Data Retention Should Last One Year, US Gov't Tells Australia

mask.of.sanity writes "The United States and Australia will enter bilateral talks in an attempt to unify controversial policies that would force internet providers to retain logs on the online habits of citizens. The US has urged Australia to take a moderate approach as it drafts its legislation and said it should not keep logs for longer than a year. Some EU nations keep the logs for as long as five years, although European nations disagree over the need for the plan." And of course, that's also how long we should keep recordings of everyone's phone calls, and copies of their (opened) mail, too.

This is bullshit

[DMJC]

I am an Australian citizen, and the government should not retain any online data about me. If they don't like that then they can go jump off a cliff. I will not be voting for any political party that supports data retention in the next election.

Re:

[somersault]

What if that party also supports cannibalism, or some other thing that you presumably dislike?

Re:

[ciderbrew]

Cannibalism is fine so long has you have anti murder or bodily harm laws in place.
I don't think there are many people who will take up cannibalism once legalised, licensed and taxed, which we will need records for (kept for around 50 years). So that's the party for me.

But I get your point.

Re:

[AmonTheMetalhead]

So you'll stop voting?

Re:

[Anonymous Coward]

He can't, voting is mandatory in Australia.

Unless you're an ex-pat, of course. ;-)

Re:

[kootsoop]

Vote parent up! The AC is right: voting IS mandatory in Australia, unless you are resident overseas.

Re:

[mjwx]

Vote parent up! The AC is right: voting IS mandatory in Australia, unless you are resident overseas.

Or get yourself stricken off the electoral rolls, not that hard if you try.

However I doubt not voting will do anything. If anything anyone dissatisfied with the two party government should vote for the independents or minor parties. At the current state of play in the Oz parliament the minor parties prevent the major parities (Liberal and Labor) from ruling by fiat. So a vote for a minor party is a vote

Re:

[tdelaney]

Wrong terminology.

A "donkey vote" is when you blindly vote for the first person/party on the ballot paper. This is why every party wants to be first on the paper (and why the position is randomly selected in Australia) - a lot of "donkeys" select it if they don't have a specific party they want to put first.

Turning in an invalid ballot paper is called an "informal vote".

Re:

[Cant use a slash wtf]

Incorrect. Turning up to vote and receiving a ballot paper is compulsory. You can pretty much do whatever you want with it though. You could use it as toilet paper if you wish. There is nothing to say that actually voting for any particular party or candidate is compulsory and many people refuse to. You could even scribble all over your vote and write quotes from Hitler on it if you wanted without actually numbering any of the boxes

plug

[Lord Ender]

They only have data on you if you let them. If you VPN through an endpoint in another country, all they have on you is ciphertext. I've been working on an encrypted VPN service to allow people to choose which country their internet traffic routes through. Doing this protects your privacy and also prevents you from being locked out of some web sites based on IP address. Yeah, this is a shameless plug, but it is also very relevant: Bouncee VPN service [bouncee.net]

Re:

[ItsLenny]

software only available in .exe ??? :-(

Re:

[Lord Ender]

Linux support works, but is still complicated to set up, so we can't really support it. There will be a tarball available as soon as we have it polished... We're just going from most popular to least popular platforms, hoping to support everything eventually.

Re:

[JeffAtl]

Governments can easily make it illegal to use encryption against them - the UK already has this in place. Governments can required to use their encryption system (Clipper chip idea), key escrow or just force you to give up the key when asked.

TPMs are already illegal in several countries.

Re:

[Lord Ender]

A VPN generates a random encryption key for each session and forgets it afterward. A government cannot force you to divulge something you do not and never knew.

Re:

[JeffAtl]

A government cannot force you to divulge something you do not and never knew.

Sure they can - if you can't provide decryption keys to them then when asked you go to prison. The government can take the stance that not having the ability to provide the keys it is your problem and not theirs. This is already the stance in the UK where 'forgetting' the encryption key used is not a valid defense.

Governments can also make it illegal for you to use a VPN in the first place, so the use of one is a crime in itself. Governments can also place the burden on the user to show that they aren't

Re:

[Lord Ender]

Since all SSL works this way, you are implying that SSL is illegal in the UK, or at least that the UK police could throw any citizen in prison at any time for the crime of using SSL.

Re:

[JeffAtl]

Not sure if you're being obtuse or just misunderstanding. I've stated what actions government legislatures could take to criminalize encryption and given examples of how these legal concepts have been implemented in various countries.

All I am saying is that VPNs may defeat some government prying right now, but if any method becomes a big enough problem for law enforcement, the legislature and/or the courts can criminalize it.

My other point is that governments don't have to accept reasonable explanations or

Re:

[Lord Ender]

If VPN and SSL become illegal in the UK they will have bigger problems to deal with... and any hacker with a packet sniffer will have an easy time grabbing whatever he wants.

As for today, however, there is no case in which any Western government has prosecuted someone for SSL or VPN, so I think you're being rather obtuse in suggesting a problem in this regard.

Re:

[Rick17JJ]

The Startpage search engine allows encrypted SSL connections and also the option of viewing the results through a proxy. For an encryped SSL connection to the Startpage search engine, type HTTPS instead of HTTP in the URL for Startpage. For example, either of the following will give an encrypted connection to their webpage:

https://startpage.com/ [startpage.com]
https://ixquick.com/ [ixquick.com]

Then, after searching for what you are looking for, click on the word “Proxy” after the most likely looking search result. By c

Re:

[c0lo]

What's wrong with Tor? Already plenty of endpoints in other countries.

Re:

[Lord Ender]

Which countries? Is it reliable? Do they give you the bandwidth to stream video? Do you trust your exit nodes?

Yeah, so that's the problem with tor.

Re:

[517714]

Do you think there is such a party?

Re:

[bonch]

Go back to bed, your government is in control! I'm sure we can trust the same politicians who want your internet habits retained for a year to be neutral and unbiased in "net neutrality," and we can believe in their objectivity in investigating Google, who has close ties with the Obama administration.

Government is the answer for everything. It is never corrupt or mismanaged, and when it does something wrong, it is easily punished.

Here's the map..

[headkase]

On Techdirt [techdirt.com]. It's a censorship and surveillance map. Notice how Australia already shares the dubious distinction of spying on their Citizens with Russia? Of course we're spied on here to but not to the same degree.

Re:Here's the map..

[dbIII]

Where do you think Australia gets the tried and tested surveillance technology from? Are you really sure you are not spied on to the same degree if not more?
You make think your agencies are fluffy vegans but reality is a carnivore tasting everything that comes down the wires it has access to.

Re:

[cforciea]

Ha ha! Carnivore. [wikipedia.org]

Re:

[Iamthecheese]

The Carnivore is dead and an even deadlier creature has arisen.

Re:

[mjwx]

The Carnivore is dead and an even deadlier creature has arisen.

You mean like a Zombie?

How about this?

[umaynome]

How about if the US just stops telling everyone else what to do?

Re:

[Anonymous Coward]

The headline was written to troll you. The Australian government's position is already the same as that of the United States; the quote from the Australian attorney general shows him citing the United States as an ally in the fight against excessive data retention periods. There's nothing except that bad headline to indicate some sort of policy incursion by the US.

Re:

[AHuxley]

From 5 years in the EU to 1 year is still a one year as the retention period. So its not a troll.

Re:

[one cup of coffee]

I hate to see you languishing at zero right now, I wish I had some mod points...

Re:

[ciderbrew]

ARe you telling him to do that?

We Need to find A Way to Break Free of ISPs

[commodore6502]

That is the weak point that allows governments to set-up their recorders and track everything the citizens do. We need to find a way to communicate directly with one another.

Either that or an amendment by the Member States to the Union constitution that mandates ISPs, telcos, banks, etc have the same protection as private homes (i.e. require a judge-issued warrant to search a citizen's account).

Re:

[commodore6502]

>>>the service has to be provided by someone for there to be any internet

There was internet before ISPs existed.

Re:

[KingMotley]

No, actually there wasn't. When the very first two computers were connected in California, the owners of those computers became the first two internet service providers.

Re:

[Dexter Herbivore]

Errr, no. ISPs supply a "service" to customers. That's not the same as directly connecting to a network by your self.

Re:

[KingMotley]

They supplied a service. If you wanted to connect to the internet, you had to get someone (or do it yourself) to run a connection to them, and they would route your data to/from the internet for you.

An ISP isn't (necessarily) the guy who runs the connection between them and you. Nor is it (necessarily) the guy who has a bank of modems waiting for you to dial into them. The ISP is what lies beyond that, and provides the service that routes your data to and from the internet.

Re:

[Kjella]

That is the weak point that allows governments to set-up their recorders and track everything the citizens do. We need to find a way to communicate directly with one another.

Walkie-talkies and wireless mesh networks? Oh please. We need the cell phone towers and the internet backbone to make it work.

It's better trying to create a network within the network. Instead of sending an email, you use $random open source message/file transfer system.

What worries me is the continous location they'll keep on my cell phone (most smart phones communicate all the time to check for mail etc), that I really don't see an easy way to avoid.

Re:

[betterunixthanunix]

There are plenty of people who build their own packet radio networks, you know. The only issue, really, is the latency and bandwidth on such networks -- you are not going to have an easy time watching Youtube videos when you are using a shortwave radio as a modem. Believe it or not, Fidonet still exists, and Fidonet nodes still maintain dialup or shortwave links between each other.

Re:

[commodore6502]

>>>Fidonet still exists

Great! I miss fidonet. Where do I access it?

Re:

[SuricouRaven]

Ubiquidous encryption would be a good start. Sure, it's breakable without a very good authentication system, and governments can always get the root CAs to issue something - but it takes time, effort and substantial hardware. It'd make it impossible to mass-trawl tens of thousands of users looking for dirt.

Government-approved encryption

[davidwr]

This post is encrypted in double-ROT13, which is approved by the good people in Canberra.

Re:

[SuricouRaven]

Smart phones? The old dumb phones left a record too. They still had to tell the network where they were in order for it to route the incoming call notification to the correct cell. If you want a non-trackable mobile, you have to go back to the pager days.

Re:

[mjwx]

That is the weak point that allows governments to set-up their recorders and track everything the citizens do.

Why break free?

In an online race between captors and captee's the captee's always have the advantage. Imagine TOR like system implemented in 90, 70 even 40% of consumer routers, If so many POP's (Point Of Presence) were to spew forth the data from 100 other POP's then which monitors would know the difference, the results to an automated, ever human monitored search would take so much time that

Re:

[Gripp]

as far as i understand that is how it has been. catch wind of a cyber crime, ASK the ISP for logs, or get a subpoena.
I personally don't understand WHY retaining logs for such a long amount of time would be helpful for such events. its not like they;re all of a sudden going to notice that "hey, a year ago, this IP tried to hack this other one" and go investigate. and its not like people spend a year attempting to hack something. maybe i'm being dense here, but what purpose would this serve? aside from f

Re:

[SuricouRaven]

It could have some uses. Rare, but plausible. I'm thinking more organised crime than hacking, though - "We caught a drug dealer, and he probably arranged purchase by email. Find out who." That, and the usefulness to government of "Give us every email you have addressed to wikileaks and bearing an attachment, so we can see who sent them those documents."

actually, it is a good law-enforcement tool

[davidwr]

It's very police-state-ish and has no business in a free society, but long-term data collection like this does aid the police.

Say the police get wind of a conspiracy several months after it started. With this data they can go back and piece together the earlier acts and find actors who are for the moment "sleeping" much easier.

This also works for non-conspiratorial crimes where the criminal is committing many ongoing crimes. For example, if a cop catches a pimp and his standard "modus operandi" is to chec

Mesh networks

[ItsLenny]

... I can't scream it loud enough MESH NETWORKS!!... if everyone had a $50 mesh network router in their house there would be no ISP or single point of failure http://www.open-mesh.com/ [open-mesh.com] ps... I have no affiliation with open mesh.. just always dreamed of a day when the internet could become a mesh network.. and yes I know it's just a DREAM

Re:

[c0lo]

FreedomBox for a starter [nytimes.com]?
Better put by NYT: Decentralizing the Internet So Big Brother Can’t Find You [nytimes.com]

With an initial capitalization via Kickstarter [kickstarter.com] (instead of VC or stock exchange).

Tradeoff

[Anonymous Coward]

Sure thing, but only after the same is applied to politicians (no immunity allowed) and companies of all sorts, public and private, specially offshore banks. Also recording talks inside government buildings should be mandated, a good Nixon like scandal would be "nice". Maybe then good things that actually benefit the poor and middle working class can happen.

Re:

[Dexter Herbivore]

Nixon? Bah, small fry compared to the Petrov Affair.

Reasonable Suspicion and Probable Cause

[TheSpoom]

...are apparently thrown out the window when the magic word "Internet" starts getting used.

Re:

[kwenf]

Same thing with any issue politicians use to win votes.

Re:

[Schadrach]

Wait, I thought the word that let you throw those out was "Terrorist"...or maybe "Pedophile"?

Re:

[TheSpoom]

Yeah, there have been a bunch of keyholes installed in the Fourth Amendment for easy government access. Even the "Communist" one still gets some use.

I work in the field of data protection

[Anonymous Coward]

...and let me tell you, one-year retention is EXPENSIVE. It kinda makes me laugh at the politicians who demand things like this, while they have no idea what such a system entails. Maybe the Australian gov't was planning on financing the tape libraries required to hold the PBs of logs generated every month by Australian citizens?

Re:

[ciderbrew]

Are you mental??????:)

No government has ever funded anything. They are going to tax people to pay for the tape libraries required to hold the PBs of logs generated every month by Australian citizens... It is what the people want.

Re:

[LordLimecat]

No government has ever funded anything

Is that some kind of hilarious new sarcasm?

Re:

[SQL Error]

No.

Oh yeah?

[jijacob]

If this is the case, then the US Government should be allowed to keep files on us for one year, but no longer. Quid Pro Quo.

Re:

[c6gunner]

I know it's unfashionable to read the article, but even a quick scroll through the summary would have made it obvious that the Aussie government wants longer retention periods, and the US is telling them that anything over a year is excessive.

A bit of a problem, for anyone named "Bruce"

[PolygamousRanchKid]

Or Sheila. When CSI: Perth shows up in your bar, and asks, "The USA wants to know, if there is anyone here named, 'Bruce or Sheila?", just look away and quaff down your Foster's.

Re:

[Anonymous Coward]

quaff down your Foster's.

You are obviously not Australian!

Fosters - the beer Australians wont drink

Re:A bit of a problem, for anyone named "Bruce"

[tehcyder]

quaff down your Foster's.

You are obviously not Australian!

Fosters - the beer Australians wont drink

Australians in the past would drink their own piss if you told them it had alcohol in it. Now they just export it, the crafty buggers.

Re:A bit of a problem, for anyone named "Bruce"

[TapeCutter]

"Sheila" is not a name it's a gender, the word is thought to be derived from this celtic god [wikipedia.org].

Re:

[mjwx]

The USA wants to know, if there is anyone here named, 'Bruce or Sheila?", just look away and quaff down your Foster's.

Fsck, no one in Oz drinks Fosters (owned by the bloody Dutch IIRC). Fosters is only for Export, nothing is too bad for the rest of the world.

Logs != recording phone calls

[buchanmilne]

force internet providers to retain logs on the online habits of citizens

And of course, that's also how long we should keep recordings of everyone's phone calls, and copies of their (opened) mail, too.

Right, because logs show what was *inside* all the traffic. Not.

(Almost all telcos retain CDRs, the telephonic equivalent of "logs on the online habits of citizens" for at least 3 years, surely all courier companies and most postal services keep records of items mailed for at least a year)

Re:

[anti-pop-frustration]

Right, because logs show what was *inside* all the traffic. Not.

As far as web traffic goes: websites logs + ISP logs = recorded phone call

Re:

[Rakshasa Taisab]

Three weeks.

That is how long telcos keep records in Norway, and the EU directive is having a hard time getting passed...

Re:

[SuricouRaven]

"surely all courier companies and most postal services keep records of items mailed for at least a year"

Recipient, maybe. But most letters sent have no return address - how can they know who sent it? They all get put in mailboxes, no sender ID required.

Score one for big brother

[ausrob]

How about.. _never_ retaining personal data unless it's been approved by a court order, much like it _used to be_ for wire taps and surveillance? This is just wrong.

Not all EU countries store data

[Lonewolf666]

In Germany, for example, a lawsuit against the one year data retention was successful and the Bundesverfassungsgericht (Germany's highest court which does only hear constitutional cases) nullified the law that required ISPs to store data for one year. In the conservative/neocon government there is currently a dispute about reintroducing it in a way that will survive a similar lawsuit.

What ISPs still may do in Germany is store data for up to seven days for technical reasons, or as long as necessary for billi

Wait, what?

[JustAnotherIdiot]

Correct me if I'm wrong, but wasn't the US government pressing its ISPs to retain data for /2 years/ a week or so ago?
And now it's telling another country not to do it for more than one?
Geez, the hypocrisy just doesn't have an off switch in our government.

Tin foil..

[gpinkham]

How long do you keep your tin foil beanies?

Re:

[Dexter Herbivore]

In the UK we wouldn't even wash our cars in Fosters.

I'm an Australian, and I've lived some time in the UK.. you sir, are sadly mistaken.

1 year you say? Which year?

[davidwr]

Would that be the the year of Andorea Plumanix 1, which revolves around its sun in about 2.72 Earth hours, or Glaxima Prime, which revolves around its sun in about 3.14 Earth hours?

It's time to consider.....

[joerog]

After 9/11, we all were willing to give up some freedoms and protections in the interest of protecting the country. It has been 10 years and its time to get back to 'normal' before the current state of affairs becomes the new 'normal'. Hosni Mubarak declared a state of emergency in his country 30 years ago and let it become the norm, making the suspension of individual rights and protections the new norm. It took 30 years for the people of Egypt to say 'enough is enough'. It is time to remind our leade