[LINK] Government could demand Web history

[Kim Holburn]

On 2010/Jun/13, at 7:29 AM, Richard Chirgwin wrote:

> Kim, which of the known facts supports that statement? It looks to me
> like a bit of writer's license...

It depends what you mean by "a service".

>> According to the directive, where internet access is concerned, this
>> means the ISPs must retain the user ID of users, email addresses of
>> senders and recipients of email, the date and time that users logged
>> on and off from a service, and their IP address — whether dynamic or
>> static applied to their user ID.


> Yes, the proposal is objectionable, but I consider it important to  
> work
> with facts rather than screaming 72-point tabloid headlines.
>
> The EDD requires storage - but access to the stored data requires a
> court order.
>
> Moreover, we have a repeated journalistic assertion that web browsing
> history and e-mails are to be stored, even though:
> 1. The EDD, which is supposed to be the basis of the consideration,  
> does
> not ask for the storage of communication content; and
> 2. The AG department says it's not considering the content of the
> communications.
>
> I would criticise Dylan Welch for jumping off the edge of Telegraph
> Gorge on this story - except that everyone else seems to be doing the
> same thing. The extent of the proposed storage is a central fact of  
> the
> story, and nobo^h^h^h^h nearly nobody seems to care whether they  
> report
> it right or not.
>
> RC
>
> Kim Holburn wrote:
>> Note: "and they don't want to have to apply to a court to get it."
>>
>>
>> http://www.theage.com.au/technology/technology-news/big-brother-wants-all-your-bits-and-bytes-20100611-y3p3.html
>>
>>
>>> Big brother wants all your bits and bytes
>>> DYLAN WELCH June 12, 2010
>>> THE federal government wants your personal internet data, and they
>>> don't want to have to apply to a court to get it.
>>>
>>> Revelations that the federal government wants Australia's 400-odd
>>> internet service providers (ISPs) to log and retain customers'  web
>>> browsing data, so law enforcement can access it during criminal
>>> cases, have sparked alarm in the industry.
>>>
>>> Currently law enforcement needs court-approved search warrants
>>> before they can record someone's personal data via their ISP. The
>>> proposed regulation would mean companies would be forced to store
>>> certain information for several years just in case it was later
>>> needed.
>>>
>>> ''Once you store that information you increase the risk of abuse,''
>>> a source who works for an ISP said.
>>>
>>> ''We can put our hands on our hearts and say we're good guys and we
>>> don't do anything wrong, but can we say that of every other player
>>> in the market?'' the source said. ''Compliance would be a big
>>> question.''
>>>
>>> The proposed regulation was broached with industry late last year
>>> during consultations with the Attorney-General's Department and is
>>> believed to still be in its early stages.
>>>
>>> The spokesman for internet rights group Electronic Frontiers
>>> Australia, Geordie Guy, said it was ironic that the government was
>>> trying to encourage ISPs to retain data at the same time that it was
>>> chastising Google for doing a similar thing.
>>>
>>> ''The Attorney-General's Department has instructed the AFP to look
>>> at Google and their conduct in terms of sniffing wireless data … how
>>> they can expect to have any credibility when they are looking at
>>> instructing ISPs to do exactly the same thing, I'm not sure,'' Mr
>>> Guy said.
>>>
>>> The government's plans were revealed yesterday in an article by
>>> online tech magazine ZDNet.com.au.
>>>
>>> Australia is not the first country to consider compulsory data
>>> retention for its ISPs, and in 2006 the European Union adopted a
>>> policy that required some states to retain data for between six and
>>> 24 months.
>>>
>>> The Attorney-General's Department yesterday confirmed in a statement
>>> it was looking at the new regulation.
>>>
>>> ''The Attorney-General's Department has been looking at the European
>>> Directive on Data Retention, to consider whether such a regime is
>>> appropriate within Australia's law enforcement and security  
>>> context.''
>>>
>>> A spokesman for the Attorney-General, Robert McClelland, denied they
>>> would be looking to capture browsing history or data within  emails.
>>>
>>> ''The consultations relate to the information to identify the
>>> participants in crime networks and terrorist organisations,'' he
>>> said. ''It does not include the content of a communication.''
>>>
>>>
>>
>>
>> http://apcmag.com/govt-may-record-users-web-history-email-data.htm
>>
>>
>>> BREAKING: Govt wants access to your emails, browsing history
>>>
>>> Renai LeMay11 June 2010, 2:32 PM
>>> The Fed Govt is considering forcing Australian ISPs to retain data
>>> on how Australian citizens are using the internet, such as their
>>> sent and received email and browsing history.
>>>
>>> The Federal Government has confirmed it is considering a policy
>>> requiring Australian internet providers to retain precise data on
>>> how their users are using the internet, with the potential to
>>> include information on emails sent and — reportedly — their web
>>> browsing history.
>>>
>>> “The Attorney-General’s Department has been looking at the European
>>> Directive on Data Retention, to consider whether such a regime is
>>> appropriate within Australia’s law enforcement and security
>>> context,” a spokesperson for the department confirmed via email
>>> today. “It has consulted broadly with the telecommunications
>>> industry.”
>>>
>>> The spokesperson’s confirmation was also contained in a report by
>>> ZDNet.com.au (which broke this story), which stated that ISP
>>> industry sources had flagged the potential for the new regime to
>>> require ISPs to record each internet address (also known as URL)
>>> that an internet user visited.
>>>
>>> APC has contacted spokespeople from major ISPs such as Telstra,
>>> Optus, iiNet, Internode and Adam Internet to ask for a response on
>>> the matter, as well as the Internet Industry Association, a group
>>> which represents the ISPs. The office Communications Minister
>>> Stephen Conroy and the office of Attorney-General Robert McLelland
>>> have also been contacted for comment on the matter.
>>>
>>> The European Directive on Data Retention (2006) requires
>>> communications providers to retain a number of categories of data
>>> relating to their users.
>>>
>>> Broadly speaking, they must retain data necessary to trace and
>>> identify the source, destination, date, type, time and duration of
>>> communications — and even what communication equipment is being used
>>> by customers and the location of mobile transmissions.
>>>
>>> According to the directive, where internet access is concerned, this
>>> means the ISPs must retain the user ID of users, email addresses of
>>> senders and recipients of email, the date and time that users logged
>>> on and off from a service, and their IP address — whether dynamic or
>>> static applied to their user ID.
>>>
>>> For telephone conversations, this means the number from which calls
>>> were placed and the number that received the call, the owner of the
>>> telephone service and similar data such as the time and date of the
>>> call’s commencement and completion. For mobile phone numbers,
>>> geographic location data would also be included.
>>>
>>> The EU directive requires that no data regarding the content of
>>> communications be included, however, and it has directives regarding
>>> privacy, including the fact that data would be retained for periods
>>> of not less than six months and not more than two years from the
>>> date of the communication.
>>>
>>> Any data collected is to be destroyed at the end of that period.
>>>
>>
>>
>>
>>
>>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request