[AusNOG] Data Retention - are you kidding me??

Paul Brooks paul.brooks at tridentsc.com.au
Tue Nov 22 16:38:05 EST 2016


On 22/11/2016 3:54 PM, David Beveridge wrote:
> Really, I'm sorry, but how does the purported sender email address tell you the
> source of on email communication?

It doesn't.
The legislation says you need to give them what they asked for. Its not your problem
if it is useful to them or not, or if the originator has faked it.

The purported 'From:' line that users see displayed on the screen is part of the body
(content) of the message anyway (it is sent in the DATA block for SMTP protocol
messages) so its arguably irrelevent, but most email servers log it anyway.
Assuming its the SMTP protocol that underpins your email message transport service,
the name that their email server put in the 'RCVD:' SMTP field would be relevent
identifiers for the source of the communication, as would the IP address logged by
your email server of the email server that pushed the message to you [usually logged
in the same log line in square brackets]. Most email servers log these  items of
information on the same log line. You cannot know the original source IP address of
the machine that sent the message five SMTP transactions before, so no point trying to
find that out - thats their job.




 


>
> On Tue, Nov 22, 2016 at 2:49 PM, Paul Brooks <paul.brooks at tridentsc.com.au
> <mailto:paul.brooks at tridentsc.com.au>> wrote:
>
>     On 22/11/2016 3:27 PM, David Beveridge wrote:
>>     https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/Dataset.pdf
>>     <https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/Dataset.pdf>
>>
>>     2. The source of a communication 
>>     Identifiers of a related account, service or device from which a communication
>>     has been sent or attempted to be sent by means of the relevant service.
>>
>>     Identifiers for the source of a communication may include, but are not limited to: 
>>     • the phone number, IMSI, IMEI from which a call or SMS was made 
>>     • identifying details (such as username, address, number) of the account,
>>     service or device from which a text, voice, or multi-media communication was
>>     made (examples include email, Voice over IP (VoIP), instant message Topic
>>     Description of information Explanation or video communication) 
>>     *• the IP address and port number allocated to the subscriber or device
>>     connected to the internet at the time of the communication, or *
>>     • any other service or device identifier known to the provider that uniquely
>>     identifies the source of the communication.***In all instances, the identifiers
>>     retained to identify the source of the communication are the ones relevant to,
>>     or used in, the operation of the particular service in question.*
>
>     The question is about email application and email communications. Retaining the
>     addressing information at the level of 'email application service'. The CAC and
>     AGs have confirmed there is no requirement to retain addressing information at a
>     different 'layer' than the service under question.
>     TCP port numbers do not need to be retained for retaining information about
>     emails and an email service. Nor ethernet MAC addresses or ATM cell IDs if thats
>     the way you roll. Only identifiers relevent to the service under consideration -
>     e.g. email addresses, and potentially email server DNS names if you provide
>     specific names to your customers as part of your service definition.
>
>     Note you aren't breaking any law by voluntarily providing port address
>     information if you have it - nothing in the legislation says you can't provide
>     additional information voluntarily. But you don't need to, for an email
>     application service.
>
>


-- 

*Paul Brooks*

*Executive GM - Networks & Technology*

Email: paul.brooks at tridentsc.com.au

Mobile +61 414 366 605

 

Trident Logo <http://www.tridentsc.com.au>

*Trident Subsea Cable Pty Ltd*

*Pilbara Connectivity // South East Asia Systems*

Level 12, 37 Bligh Street, Sydney NSW 2000, Australia

http://www.tridentsc.com.au

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161122/d6febb8c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trident_logo213x69.png
Type: image/png
Size: 10602 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161122/d6febb8c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: paul_brooks.vcf
Type: text/x-vcard
Size: 303 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161122/d6febb8c/attachment.vcf>


More information about the AusNOG mailing list