[AusNOG] Metadata retention... it's now (almost) a thing
David Beveridge
dave at bevhost.com
Fri Oct 31 09:11:37 EST 2014
On Fri, Oct 31, 2014 at 8:00 AM, Robert Hudson <hudrob at gmail.com> wrote:
> On 31 October 2014 08:18, David Beveridge <dave at bevhost.com> wrote:
>
>
>> It has been stated many times that the information being sought after is
>> that which is already routinely stored by ISPs already.
>> The primary objective of the legislation is to ensure that ISPs keep this
>> data for two years.
>>
>> Since it is not routine for ISP to identify phone numbers dialled by
>> skype clients or remote facebook chatters these things are not the
>> communication endpoints unless you are skype of facebook.
>>
>
> The legislation as presented to parliament doesn't say what will be
> collected, and given the complete confusion shown by those who should be in
> the know about it (some say just what's kept now, others say more will be
> kept, then the next day they change their story), I'd say nothing is
> categorically on or off the table at this point.
>
Actually I think it does. Just found this...
http://www.comlaw.gov.au/Details/C2014B00230
>
> I think what worries some is that netflow data is collected by some ISPs
>> and if we were required to keep that for two years the costs would be
>> enormous. The netflow data just from my house would be several terabytes in
>> a year, so multiply that by the population of Australia and it becomes a
>> ridiculous assertion that we should be required to store that much data.
>>
>
> And someone has to pay to store that data. Whether it's the ISP shelling
> out for it out of their own pockets, or the federal government paying the
> capital costs, it's the Australian public who will ultimately pay. The
> only winners from this perspective in this are the storage companies (be it
> bespoke storage devices or storage services).
>
>>
>> Another big question I have, is if a business buys a VPS with cpanel on
>> it, who is responsible for configuring the email log retention. Is it even
>> required? Surely the owner of the VPS is providing a service to someone
>> and is therefore the service provider in that case, but perhaps it depends
>> on whether they sell it or not.
>>
>
> Again, this is yet to be defined. I'm not holding my breath for a
> sensible definition.
>
>
The bit I'm not sure about now, it exactly what is a Service Provider? as
per Telecommunications (Interception and Access) Act 1979, more reading
required I guess.
> Starts to sound like the GST debate., If the birthday cake has candles on
>> it then GST is payable on the candles but not the cake. bla bla bla.
>>
>
> At least the GST achieves something (provides funds for governments to, in
> theory, provide valuable services back to the population). This
> legislation will push those who it seeks to find (criminals and terrorists)
> deeper underground and onto services that are effectively untraceable
> (making it harder for law enforcement agencies to actually do their jobs).
> All that will end up being collected is data (sorry, metadata) about
> law-abiding Australians, and those who would seek to take advantage of that
> data know they'll have two years worth of it to analyse and interpret once
> they get hold of it (and they will).
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141031/d7c8c4c3/attachment.html>
More information about the AusNOG
mailing list