[LINK] Senate committee probes AGD's data retention activities

Kim Holburn kim at holburn.net
Mon Nov 1 19:11:15 AEDT 2010 

On 2010/Nov/01, at 6:00 PM, Rick Welykochy wrote:

> Stilgherrian wrote:
> 
>>>> The "edited highlights" of Friday's session in the Senate Inquiry is now online as part of the "Patch Monday podcast.
>>>> http://www.zdnet.com.au/the-govt-s-data-retention-dreams-revealed-339306955.htm
> 
> Excellent insight into a senate inquiry, and the first segment I've bothered
> listening to. Kudos to Ludlum for his questions and kudos to you for bringing
> it to us.
> 
>> Of course a detective asking for a copy of someone telephone call records is a routine thing, and the police argument is that this is just applying that same logic to ISPs.
> 
> Ludlum made the important distinction between obtaining a hard copy of a telecommunication
> instance and obtaining similar in digital form. And was elaborated upon later on in the piece, i.e.
> traditionally such records contains who called who, when, how long and for what cost. The digital equivalent,
> which is far easier to retain and access, is who accessed/downloaded/read/viewed/listened to/etc
> what, when, with whom. And the "what" can be *anything* on the net, not just a phone call. It is
> the non-virtual equivalent of law enforcement having access to a record of every magazine, movie, song,
> practically any consumable citizens traditionally enjoy in private.
> 
> My thoughts turned to the technical requirements for the proposed data retention.
> 
> Is every TCP/IP session (not content), from connect through to disconnect, to be logged?
> Is every UDP packet instance (not content) to be logged?
> How about ICMP packets?

Anyone who wanted to could easily set up a VPN and the problem would go away for them.  They could also create a huge amount of random traffic to cloud the logs.  And we could be talking about a lot of data here.  A few bittorrent, and voip or skype sessions would create a lot of log entries.  A small well-designed DDoS attack on a customer might be able to take out the machine logging the data.

> The above are service protocol neutral, which are of less value to law
> enforcement on their own, in isolation. The higher level protocol might be
> considered necessary to make any legal sense of the communication.
> 
> Thus, for a TCP/IP connection, is it an email? Examine the headers to find
> out who it is from, where it is going ... or is that considered content?

An interesting question.  It's not clear if there will be any application level headers taken.  Most email traffic these days is or should be encrypted so it would not be possible.  Application level headers probably means an application gateway of some sort.  Encrypted connections cannot be analysed without a very sophisticated MITM attack which encrypted connections are designed to stop.

If they do decide to do this I should think many people and certainly anyone with things to hide will consider a level of encryption for everything they do.  Like they don't already.

> For a web request, once again, is anything from the headers logged? And given
> the nested nature of network protocols, one layer's wrapper is the next
> layer's content. Where is the line drawn between data and metadata? These terms
> were bandied about with much imprecision in the inquiry. As anyone who knows
> his protocols will tell you, message headers are metadata, not content. And
> yet in the context of data retention and law enforcement, message headers
> (email and web once again) are certainly content as they contain private
> information not just metadata.

If the filter is mandated, then ISPs will have to put in a proxy/application gateway for http and some ISPs already have them.  With a proxy they will have access to the http headers.

What about VOIP logs for VOIP companies?  Do they keep them?  Are they treated like normal phone logs?

> I wonder what the EU is retaining these days?

I think only a few countries do this.

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list