[AusNOG] metadata conference on SkyNews

Pinkerton, Eric (AU Sydney) eric.pinkerton at baesystems.com
Tue Aug 12 09:51:10 EST 2014


Everything you are discussing below is already in place, Serious crime + warrant signed by a judge = subscriber information request – This has been in place for a while..
(iinet vs AFACT was never about releasing this information, merely forwarding it on to the subscriber)

The only piece of the picture which is missing, is that some ISP’s often come back with ‘Sorry it fell off the bottom of our log file’.

I know of one ISP that had years of radius logs, but only roughly 10 days of firewall logs – the firewall logs were required to convert the RFC1918 address in the radius logs to the real IP that gets natted on the firewall.

Think about that for a second – if ASIO, or The AFP et al turn up the IP of a suspected bomb maker, or perhaps Child pornographer and go to that ISP for help but they miss that 10 day window, it's tough titties.

Now the cost of making that 10 days, say 2 years is partly if not fully recoverable, because every time a valid request is received, the ISP can charge the Agency ‘a reasonable fee’ for recovering that information.

So the Govt needs to follow through on their offer to consult with industry, to ensure that the language in the final legislation is clear about:
•       What exactly constitutes a serious crime (ie not copyright infringement)
•       What is a ‘reasonable cost’
•       What sort of redundancy is required (ie the law requires Geographically redundant SAN’s then ‘reasonable cost’ is going to increase)
•       What is the required turnaround time (I would suggest that this might be linked to cost, ie the opportunity to fast track if required)
•       What exactly can be requested (ie subscriber information)
•       Who can make these requests (ie does Mosman council really deal with serious crime)


Eric

PS
>“Obviously it isn't going to get anybody with half a brain, but thankfully most of the nutjobs seem to self select to fall into that category.”
Wrong, it’s just that the ones we read about in the paper..
------------------------
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Jake Anderson
Sent: Monday, 11 August 2014 5:45 PM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] metadata conference on SkyNews

I presume the general theoretical use case for this sort of thing is, we hacked "killtheinfidels.com" and saw a bunch of Australian IP's hitting it, we'd like to see who is doing that.
Then they can percolate that through their databases and see if there is anybody interesting, add people to watchlists all the good stuff.
Obviously it isn't going to get anybody with half a brain, but thankfully most of the nutjobs seem to self select to fall into that category.

What I would find interesting would be if, now that they have said all they want is IP to account matchups. If IINET and the other players said something along the lines of "we support this limited data retention in the interest of national security, You can prove that your intentions are true and not supported by afact (or whomever) by legislating that these records not be able to be used for copyright infringement purposes"

I'd also suggest that they could create a class of warrant, whereby a judge could OK the acquisition by "the powers that be" of this information, which would breach the privacy of users. Though this could well reveal the information that lead to the desire for the IP addresses in the first place.
(Secret warrants are a bad thing)



Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies under the control of BAE Systems Applied Intelligence Limited, details of which can be found at http://www.baesystems.com/Businesses/index.htm.


More information about the AusNOG mailing list