[LINK] Senate committee probes AGD's data retention activities
rene.ln at libertus.net
Mon Nov 1 18:55:53 AEDT 2010
(NB: I haven't listened to the transcipt or Patch Monday yet, but am
intending to soon. In the interim, I can probably help a bit re
questions/issues about existing law).
On Mon, 1 Nov 2010 17:14:12 +1100, Stilgherrian wrote:
> As far as I understand it, currently the police would need to get a
> warrant to get the IP-address-to-customer mappings.
No, under the existing Cth Telecommunications (Interception and Access Act)
("TIAA") as amended in about 2007, there is a distinction between police
authorised access to telecommunications "content" and "data". The
definition of "telecommunications data" in that Act is vague (and was the
subject of criticism in relation to the Bill at a relevant Sen Comm.
inquiry back then) but it would certainly enable police to obtain from an
ISP, without a "warrant" (but see more below) the name/addres of a customer
who was using a particular IP address at the time of interest to the police
(assuming the ISP still has a record of that, and currently they are not
required to keep such records for police or any else's purposes).
> course, the ISP chose to cooperate with the investigation on the
> basis of a polite request.
No, or at least unlikely. The approx. 2007 TIAA amendments made disclosure
by ISPs to police in response to a police 'polite request', unlawful/an
offence on the part of the ISP (a practice which was believed to be then
common which the Howard Govt decided was not appropriate).
Since then/2007 amendments, while police don't have to get a warrant
(issued by a judicial officer under the TIAA Act) in order to require ISPs
to disclose "telecommunications data", they do have to serve on the ISP an
"authorised request" as defined in the TIAA (signed by a senior police
officer or someone like that, I can't recall off hand which type of police
officers can sign but fairly senior) specifying what data they want (which
can't be an omnibus sort of request that could be wide fishing trip about
numerous people accessing something, it must specify a particular IP
address/times, or a person's name, etc).
Also, re what is "telecommunications data" my recollection is that in about
2007, AG dept told a Sen Comm (IIRC in response to questions raised by I
think EFA) that in AG Dept staff opinion "telecommunications data" does not
include the subject line of an email message which they reckoned would be
"content" and therefore require a warrant under the TIAA, but things like
that are not clear in the TIAA about about what is or not "data". My
recollection is, however, that certainly almost everything else in the
headers of email would be "data".
Similarly there were questions raised in 2007 about whether a URL is "data"
or "content", and I don't think there was ever any response that did
anything to clarify/shed any light that issue/question.
More information about the Link