[LINK] Senate committee probes AGD's data retention activities
Ben McGinnes
ben at adversary.org
Mon Nov 1 17:38:35 AEDT 2010
On 1/11/10 5:14 PM, Stilgherrian wrote:
>
> As far as I understand it, currently the police would need to get a
> warrant to get the IP-address-to-customer mappings. Unless, of
> course, the ISP chose to cooperate with the investigation on the
> basis of a polite request.
When I was at Connect the requests were routed through the company's
legal department, which would assess the request and/or warrant and
then send a relevant request to the security team.
As a more general note, I recall seeing such a request one time from
what was referred to at that time as the Child Protection Unit (in
Victoria it's SOCA). Everyone on that list that I knew of had the
answer in a couple of minutes, the official response to the legal
department was sent within 10 minutes and a few minutes after that the
support team was told that should they receive a call from
$ALLEGEDOFFENDER, that the call be transferred to $SENIORMANAGER.
The only information requested or needed in this case was standard
billing information, i.e. which username/email address had a
particular IP address at a particular time. All stuff from the RADIUS
logs.
> The new regime would guarantee that
> 1. the ISP would have the keep the information on file for N months,
> where N=24, probably,
I haven't seen anything yet on whether smaller networks
(e.g. businesses who run their own email servers, etc.) will also have
to provide metadata in the same way.
> and 2. the ISP would be guaranteed to release that information on
> the basis of a request by a "senior officer" rather than requiring a
> warrant.
I can see this going to a bad place, especially if the data retention
requirements extend to all Internet connected networks in the country.
> Of course a detective asking for a copy of someone telephone call
> records is a routine thing, and the police argument is that this is
> just applying that same logic to ISPs.
They already have that, it's easy to link an account to an IP address
and a time. Just like they can link a call to or from a phone number
to any other phone number at a particular time.
I think they're being somewhat disingenuous in this matter and I don't
think I'm the only one.
Regards,
Ben
--
Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x371AC5BFA04AE313
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20101101/ef16528c/attachment.sig>
More information about the Link
mailing list