Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Australia Government Privacy The Internet

Australian ISPs Not Ready For Mandatory Data Retention (abc.net.au) 85

ferrisoxide.com writes: October 13 marks the day Australian ISPs are required by law to track all web site visits and emails of their users, but according to an article on the Australian Broadcasting Corporation's news site the majority of ISPs are not ready to begin mandatory data retention. The article's author, Will Ockenden, had previously released his own metadata to readers in an experiment to see how effectively this kind of data reveals personal habits of online users. The majority of Australians appear unconcerned with this level of scrutiny of their lives, given the minimal reaction to this and proposed tougher legislation designed to deal with the threats of crime and terrorism.
This discussion has been archived. No new comments can be posted.

Australian ISPs Not Ready For Mandatory Data Retention

Comments Filter:
  • by Anonymous Coward

    marks the day australian internet users start using vpn for everything, and not just netflix and hulu.

    • Small ISP (Score:4, Informative)

      by jellomizer ( 103300 ) on Tuesday October 13, 2015 @07:21AM (#50716553)

      My real issue is globally the loss of the small ISP. Back in the dialup days even outside major cities, we had access to dozens of ISP's we could pick the big global names just as AOL, Prodigy and Compuserve. But we we had access to a bunch of smaller ISP's who may have offered less services, but also were more affordable. 56.6k dial up for $8.50 a month was a good deal, or $20 for 100 Megabytes with no backout, there was also pricing like $25 for 50 hours. There were a lot of options and we could pick a style that was best for us. The ISP could offer these low prices (at the time) because they needed to cover the cost of a T1 line (about $1,000 a month) and x amount of LAN Lines, usually between 8-24. They could run the ISP with a small business of 1 person. They were not responsible for what their users did, or what they viewed. Nor did they really care to try, as logging all such traffic would fill up expensive Drive storage, which they often would rather keep for email and personal web hosting.

      Today ISP also own the infrastructure and have increasing requirements which makes them more expensive and worse customer experience.

      • by KGIII ( 973947 )

        Back home, in my state, DSL is able to be provisioned by any company willing to service the area. I paid a small company to run my lines and put in a CO. That company was purchased by Fairpoint. For a while, well outside of their region, I got my services from GWI. I went back to Fairpoint when they sent me a mailing offering a higher speed. They're not allowed to limit GWI's access but GWI didn't offer the increased speed. Fairpoint has since raised my speeds frequently and always sends me new hardware (th

  • by Njorthbiatr ( 3776975 ) on Tuesday October 13, 2015 @12:06AM (#50715571)

    This sounds like it will be fun to exploit.

    "What do you mean the servers are already full?!"

  • by Anonymous Coward

    So who isn't going to VPN out of the country and hosting their emails outside AU after this?

    So they will pay millions (through ISP sub fees) to track all the useless noise while maybe catching some really really stupid people?

    • by sd4f ( 1891894 ) on Tuesday October 13, 2015 @01:08AM (#50715669)

      This isn't even for monitoring. It's so that they have data to sift through after the fact, in other words, if you come to the attention of the police. Maybe at a later date they'll start to automate thingsand go through the metadata as it comes in, but at this stage, it's just requiring ISP's to store it for an extended period of time.

      Bottom line is, there's bipartisan support in parliament, so the public literally have no say on the issue.

      • by Anonymous Coward

        BAE Systems Detica, one of the biggest vendors/contractors, paid/pays the ACT Liberal Party $217,800 a year in rent.

        Do you think they're getting just the office space for that price?

      • by mjwx ( 966435 )

        Bottom line is, there's bipartisan support in parliament, so the public literally have no say on the issue.

        That isn't true.

        We dont operate on a strict two party system like the US does. All we need to do is get enough votes for the minor parties that oppose it (Primarily the Greens) in order for the major parties to be dependent on them. Things like this will be thrown to the wayside in order to secure minor party support on major policies. Also, don't vote Lib, the Labor party's backbench at least have a history of rebelling against things like this which is why Conroy's filter never came to fruition.

        Howe

        • by sd4f ( 1891894 )

          I know what I said is a simplification, but it's true in the context of the real world, and not the idealised parliamentary procedure. Take voting for the greens, they're a fringe party that struggles beyond 10%, they're popularity is also amongst the wealthiest inner city class, whilst deeply unpopular among the poorest classes in Australia. Now, we don't operate strictly in a two party system, but in practice we do. Technically speaking, when our parliaments were first formed, there wasn't a concept of a

    • Petty much sums it up. The only people winning here are the guys selling packet inspection and storage. The other day a BT sales guy was tell me that the Australian government is one of their globally largest customers for packet inspection and mitm SSL packet inspection tools.
      • by AHuxley ( 892839 )
        Re 'packet inspection and mitm SSL packet inspection tools"
        Yes any connection, search term, site visited is been tracked. The hard part is then to come up with a court friendly story about how that user was discovered.
        This logging and searching just gives open court cover for long term parallel construction methods.
  • What is in the "significant amount of new data" aspect?
    A user had an ip of ... at 6 am until 9am.
    Collection covers the given ip connected with a url, domain name, any terms or words that are not encrypted?
    The subscriber id, source of a communication, destination of a communication, date, time and duration of a communication, type or relevant service used, equipment used.
    Thats a lot of computer searchable data for two years and human readable words been kept :)
    Only the contents or substance of a commu
    • by dwywit ( 1109409 )

      Don't bet on it. The fuckers, particularly telstra/bigpond aren't ready, or are still fighting it.

      I logged a fault (bursts of line sync loss - it was going up and down like a yo-yo) yesterday, only to be told by the first-level droid that I wasn't experiencing dropouts - then he proceeded to the wi-fi troubleshooting script.

      To cut a long story short, 2nd level support and the "broadband test team" have both told me that their systems "aren't capable of detecting or logging dropouts". Just let that sink in f

  • Really bad idea (Score:4, Interesting)

    by fragMasterFlash ( 989911 ) on Tuesday October 13, 2015 @12:50AM (#50715625)
    While I'm certain the politicos who came up with this idea had nothing but the best intentions in mind they have in fact mandated sites keep a trove of data that will prove irresistible to blackhats. How many people will be blackmailed or have their lives turned upside down ala Ashley Madison over retained data that falls into nefarious hands before this ill conceived plan meets its Waterloo?
    • by AHuxley ( 892839 )
      Re "who came up with this idea had nothing but the best intentions in mind they have in fact mandated sites keep a trove of data that will prove irresistible"
      Be great for seeing whistleblowers reaching out to journalists :)
      Over the years will the views on the destination of a communication change? The look back for every user who connected to a site or device?
      Rather than just removing a book chapter at an authors house, why not see who connected to the author too ... and the next connection hops.
    • by HJED ( 1304957 )
      Yep, Telstra is notorious for losing customer data. I give it 12months from when they actually get it working until someone publishes the whole thing, the biggest technical difficulty would be finding somewhere to host the dump.
      That being said the law does require the data to be 'encrypted', which seems kinda stupid if they have thousands of systems writing to this database (which I assume they will if they are logging this amount of data). Just shows how the people who wrote the legislation had no underst
      • Re:Really bad idea (Score:4, Interesting)

        by MrKaos ( 858439 ) on Tuesday October 13, 2015 @05:00AM (#50716125) Journal

        That being said the law does require the data to be 'encrypted',

        Not quite. Section 187BA.a specifies that the data is to be encrypted, then in the compliance section later 187F.2.a it lets the provider off the hook with the whole encryption mechanism if it can't get the system to operate with it.

        Encryption is optional in the context of this act and was one of the things I suggested amending to be mandatory with the private key being held by the TIO. I did a detailed analysis of the legislation before it passed and whilst I won't include the letters I wrote to the senate, these are the sections of part one I thought needed to be amended to protect the population from fraud and slashdotters will probably get this immediately:

        Criticisms of specific sections in Part one:

        187AA.3A,3B remove because it introduces the possibility that any e-commerce business that is not a telecommunications provider can be forced to retain data and bare the cost of limiting their business throughput and capacity for expansion. For business this represents a rising linear cost that increases with additional customers.

        187B.2 Needs definition of who a CAC (Communications Access Controller) role answers to, which department, and limits to retention demands

        187B.2A change 'may' to 'must'

        187B.3.c Remove. Additional requirements from the CAC impose incremental infrastructure and capacity restraints on business coupled with forcing them into I.P cost and approval cycles every time infrastructure upgrades are required as a result of demands from the CAC. The business is forced to write for approval for mandatory upgrades to meet retention requirements demanded by the CAC.

        187BA.a Specify an minimum standard for encryption of data. Governmental should mandate minimum encryption standards revised regularly to protect consumers from fraud, organised crime, identity theft, harassment and so on. The same standard should control access to the data from all parties.

        187BA.c add allow encrypted access to the data by the entity or person that generated it.

        187E.2.b,c service providers must never be exempt from section 187BA when storing entity or personally generated data 187F.2.a add ensure adherence to encryption standards in 187BA; and

        187F.2.b add: whilst still complying with 187BA

        187F.2.f remove for the same reason as 187B.3.c

        187G.1 Law enforcement uses a secured access standard under 187BA.a to access the data

        187G.2.d change 'may' to 'must'

        187G 4,5 Define a criteria for the ACMA's collection requirements

        187K.1.d add: not approve an exemption from 187BA

        187KA.4 define the ACMA's relation to policing here

        187KA.4.f add: input from the PC and T.O

        187KA.5 remove: ACMA considerations have nothing to do with policing for terrorists

        187LA Should provide protection from abuse from government employees

        187M add: Section 187BA(a)(b),

        To clue you all in Section 187AA is the meat of the 80 page bill that defines what is captured. Section 187BA(a)(b) define, weakly, how the population will be protected from fraud. Whilst the single word change of 187B.2A is the critical change required to protect people from harassment. 187G.2.d give ISPs an out for complying with 187BA which further weakens the public's protection - as previously mentioned.

        Also, if you are an ISP and the CAC says 'hey - collect this as well' the ISP must create a new project plan, submit it for approval, for which can take an unknown time, then once approved the ISP has a limited time to comply or be fined. The insanity of the compliance process for ISPs is truly breathtaking.

        I feel sorry for my country and it's people. I work in IT, I understand how people will be defrauded because I've seen it and now I think it is inevitable that these cases will be more common. Our constitution says Australians are guaranteed 'responsible government' however I see this bill as a very

  • by DrNico ( 691592 ) on Tuesday October 13, 2015 @01:02AM (#50715653)
    I don't know that we Australians were "unconcerned with this level of scrutiny of their lives" so much as constantly distracted by horror at the continual appalling actions, stuff ups and general inability to govern of the Abbott government. Given a few moments to think about things other than government officials chartering helicopters to go to party functions, rape and other abuses of asylum speakers in our care, blackmailing of the academic community to support legislation, an incompetent Minister for Defence amongst many others ministers, bashing of the Muslim community, awarding Prince Philip a knighthood, abuse of the Royal Commission system to go after political adversaries, attacks on the state broadcaster for not towing the line, and on and on every week for 2 years, then perhaps we'd have had time to kick up a fuss about data retention. Now that Abbott has been kicked out by his own party we'll have a chance to have a proper think about data retention and what it means, though it's probably too late.
    • by sd4f ( 1891894 )

      You're so obviously biased. Now that Abbott is gone, do you realise that the mastermind behind this policy is in charge! After all Turnbull was communications minister up until a month ago, this is his policy!

      I've mentioned in a previous post though, the issue got bipartisan support, so the public have no say on this. Then the anti-Abbott campaign run by the ABC and fairfax really just shows how the news cycle was dominated by ideologues out for revenge. Meanwhile, important news, I end up reading about on

      • Lol, Turnbull was the communications minister who said that data retention was pointless!

        http://www.theguardian.com/aus... [theguardian.com]

        https://newmatilda.com/2015/10... [newmatilda.com]

        https://newmatilda.com/2015/10... [newmatilda.com]

        http://www.smh.com.au/federal-... [smh.com.au]

        But then again, he has done nothing to roll anything back now that he's in charge...

      • by dbIII ( 701233 )

        do you realise that the mastermind behind this policy is in charge! After all Turnbull was communications minister up until a month ago

        He was the minister of "just shut up and destroy the NBN so we can pretend that every policy before us was shit". "You can have my good mate Ziggy to help you empty the bank with no result".

        He had very little leeway to do anything unlike ministers in previous governments - which is why so little has been done at all by the government in a couple of years.

      • by Anonymous Coward

        "You're so obviously biased. Now that Abbott is gone, do you realise that the mastermind behind this policy is in charge! After all Turnbull was communications minister up until a month ago, this is his policy!"

        False. Turnbull was forced to implement the policy as a member of the Abbott government. Turnbull watered down the policy and added safeguards, while also giving public interviews describing what tools can be used to get around the system. Hardly the mastermind behind the policy.

      • by bug1 ( 96678 )

        the issue got bipartisan support

        Not because the center-left party agreed with the policy (or even understood it), they supported it because they have a policy of supporting all right wing security policies.

        They opposed a lot of other stuff and had to agree with the government on something so they were not labelled as obstructionist. A tactic that was used successfully against them when they where in government.

        Agreeing with the right wing government blindly on all security was also seen as a good strategy for the left as they had earnt a

        • Man, here in America we label the Republicans obstructionist and they wear the label like a badge of honor.
          • by bug1 ( 96678 )

            In our case, the leader of the obstructionists (Tony Abbott) won the election, but struggled to move to a more constructive mode when in power and became deeply unpopular. The center left party didnt want to be associated with tactics that failed once in power.

            Tony Abbott recently got dumped by his own party and was one of the shortest serving prime ministers in recent times.

            Ironically, he was replaced by a moderate within the right wing party, one of the few people who spoke out against data retention, was

            • Psh, politics are crazy everywhere. We're looking at possibly having our first actually socialist president here. Also we're likely on the verge of a massive re-alignment as the Republican party is losing voters on some critical wedge issues they've been using for a long time, their party is dying off and unless they figure out a way to attract more young people they're kinda screwed.
      • Re-read the comment. Abbott was the mastermind of incompetence and distraction. Now that he's gone people may have time to care about things such as data retention. Though in reality Abbott was just a face on which to lay blame. The problems in the government run deep on all sides of the political spectrum and it isn't solved by removing the figure head.

        • by sd4f ( 1891894 )

          Trust me they won't get any less distraction now without Abbott, and it's because the media is running the narrative of public discourse, and the media is filled to the brim with ideologues. They're too busy spreading their doctrine on their holy trinity of refugees, gay marriage and climate change.

          I just look at their coverage, when they do, of tech things, and on topics that I'm knowledgeable about, the Australian media is invariably hopelessly wrong.

      • by KGIII ( 973947 )

        To be fair, I often go to sites based in other countries and get my news there when it concerns certain topics. Journalism is now, and has always been, biased. There is no true fair and balanced journalism really - there probably never will be. I've taken a look into the history of "yellow journalism" and, yeah, it might actually be better today than it has ever been. At least we can, today, get our news from a wider group of sources which gives those interested some chance of actually finding out the truth

      • by mjwx ( 966435 )

        You're so obviously biased. Now that Abbott is gone, do you realise that the mastermind behind this policy is in charge! After all Turnbull was communications minister up until a month ago, this is his policy!

        This.

        As well as the mastermind behind killing the NBN (RIP NBN).

        The problem is, replacing Abbott with Turnbull is just putting a new coat of paint on a rotting, termite infested house. We've still got Bernardi, Brandis, Abetz and the rest of the miscreants. The sickness in the LNP is at its cor

    • by MrKaos ( 858439 )

      we'll have a chance to have a proper think about data retention and what it means, though it's probably too late.

      No, it isn't too late and if you are really sincere about doing something just copy the amendments the bill requires [slashdot.org] into a letter to your local MP. Feel free to copy my work - this is a problem that needs to be fixed and I am happy for anyone to use it.

    • But...I've been told by Australians that their country is a shining beacon of democracy! How can things be bad if that's true?!
  • VPN's are cheap. Thank goodness terrorists and criminals don't know they exist. http://bit.do/australian-vpn [bit.do]
  • Thankful I'm not Australian. Worse than America almost. Maybe they're trying to be like Britain.
    • by Anonymous Coward

      lol nice try, we are trying to be like the trainwreck USA, some areas we may surpass but many of the attempted dismantling of socialism and increasing of inequality failed with this government and one more leader was again bumped off before their first term finished.

    • by MrKaos ( 858439 )

      Thankful I'm not Australian. Worse than America almost. Maybe they're trying to be like Britain.

      Because there is a stronger bill of rights in UK and the US, the bill is tested in Australia, then cut down, applied in the US, cut down again and applied to the UK. You can see that pattern of legislation around the western world. If it is not in conflict with the constitution they will attempt to pass it.

  • For some reason, Estonia is heralded as something special and progressive when it comes to IT. It's far form it, when it come to privacy and basic human rights.
    Telcos are forced to keep EVERYTHING for 7 years. All your activities in the web are logged and so are all your phone calls and mobile data activities.
    If you look close, Estonia is a fucking privacy nightmare.

  • Reminds me ex EG (Score:2, Insightful)

    by Anonymous Coward

    Didint know Australia has such huge issues with terrorism that it forces them to spy all their citizens... Sounds more like something East-Germany might have had in place to enforce conforming with official truth.

  • by Gumbercules!! ( 1158841 ) on Tuesday October 13, 2015 @03:24AM (#50715947)
    The biggest problem is shown in the ABC article in the summary. At this time, ISPs are starting to do it but in a grace period (until April 2017). 84% of ISPs are storing data in plain text, right now, because of the "costs" of encryption. 61% of ISPs have applied to be permanently exempt from encrypting this data. Just looking at this, you already know this shit is going to get stolen. You just know it. Some ISPs will certainly have this data directly accessible from their corporate LANs and some will even have it accessible from the internet. You know it without even needing to be told. Because this shit happens all the time. Many of these ISPs will not have done much to get ready and they'll have shoddily made, inhouse systems that were made as quickly and cheaply as possible. So it's a certainty that this data is going to get stolen. And when that happens, who knows what information will be leaked, that someone really didn't want leaked. It'll make Ashley Madison look trivial.
    • Mod Insightful +++5

      Yes, you are absolutely correct, and the fact that the dipshits who conceived of this idea can't see that is astounding.
      The stored data will end up on pastebin or somesuch. Its only a matter of time.

      Really what all this scrutiny will do is just enhance the ever growing sense of paranoia in the First World, and lead to greater self censorship.
  • What would the government do then? Shut down the internet by forcing the ISPs to shut down? Put the owners in prison? Torture? Murder? It seems to be that unless the government is able and willing to supply internet service to the entire population there isn't much they can do to everyone.
  • by AndyKron ( 937105 ) on Tuesday October 13, 2015 @07:23AM (#50716559)
    "Australians appear unconcerned with this level of scrutiny of their lives" Sad. Just sad.
    • by quenda ( 644621 )

      "Australians appear unconcerned with this level of scrutiny of their lives" Sad. Just sad.

      If you have ever seen how much people post on Facebook, it is hardly surprising.

  • Block all non-encrypted traffic and record per-flow stats into a compressed store. It may be a little difficult for customers to find secure alternatives at first... helpful hints in an information packet snail mailed to your customers could go a long way to making the arrangement workable for your users.

    In the mean time Australian ISP associations should use every second they have left to make it clear to the world non-encrypted communications will no longer be accepted by Australian ISPs. If the world d

  • The metadata retention scheme requires the storage of:
    - Connection open time and duration
    - Your location
    - Total amount of data sent/received during the connection
    - Your IP address
    - * Does not require collecting the destination IP address, but it will be more effort to strip this out with lots of tools

    So if you're web browsing lots from home or making lots of connections to servers an ISP has to store lots of records. However, they only need one database row for your VPN connection!

    Then ISPs could offer disc

  • Want communications without data retention? Join a community network like the wireless groups.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    Air-Stream in South Australia http://air-stream.org/ [air-stream.org]
    WACAN in Western Australia http://www.wacan.asn.au/ [wacan.asn.au]
    Melbourne Wireless in Victoria http://melbourne.wireless.org.... [wireless.org.au]
    Canberra Wireless http://www.cwn.net.au/ [cwn.net.au]

    If there isn't one near you start your own and put up an access point for others to see.

My sister opened a computer store in Hawaii. She sells C shells down by the seashore.

Working...