[AusNOG] Data Retention
Mark Newton
newton at atdot.dotat.org
Fri Sep 25 11:31:24 EST 2015
On Sep 25, 2015, at 9:30 AM, James Morgan <jmorgan.au at gmail.com> wrote:
>
> Okay, I'll ask the question. Why does this have to be made to sound so hard?
Because you failed to lobby to make it easy or nonexistent, and you haven’t read the resulting legislation since.
> If you take a simple reading of what's required (that is, if you don't spend weeks on a mailing list trying to collect as many fringe cases as you possibly can) and also consider what a request would likely be looking for in the future (for the most part 'tell me who had this IP at this time') then the requirements in most cases are not overly arduous. Do you speak BGP to your customers? Good, stash the log file. Offer an email service? Stash the log file.
The legislation doesn’t mention “BGP.” There are plenty of companies who run BGP to customers who’ll never have to retain anything.
> Sure, from where we sit the legislation is poorly written. The process has been poorly handled. That's government, and that's life. Going in circles and having paranoia set in is not helping.
Spending your gross margin on retaining data when there’s no legal requirement to even answer AGD’s phone calls is also not helping.
- mark
More information about the AusNOG
mailing list