<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>I would think not as it would be a breech of the privacy act. We still have to report even permitted disclosures that contravene the act every year. Yet more paperwork. Don't get me started on the Internet activity Survey</div><div> </div><div><br></div><div>Matt</div><div><br><br><div><br></div><div>-- </div><div>/* Matt Perkins</div><div> Direct 1300 137 379 Spectrum Networks Ptd. Ltd.</div><div> Office 1300 133 299 <a href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a></div><div> Fax 1300 133 255 Level 6, 350 George Street Sydney 2000</div><div> SIP <a href="mailto:1300137379@sip.spectrum.com.au">1300137379@sip.spectrum.com.au</a></div><div> Google Talk <a href="mailto:MattAPerkins@gmail.com">MattAPerkins@gmail.com</a></div><div> PGP/GNUPG Public Key can be found at <a href="http://pgp.mit.edu">http://pgp.mit.edu</a></div><div>*/</div></div><div><br>On 18 Mar 2015, at 4:57 pm, Shaun Dwyer <<a href="mailto:shaun@dwyer.id.au">shaun@dwyer.id.au</a>> wrote:<br><br></div><blockquote type="cite"><div><meta http-equiv="Content-Type" content="text/html charset=utf-8"><div class="">What legal culpability would there be for an operator who was to comply (in error) with a request for information that was later found to be illegal or over-reaching? Some of the requests can be fairly intimidating in their presentation, and it may not be possible for the smaller operators to afford to lawyer up every time a request comes in.</div><div class=""><br class=""></div><div class="">Are we afforded any legal protection in this circumstance?</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Cheers!<br class=""><div apple-content-edited="true" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Shaun</div><div class=""><br class=""></div></div></div><div><blockquote type="cite" class=""><div class="">On 18 Mar 2015, at 12:44 pm, Mark ZZZ Smith <<a href="mailto:markzzzsmith@yahoo.com.au" class="">markzzzsmith@yahoo.com.au</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); font-family: 'Helvetica Neue-Light', 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" class=""><div id="yui_3_16_0_1_1426643986145_64775" dir="ltr" class=""><span id="yui_3_16_0_1_1426643986145_64782" class="">You forgot a step. 2, verify the requester has the right to ask for what they're asking for, to catch both errors and overreach.</span></div><div id="yui_3_16_0_1_1426643986145_64775" dir="ltr" class=""><span class=""><br class=""></span></div><div id="yui_3_16_0_1_1426643986145_64775" dir="ltr" class=""><span class="">In fact, as you're unlikely to be a lawyer, it'd other be best to pass all the requests through a lawyer, or get a lawyer to define a strict set of common request definitions and who can ask for them, and then punt every non-matching request to your lawyer.</span></div><div id="yui_3_16_0_1_1426643986145_64775" dir="ltr" class=""><span class=""><br class=""></span></div><div id="yui_3_16_0_1_1426643986145_64775" dir="ltr" class=""><br class=""></div><br class=""><div id="yui_3_16_0_1_1426643986145_64778" style="font-family: 'Helvetica Neue-Light', 'Helvetica Neue Light', 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" class=""><div id="yui_3_16_0_1_1426643986145_64777" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" class=""><div dir="ltr" id="yui_3_16_0_1_1426643986145_64776" class=""><hr size="1" id="yui_3_16_0_1_1426643986145_64813" class=""><font size="2" face="Arial" id="yui_3_16_0_1_1426643986145_64779" class=""><b class=""><span style="font-weight: bold;" class="">From:</span></b><span class="Apple-converted-space"> </span>James Hodgkinson <<a href="mailto:yaleman@ricetek.net" class="">yaleman@ricetek.net</a>><br class=""><b class=""><span style="font-weight: bold;" class="">To:</span></b><span class="Apple-converted-space"> </span><a href="mailto:ausnog@lists.ausnog.net" class="">ausnog@lists.ausnog.net</a><span class="Apple-converted-space"> </span><br class=""><b class=""><span style="font-weight: bold;" class="">Sent:</span></b><span class="Apple-converted-space"> </span>Wednesday, 18 March 2015, 15:24<br class=""><b class=""><span style="font-weight: bold;" class="">Subject:</span></b><span class="Apple-converted-space"> </span>Re: [AusNOG] Warrant-less Info Requests / Cost Recovery<br class=""></font></div><div class="y_msg_container" id="yui_3_16_0_1_1426643986145_65162"><br class=""><div id="yiv6201497886" class=""><div id="yui_3_16_0_1_1426643986145_65165" class=""><div class="yiv6201497886bloop_markdown" id="yui_3_16_0_1_1426643986145_65164"><div id="yui_3_16_0_1_1426643986145_65163" class="">It WILL take much more than 60 seconds to:</div><ul id="yui_3_16_0_1_1426643986145_65167" style="margin: 15px 0px;" class=""><li id="yui_3_16_0_1_1426643986145_65166" style="margin: 15px 0px;" class="">verify the requestor’s identity,</li><li id="yui_3_16_0_1_1426643986145_65168" style="margin: 15px 0px;" class="">the parameters of the request,</li><li id="yui_3_16_0_1_1426643986145_65169" style="margin: 15px 0px;" class="">do the lookup,</li><li id="yui_3_16_0_1_1426643986145_65170" style="margin: 15px 0px;" class="">format it appropriately</li><li id="yui_3_16_0_1_1426643986145_65171" style="margin: 15px 0px;" class="">send it</li><li id="yui_3_16_0_1_1426643986145_65172" style="margin: 15px 0px;" class="">generate the bill</li><li id="yui_3_16_0_1_1426643986145_65173" style="margin: 15px 0px;" class="">manage payment receipt, when it inevitably goes wrong</li></ul><div id="yui_3_16_0_1_1426643986145_65174" class="">… should I go on?<span class="Apple-converted-space"> </span></div><div id="yui_3_16_0_1_1426643986145_65175" class="">This doesn’t include the sunk costs of the infrastructure to host it on, and recovering that cost.</div><div id="yui_3_16_0_1_1426643986145_65176" class="">Is there mention of penalties for when your $system goes bye bye (fire/flood/hacker/MTBF of hdd’s) and you can’t respond?</div><div class="">James</div><div class=""></div></div><div class="yiv6201497886bloop_original_html"><div id="yiv6201497886bloop_customfont" style="font-family: 'Source Code Pro', Arial; font-size: 12px; margin: 0px;" class=""><br clear="none" class=""></div><br clear="none" class=""><div class="yiv6201497886bloop_sign" id="yiv6201497886bloop_sign_1426652414744854016"><div style="font-family: helvetica, arial; font-size: 13px;" class=""><br clear="none" class=""></div></div><br clear="none" class=""><div class="qtdSeparateBR"><br class=""><br class=""></div><div class="yiv6201497886yqt0694757884" id="yiv6201497886yqtfd91825"><div style="" class="">On 18 March 2015 at 2:17:21 pm, Paul Brooks (<a rel="nofollow" shape="rect" ymailto="mailto:pbrooks-ausnog@layer10.com.au" target="_blank" href="mailto:pbrooks-ausnog@layer10.com.au" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;" class="">pbrooks-ausnog@layer10.com.au</a>) wrote:</div><blockquote class="yiv6201497886clean_bq" type="cite" style="margin: 15px 0px;"><span class=""></span><div class=""><div class=""></div><div class=""></div></div></blockquote></div></div></div><div class="yiv6201497886yqt0694757884" id="yiv6201497886yqtfd19986"><div class=""><div class="yiv6201497886moz-cite-prefix">They'll tell you you're dreaming.<br clear="none" class=""><br clear="none" class="">counter-view...<br clear="none" class=""><br clear="none" class="">Remembering that Telstra recently announced they'll charge $25 to process a simple request - the same amount they charge a LEO.<br clear="none" class=""><br clear="none" class="">If you've built even a dodgy lookup system, should it really take more than 60 seconds to type in an IP address, a start date/time, an end date/time, and have the lookup system (that the Gov will help contribute to your reasonable costs to build *cough*) decrypt the RADIUS database for the time window, and extract a dump of records for that IP address?<br clear="none" class=""><br clear="none" class="">If you think you'll be able to charge $500 - $1000, you'd better be prepared to explain to the CAC why you have to have a live person ruffling through a set of filing-cabinet of printed-out A4 sheets of paper with your records printed on them. They might be the Gov't, but even they know we have computers do do this sort of database lookup these days.<br clear="none" class=""><br clear="none" class=""><br clear="none" class="">On 18/03/2015 1:27 PM, Andrew Yager wrote:<br clear="none" class=""></div><blockquote type="cite" style="margin: 15px 0px;" class="">Hi Terry,<div class="yiv6201497886"><br clear="none" class="yiv6201497886"></div><div class="yiv6201497886">We are taking the view that this is an exercise that is equivalent of up to 2 hours technical services, and given the costs of verifying and ensuring compliance, our standard cost for a request will be $500 per request.</div><div class="yiv6201497886"><br clear="none" class="yiv6201497886"></div><div class="yiv6201497886">For greater time periods (e.g. reporting on two years), our charging rate will extend to $15 000 for this service.</div><div class="yiv6201497886"><br clear="none" class="yiv6201497886"></div><div class="yiv6201497886">More complicated requests (such as access logs from a web server) will also attract higher rates.</div><div class="yiv6201497886"><br clear="none" class="yiv6201497886"></div><div class="yiv6201497886">I’d encourage everyone to ensure that their costs are reasonable relating to the amount of work - and the opportunity cost associated with complying with this daft legislation.</div><div class="yiv6201497886"><br clear="none" class="yiv6201497886"></div><div class="yiv6201497886">Andrew</div><div class="yiv6201497886"><br clear="none" class="yiv6201497886"><div class="yiv6201497886"><div class="yiv6201497886" style="letter-spacing: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; word-wrap: break-word;"><div class="yiv6201497886" style="font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; word-wrap: break-word;"><div class="yiv6201497886" style="word-wrap: break-word;"><div class="yiv6201497886" style="word-wrap: break-word;"><div class="yiv6201497886" style="word-wrap: break-word;"><div class="yiv6201497886" style="word-wrap: break-word;"><div class="yiv6201497886" style="word-wrap: break-word;"><div class="yiv6201497886" style="word-wrap: break-word;"><div class="yiv6201497886" style="word-wrap: break-word;"><div class="yiv6201497886"><span class="yiv6201497886Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; border-spacing: 0px;">--</span></div><div class="yiv6201497886"><span class="yiv6201497886Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; border-spacing: 0px;"><b class="yiv6201497886">Andrew Yager, Managing Director</b> <i class="yiv6201497886">(MACS Snr CP BCompSc MCP JNCIA-Junos)</i><br clear="none" class="yiv6201497886">Real World Technology Solutions Pty Ltd - IT people you can trust<br clear="none" class="yiv6201497886">ph: 1300 798 718 or (02) 9037 0500<br clear="none" class="yiv6201497886">fax: (02) 9037 0591<br clear="none" class="yiv6201497886"><a rel="nofollow" shape="rect" class="yiv6201497886" target="_blank" href="http://www.rwts.com.au/" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">http://www.rwts.com.au/</a></span></div><div class="yiv6201497886"><span class="yiv6201497886Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; border-spacing: 0px;"><br clear="none" class="yiv6201497886"></span></div></div></div></div></div><br clear="none" class="yiv6201497886Apple-interchange-newline"></div><br clear="none" class="yiv6201497886Apple-interchange-newline"></div><br clear="none" class="yiv6201497886Apple-interchange-newline"></div><br clear="none" class="yiv6201497886Apple-interchange-newline"></div><br clear="none" class="yiv6201497886Apple-interchange-newline"></div><br clear="none" class="yiv6201497886Apple-interchange-newline"><br clear="none" class="yiv6201497886Apple-interchange-newline"></div><br clear="none" class="yiv6201497886"><div class=""><blockquote class="yiv6201497886" type="cite" style="margin: 15px 0px;"><div class="yiv6201497886">On 18 Mar 2015, at 1:11 pm, Terry Sweetser <<a rel="nofollow" shape="rect" class="yiv6201497886" ymailto="mailto:terry+AusNOG@skymesh.net.au" target="_blank" href="mailto:terry+AusNOG@skymesh.net.au" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">terry+AusNOG@skymesh.net.au</a>> wrote:</div><br clear="none" class="yiv6201497886Apple-interchange-newline"><div class="yiv6201497886">Hello Noggers,<br clear="none" class="yiv6201497886"><br clear="none" class="yiv6201497886">I'm wondering what policies and pricing any/all of your organisations have in place to "recover" costs when asked for (meta-)data about ip addresses, customers and so on?<br clear="none" class="yiv6201497886"><br clear="none" class="yiv6201497886">Given the transition for 2-year retention and the expansion of the (meta-)dataset to be retained, what plans are in place to charge reasonable fees to state and federal LEOs for the data?<br clear="none" class="yiv6201497886"><br clear="none" class="yiv6201497886">Is $200 a fair sum of money for an ip address match up?<br clear="none" class="yiv6201497886"><br clear="none" class="yiv6201497886">Is $20,000 a fair sum of money for a dump of the (up to) 2 years of data for an ip address or customer?<br clear="none" class="yiv6201497886"><br clear="none" class="yiv6201497886">--<br clear="none" class="yiv6201497886"><a rel="nofollow" shape="rect" class="yiv6201497886" target="_blank" href="http://about.me/terry.sweetser" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">http://about.me/terry.sweetser</a><br clear="none" class="yiv6201497886"><br clear="none" class="yiv6201497886">_______________________________________________<br clear="none" class="yiv6201497886">AusNOG mailing list<br clear="none" class="yiv6201497886"><a rel="nofollow" shape="rect" class="yiv6201497886moz-txt-link-abbreviated" ymailto="mailto:AusNOG@lists.ausnog.net" target="_blank" href="mailto:AusNOG@lists.ausnog.net" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">AusNOG@lists.ausnog.net</a><br clear="none" class="yiv6201497886"><a rel="nofollow" shape="rect" class="yiv6201497886moz-txt-link-freetext" target="_blank" href="http://lists.ausnog.net/mailman/listinfo/ausnog" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br clear="none" class="yiv6201497886"></div></blockquote></div><br clear="none" class="yiv6201497886"></div><br clear="none" class=""><fieldset class="yiv6201497886mimeAttachmentHeader"></fieldset><br clear="none" class=""><pre style="margin: 15px 0px; font-family: Menlo, Consolas, 'Liberation Mono', Courier, monospace; font-size: 10pt; background-color: rgb(248, 248, 248); color: inherit; border: 1px solid rgb(204, 204, 204); overflow: auto; padding: 4px 8px; word-wrap: normal;" class="">_______________________________________________
AusNOG mailing list
<a rel="nofollow" shape="rect" class="yiv6201497886moz-txt-link-abbreviated" ymailto="mailto:AusNOG@lists.ausnog.net" target="_blank" href="mailto:AusNOG@lists.ausnog.net" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">AusNOG@lists.ausnog.net</a>
<a rel="nofollow" shape="rect" class="yiv6201497886moz-txt-link-freetext" target="_blank" href="http://lists.ausnog.net/mailman/listinfo/ausnog" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre></blockquote><br clear="none" class="">_______________________________________________<span class="Apple-converted-space"> </span><br clear="none" class="">AusNOG mailing list<span class="Apple-converted-space"> </span><br clear="none" class=""><a href="mailto:AusNOG@lists.ausnog.net" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;" class="">AusNOG@lists.ausnog.net</a><span class="Apple-converted-space"> </span><br clear="none" class=""><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;" class="">http://lists.ausnog.net/mailman/listinfo/ausnog</a><span class="Apple-converted-space"> </span><br clear="none" class=""><div class="yiv6201497886bloop_markdown"><div class=""></div></div></div></div></div><br class=""><div class="yqt0694757884" id="yqtfd40647">_______________________________________________<br clear="none" class="">AusNOG mailing list<br clear="none" class=""><a shape="rect" ymailto="mailto:AusNOG@lists.ausnog.net" href="mailto:AusNOG@lists.ausnog.net" class="">AusNOG@lists.ausnog.net</a><br clear="none" class=""><a shape="rect" href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank" class="">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br clear="none" class=""></div><br class=""><br class=""></div></div></div></div><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">_______________________________________________</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">AusNOG mailing list</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="mailto:AusNOG@lists.ausnog.net" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">AusNOG@lists.ausnog.net</a><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">http://lists.ausnog.net/mailman/listinfo/ausnog</a></div></blockquote></div><br class=""></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>AusNOG mailing list</span><br><span><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a></span><br><span><a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a></span><br></div></blockquote></body></html>