[LINK] Senate committee probes AGD's data retention activities
stil at stilgherrian.com
Wed Nov 3 20:43:01 AEDT 2010
On 03/11/2010, at 8:27 PM, Craig Sanders wrote:
> massive data retention archives would be an attractive target for
> spammers, scammers, and identity thieves. as well as plain old marketing
> vermin. and spooks and industrial espionage agents. etc. etc.
> what, if any, kind of access protection is being proposed for the data?
> are the ISPs just supposed to store it on disk somewhere, so that it's
> available when an appropriate request/warrant is submitted?
> if ISPs are going to be required to store all this data, then they must
> also be required to protect it - AND keep an audit log of every access.
> which, of course, impacts on the "who's going to pay for all this?"
> question. with the added fun of "who's going to be liable if there's
> an unauthorised access?". also, what happens when several months worth
> of data just vanish due to a server or disk dying - should the data
> be backed up, and if so who's going to pay for the staff, equipment
> and media to perform the backups? and is/will there be a documented
> procedure for secure wiping & disposal of old servers and media?
> since it seems to be fashionable demand these days, let's have a
> cost/benefit analysis of all this data retention - what are the actual
> benefits, *who* benefits, how much is it going to cost, and who pays for
> it all?
> PS: there are also FOI implications - can an individual request a copy
> of some/any/all data retained? *should* they be able to? what if the
> data isn't really "theirs" (i.e. the usual "an IP address does not
> identify a person" problem).
Craig, that's a nice list of key issues these data retention ideas raise. While the AGD's people were keen to tell the Senate Inquiry that there are no proposals yet, that they're just discussions ideas which might leads to a model, the heavily-redacted document from March has, on page 2, the heading "Mandatory Data Retention Proposal". And then, except for the first two lines, the entirety of the rest of the page is redacted.
In the non-redacted parts of this consultation paper, the words "privacy" or "security" do not appear at all.
Which shows the mindset of the AGD here.
Internet, IT and Media Consulting, Sydney, Australia
mobile +61 407 623 600
fax +61 2 8569 2006
ABN 25 231 641 421
More information about the Link