<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">...which is an important and not
insignificant step. <br>
<br>
Having previously worked in government answering these sort of
requests (not related to this current scenario but involving
sensitive data, in that case data relating to children) it took a
lot of work, planning and many peoples' time to answer not only
the question of the applicant but also the questions of "are they
entitled to receive those data (which is different from being
entitled to ask for it), and for what purpose can they use that
data?" Many of those requests came from other departments in
various levels of government. The processes we implemented weren't
cheap; neither were they speedy. Lots of legislation involved;
lots of of lawyers; time and money involved. <br>
<br>
And in the meantime, everybody had to do their day job. Just like
the ISPs (carriage service providers - whatever the legal term is
these days) have to do.<br>
<br>
-Mark<br>
<br>
On 18/03/2015 3:44 PM, Mark ZZZ Smith wrote:<br>
</div>
<blockquote
cite="mid:1643475469.370622.1426653870130.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:Helvetica Neue-Light, Helvetica Neue Light,
Helvetica Neue, Helvetica, Arial, Lucida Grande,
Sans-Serif;font-size:16px">
<div id="yui_3_16_0_1_1426643986145_64775" dir="ltr"><span
id="yui_3_16_0_1_1426643986145_64782">You forgot a step. 2,
verify the requester has the right to ask for what they're
asking for, to catch both errors and overreach.</span></div>
<div id="yui_3_16_0_1_1426643986145_64775" dir="ltr"><span><br>
</span></div>
<div id="yui_3_16_0_1_1426643986145_64775" dir="ltr"><span>In
fact, as you're unlikely to be a lawyer, it'd other be best
to pass all the requests through a lawyer, or get a lawyer
to define a strict set of common request definitions and who
can ask for them, and then punt every non-matching request
to your lawyer.</span></div>
<div id="yui_3_16_0_1_1426643986145_64775" dir="ltr"><span><br>
</span></div>
<div id="yui_3_16_0_1_1426643986145_64775" dir="ltr"><br>
</div>
<br>
<div style="font-family: Helvetica Neue-Light, Helvetica Neue
Light, Helvetica Neue, Helvetica, Arial, Lucida Grande,
Sans-Serif; font-size: 16px;"
id="yui_3_16_0_1_1426643986145_64778">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, Sans-Serif; font-size:
16px;" id="yui_3_16_0_1_1426643986145_64777">
<div dir="ltr" id="yui_3_16_0_1_1426643986145_64776">
<hr id="yui_3_16_0_1_1426643986145_64813" size="1"> <font
id="yui_3_16_0_1_1426643986145_64779" face="Arial"
size="2"> <b><span style="font-weight:bold;">From:</span></b>
James Hodgkinson <a class="moz-txt-link-rfc2396E" href="mailto:yaleman@ricetek.net"><yaleman@ricetek.net></a><br>
<b><span style="font-weight: bold;">To:</span></b>
<a class="moz-txt-link-abbreviated" href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a> <br>
<b><span style="font-weight: bold;">Sent:</span></b>
Wednesday, 18 March 2015, 15:24<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [AusNOG] Warrant-less Info Requests / Cost Recovery<br>
</font> </div>
<div class="y_msg_container"
id="yui_3_16_0_1_1426643986145_65162"><br>
<div id="yiv6201497886">
<style>
#yiv6201497886 body {
padding:1em;margin:auto;background:#fefefe;}
#yiv6201497886 h1, #yiv6201497886 h2, #yiv6201497886 h3, #yiv6201497886 h4, #yiv6201497886 h5, #yiv6201497886 h6 {
font-weight:bold;}
#yiv6201497886 h1 {
color:#000000;font-size:28pt;}
#yiv6201497886 h2 {
border-bottom:1px solid #CCCCCC;color:#000000;font-size:24px;}
#yiv6201497886 h3 {
font-size:18px;}
#yiv6201497886 h4 {
font-size:16px;}
#yiv6201497886 h5 {
font-size:14px;}
#yiv6201497886 h6 {
color:#777777;background-color:inherit;font-size:14px;}
#yiv6201497886 hr {
height:0.2em;border:0;color:#CCCCCC;background-color:#CCCCCC;display:inherit;}
#yiv6201497886 p, #yiv6201497886 blockquote, #yiv6201497886 ul, #yiv6201497886 ol, #yiv6201497886 dl, #yiv6201497886 li, #yiv6201497886 table, #yiv6201497886 pre {
margin:15px 0;}
#yiv6201497886 a, #yiv6201497886 a:visited {
color:#4183C4;background-color:inherit;text-decoration:none;}
#yiv6201497886 #yiv6201497886message {
border:1px solid #ccc;display:block;width:100%;height:60px;margin:6px 0px;}
#yiv6201497886 button, #yiv6201497886 #yiv6201497886ws {
font-size:12 pt;padding:4px 6px;border:1px solid #bbb;background-color:#eee;}
#yiv6201497886 code, #yiv6201497886 pre, #yiv6201497886 #yiv6201497886ws, #yiv6201497886 #yiv6201497886message {
font-family:Monaco;font-size:10pt;background-color:#F8F8F8;color:inherit;}
#yiv6201497886 code {
border:1px solid #EAEAEA;margin:0 2px;padding:0 5px;}
#yiv6201497886 pre {
border:1px solid #CCCCCC;overflow:auto;padding:4px 8px;}
#yiv6201497886 #yiv6201497886 code {
border:0;margin:0;padding:0;}
#yiv6201497886 #yiv6201497886ws {background-color:#f8f8f8;}
#yiv6201497886 .yiv6201497886bloop_markdown table {
border-collapse:collapse;
font-family:Helvetica, arial, freesans, clean, sans-serif;
color:rgb(51, 51, 51);
font-size:15px;line-height:25px;padding:0;}
#yiv6201497886 .yiv6201497886bloop_markdown table tr {
border-top:1px solid #cccccc;background-color:white;margin:0;padding:0;}
#yiv6201497886 .yiv6201497886bloop_markdown table tr:nth-child {
background-color:#f8f8f8;}
#yiv6201497886 .yiv6201497886bloop_markdown table tr th {
font-weight:bold;border:1px solid #cccccc;margin:0;padding:6px 13px;}
#yiv6201497886 .yiv6201497886bloop_markdown table tr td {
border:1px solid #cccccc;margin:0;padding:6px 13px;}
#yiv6201497886 .yiv6201497886bloop_markdown table tr th :first-child, #yiv6201497886 table tr td :first-child {
margin-top:0;}
#yiv6201497886 .yiv6201497886bloop_markdown table tr th :last-child, #yiv6201497886 table tr td :last-child {
margin-bottom:0;}
#yiv6201497886 .yiv6201497886bloop_markdown blockquote{
border-left:4px solid #dddddd;padding:0 15px;color:#777777;}
#yiv6201497886 #yiv6201497886 :first-child {
margin-top:0;}
#yiv6201497886 #yiv6201497886 :last-child {
margin-bottom:0;}
#yiv6201497886 code, #yiv6201497886 pre, #yiv6201497886 #yiv6201497886ws, #yiv6201497886 #yiv6201497886message {
word-wrap:normal;}
#yiv6201497886 hr {
display:inherit;}
#yiv6201497886 .yiv6201497886bloop_markdown :first-child {
}
#yiv6201497886 code, #yiv6201497886 pre, #yiv6201497886 #yiv6201497886ws, #yiv6201497886 #yiv6201497886message {
font-family:Menlo, Consolas, Liberation Mono, Courier, monospace;}
#yiv6201497886 .yiv6201497886send {color:#77bb77;}
#yiv6201497886 .yiv6201497886server {color:#7799bb;}
#yiv6201497886 .yiv6201497886error {color:#AA0000;}</style>
<div id="yui_3_16_0_1_1426643986145_65165">
<div class="yiv6201497886bloop_markdown"
id="yui_3_16_0_1_1426643986145_65164">
<div id="yui_3_16_0_1_1426643986145_65163">It WILL
take much more than 60 seconds to:</div>
<ul id="yui_3_16_0_1_1426643986145_65167">
<li id="yui_3_16_0_1_1426643986145_65166">verify
the requestor’s identity,</li>
<li id="yui_3_16_0_1_1426643986145_65168">the
parameters of the request,</li>
<li id="yui_3_16_0_1_1426643986145_65169">do the
lookup,</li>
<li id="yui_3_16_0_1_1426643986145_65170">format
it appropriately</li>
<li id="yui_3_16_0_1_1426643986145_65171">send it</li>
<li id="yui_3_16_0_1_1426643986145_65172">generate
the bill</li>
<li id="yui_3_16_0_1_1426643986145_65173">manage
payment receipt, when it inevitably goes wrong</li>
</ul>
<div id="yui_3_16_0_1_1426643986145_65174">… should
I go on? </div>
<div id="yui_3_16_0_1_1426643986145_65175">This
doesn’t include the sunk costs of the
infrastructure to host it on, and recovering that
cost.</div>
<div id="yui_3_16_0_1_1426643986145_65176">Is there
mention of penalties for when your $system goes
bye bye (fire/flood/hacker/MTBF of hdd’s) and you
can’t respond?</div>
<div>James</div>
</div>
<div class="yiv6201497886bloop_original_html">
<style>#yiv6201497886 body{font-family:Source Code Pro, Arial;font-size:12px;}</style>
<div id="yiv6201497886bloop_customfont"
style="font-family:Source Code Pro,
Arial;font-size:12px;margin:0px;"><br clear="none">
</div>
<br clear="none">
<div class="yiv6201497886bloop_sign"
id="yiv6201497886bloop_sign_1426652414744854016">
<div style="font-family:helvetica,
arial;font-size:13px;"><br clear="none">
</div>
</div>
<br clear="none">
<div class="qtdSeparateBR"><br>
<br>
</div>
<div class="yiv6201497886yqt0694757884"
id="yiv6201497886yqtfd91825">
<div style="color:#000;">On 18 March 2015 at
2:17:21 pm, Paul Brooks (<a
moz-do-not-send="true" rel="nofollow"
shape="rect"
ymailto="mailto:pbrooks-ausnog@layer10.com.au"
target="_blank"
href="mailto:pbrooks-ausnog@layer10.com.au">pbrooks-ausnog@layer10.com.au</a>)
wrote:</div>
<blockquote class="yiv6201497886clean_bq"
type="cite"><span></span>
<div>
<div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<div class="yiv6201497886yqt0694757884"
id="yiv6201497886yqtfd19986">
<title></title>
<div>
<div class="yiv6201497886moz-cite-prefix">They'll
tell you you're
dreaming.<br clear="none">
<br clear="none">
counter-view...<br clear="none">
<br clear="none">
Remembering that Telstra recently announced
they'll charge $25 to
process a simple request - the same amount they
charge a LEO.<br clear="none">
<br clear="none">
If you've built even a dodgy lookup system, should
it really take
more than 60 seconds to type in an IP address, a
start date/time,
an end date/time, and have the lookup system (that
the Gov will
help contribute to your reasonable costs to build
*cough*) decrypt
the RADIUS database for the time window, and
extract a dump of
records for that IP address?<br clear="none">
<br clear="none">
If you think you'll be able to charge $500 -
$1000, you'd better be
prepared to explain to the CAC why you have to
have a live person
ruffling through a set of filing-cabinet of
printed-out A4 sheets
of paper with your records printed on them. They
might be the
Gov't, but even they know we have computers do do
this sort of
database lookup these days.<br clear="none">
<br clear="none">
<br clear="none">
On 18/03/2015 1:27 PM, Andrew Yager wrote:<br
clear="none">
</div>
<blockquote type="cite">
Hi Terry,
<div class="yiv6201497886"><br
class="yiv6201497886" clear="none">
</div>
<div class="yiv6201497886">We are taking the view
that this is an exercise that
is equivalent of up to 2 hours technical
services, and given the
costs of verifying and ensuring compliance, our
standard cost for a
request will be $500 per request.</div>
<div class="yiv6201497886"><br
class="yiv6201497886" clear="none">
</div>
<div class="yiv6201497886">For greater time
periods (e.g. reporting on two
years), our charging rate will extend to $15 000
for this
service.</div>
<div class="yiv6201497886"><br
class="yiv6201497886" clear="none">
</div>
<div class="yiv6201497886">More complicated
requests (such as access logs from a
web server) will also attract higher rates.</div>
<div class="yiv6201497886"><br
class="yiv6201497886" clear="none">
</div>
<div class="yiv6201497886">I’d encourage everyone
to ensure that their costs are
reasonable relating to the amount of work - and
the opportunity
cost associated with complying with this daft
legislation.</div>
<div class="yiv6201497886"><br
class="yiv6201497886" clear="none">
</div>
<div class="yiv6201497886">Andrew</div>
<div class="yiv6201497886"><br
class="yiv6201497886" clear="none">
<div class="yiv6201497886">
<div class="yiv6201497886" style="color:rgb(0,
0,
0);letter-spacing:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word;">
<div class="yiv6201497886"
style="color:rgb(0, 0,
0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;orphans:2;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;word-wrap:break-word;">
<div class="yiv6201497886"
style="word-wrap:break-word;">
<div class="yiv6201497886"
style="word-wrap:break-word;">
<div class="yiv6201497886"
style="word-wrap:break-word;">
<div class="yiv6201497886"
style="word-wrap:break-word;">
<div class="yiv6201497886"
style="word-wrap:break-word;">
<div class="yiv6201497886"
style="word-wrap:break-word;">
<div class="yiv6201497886"
style="word-wrap:break-word;">
<div class="yiv6201497886"><span
class="yiv6201497886Apple-style-span"
style="border-collapse:separate;color:rgb(0,
0,
0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;orphans:2;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;border-spacing:0px;">--</span></div>
<div class="yiv6201497886"><span
class="yiv6201497886Apple-style-span"
style="border-collapse:separate;color:rgb(0,
0,
0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;orphans:2;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;border-spacing:0px;"><b
class="yiv6201497886">Andrew
Yager, Managing
Director</b> <i
class="yiv6201497886">(MACS
Snr CP BCompSc MCP
JNCIA-Junos)</i><br
class="yiv6201497886"
clear="none">
Real World Technology
Solutions Pty Ltd - IT
people
you can trust<br
class="yiv6201497886"
clear="none">
ph: 1300 798 718 or (02)
9037 0500<br
class="yiv6201497886"
clear="none">
fax: (02) 9037 0591<br
class="yiv6201497886"
clear="none">
<a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv6201497886"
target="_blank"
href="http://www.rwts.com.au/">http://www.rwts.com.au/</a></span></div>
<div class="yiv6201497886"><span
class="yiv6201497886Apple-style-span"
style="border-collapse:separate;color:rgb(0,
0,
0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;orphans:2;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;border-spacing:0px;"><br
class="yiv6201497886"
clear="none">
</span></div>
</div>
</div>
</div>
</div>
<br
class="yiv6201497886Apple-interchange-newline"
clear="none">
</div>
<br
class="yiv6201497886Apple-interchange-newline"
clear="none">
</div>
<br
class="yiv6201497886Apple-interchange-newline"
clear="none">
</div>
<br
class="yiv6201497886Apple-interchange-newline"
clear="none">
</div>
<br
class="yiv6201497886Apple-interchange-newline"
clear="none">
</div>
<br
class="yiv6201497886Apple-interchange-newline"
clear="none">
<br
class="yiv6201497886Apple-interchange-newline"
clear="none">
</div>
<br class="yiv6201497886" clear="none">
<div>
<blockquote class="yiv6201497886" type="cite">
<div class="yiv6201497886">On 18 Mar 2015,
at 1:11 pm, Terry Sweetser
<<a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv6201497886"
ymailto="mailto:terry+AusNOG@skymesh.net.au"
target="_blank"
href="mailto:terry+AusNOG@skymesh.net.au">terry+AusNOG@skymesh.net.au</a>>
wrote:</div>
<br
class="yiv6201497886Apple-interchange-newline"
clear="none">
<div class="yiv6201497886">Hello Noggers,<br
class="yiv6201497886" clear="none">
<br class="yiv6201497886" clear="none">
I'm wondering what policies and pricing
any/all of your
organisations have in place to "recover"
costs when asked for
(meta-)data about ip addresses, customers
and so on?<br class="yiv6201497886"
clear="none">
<br class="yiv6201497886" clear="none">
Given the transition for 2-year retention
and the expansion of the
(meta-)dataset to be retained, what plans
are in place to charge
reasonable fees to state and federal LEOs
for the data?<br class="yiv6201497886"
clear="none">
<br class="yiv6201497886" clear="none">
Is $200 a fair sum of money for an ip
address match up?<br class="yiv6201497886"
clear="none">
<br class="yiv6201497886" clear="none">
Is $20,000 a fair sum of money for a dump
of the (up to) 2 years of
data for an ip address or customer?<br
class="yiv6201497886" clear="none">
<br class="yiv6201497886" clear="none">
--<br class="yiv6201497886" clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect" class="yiv6201497886"
target="_blank"
href="http://about.me/terry.sweetser">http://about.me/terry.sweetser</a><br
class="yiv6201497886" clear="none">
<br class="yiv6201497886" clear="none">
_______________________________________________<br class="yiv6201497886"
clear="none">
AusNOG mailing list<br
class="yiv6201497886" clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect"
class="yiv6201497886moz-txt-link-abbreviated"
ymailto="mailto:AusNOG@lists.ausnog.net"
target="_blank"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br
class="yiv6201497886" clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect"
class="yiv6201497886moz-txt-link-freetext"
target="_blank"
href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br
class="yiv6201497886" clear="none">
</div>
</blockquote>
</div>
<br class="yiv6201497886" clear="none">
</div>
<br clear="none">
<fieldset
class="yiv6201497886mimeAttachmentHeader"></fieldset>
<br clear="none">
<pre>_______________________________________________
AusNOG mailing list
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv6201497886moz-txt-link-abbreviated" ymailto="mailto:AusNOG@lists.ausnog.net" target="_blank" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv6201497886moz-txt-link-freetext" target="_blank" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br clear="none">
_______________________________________________
<br clear="none">
AusNOG mailing list
<br clear="none">
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<br clear="none">
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
<br clear="none">
</div>
</div>
</div>
<br>
<div class="yqt0694757884" id="yqtfd40647">_______________________________________________<br
clear="none">
AusNOG mailing list<br clear="none">
<a moz-do-not-send="true" shape="rect"
ymailto="mailto:AusNOG@lists.ausnog.net"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br
clear="none">
<a moz-do-not-send="true" shape="rect"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br
clear="none">
</div>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</body>
</html>