[AusNOG] Handover of information and/or monitoring for authorities.

Matt Carter matt at iseek.com.au
Wed Aug 26 09:43:58 EST 2009


Just something I thought of with regards to putting data on disc for collection - Just be mindful if you are going beyond providing end user/billing info and actually capturing traffic going to the subscriber, you will most definitely need to at least sight the warrant. Don't be shy about telling them to provide their own box if you want.

Also, generally for all this type of stuff you a entitled to bill them to recoup your time if you want, some agencies (eg most state police) will have cost codes on the s282 request and its just a matter of invoicing their accounts dept. If you're just getting the odd one here and there probably not a worry, but something to bear in mind if it starts getting out of hand.

--matt



From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Noel Butler
Sent: Tuesday 25 August 2009 8:54 PM
To: Andrew Cox
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] Handover of information and/or monitoring for authorities.

Andrew,

On Tue, 2009-08-25 at 18:23 +1000, Andrew Cox wrote:



Hey Guys,



Just wondering if anyone from an ISP here has previously had to deal

with AFP assisting in capturing and/or providing data about an end user?

Hundreds of them :)





If so I'm interested to hear just exactly what sort of process they had

to go through to get the data (I know we are legally required to provide

it and I don't see an issue with that) but just wondering what if anyone

knows what exactly they are supposed to give us in terms of a warrant

and/or proof of identity etc etc.



They don't need a warrant, but it must be a s282 request, it is also normally (co) signed by a commissioned officer,
they will indicate exactly what they want from you, be complete and generous in the information, supply all details of the user,
often they want proof it was that user at said times, give them a paste from radius as well showing such.
The same applies to other Australian Police Services, and the ATO, which you are also legally obligated to furnish details of users to. Normally you can email a copy of the data to them, or fax it back, sometimes in cases of very serious nature, they may also request you put data onto a CD and it will be collected from you.






Been asking around and I've also been told that they should normally

provide contact details of a supervisor or higher authority we can refer

to if needed.



Yes normally they will want these details, and an a/h contact in case they need to action a request outside normal hours (very rare), but mostly it's so they have a common point of contact, doesn't need to be a manager, your senior sysadmin is good enough.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090826/dab9995f/attachment.html>


More information about the AusNOG mailing list