[LINK] Senate committee probes AGD's data retention activities
rick at praxis.com.au
Mon Nov 1 18:00:26 AEDT 2010
>>> The "edited highlights" of Friday's session in the Senate Inquiry is now online as part of the "Patch Monday podcast.
Excellent insight into a senate inquiry, and the first segment I've bothered
listening to. Kudos to Ludlum for his questions and kudos to you for bringing
it to us.
> Of course a detective asking for a copy of someone telephone call records is a routine thing, and the police argument is that this is just applying that same logic to ISPs.
Ludlum made the important distinction between obtaining a hard copy of a telecommunication
instance and obtaining similar in digital form. And was elaborated upon later on in the piece, i.e.
traditionally such records contains who called who, when, how long and for what cost. The digital equivalent,
which is far easier to retain and access, is who accessed/downloaded/read/viewed/listened to/etc
what, when, with whom. And the "what" can be *anything* on the net, not just a phone call. It is
the non-virtual equivalent of law enforcement having access to a record of every magazine, movie, song,
practically any consumable citizens traditionally enjoy in private.
My thoughts turned to the technical requirements for the proposed data retention.
Is every TCP/IP session (not content), from connect through to disconnect, to be logged?
Is every UDP packet instance (not content) to be logged?
How about ICMP packets?
The above are service protocol neutral, which are of less value to law
enforcement on their own, in isolation. The higher level protocol might be
considered necessary to make any legal sense of the communication.
Thus, for a TCP/IP connection, is it an email? Examine the headers to find
out who it is from, where it is going ... or is that considered content?
For a web request, once again, is anything from the headers logged? And given
the nested nature of network protocols, one layer's wrapper is the next
layer's content. Where is the line drawn between data and metadata? These terms
were bandied about with much imprecision in the inquiry. As anyone who knows
his protocols will tell you, message headers are metadata, not content. And
yet in the context of data retention and law enforcement, message headers
(email and web once again) are certainly content as they contain private
information not just metadata.
I wonder what the EU is retaining these days?
Rick Welykochy || Praxis Services
Debra Jackson says she likes shopping at the Dollar Palace because it's
convenient and casual. "I don't have to get dressed up like I'm going
to Wal-mart or something," she said. -- spotted in a newspaper
More information about the Link