[AusNOG] Metadata retention... it's now (almost) a thing

Robert Hudson hudrob at gmail.com
Fri Oct 31 09:00:24 EST 2014


On 31 October 2014 08:18, David Beveridge <dave at bevhost.com> wrote:


> It has been stated many times that the information being sought after is
> that which is already routinely stored by ISPs already.
> The primary objective of the legislation is to ensure that ISPs keep this
> data for two years.
>
> Since it is not routine for ISP to identify phone numbers dialled by skype
> clients or remote facebook chatters these things are not the communication
> endpoints unless you are skype of facebook.
>

The legislation as presented to parliament doesn't say what will be
collected, and given the complete confusion shown by those who should be in
the know about it (some say just what's kept now, others say more will be
kept, then the next day they change their story), I'd say nothing is
categorically on or off the table at this point.

I think what worries some is that netflow data is collected by some ISPs
> and if we were required to keep that for two years the costs would be
> enormous. The netflow data just from my house would be several terabytes in
> a year, so multiply that by the population of Australia and it becomes a
> ridiculous assertion that we should be required to store that much data.
>

And someone has to pay to store that data.  Whether it's the ISP shelling
out for it out of their own pockets, or the federal government paying the
capital costs, it's the Australian public who will ultimately pay.  The
only winners from this perspective in this are the storage companies (be it
bespoke storage devices or storage services).

>
> Another big question I have, is if a business buys a VPS with cpanel on
> it, who is responsible for configuring the email log retention.  Is it even
> required?  Surely the owner of the VPS is providing a service to someone
> and is therefore the service provider in that case, but perhaps it depends
> on whether they sell it or not.
>

Again, this is yet to be defined.  I'm not holding my breath for a sensible
definition.

Starts to sound like the GST debate., If the birthday cake has candles on
> it then GST is payable on the candles but not the cake. bla bla bla.
>

At least the GST achieves something (provides funds for governments to, in
theory, provide valuable services back to the population).  This
legislation will push those who it seeks to find (criminals and terrorists)
deeper underground and onto services that are effectively untraceable
(making it harder for law enforcement agencies to actually do their jobs).
All that will end up being collected is data (sorry, metadata) about
law-abiding Australians, and those who would seek to take advantage of that
data know they'll have two years worth of it to analyse and interpret once
they get hold of it (and they will).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141031/f297c5c8/attachment.html>


More information about the AusNOG mailing list