[AusNOG] Data Retention - are you kidding me??

David Beveridge dave at bevhost.com
Tue Nov 22 15:54:01 EST 2016


Really, I'm sorry, but how does the purported sender email address tell you
the source of on email communication?

On Tue, Nov 22, 2016 at 2:49 PM, Paul Brooks <paul.brooks at tridentsc.com.au>
wrote:

> On 22/11/2016 3:27 PM, David Beveridge wrote:
>
> https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/Dataset.pdf
>
> 2. The source of a communication
> Identifiers of a related account, service or device from which a
> communication has been sent or attempted to be sent by means of the
> relevant service.
>
> Identifiers for the source of a communication may include, but are not
> limited to:
> • the phone number, IMSI, IMEI from which a call or SMS was made
> • identifying details (such as username, address, number) of the account,
> service or device from which a text, voice, or multi-media communication
> was made (examples include email, Voice over IP (VoIP), instant message
> Topic Description of information Explanation or video communication)
> *• the IP address and port number allocated to the subscriber or device
> connected to the internet at the time of the communication, or *
> • any other service or device identifier known to the provider that
> uniquely identifies the source of the communication. *In all instances,
> the identifiers retained to identify the source of the communication are
> the ones relevant to, or used in, the operation of the particular service
> in question.*
>
>
> The question is about email application and email communications.
> Retaining the addressing information at the level of 'email application
> service'. The CAC and AGs have confirmed there is no requirement to retain
> addressing information at a different 'layer' than the service under
> question.
> TCP port numbers do not need to be retained for retaining information
> about emails and an email service. Nor ethernet MAC addresses or ATM cell
> IDs if thats the way you roll. Only identifiers relevent to the service
> under consideration - e.g. email addresses, and potentially email server
> DNS names if you provide specific names to your customers as part of your
> service definition.
>
> Note you aren't breaking any law by voluntarily providing port address
> information if you have it - nothing in the legislation says you can't
> provide additional information voluntarily. But you don't need to, for an
> email application service.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161122/a6f8b093/attachment.html>


More information about the AusNOG mailing list