<div dir="ltr"><div><div>John,<br></div>Do I detect a rebuke? I'm happy to agree to disagree. If you have an alternate reading of the legislation, I'd welcome rational argument.<br><br>I claim #3 is contentious, having read the legislation, and the proposed bill. I don't see where anyone can claim it's not contentious, where the metadata is still before the Expert Group, and where Labour will still need to sign off on whatever is finally proposed. Claiming anything is settled at this stage only helps supports the passage of this bill, while areas of uncertainty suggests the bill's not ready to be put to the Parliament. Sober consideration of what is proposed hopefully can avoid the worst of the foreseeable nonsense.<br><br>3. Every time a connection is made to your servers you need to log the IP address and timestamp and be able to search by that.<br><br></div><div>I don't think this is true. I doubt they'll want every NTP or DNS lookup logged. Hopefully it will depend what the Metadata Expert Group recommends. The government would be foolish to push the bill through without their endorsement.<br><br>Also I doubt data retention applies to content providers, as opposed to internet service providers. To my reading, content providers are outside the scope of the Broadcasting Services Act 1992, and so outside the scope of the data retention bill. However, ultimately, the Communications Access Co-ordinator, and/or the Minister, may ultimately be delegated the power to declare a provider to be an internet service provider, or not.<br><br></div><div>(ianal)<br></div><div><br></div><div>Paul Wilkins<br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 6 March 2015 at 22:28, John Lindsay <span dir="ltr"><<a href="mailto:johnslindsay@mac.com" target="_blank">johnslindsay@mac.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Says you Paul. </div><div><br></div><div>I'm just taking the headings from the draft bill. </div><div><br></div><div>Oh, and a bunch of years running big ISPs and meeting with the people who care about this stuff.</div><div><br></div><div>If you run servers in Australia be prepared for #3. If not, be prepared for some seriously sad stuff to go down. <span class="HOEnZb"><font color="#888888"><br><br><div>John Lindsay</div></font></span></div><div><div class="h5"><div><br>On 6 Mar 2015, at 9:11 pm, Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div><div><div>John,<br></div>Agree with all but this one:<br><br>3. Every time a connection is made to your servers you need to log the IP address and timestamp and be able to search by that.<br><br></div>This is contentious. Depends on how they draft the bill.<br><br></div>Paul Wilkins<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 6 March 2015 at 19:33, John Lindsay <span dir="ltr"><<a href="mailto:johnslindsay@mac.com" target="_blank">johnslindsay@mac.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div>Let’s think about this rationally.</div><div><br></div><div><div>The categories covered by the bill are:</div><div><br></div><div>* Characteristics of a subscriber of a relevant service</div><div>* Characteristics of an account, telecommunications device or other relevant service relating to a relevant service</div><div>* The source of a communication</div><div>* The destination of a communication</div><div>* The date, time and duration of a communication, or of its connection to a carriage service</div><div>* The type of a communication and relevant service used in connection with a communication</div><div>* The location of equipment or a line used in connection with a communication</div></div><div><br></div><div>So you are going to ned to be able to answer the following questions:</div><div><br></div><div>1. Given the “identity" of a subscriber (some combination of name, address, date of birth, drivers license number) what services do they have with you? Your Billing System should be able to find this.</div><div><br></div><div>2. Given an IP address and a timestamp which subscriber had it allocated? You’re going to have to answer #1 for them too.</div><div><br></div><div>3. Every time a connection is made to your servers you need to log the IP address and timestamp and be able to search by that.</div><div><br></div><div>4. When you provide a “fixed” service you need to know the address it is delivered to.</div><div><br></div><div>5. When you provide a “mobile” (not fixed, perhaps wireless, who knows?) service you need to know where the user is within reason. Don’t waste our time with “what if they have a high gain antenna?” You know the location of your tower and that’s a good start.</div><div><br></div><div>Beyond that? Well requirements are always subject to scope creep until the requirements exceed the laws of physics.</div><div><br></div><div>But if you can’t manage at least the stuff above you’re going to be in a world of pain.</div><div><br></div><div>By world of pain I mean at risk of being forced to shut down. You can assume the press will treat it as you aiding and abetting (insert class of scary people).</div><div><br></div><div>Cheers,</div><br><div>
<div>John Lindsay</div><div><br></div></div><div><div><div><blockquote type="cite"><div>On 3 Mar 2015, at 5:38 pm, Skeeve Stevens <<a href="mailto:skeeve+ausnog@eintellegonetworks.com" target="_blank">skeeve+ausnog@eintellegonetworks.com</a>> wrote:</div><br><div><div dir="ltr">Hey Justin - and others.<div><br></div><div>As soon as we actually know what we're supposed to be doing, I will be doing my best to put something together for the smaller ISPs to help them deal with this... we just need to know what the requirements will be... what will be collected, what needs to be summarised, if it needs to be encrypted, and how it needs to be stored.</div><div><br></div><div>At the moment I am thinking that AWS Glacier will be one of the cheapest places to store elastic data as its recovery time will be in hours. But it depends on the required information access time is... and what kinds of requests they will make and how to extract a specific piece of data. If it needs to be in a DB format for querying, I don't see how we're going to be able to encrypt it easily.</div><div><br></div><div>It is all a blur until we know the answers to a lot of these questions.</div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8000001907349px"><br>...Skeeve</div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px"><div><div style="font-size:12.8000001907349px"><div style="font-size:12.8000001907349px"><b style="font-size:13px;font-family:Calibri">Skeeve Stevens - Founder & Chief Network Architect</b><span style="font-family:Calibri;font-size:13px"> </span></div><div style="font-size:12.8000001907349px"><span style="font-family:Calibri;font-size:13px">eintellego Networks Pty Ltd</span></div><div style="font-size:12.8000001907349px"><span style="font-size:13px;font-family:Calibri">Email: </span><a href="mailto:skeeve@eintellegonetworks.com" style="font-family:Calibri;font-size:13px" target="_blank">skeeve@eintellegonetworks.com</a></div><div style="font-size:12.8000001907349px"><div style="font-family:Calibri;font-size:13px;margin:0px">Cell <a href="tel:%2B61%20%280%29414%20753%20383" value="+61414753383" target="_blank">+61 (0)414 753 383</a> ; S<a>kype: skeeve</a></div><div style="font-family:Calibri;font-size:13px;margin:0px">LinkedIn: <a href="http://linkedin.com/in/skeeve" target="_blank">/in/skeeve</a> ; Expert360: <a href="https://expert360.com/profile/d54a9" target="_blank">Profile</a></div></div></div></div><div><br></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Mar 3, 2015 at 12:30 PM, Justin Clacherty <span dir="ltr"><<a href="mailto:justin@redfish.com.au" target="_blank">justin@redfish.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Is anyone working for one of the smaller ISPs willing to help us (Future<br>
Wise) understand how the data retention laws may effect them in<br>
comparison to the larger players?<br>
<br>
Reply off list.<br>
<br>
Cheers,<br>
Justin.<br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div><br></div>
_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br></div></blockquote></div><br></div></div></div><br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>
</div></blockquote></div></div></div></blockquote></div><br></div>