Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Australia Communications Government Privacy

Australian Gov't Tries To Force Telcos To Store User Metadata For 2 Years 58

AlbanX writes The Australian Government has introduced a bill that would require telecommunications carriers and service providers to retain the non-content data of Australian citizens for two years so it can be accessed — without a warrant — by local law enforcement agencies. Despite tabling the draft legislation into parliament, the bill doesn't actually specify the types of data the Government wants retained. The proposal has received a huge amount of criticism from the telco industry, other members of parliament and privacy groups. (The Sydney Morning Herald has some audio of discussion about the law.)
This discussion has been archived. No new comments can be posted.

Australian Gov't Tries To Force Telcos To Store User Metadata For 2 Years

Comments Filter:
  • Australia is trying to return to its roots as one big Penal Colony, with the citizens as the inmates?

    • by dbIII ( 701233 )
      Well our leader was up before the Judge twice, once for groping a girl from behind and once for theft of a traffic sign, so he resembles a criminal exported from the UK in some ways.
      • Well our leader was up before the Judge twice, once for groping a girl from behind and once for theft of a traffic sign, so he resembles a criminal exported from the UK in some ways.

        More to the point, he *is* from the UK. He was born there, studied there and - though it's been quietly forgotten about - may not be entitled to hold office unless he has given up his dual citizenship.

        • by dbIII ( 701233 )
          Yes. Soon to be Sir Tony is does have some behaviours that remind us that when he says "unaustralian" he really means not English. Other things like his hypocritical attacks on Slipper and Hanson which were really for defecting from the party convince me that he's not fit to hold a position of responsibility.
  • by ArcadeMan ( 2766669 ) on Thursday October 30, 2014 @09:36AM (#48268617)

    (Australian government looks at U.S.A. data retention laws)

    Australian government: You call that data retention laws?

    (Australian government pulls out their own data retention laws)

    Australian government: THAT'S data retention laws.

  • by Anonymous Coward

    1984 was 30 years ago. This is just plain fascism.

  • Yea no... (Score:5, Funny)

    by Charliemopps ( 1157495 ) on Thursday October 30, 2014 @09:39AM (#48268633)

    I've worked in the industry for almost 20yrs.
    It's not possible. Even just storing DHCP data to meet DMCA requests for a very small telco is gigabytes per day. Add their actual traffic to that? The cost of the storage space would make running an ISP totally unprofitable. Even if you did find a way to fund such a thing, how long do you think it would take a group like anonymous to launch on application that just pinged random IP's all day long? It would almost immediately crush the system.

    • by dablow ( 3670865 )
      Actual data would not fall under the definition of metadata. It would be actual data. And I believe at the moment, with the current hard drive storage tech available to enterprises and consumers, is impossible. For now. Stuff like IP address, URLs visited, emails sent and received from (not the entire email, just who you messaged and who messaged you), location data etc. can certainly be stored. Most logs will be in text which is highly compressible (I know from my systems gigs and gigs of logs generated d
      • Re:Yea no... (Score:4, Informative)

        by Charliemopps ( 1157495 ) on Thursday October 30, 2014 @10:21AM (#48268915)

        Actual data would not fall under the definition of metadata. It would be actual data. And I believe at the moment, with the current hard drive storage tech available to enterprises and consumers, is impossible. For now.

        Stuff like IP address, URLs visited, emails sent and received from (not the entire email, just who you messaged and who messaged you), location data etc. can certainly be stored. Most logs will be in text which is highly compressible (I know from my systems gigs and gigs of logs generated daily compresses often to less than 100MB).

        Right. I do it for a living. Compressed, 10gigs per day, just for DHCP logs. At that's just so you can know which customer had which IP at a particular time. I started a project to automate some of that, but the data was so immense it would have required dedicated servers and such parse it all. You have to remember, the IP gets assigned to a piece of equipment that is not at the customers house. It may appear to you that the ips actually on your router, but it's not. The customers router then connects to that through a vast internal network. It's not nearly as simple as your home lan. It's not "Bobby had 192.168.1.102" It's "Device 42:64:AB:65:??:?? had IP 192.168.1.102 and that device was on rack 123254856 and that rack was in cabnet 35489461 and that cabinet was in remote 452268212, on feeder trunk XYZ, which connected to MUX 6542584 and then left on copper card 2456684 on pair 5451815 which was frogged to 65628 which led to Ped 254-agd-5684 and left on drop pair 51547 and that pair was assigned to Bobby."

        But you may be thinking "All that stuffs static though!" it's not. It gets changed all the time. There are lightening storms, animals chew wires, equipment dies. In any given small town techs swap out hundreds of pairs, equipment, etc... daily. In the current real world, all you need to keep track of is how things are hooked up and what's bad. "Pair 1234 is bad, don't use it" and "Customer 5245 has this route" done... but if you want to know what IP they had at 12:45:01 on friday the 26th, you also have to know all of that intermediary equipment info to make the link. So now, you don't just need to know their plant records currently, you need to know what they were historically for 2 years! It's orders of magnitude more expensive and complicated than the current system. We're talking like overhauling the entire telco infrastructure. Plant records is one of the most expensive IT costs a telco has. Could we redesign the entire network to work differently and eliminate this problem? Yes... but we're talking about a massive project that would involve throwing out all of our equipment and training and starting over.

        Now, cable companies are different. I can't really speak to them. They work more like an old Bus network and the COAX is like a big antenna everyone shares. So, theoretically, I would think that the IP gets assigned directly to your cable modem via mac address. You'd have to ask someone that works for a cable company though. There may be a lot of problems there as well, I wouldn't know.

        • but if you want to know what IP they had at 12:45:01 on friday the 26th, you also have to know all of that intermediary equipment info to make the link.

          Shouldn't it be enough to know the IP, the date, and to have the notes on the network at the time? Are you using duplicate IP addresses within your network?

          • No... think of it this way, the network between your DSL modem and "the internet" is not an IP network. It's all hardware.
            So think about your home router or switch. If you have a computer for you and your wife in the house, and you unplug them from the router, swap the cables and plug them back in... you'd most likely retain the same IP, despite being plugged into a new port.

            Now, if you go to your local Telcos remote, open it up, and swap the cable pair your house is on with your neighbors house, you would

            • No... think of it this way, the network between your DSL modem and "the internet" is not an IP network. It's all hardware.

              Okay, but isn't it keeping track of which MAC the IP was given to, anyway? So ultimately, isn't there a mapping of IP to CPE?

              • No... think of it this way, the network between your DSL modem and "the internet" is not an IP network. It's all hardware.

                Okay, but isn't it keeping track of which MAC the IP was given to, anyway? So ultimately, isn't there a mapping of IP to CPE?

                No. This network is almost entirely analog.
                Even the bits that traverse Fiber/microwave/etc... are converted from analog to digital and back again.

                If you could do what you're suggesting, it would be great. Imagine a tech support agent being able to query the remote card from his desk while talking to you. You'd be able to diagnose the circuit remotely! That'd be great. But in reality, the way it works is the guy at the desk can query your modem and maybe the DSL card, but everything between those 2 devices i

            • by DeSigna ( 522207 )

              All true to a degree, however in AU at least, there's a couple of caveats.

              First, all physical endpoints must be identifiable. There are some exceptions, but the ACMA carrier licensing regulations around voice and data mean that in 99% of instances, much of the data you're describing must already be logged and made available when presented with a warrant. Much of the infrastructure is already in place. For example, it is illegal to activate a mobile SIM without providing ID (drivers' license information). Yo

              • All true to a degree, however in AU at least, there's a couple of caveats.

                First, all physical endpoints must be identifiable. There are some exceptions, but the ACMA carrier licensing regulations around voice and data mean that in 99% of instances, much of the data you're describing must already be logged and made available when presented with a warrant. Much of the infrastructure is already in place. For example, it is illegal to activate a mobile SIM without providing ID (drivers' license information). Your phone number is bound to your SIM identity so when you're making calls, it doesn't matter what the cell infrastructure or backhaul is doing, the CID and IPND data is traceable through all the carriers involved. All services hooking into the PSTN are required to provide valid endpoint location and responsible person data, even IP voice.

                Correct. And when presented with a warrant, those plant records are reviewed by hand for changes over time. This means the person reviewing the data checks for trouble tickets on every piece of equipment between the customer and the switch and verifies they were indeed the person on that equipment during the time frame in question. Often it's NOT, and you then have a scooby doo mystery on your hands figuring out which calls and such were related to what when and where.

                A report is typed up and forwarded on

        • Now, cable companies are different. I can't really speak to them. They work more like an old Bus network and the COAX is like a big antenna everyone shares

          Cable works with line cards in a head end, the line cards connect out to up converters which connect out to the physical network. The IP gets assigned directly to your CM via MAC, as you say. But some of these guys do use reserved networks, and some don't.

    • by AHuxley ( 892839 )
      Thats why a new net tax is needed to help with the costs.
      "Secret government briefing admits metadata law cost and warns of 'internet tax' campaign" (October 30, 2014) (video)
      http://www.smh.com.au/federal-... [smh.com.au]
      AFP will use data retention to fight piracy (Oct 30, 2014)
      http://www.itnews.com.au/News/... [itnews.com.au]
      ""Generally they do this in real-time, so the two years of holding this data probably doesn't make a lot of difference. That process of resolving an IP address to an account name is relevant, and it happ
    • It's not possible. Even just storing DHCP data to meet DMCA requests for a very small telco is gigabytes per day.

      A gigabyte of storage costs less than five cents. There are plenty of reasons why this is a bad idea, but cost of storage is not one of them.

      • A gigabyte of storage costs less than five cents.

        Tier 3 storage from well-known vendors is about $1/GB, plus yearly support costs. Sure, a consumer hard disk is only $0.05/GB, and even an enterprise SAS drive is only about $0.07/GB, but you need an array of these disks, along with the RAM, processors, RAID cards, networking gear, etc., to build up a large storage system.

        At my work, we are building a storage array from parts, using only quality equipment with at least 3 year warranties on every part. We are paying $0.22/GB (which is a steal), but that do

        • Sounds like a job for memristors. Petabytes of instantly accessible memory would probably do the trick. Likely 10 years out.
    • We saw this happening in Canada some years back (Thanks, Drew!) with the government of the day proposing ISPs being turned into attractive targets for anyone wanting to impersonate people ("identity theft").

      Worse, the kind of processing required to extract the metadata requires a machine the cost of one's main router, so people proposed ISPs should "just spool everything to disk" for a few days.

      The next thought was to call for a longer retention period...

      --dave
      [It didn't pass, somewhat miraculously

  • by dablow ( 3670865 ) on Thursday October 30, 2014 @09:49AM (#48268699)
    No point in singling out Ausies, the majority if not all Western governments are logging this. Makes 1984 look like the bastion of the free world....
    • And we are singling out the "western governments" for this, why exactly?

      Ah yes, I remember a quote I pulled recently:

      *fight the hypocrites - because they are much more dangerous than those who are fundamentally heretics*

  • We need a concerted effort by every citizen of the free world to visit a set list of suspicious sites like Muslim terrorist groups, white supremacy, anti-government, how to make a bomb, etc. just to 1.) Load up the data 2.) Devalue the data.

    Let's have a Skype-in and talk to each other, Muslim to Christian, Hindu to Jew.

    Then let's all Friend each other on Facebook, Instagram, Snapchat, etc.

    Let's go global.

    Let countries deal with GIGO.

    • Instead of running a background application to help find astronomical objects or help society in other ways, I could run a background application that pretended to be a popular web browser going to a mix of "normal" web sites and web sites that I know my government hates.

      Repeat this over 0.1% of the population and it would muddy the waters for investigators trying to see who is really visiting those web sites and who is just having their computer to it for the sake of doing it.

  • This is one of the laws that cause the pirate party to rise in Germany a few years ago. This australian law seems like a 1on1 rippoff of the German law that was brought upon us by the likes of Sith-Lord Schäuble [wikipedia.org] himself.

    Yepp, it's Germany folks. Better beer, better cars and even our surveillance laws make you potiticians envious.

  • An anonymous government official once said he never metadata he didn't like.

  • The biggest problem so far is there is not yet a definition of metadata as used in the bill. The plan is to pass it and then define what data is actually going to be kept later, so it could potentially be everything in web caches and full recordings of telephone calls.
  • I would suggest adding a fee to each bill that is clearly labeled "Government surveillance charge" to drive home the point and to remind customers of what is happening.
  • When I see these laws, I always wonder who those "telco" companies are supposed to be. Tor nodes and VPN providers don't need to lay cables, they are telco clients. Does the law provide for any server to keep metadata? Hm... that's interesting. I always wanted to see a clear-cut definition of what a server is.

    It looks as if the Internet was designed by someone different from the ITU.

  • As an Australia I can tell you this is just one of many abuses and deceptions this government has made, it lied about so many things to get into power and than crafted a fake "economic crisis" once in power ( when economists the world over agreed our economy was the envy of the world ) to try to remove socialized services like health care, welfare and education. The only things they could get through the senate were laws that LOST billions in revenue to the government like the carbon tax and the mining tax

Vitamin C deficiency is apauling.

Working...