[AusNOG] (Abuse of) mandatory data retention information.

Ross Wheeler ausnog at rossw.net
Wed May 2 14:30:39 EST 2018



On Wed, 2 May 2018, Noel Butler wrote:

> This has been going on for decades, nothing to do with DR

Yes and no.
Section 282 certificate was an instrument we were given that removed the 
risk from us, because someone gave us that certificate which made giving 
up that information unambiguously legal from our perspective. Also, prior 
to DR we had basically no legal obligation to retain some (or any) data.

After DR, two things have changed.
1. We have a legal obligation to capture and securely retain a
    whole pile of things.
2. We are required to give extracts of that information
    when requested, and but DO NOT REQUIRE A WARRANT.


> requests ISP's have been getting long before DR was dreamt up, also IIRC 
> it needs to be signed off on by a commissioned officer (which included 
> snr Sgts in act Insp's capacity)

Yes, yes, data INTERCEPTION is a different thing, and PRE-MANDATORY-DR 
legislation, a warrant or similar instrument was required - BUT NOT NOW.


> So he's right, give it to them if it comes through formal channels,  
> AFP, ATO, Qld/NSW/Vic police have formal request forms (cant recall ever 
> processing requests from SA/WA/NT/Tas police)

I find it difficult to believe so many seem to be so badly mis-informed.
Any other time, I'd think it was me... but I'm absolutely certain it's 
not!


More information about the AusNOG mailing list