<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 20/07/2015 2:32 AM, Paul Wilkins
wrote:<br>
</div>
<blockquote
cite="mid:CAMmROTJzvCDdnout4taL5p8T_6_GQgmLX0OnpnnKOy1XFuOv9g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Am I the only one that spotted that this advice is not even
internally consistent? For the intents and purposes of the
act, there is no difference between email and usenet. Either
both qualify for logging or both don't. It's early days, but
already the legislation is coming unstitched. Happy days...<br>
</div>
</div>
</blockquote>
<br>
For their purpose, email and usenet is very very different. You need
to think of the service from a user experience/user purpose view,
not the technical aspects. Sure, they are both transported as
messages, but thats only material for working out how to retain, not
whether or not data needs to be retained in the first place.<br>
<br>
Usenet is more like broadcasting (which is exempt) - its
one-to-many, publicly available, and the AGD can get their hands on
usenet feed messages - metadata AND content - without having to get
an ISP to do data-retention on it. They may also be thinking
'usenet' as being a receive-only news service (sort of like
subscribing to a RSS feed), and they may not have considered that a
user might also post usenet messages out.<br>
<br>
Email is one-to-one(-ish), there is no record of sending or
receiving outside the originating and terminating ISPs, so they need
ISPs to retain data about the email messages to be able to construct
a trail of comms.<br>
<br>
Also, related to EMAIL (SMTP, POP3, IMAP, etc) - a strict
interpretation of the data retention requirements differs from the
AGD description you have been given.<br>
<br>
The CAC seems to think the email message headers (excluding subject
line) are required to be kept. - this indicated they are thinking of
the 'From:, To:, CC:' etc headers that are displayed by email client
programs.<br>
However, for SMTP protocol , all the email message headers (From:,
To:, CC:, Subject:) are contained within the DATA block, between the
DATA directive and a line containing a '.'.<br>
Arguably to comply with the data retention requirements, your email
server should be logging the SMTP commands ( HELO/EHLO, MAIL FROM:,
RCPT TO:, and the far end response lines, and NOT the email content
within the DATA block, which is clearly content as far as SMTP is
concerned.<br>
<br>
It might all come down to how you have described your service
definition. Are you providing 'email service', or are you providing
'SMTP, POP3, and IMAP service'. It also comes down to what your
server software can log - can it log the SMTP commands and response
lines? can it log the message header information within the DATA
block?<br>
<br>
<br>
<br>
<blockquote
cite="mid:CAMmROTJzvCDdnout4taL5p8T_6_GQgmLX0OnpnnKOy1XFuOv9g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
Paul Wilkins<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 19 July 2015 at 18:00, Noel Butler <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:noel.butler@ausics.net" target="_blank">noel.butler@ausics.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-size:10pt">
<p>wow missed so much in my absence, there is way too many
posts to catch up on and no doubt the fanbois/fangirls
will all be scrambling to dispute what I said (like I'm
sure the usual suspects will at this post as well), so I
wont bother catching up on all of em.</p>
<p>This is from the C.A.C. it does clarify that what the
AGD told me earlier is incorrect as far as the usenet
server goes, but the hosting statements remain valid</p>
<p> </p>
<p><em>Data retention obligations apply only to ‘relevant
services’. A service is a ‘relevant service’ if:</em><br>
<em>(a) It is a service for carrying communications, or
enabling communications to be carried,</em><br>
<em>(b) It is a service operated by a carrier, carriage
service provider or internet service provider, and</em><br>
<em>(c) The person operating the service owns or
operates, in Australia, infrastructure that enables
the provision </em><br>
<em> of any of its relevant services.</em><br>
<br>
<em>Based on the information you have provided,
including the knowledge that you offer an email
service, it is likely </em><br>
<em>that you are a CSP. The definition of a carriage
service provider (CSP) is contained within s87 of the
</em><br>
<em>Telecommunications Act 1979. Carriage services
include services for carrying communications, for
example telephone </em><br>
<em>services, email services, Internet access services
and Voice over Internet Protocol (VoIP) services.</em></p>
<p><em>The services that you have mentioned in your email,
being the Usenet news server and the email server, are
to be </em><br>
<em>considered as two separate services for the purpose
of data retention.</em></p>
<p><em>The email server you have described will likely be
captured by data retention obligations unless an
exemption is </em><br>
<em>sought and agreed to. In applying the data set to an
e-mail service, data retention obligations will
include all </em><br>
<em>information contained in the ‘header’ of the email,
excluding the subject line. No content is to be
retained for </em><br>
<em>data retention purposes.</em></p>
<p><em>Based on the information you have provided, we
consider that UseNet does not appear to be a ‘relevant
service’. </em><br>
<em>If the service is not considered a relevant service
then no data retention obligations will be applicable.</em></p>
<p> </p>
<p> </p>
<p>The Dept of Comms has confirmed that as a hosting
provider we are classified as a CSP.</p>
<p>So after that, if you, or anyone expect me to take the
word of a bunch of mailing list "bush lawyers" over the
CAC, you're all clearly on some kinda weird and
wonderful drugs, and no amount of "bush laywer"
ignorance will change that</p>
<p> </p>
<p>Don't think for a moment I'm a proponent of this law -
I'm far from it, but its a reality, so time to get your
heads out of your arses and live with it, rather than
trying to find far flung reaches of piss poor excuses as
to how you're not going to have to comply, ignorance
wont save you, or your employers.</p>
<p> </p>
<p>Enjoy your weekend</p>
<span class="">
<p> </p>
<p>On 16/06/2015 13:07, Justin Clacherty wrote:</p>
<blockquote type="cite" style="padding:0
0.4em;border-left:#1010ff 2px solid;margin:0">No Noel,
I think you've misinterpreted the AGD's response.<br>
<br>
You are only obligated to retain data if you fall
under 187A 3(b) of the Act. That is, you are a
carriage service provider, or an ISP. The Minister can
add other providers to be ratified within 40 days by
Parliament, but this has not yet occurred.<br>
<br>
If you do fall under 187A 3(b) of the Act. Then you
have to retain data for all services you offer, this
would include web hosting and email.<br>
<br>
If you only offer web hosting, you are not an ISP and
do not have data retention obligations.<br>
<br>
Justin.<br>
<br>
</blockquote>
</span></div>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</body>
</html>