[AusNOG] Warrant-less Info Requests / Cost Recovery
Matt Perkins
matt at spectrum.com.au
Wed Mar 18 14:28:01 EST 2015
I doubt law enforcement will ever go for any cutoff threshold it will just drive criminals to those organisations which will soon become second class providers. The divide between carriers and CSP's will widen and one day they will force smaller providers to either comply or resell those who do. Our customers use us because we have a top grade network with good contention ratio's. Our advantage would be gone should we have to simply be another m2 reseller
For us the model seems simple I'm happy to submit a quote to the government to approve and pay.
I wouldn't need to bloat it. In fact my quote would be zero if they just want IP address to customer details matching. I already do that no problem. But want more like email logs over a few weeks or the unspeakable browser history infrastructure is going to need to be built it could easily cost 100k depending on what was required. Again we are back to the definitions in the act. Which looks poorly drafted. Likely on purpose to allow bracket creep.
--
/* Matt Perkins
Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
Office 1300 133 299 matt at spectrum.com.au
Fax 1300 133 255 Level 6, 350 George Street Sydney 2000
SIP 1300137379 at sip.spectrum.com.au
Google Talk MattAPerkins at gmail.com
PGP/GNUPG Public Key can be found at http://pgp.mit.edu
*/
> On 18 Mar 2015, at 2:03 pm, Damien Gardner Jnr <rendrag at rendrag.net> wrote:
>
> That suggests to me that while the larger providers can afford to spread the cost of compliance across many requests (and so only charge $500 for a simple IP-to-details request, or $15k for a 2-year dump), that smaller providers will need to spread the cost over a much smaller set of requests - so perhaps a 'simple' request is going to cost $20k, and a 2-year dump will cost $200k, based on a cost-recovery model?
>
> Perhaps that is a good reason to push for a firm threshold of subscribers below which an ISP/hosting provider does not need to worry about recording such data? If it's going to cost an agency 50x the amount to request data from a smaller provider, should they be required to store that data, then it would make sense to not require the smaller providers to bother keeping that data in the first place, and stay with the current 'we-might-or-might-not-have-that' approach ?
>
> Or it might just be that I like stirring the pot ;)
>
>
>
>> On 18 March 2015 at 13:52, Matt Perkins <matt at spectrum.com.au> wrote:
>>
>>
>> I don't like the idea of the whole fee per request model. We are a business focused provider. We don't have thousands or home users. As such we get a total of about 1 request every few years.
>>
>> At that rate the cost of compliance for us may be thousands or even hundreds of thousands depending on the interpretation of the proposed legislation. With perhaps one or two request every couple of years. We don't even get more then a perhaps 1 or 2 copyright notices a month. We could never pay for the cost of compliance even at $1000 a request.
>>
>> Matt
>>
>>
>> --
>> /* Matt Perkins
>> Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
>> Office 1300 133 299 matt at spectrum.com.au
>> Fax 1300 133 255 Level 6, 350 George Street Sydney 2000
>> SIP 1300137379 at sip.spectrum.com.au
>> Google Talk MattAPerkins at gmail.com
>> PGP/GNUPG Public Key can be found at http://pgp.mit.edu
>> */
>>
>>> On 18 Mar 2015, at 1:38 pm, Paul Julian <paul at oxygennetworks.com.au> wrote:
>>>
>>> I think this approach is spot on, the charge has to be fair and indicative of the effort and resources involved, and we will be taking the same approach.
>>>
>>> Regards
>>> Paul
>>>
>>>
>>> Andrew Yager <andrew at rwts.com.au> , 3/18/2015 1:24 PM:
>>> Hi Terry,
>>>
>>> We are taking the view that this is an exercise that is equivalent of up to 2 hours technical services, and given the costs of verifying and ensuring compliance, our standard cost for a request will be $500 per request.
>>>
>>> For greater time periods (e.g. reporting on two years), our charging rate will extend to $15 000 for this service.
>>>
>>> More complicated requests (such as access logs from a web server) will also attract higher rates.
>>>
>>> I’d encourage everyone to ensure that their costs are reasonable relating to the amount of work - and the opportunity cost associated with complying with this daft legislation.
>>>
>>> Andrew
>>>
>>> --
>>> Andrew Yager, Managing Director (MACS Snr CP BCompSc MCP JNCIA-Junos)
>>> Real World Technology Solutions Pty Ltd - IT people you can trust
>>> ph: 1300 798 718 or (02) 9037 0500
>>> fax: (02) 9037 0591
>>> http://www.rwts.com.au/
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>> On 18 Mar 2015, at 1:11 pm, Terry Sweetser <terry+AusNOG at skymesh.net.au> wrote:
>>>>
>>>> Hello Noggers,
>>>>
>>>> I'm wondering what policies and pricing any/all of your organisations have in place to "recover" costs when asked for (meta-)data about ip addresses, customers and so on?
>>>>
>>>> Given the transition for 2-year retention and the expansion of the (meta-)dataset to be retained, what plans are in place to charge reasonable fees to state and federal LEOs for the data?
>>>>
>>>> Is $200 a fair sum of money for an ip address match up?
>>>>
>>>> Is $20,000 a fair sum of money for a dump of the (up to) 2 years of data for an ip address or customer?
>>>>
>>>> --
>>>> http://about.me/terry.sweetser
>>>>
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> --
> Damien Gardner Jnr
> VK2TDG. Dip EE. GradIEAust
> rendrag at rendrag.net - http://www.rendrag.net/
> --
> We rode on the winds of the rising storm,
> We ran to the sounds of thunder.
> We danced among the lightning bolts,
> and tore the world asunder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150318/4fb797f4/attachment.html>
More information about the AusNOG
mailing list