[AusNOG] Data Retention - are you kidding me??

Paul Wilkins paulwilkins369 at gmail.com
Wed Nov 16 16:46:23 EST 2016


I think the point is that the feds require an authorised senior executive.

State police I'd assume will also be requesting authorisation, but does
show tremendous chutzpah on the part of a senior constable to be asking for
DR metadata.

The difficulty is that while they're required to advise the CAC, there's no
right for you to withhold information pending CAC clarification. So the
onus is on operators to know whose authority they're required to recognise
before they step in the door. Nor does it help the CAC don't publish this,
which perhaps they should.

I am not a lawyer. This is not legal expert opinion.

Kind regards

Paul Wilkins

On 16 November 2016 at 16:22, Robert Hudson <hudrob at gmail.com> wrote:

> My understanding of the term "officer" in this context comes from "office
> bearer" (ie an individual granted authority to act on behalf of an
> organisation) rather than the the rank which is held by said individual.
>
> When someone comes along and claims to be authorised, I suspect you'd want
> to be asking for the letter from the commissioner authorising them to act
> on behalf of the AFP in that particular matter.
>
> IANAL, nor do I play one on television.  This not legal advice.
>
> :)
>
> Regards,
>
> Robert
>
> On 16 November 2016 at 16:00, Paul Wilkins <paulwilkins369 at gmail.com>
> wrote:
>
>> There is no precedent. The access to data is governed under the
>> TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979
>>
>>
>> S  5AB provides that:
>>
>> (1A)  The Commissioner of Police may authorise, in writing, a senior
>> executive AFP employee who is a member of the Australian Federal Police to
>> be an authorised officer.
>>
>>
>> Firstly, a senior constable is not an officer. They're an NCO. Secondly,
>> ask the CAC for a copy of their authorisation, as provided under:
>>
>>
>> (2)  A copy of an authorisation must be given to the Communications
>> Access Coordinator:
>>
>>
>> I am not a lawyer. This is not expert opinion.
>>
>>
>> Kind regards
>>
>>
>> Paul Wilkins
>>
>> On 16 November 2016 at 15:13, Ross Wheeler <ausnog at rossw.net> wrote:
>>
>>>
>>> Had a call a short while back... I think I've got the details right, but
>>> I sure hope I've got something wrong....
>>>
>>>
>>> ISP had a senior constable come in with a request for data.
>>> Request had been signed by said senior constable.
>>>
>>> As I understand the (meta)data retention legislation, a request has to
>>> be signed by a senior officer (commissioner or thereabouts), or a minister
>>> etc.
>>>
>>> I suggested to the ISP that I thought the request was not valid but to
>>> check it with the CAC. Had a call back a while later that basically the
>>> ACMA said to honour the request, and that if there was a problem "it would
>>> be caught in the audit later".
>>>
>>> This scares the pants off me.... if we're being told to just give the
>>> data out to low-level shitkickers with no senior level oversight or
>>> control, there's going to be no end of vexatious queries, fishing
>>> expeditions and trivial requests. Who's going to get banged up if we
>>> disclose private information that turns out (later) to have been given
>>> incorrectly? How will the damage to affected person(s) be undone?
>>>
>>> A highly, HIGHLY dangerous precedent. (This was a smaller non-metro ISP
>>> in a fairly out-of-the-way part of the world, perhaps for the very reason
>>> that if it blows up in their face they can hide it more effectively than if
>>> it was a large, highly visible isp).
>>>
>>> R.
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161116/7d9b44c4/attachment.html>


More information about the AusNOG mailing list