[AusNOG] Data Retention - are you kidding me??
Skeeve Stevens
skeeve+ausnog at eintellegonetworks.com
Thu Nov 17 05:14:10 EST 2016
No problems. Give them what they ask....
- but given there is no specific timeframe in which to responsd.... maybe
72+ hours after they ask. Keep telling the officer 'it shouldn't be too
long' every 30 minutes and tell him he is free to sleep their till the
morning, but not to move much if you have a security system of big dog.
- provide it in another language... maybe Swahili or Swedish Chef - but in
a hexdump
- print it on paper... a pallet worth and suggest that what he needs is
'probably in their somewhere'
- they say the data must be encrypted (s187BA(a)). They don't say it needs
to be decrypted when you give it to them
Btw... here is the full Act.
https://www.legislation.gov.au/Details/C2016C00889
Fun times.
...Skeeve
*Skeeve Stevens - Founder & The Architect* - eintellego Networks Pty Ltd
Email: skeeve at eintellegonetworks.com ; Web: eintellegonetworks.com
Cell +61 (0)414 753 383 ; Skype: skeeve ; LinkedIn: /in/skeeve
<http://linkedin.com/in/skeeve> ; Expert360: Profile
<https://expert360.com/profile/d54a9> ; Keybase: https://keybase.io/skeeve
On Wed, Nov 16, 2016 at 3:13 PM, Ross Wheeler <ausnog at rossw.net> wrote:
>
> Had a call a short while back... I think I've got the details right, but I
> sure hope I've got something wrong....
>
>
> ISP had a senior constable come in with a request for data.
> Request had been signed by said senior constable.
>
> As I understand the (meta)data retention legislation, a request has to be
> signed by a senior officer (commissioner or thereabouts), or a minister etc.
>
> I suggested to the ISP that I thought the request was not valid but to
> check it with the CAC. Had a call back a while later that basically the
> ACMA said to honour the request, and that if there was a problem "it would
> be caught in the audit later".
>
> This scares the pants off me.... if we're being told to just give the data
> out to low-level shitkickers with no senior level oversight or control,
> there's going to be no end of vexatious queries, fishing expeditions and
> trivial requests. Who's going to get banged up if we disclose private
> information that turns out (later) to have been given incorrectly? How will
> the damage to affected person(s) be undone?
>
> A highly, HIGHLY dangerous precedent. (This was a smaller non-metro ISP in
> a fairly out-of-the-way part of the world, perhaps for the very reason that
> if it blows up in their face they can hide it more effectively than if it
> was a large, highly visible isp).
>
> R.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161117/822f25c7/attachment.html>
More information about the AusNOG
mailing list