;color:#095261'> </span><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>Who will bear the risks of metadata retention? </span></b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>It is likely that any 'deep pool' of metadata will pose an attractive target to hackers, ranging from the purely curious through the disorganised anti-social to organised crime and terrorist organisations themselves. As the Manning and Snowden cases make clear, no information system is ever completely secure, so there is a real probability that retained metadata will be accessed inappropriately or without authorisation, in a way that causes real personal and economic harm. Who bears the costs of that harm: is it the individual whose privacy is interfered with; the business who suffers loss or damage from the disclosure of its confidential information; the Retention Entity which is retaining the data; or the taxpayer through the government? What mechanisms, for example statutory indemnities or immunities, will be put in place to give effect to that risk allocation? What disclosure regimes will be in place in order to report such breaches?</span><o:p></o:p></p><p><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>10. <b>What ongoing review and reporting of metadata retention will occur? </b>Is the metadata retention intended only to be in place for the next five years, which the Director General of ASIO has identified as the peak risk period for returning jihadists, or will it be in place indefinitely? This will affect the way Retention Entities amortise any of their unsubsidised capital costs of implementing retention systems. Will there be a review of metadata retention? Who will conduct the review, by what process and when? What statistics and key performance indicators of the effectiveness of the proposal in achieving its stated aims will be collected, analysed and published to enable a review to occur?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-autospace:none'><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-autospace:none'><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'>About the Internet Society</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt;text-align:justify'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095257'>The Internet Society is the world's trusted independent source of leadership for Internet policy, technology standards and future development. Based on its principled vision and substantial technological foundation, the Internet Society works with its members and Chapters around the world to promote the continued evolution and growth of the open Internet through dialogue among companies, governments, and other organisations around the world. See</span><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'> <a href="http://www.internetsociety.org" target="_blank">www.internetsociety.org</a> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'>The <b>Australian Chapter of the Internet Society</b> is ISOC-AU, a non-profit society founded in 1996, to promote Internet development in Australia for the whole community and is a peak body organisation, representing the interests of Internet users in Australia. See: <a href="http://www.isoc-au.org.au" target="_blank">www.isoc-au.org.au</a></span><o:p></o:p></p><p><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify'><b><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'>Narelle Clark</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:10.0pt;text-align:justify;line-height:115%'><b><span style='font-size:11.0pt;line-height:115%;font-family:"Verdana","sans-serif";color:#18606A'>President</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify;line-height:115%'><b><span style='font-size:11.0pt;line-height:115%;font-family:"Verdana","sans-serif";color:#18606A'>Contact:</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'>Narelle Clark</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'>President</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'>Ph: <a href="tel:0412%20297%20043" target="_blank">0412 297 043</a></span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-autospace:ideograph-numeric'><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#18606A'><a href="mailto:President@isoc-au.org.au" target="_blank">President@isoc-au.org.au</a></span><o:p></o:p></p><p align=center style='text-align:center'><b><i><span style='font-size:11.0pt;font-family:"Verdana","sans-serif";color:#095261'>The Internet is for everyone!</span></i></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'><br clear=all><br>-- <br><br><br>Narelle Clark<br>President<br>Internet Society of Australia<br>ph: <a href="tel:0412%20297%20043" target="_blank">0412 297 043</a><br>int ph: <a href="tel:%2B61%20412%20297%20043" target="_blank">+61 412 297 043</a><br><a href="mailto:president@isoc-au.org.au" target="_blank">president@isoc-au.org.au</a><br><a href="http://www.isoc-au.org.au" target="_blank">www.isoc-au.org.au</a><br>The Internet is for Everyone!<br clear=all><br>-- <br><br><br>Narelle<br><a href="mailto:narellec@gmail.com" target="_blank">narellec@gmail.com</a> <o:p></o:p></span></p></div></div></div></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>AusNOG mailing list<o:p></o:p></pre><pre><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><o:p></o:p></pre><pre><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></pre><p class=MsoNormal><o:p> </o:p></p></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p></div><p class=MsoNormal><br><br clear=all><o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>-- <o:p></o:p></p><div><div><p class=MsoNormal>--<o:p></o:p></p></div><div><p class=MsoNormal>Ben Cooper<o:p></o:p></p></div><div><p class=MsoNormal>CEO<o:p></o:p></p></div><div><p class=MsoNormal>Zeno Holdings PTY LTD<o:p></o:p></p></div><div><p class=MsoNormal>P: <span style='font-size:8.5pt;font-family:"Tahoma","sans-serif";color:#333333'>+61 7 3503 8553</span><o:p></o:p></p></div><div><p class=MsoNormal>M: 0410411301<o:p></o:p></p></div><div><p class=MsoNormal>E: <a href="mailto:ben@zeno.io" target="_blank">ben@zeno.io</a><o:p></o:p></p></div><div><p class=MsoNormal>W: <u><a href="http://zeno.io" target="_blank">http://zeno.io</a></u><o:p></o:p></p></div></div></div></div>
<P><IMG src="http://www.workforce.com.au/images/wfi_email_logo.jpg"></P>
<P>
<P>
<HR>
<P></P>
<P></P>
<DIV><STRONG><FONT face=Arial size=1>Note:</FONT></STRONG></DIV>
<DIV><FONT face=Arial size=1>This message is for the named person's use
only. It may contain confidential, proprietary or legally privileged
information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please
immediately delete it and all copies of it from your system, destroy any hard
copies of it and notify the sender. You must not, directly or indirectly,
use, disclose, distribute, print, or copy any part of this message if you are
not the intended recipient. <STRONG><FONT color=#ff8000><FONT
color=#400080><FONT color=#ff0000>Workforce International Pty Ltd</FONT>
</FONT></FONT></STRONG>and any of its subsidiaries each reserve the right to
monitor all e-mail communications through its networks. Any views expressed in
this message are those of the individual sender, except where the message states
otherwise and the sender is authorised to state them to be the views of any such
entity.</FONT></DIV>
<DIV><FONT face=Arial></FONT> </DIV><FONT face=Arial>
<HR>
</FONT>
</body></html>