<div dir="ltr"><div><div>Indeed it's a mess. The legislation nowhere recognises that communication over a packet switched network is a different paradigm than circuit switched/PSTN. And I was just checking, and the AG's data set doesn't match 187AA in the Act. Tut tut.<br><br></div><div>Bottom line. You're required to have an approved DRIP. The legislation is only relevant if the CAC hardballs you on its approval.<br></div><div><br></div>Kind regards<br><br></div>Paul Wilkins<br><div><div><br><div><div class="gmail_extra"><br><div class="gmail_quote">On 22 November 2016 at 17:41, Mark Smith <span dir="ltr"><<a href="mailto:markzzzsmith@gmail.com" target="_blank">markzzzsmith@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><p dir="ltr"></p>
<p dir="ltr">On 22 Nov. 2016 3:27 pm, "David Beveridge" <<a href="mailto:dave@bevhost.com" target="_blank">dave@bevhost.com</a>> wrote:<br>
><br>
> <a href="https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/Dataset.pdf" target="_blank">https://www.ag.gov.au/<wbr>NationalSecurity/<wbr>DataRetention/Documents/<wbr>Dataset.pdf</a><br>
><br>
> 2. The source of a communication <br>
> Identifiers of a related account, service or device from which a communication has been sent or attempted to be sent by means of the relevant service.<br>
><br>
> Identifiers for the source of a communication may include, but are not limited to: <br>
> • the phone number, IMSI, IMEI from which a call or SMS was made <br>
> • identifying details (such as username, address, number) of the account, service or device from which a text, voice, or multi-media communication was made (examples include email, Voice over IP (VoIP), instant message Topic Description of information Explanation or video communication) <br>
> • the IP address and port number allocated to the subscriber or device connected to the internet at the time of the communication, </p>
</span><p dir="ltr">This is badly written, because in the case of CGN, a range of port numbers are allocated to the subscriber or device, and in the case of IPv6, port numbers are not allocated at all. The IPv6 host is in charge of those not the ISP.</p>
<p dir="ltr">Now imagine the text used to look like this:<br></p>
<p dir="ltr">• "the phone number and port number allocated to the subscriber or device connected to the telephone network at the time of the communication"</p>
<p dir="ltr">If you didn't understand the significant architectural differences between the Internet and the POTS, then search and replace for what you think are equivalent POTS and Internet terms is logical and could be expected.<br></p>
<p dir="ltr"><span class="">>or <br>
> • any other service or device identifier known to the provider that uniquely identifies the source of the communication. In all instances, the identifiers retained to identify the source of the communication are the ones relevant to, or used in, the operation of the particular service in question.<br>
><br>
> On Tue, Nov 22, 2016 at 2:14 PM, Paul Brooks <<a href="mailto:paul.brooks@tridentsc.com.au" target="_blank">paul.brooks@tridentsc.com.au</a>> wrote:<br>
>><br>
>> On 22/11/2016 2:52 PM, David Beveridge wrote:<br>
>>><br>
>>> Pretty sure you're also meant to be keeping the source and destination tcp ports as well which weren't there.<br>
>>><br>
>>> dave<br>
>><br>
>><br>
>> Why? why would you need to?<br>
>><br>
>><br>
>>><br>
>>> On Tue, Nov 22, 2016 at 1:49 PM, <<a href="mailto:russell@central-data.net" target="_blank">russell@central-data.net</a>> wrote:<br>
>>>><br>
>>>> Yes you are correct you should not be keeping record of the Subject line and i should have made it clear to strip it out when transporting the logs. Thanks for catching it though and ensuring people are clear on it<br>
>>>> Most systems will have the subject line in their standard logs and can simply be stripped out later \ not collected at all when sending over to data retention.<br>
>>>><br>
>>>> Its a pretty fine line to collect all of the "relevant" data while not infringing on the privacy laws<br>
>>>><br>
>>>><br>
>>>> Kind Regards,<br>
>>>><br>
>>>> Russell Brooks<br>
>>>><br>
>>>><br>
>>>> Central Data Systems Pty Ltd<br>
>>>> 88 Havelock Street, West Perth, WA 6005<br>
>>>> Phone: 08 9481 4010<br>
>>>><br>
>>>> <a href="http://www.central-data.net" target="_blank">www.central-data.net</a><br>
>>>><br>
>>>> -----<br>
>><br>
>><br>
>><br>
>> Paul<br>
>><br>
><br>
><br></span><span class="">
> ______________________________<wbr>_________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
></span></p>
<br>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div></div></div></div></div>