Australian Gov't Tries To Force Telcos To Store User Metadata For 2 Years 58
AlbanX writes The Australian Government has introduced a bill that would require telecommunications carriers and service providers to retain the non-content data of Australian citizens for two years so it can be accessed — without a warrant — by local law enforcement agencies. Despite tabling the draft legislation into parliament, the bill doesn't actually specify the types of data the Government wants retained. The proposal has received a huge amount of criticism from the telco industry, other members of parliament and privacy groups. (The Sydney Morning Herald has some audio of discussion about the law.)
So, in other words... (Score:2)
Australia is trying to return to its roots as one big Penal Colony, with the citizens as the inmates?
Re: (Score:2)
Re: (Score:2)
Well our leader was up before the Judge twice, once for groping a girl from behind and once for theft of a traffic sign, so he resembles a criminal exported from the UK in some ways.
More to the point, he *is* from the UK. He was born there, studied there and - though it's been quietly forgotten about - may not be entitled to hold office unless he has given up his dual citizenship.
Re: (Score:2)
Crocodile Dundee (Score:5, Funny)
(Australian government looks at U.S.A. data retention laws)
Australian government: You call that data retention laws?
(Australian government pulls out their own data retention laws)
Australian government: THAT'S data retention laws.
Let's not call it 1984. (Score:1)
1984 was 30 years ago. This is just plain fascism.
Nineteen Eighty-Four (Score:1)
Nineteen Eighty-Four is timeless.
Yea no... (Score:5, Funny)
I've worked in the industry for almost 20yrs.
It's not possible. Even just storing DHCP data to meet DMCA requests for a very small telco is gigabytes per day. Add their actual traffic to that? The cost of the storage space would make running an ISP totally unprofitable. Even if you did find a way to fund such a thing, how long do you think it would take a group like anonymous to launch on application that just pinged random IP's all day long? It would almost immediately crush the system.
Re: (Score:1)
Re:Yea no... (Score:4, Informative)
Actual data would not fall under the definition of metadata. It would be actual data. And I believe at the moment, with the current hard drive storage tech available to enterprises and consumers, is impossible. For now.
Stuff like IP address, URLs visited, emails sent and received from (not the entire email, just who you messaged and who messaged you), location data etc. can certainly be stored. Most logs will be in text which is highly compressible (I know from my systems gigs and gigs of logs generated daily compresses often to less than 100MB).
Right. I do it for a living. Compressed, 10gigs per day, just for DHCP logs. At that's just so you can know which customer had which IP at a particular time. I started a project to automate some of that, but the data was so immense it would have required dedicated servers and such parse it all. You have to remember, the IP gets assigned to a piece of equipment that is not at the customers house. It may appear to you that the ips actually on your router, but it's not. The customers router then connects to that through a vast internal network. It's not nearly as simple as your home lan. It's not "Bobby had 192.168.1.102" It's "Device 42:64:AB:65:??:?? had IP 192.168.1.102 and that device was on rack 123254856 and that rack was in cabnet 35489461 and that cabinet was in remote 452268212, on feeder trunk XYZ, which connected to MUX 6542584 and then left on copper card 2456684 on pair 5451815 which was frogged to 65628 which led to Ped 254-agd-5684 and left on drop pair 51547 and that pair was assigned to Bobby."
But you may be thinking "All that stuffs static though!" it's not. It gets changed all the time. There are lightening storms, animals chew wires, equipment dies. In any given small town techs swap out hundreds of pairs, equipment, etc... daily. In the current real world, all you need to keep track of is how things are hooked up and what's bad. "Pair 1234 is bad, don't use it" and "Customer 5245 has this route" done... but if you want to know what IP they had at 12:45:01 on friday the 26th, you also have to know all of that intermediary equipment info to make the link. So now, you don't just need to know their plant records currently, you need to know what they were historically for 2 years! It's orders of magnitude more expensive and complicated than the current system. We're talking like overhauling the entire telco infrastructure. Plant records is one of the most expensive IT costs a telco has. Could we redesign the entire network to work differently and eliminate this problem? Yes... but we're talking about a massive project that would involve throwing out all of our equipment and training and starting over.
Now, cable companies are different. I can't really speak to them. They work more like an old Bus network and the COAX is like a big antenna everyone shares. So, theoretically, I would think that the IP gets assigned directly to your cable modem via mac address. You'd have to ask someone that works for a cable company though. There may be a lot of problems there as well, I wouldn't know.
Re: (Score:2)
but if you want to know what IP they had at 12:45:01 on friday the 26th, you also have to know all of that intermediary equipment info to make the link.
Shouldn't it be enough to know the IP, the date, and to have the notes on the network at the time? Are you using duplicate IP addresses within your network?
Re: (Score:2)
No... think of it this way, the network between your DSL modem and "the internet" is not an IP network. It's all hardware.
So think about your home router or switch. If you have a computer for you and your wife in the house, and you unplug them from the router, swap the cables and plug them back in... you'd most likely retain the same IP, despite being plugged into a new port.
Now, if you go to your local Telcos remote, open it up, and swap the cable pair your house is on with your neighbors house, you would
Re: (Score:2)
No... think of it this way, the network between your DSL modem and "the internet" is not an IP network. It's all hardware.
Okay, but isn't it keeping track of which MAC the IP was given to, anyway? So ultimately, isn't there a mapping of IP to CPE?
Re: (Score:2)
No... think of it this way, the network between your DSL modem and "the internet" is not an IP network. It's all hardware.
Okay, but isn't it keeping track of which MAC the IP was given to, anyway? So ultimately, isn't there a mapping of IP to CPE?
No. This network is almost entirely analog.
Even the bits that traverse Fiber/microwave/etc... are converted from analog to digital and back again.
If you could do what you're suggesting, it would be great. Imagine a tech support agent being able to query the remote card from his desk while talking to you. You'd be able to diagnose the circuit remotely! That'd be great. But in reality, the way it works is the guy at the desk can query your modem and maybe the DSL card, but everything between those 2 devices i
Re: (Score:2)
All true to a degree, however in AU at least, there's a couple of caveats.
First, all physical endpoints must be identifiable. There are some exceptions, but the ACMA carrier licensing regulations around voice and data mean that in 99% of instances, much of the data you're describing must already be logged and made available when presented with a warrant. Much of the infrastructure is already in place. For example, it is illegal to activate a mobile SIM without providing ID (drivers' license information). Yo
Re: (Score:2)
All true to a degree, however in AU at least, there's a couple of caveats.
First, all physical endpoints must be identifiable. There are some exceptions, but the ACMA carrier licensing regulations around voice and data mean that in 99% of instances, much of the data you're describing must already be logged and made available when presented with a warrant. Much of the infrastructure is already in place. For example, it is illegal to activate a mobile SIM without providing ID (drivers' license information). Your phone number is bound to your SIM identity so when you're making calls, it doesn't matter what the cell infrastructure or backhaul is doing, the CID and IPND data is traceable through all the carriers involved. All services hooking into the PSTN are required to provide valid endpoint location and responsible person data, even IP voice.
Correct. And when presented with a warrant, those plant records are reviewed by hand for changes over time. This means the person reviewing the data checks for trouble tickets on every piece of equipment between the customer and the switch and verifies they were indeed the person on that equipment during the time frame in question. Often it's NOT, and you then have a scooby doo mystery on your hands figuring out which calls and such were related to what when and where.
A report is typed up and forwarded on
Re: (Score:2)
Now, cable companies are different. I can't really speak to them. They work more like an old Bus network and the COAX is like a big antenna everyone shares
Cable works with line cards in a head end, the line cards connect out to up converters which connect out to the physical network. The IP gets assigned directly to your CM via MAC, as you say. But some of these guys do use reserved networks, and some don't.
Re: (Score:2)
"Secret government briefing admits metadata law cost and warns of 'internet tax' campaign" (October 30, 2014) (video)
http://www.smh.com.au/federal-... [smh.com.au]
AFP will use data retention to fight piracy (Oct 30, 2014)
http://www.itnews.com.au/News/... [itnews.com.au]
""Generally they do this in real-time, so the two years of holding this data probably doesn't make a lot of difference. That process of resolving an IP address to an account name is relevant, and it happ
Re: (Score:2)
It's not possible. Even just storing DHCP data to meet DMCA requests for a very small telco is gigabytes per day.
A gigabyte of storage costs less than five cents. There are plenty of reasons why this is a bad idea, but cost of storage is not one of them.
Re: (Score:2)
A gigabyte of storage costs less than five cents.
Tier 3 storage from well-known vendors is about $1/GB, plus yearly support costs. Sure, a consumer hard disk is only $0.05/GB, and even an enterprise SAS drive is only about $0.07/GB, but you need an array of these disks, along with the RAM, processors, RAID cards, networking gear, etc., to build up a large storage system.
At my work, we are building a storage array from parts, using only quality equipment with at least 3 year warranties on every part. We are paying $0.22/GB (which is a steal), but that do
Re: (Score:2)
Make the ISPs into targets (Score:2)
We saw this happening in Canada some years back (Thanks, Drew!) with the government of the day proposing ISPs being turned into attractive targets for anyone wanting to impersonate people ("identity theft").
Worse, the kind of processing required to extract the metadata requires a machine the cost of one's main router, so people proposed ISPs should "just spool everything to disk" for a few days.
The next thought was to call for a longer retention period...
--dave
[It didn't pass, somewhat miraculously
Re: (Score:2)
So how did he get elected?
1984? Yeah right if only..... (Score:3)
Re: (Score:1)
And we are singling out the "western governments" for this, why exactly?
Ah yes, I remember a quote I pulled recently:
*fight the hypocrites - because they are much more dangerous than those who are fundamentally heretics*
This is fucked up ... (Score:2)
We need a concerted effort by every citizen of the free world to visit a set list of suspicious sites like Muslim terrorist groups, white supremacy, anti-government, how to make a bomb, etc. just to 1.) Load up the data 2.) Devalue the data.
Let's have a Skype-in and talk to each other, Muslim to Christian, Hindu to Jew.
Then let's all Friend each other on Facebook, Instagram, Snapchat, etc.
Let's go global.
Let countries deal with GIGO.
That would make a nice background application (Score:1)
Instead of running a background application to help find astronomical objects or help society in other ways, I could run a background application that pretended to be a popular web browser going to a mix of "normal" web sites and web sites that I know my government hates.
Repeat this over 0.1% of the population and it would muddy the waters for investigators trying to see who is really visiting those web sites and who is just having their computer to it for the sake of doing it.
Re: (Score:3)
I figure once the government makes an example out of the first few people to do that, getting 0.1% of the population to join in will be an uphill battle.
Re: (Score:2)
Really.
That certainly works for porn.
Re: (Score:3)
Smartphones, tablets would still give up the gps and other data to the mobile network.
That works for a time (Score:1)
Yes VPN providers will just exit that encrypted Australian usage in another random country. All that will be collected is hours of usage to one ip range for years
That works for a time, until your VPN provider gets hit by the local-to-them equivalent of the USA's "national security letter."
Note to Aussies: Don't use a USA-based VPN, at least not as your final "exit node."
Re: (Score:2)
Buy VPN time with a crypto currency? Then buying crypto currency with an Australian issued credit card is an issue
Australia will just request help from all the more friendly VPN host countries to get credit card lists
Prepaid debit gift cards? (Score:1)
Don't Austrailians have practically-untrackable prepaid, non-refillable debit cards for Father Christmas give out?
In the USA mass purchases of such cards are traceable or require extra paperwork, as are refillable cards, but you can buy cards for small amounts like $50 at most grocery stores with cash and use them like a debit card. USD$50 should be more than enough for a few months of light-duty VPN use and probably more than enough for a single month of "everything I do goes through the VPN" use for a mo
Germanys "Vorratsdatenspeicherung" spreading. (Score:2)
This is one of the laws that cause the pirate party to rise in Germany a few years ago. This australian law seems like a 1on1 rippoff of the German law that was brought upon us by the likes of Sith-Lord Schäuble [wikipedia.org] himself.
Yepp, it's Germany folks. Better beer, better cars and even our surveillance laws make you potiticians envious.
Government official on Meta-data (Score:1)
An anonymous government official once said he never metadata he didn't like.
The biggest problem so far (Score:2)
Make it clear to customers (Score:2)
Telco who? (Score:1)
When I see these laws, I always wonder who those "telco" companies are supposed to be. Tor nodes and VPN providers don't need to lay cables, they are telco clients. Does the law provide for any server to keep metadata? Hm... that's interesting. I always wanted to see a clear-cut definition of what a server is.
It looks as if the Internet was designed by someone different from the ITU.
Just one more abuse from this government (Score:2)