[LINK] Senate committee probes AGD's data retention activities

Ben McGinnes ben at adversary.org
Mon Nov 1 17:38:35 AEDT 2010

On 1/11/10 5:14 PM, Stilgherrian wrote:
> As far as I understand it, currently the police would need to get a
> warrant to get the IP-address-to-customer mappings. Unless, of
> course, the ISP chose to cooperate with the investigation on the
> basis of a polite request.

When I was at Connect the requests were routed through the company's
legal department, which would assess the request and/or warrant and
then send a relevant request to the security team.

As a more general note, I recall seeing such a request one time from
what was referred to at that time as the Child Protection Unit (in
Victoria it's SOCA).  Everyone on that list that I knew of had the
answer in a couple of minutes, the official response to the legal
department was sent within 10 minutes and a few minutes after that the
support team was told that should they receive a call from
$ALLEGEDOFFENDER, that the call be transferred to $SENIORMANAGER.

The only information requested or needed in this case was standard
billing information, i.e. which username/email address had a
particular IP address at a particular time.  All stuff from the RADIUS

> The new regime would guarantee that
> 1. the ISP would have the keep the information on file for N months,
> where N=24, probably,

I haven't seen anything yet on whether smaller networks
(e.g. businesses who run their own email servers, etc.) will also have
to provide metadata in the same way.

> and 2. the ISP would be guaranteed to release that information on
> the basis of a request by a "senior officer" rather than requiring a
> warrant.

I can see this going to a bad place, especially if the data retention
requirements extend to all Internet connected networks in the country.

> Of course a detective asking for a copy of someone telephone call
> records is a routine thing, and the police argument is that this is
> just applying that same logic to ISPs.

They already have that, it's easy to link an account to an IP address
and a time.  Just like they can link a call to or from a phone number
to any other phone number at a particular time.

I think they're being somewhat disingenuous in this matter and I don't
think I'm the only one.


Ben McGinnes  http://www.adversary.org/  Twitter: benmcginnes
    Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20101101/ef16528c/attachment.sig>

More information about the Link mailing list