[LINK] Senate committee probes AGD's data retention activities

Rick Welykochy rick at praxis.com.au
Mon Nov 1 19:59:40 AEDT 2010


Bernard Robertson-Dunn wrote:

> Assumption: We are talking here about accessing email via an ISP
> connection and POP.

How about another assumption. The data retention act will require
the logging of authentication information. This information comes
in handy when dealing with terrorists and child molesters. And such
information is rife throughout the Internet protocols, i.e. it can
be part of a URL:

telnet://nastyperson:password@nastysite.co.uk

or part of a protocol preamble, e.g. for email:

USER: nastyperson
PASS: password

or simply contained in a packet as content ... or "data" if so
defined by the act, e.g.

"My machine password is xyz"

At the risk of digressing, be aware that in the UK it is considered contempt
not to reveal authentication information when requested by the courts.

e.g.

<http://www.webuser.co.uk/news/top-stories/502161/teen-jailed-for-not-revealing-password>

In the USA defendants can "take the 5th (self-incrimination)" ...

<http://cyb3rcrim3.blogspot.com/search?q=revealing+password>



cheers
rickw





-- 
Rick Welykochy || Praxis Services

When choosing between two evils, I always like to take the one I haven't tried before.
      -- Mae West



More information about the Link mailing list