[LINK] Senate committee probes AGD's data retention activities

rene rene.ln at libertus.net
Mon Nov 1 18:55:53 AEDT 2010 

(NB: I haven't listened to the transcipt or Patch Monday yet, but am 
intending to soon. In the interim, I can probably help a bit re 
questions/issues about existing law).

On Mon, 1 Nov 2010 17:14:12 +1100, Stilgherrian wrote:
> As far as I understand it, currently the police would need to get a
> warrant to get the IP-address-to-customer mappings. 

No, under the existing Cth Telecommunications (Interception and Access Act) 
("TIAA") as amended in about 2007, there is a distinction between police 
authorised access to telecommunications "content" and "data". The 
definition of "telecommunications data" in that Act is vague (and was the 
subject of criticism in relation to the Bill at a relevant Sen Comm. 
inquiry back then) but it would certainly enable police to obtain from an 
ISP, without a "warrant" (but see more below) the name/addres of a customer 
who was using a particular IP address at the time of interest to the police 
(assuming the ISP still has a record of that, and currently they are not 
required to keep such records for police or any else's purposes).

>Unless, of
> course, the ISP chose to cooperate with the investigation on the
> basis of a polite request. 

No, or at least unlikely. The approx. 2007 TIAA amendments made disclosure 
by ISPs to police in response to a police 'polite request', unlawful/an 
offence on the part of the ISP (a practice which was believed to be then 
common which the Howard Govt decided was not appropriate). 

Since then/2007 amendments, while police don't have to get a warrant 
(issued by a judicial officer under the TIAA Act) in order to require ISPs 
to disclose "telecommunications data", they do have to serve on the ISP an 
"authorised request" as defined in the TIAA (signed by a senior police 
officer or someone like that, I can't recall off hand which type of police 
officers can sign but fairly senior) specifying what data they want (which 
can't be an omnibus sort of request that could be wide fishing trip about 
numerous people accessing something, it must specify a particular IP 
address/times, or a person's name, etc).

Also, re what is "telecommunications data" my recollection is that in about 
2007, AG dept told a Sen Comm (IIRC in response to questions raised by I 
think EFA) that in AG Dept staff opinion "telecommunications data" does not 
include the subject line of an email message which they reckoned would be 
"content" and therefore require a warrant under the TIAA, but things like 
that are not clear in the TIAA about about what is or not "data". My 
recollection is, however, that certainly almost everything else in the 
headers of email would be "data". 

Similarly there were questions raised in 2007 about whether a URL is "data" 
or "content", and I don't think there was ever any response that did 
anything to clarify/shed any light that issue/question.

Irene

More information about the Link mailing list