Australian ISPs Not Ready For Mandatory Data Retention (abc.net.au) 85
ferrisoxide.com writes: October 13 marks the day Australian ISPs are required by law to track all web site visits and emails of their users, but according to an article on the Australian Broadcasting Corporation's news site the majority of ISPs are not ready to begin mandatory data retention. The article's author, Will Ockenden, had previously released his own metadata to readers in an experiment to see how effectively this kind of data reveals personal habits of online users. The majority of Australians appear unconcerned with this level of scrutiny of their lives, given the minimal reaction to this and proposed tougher legislation designed to deal with the threats of crime and terrorism.
october 14th.. (Score:1)
marks the day australian internet users start using vpn for everything, and not just netflix and hulu.
Small ISP (Score:4, Informative)
My real issue is globally the loss of the small ISP. Back in the dialup days even outside major cities, we had access to dozens of ISP's we could pick the big global names just as AOL, Prodigy and Compuserve. But we we had access to a bunch of smaller ISP's who may have offered less services, but also were more affordable. 56.6k dial up for $8.50 a month was a good deal, or $20 for 100 Megabytes with no backout, there was also pricing like $25 for 50 hours. There were a lot of options and we could pick a style that was best for us. The ISP could offer these low prices (at the time) because they needed to cover the cost of a T1 line (about $1,000 a month) and x amount of LAN Lines, usually between 8-24. They could run the ISP with a small business of 1 person. They were not responsible for what their users did, or what they viewed. Nor did they really care to try, as logging all such traffic would fill up expensive Drive storage, which they often would rather keep for email and personal web hosting.
Today ISP also own the infrastructure and have increasing requirements which makes them more expensive and worse customer experience.
Re: (Score:1)
Back home, in my state, DSL is able to be provisioned by any company willing to service the area. I paid a small company to run my lines and put in a CO. That company was purchased by Fairpoint. For a while, well outside of their region, I got my services from GWI. I went back to Fairpoint when they sent me a mailing offering a higher speed. They're not allowed to limit GWI's access but GWI didn't offer the increased speed. Fairpoint has since raised my speeds frequently and always sends me new hardware (th
Lol (Score:3)
This sounds like it will be fun to exploit.
"What do you mean the servers are already full?!"
Re:Lol (Score:4, Interesting)
No, you need to make 800GB of random web page requests. I suggest google searches for
a list of 'interesting' keywords...
Re: (Score:3)
While it isn't quite at the "800GB of random web page requests", there is a Firefox Add-On that can help with that sort of thing: TrackMeNot [mozilla.org]. At a user-configurable interval, it sends out semi-random search queries to a number of number of search engines (it pulls the search terms from a variety of RSS feeds of trending topics). It's aimed more at "poisoning the well" of search-engines databases than intelligence-agencies, but it helps ;-)
Re: (Score:2)
We have an unlimited account with out ISP. While it would be fun to mess with this, it's not the fault of the ISPs that this happened. I don't know that punishing them is the best strategy.
Tracking only the stupid people (Score:1)
So who isn't going to VPN out of the country and hosting their emails outside AU after this?
So they will pay millions (through ISP sub fees) to track all the useless noise while maybe catching some really really stupid people?
Re:Tracking only the stupid people (Score:4)
This isn't even for monitoring. It's so that they have data to sift through after the fact, in other words, if you come to the attention of the police. Maybe at a later date they'll start to automate thingsand go through the metadata as it comes in, but at this stage, it's just requiring ISP's to store it for an extended period of time.
Bottom line is, there's bipartisan support in parliament, so the public literally have no say on the issue.
Re: (Score:1)
BAE Systems Detica, one of the biggest vendors/contractors, paid/pays the ACT Liberal Party $217,800 a year in rent.
Do you think they're getting just the office space for that price?
Re: (Score:2)
Bottom line is, there's bipartisan support in parliament, so the public literally have no say on the issue.
That isn't true.
We dont operate on a strict two party system like the US does. All we need to do is get enough votes for the minor parties that oppose it (Primarily the Greens) in order for the major parties to be dependent on them. Things like this will be thrown to the wayside in order to secure minor party support on major policies. Also, don't vote Lib, the Labor party's backbench at least have a history of rebelling against things like this which is why Conroy's filter never came to fruition.
Howe
Re: (Score:2)
I know what I said is a simplification, but it's true in the context of the real world, and not the idealised parliamentary procedure. Take voting for the greens, they're a fringe party that struggles beyond 10%, they're popularity is also amongst the wealthiest inner city class, whilst deeply unpopular among the poorest classes in Australia. Now, we don't operate strictly in a two party system, but in practice we do. Technically speaking, when our parliaments were first formed, there wasn't a concept of a
Re: Tracking only the stupid people (Score:3)
Re: (Score:2)
Yes any connection, search term, site visited is been tracked. The hard part is then to come up with a court friendly story about how that user was discovered.
This logging and searching just gives open court cover for long term parallel construction methods.
Re: Tracking only the stupid people (Score:2)
What could be collected? (Score:2)
A user had an ip of
Collection covers the given ip connected with a url, domain name, any terms or words that are not encrypted?
The subscriber id, source of a communication, destination of a communication, date, time and duration of a communication, type or relevant service used, equipment used.
Thats a lot of computer searchable data for two years and human readable words been kept
Only the contents or substance of a commu
Re: (Score:3)
Don't bet on it. The fuckers, particularly telstra/bigpond aren't ready, or are still fighting it.
I logged a fault (bursts of line sync loss - it was going up and down like a yo-yo) yesterday, only to be told by the first-level droid that I wasn't experiencing dropouts - then he proceeded to the wi-fi troubleshooting script.
To cut a long story short, 2nd level support and the "broadband test team" have both told me that their systems "aren't capable of detecting or logging dropouts". Just let that sink in f
Really bad idea (Score:4, Interesting)
Re: (Score:2)
Be great for seeing whistleblowers reaching out to journalists
Over the years will the views on the destination of a communication change? The look back for every user who connected to a site or device?
Rather than just removing a book chapter at an authors house, why not see who connected to the author too
Re: (Score:2)
That being said the law does require the data to be 'encrypted', which seems kinda stupid if they have thousands of systems writing to this database (which I assume they will if they are logging this amount of data). Just shows how the people who wrote the legislation had no underst
Re:Really bad idea (Score:4, Interesting)
That being said the law does require the data to be 'encrypted',
Not quite. Section 187BA.a specifies that the data is to be encrypted, then in the compliance section later 187F.2.a it lets the provider off the hook with the whole encryption mechanism if it can't get the system to operate with it.
Encryption is optional in the context of this act and was one of the things I suggested amending to be mandatory with the private key being held by the TIO. I did a detailed analysis of the legislation before it passed and whilst I won't include the letters I wrote to the senate, these are the sections of part one I thought needed to be amended to protect the population from fraud and slashdotters will probably get this immediately:
Criticisms of specific sections in Part one:
187AA.3A,3B remove because it introduces the possibility that any e-commerce business that is not a telecommunications provider can be forced to retain data and bare the cost of limiting their business throughput and capacity for expansion. For business this represents a rising linear cost that increases with additional customers.
187B.2 Needs definition of who a CAC (Communications Access Controller) role answers to, which department, and limits to retention demands
187B.2A change 'may' to 'must'
187B.3.c Remove. Additional requirements from the CAC impose incremental infrastructure and capacity restraints on business coupled with forcing them into I.P cost and approval cycles every time infrastructure upgrades are required as a result of demands from the CAC. The business is forced to write for approval for mandatory upgrades to meet retention requirements demanded by the CAC.
187BA.a Specify an minimum standard for encryption of data. Governmental should mandate minimum encryption standards revised regularly to protect consumers from fraud, organised crime, identity theft, harassment and so on. The same standard should control access to the data from all parties.
187BA.c add allow encrypted access to the data by the entity or person that generated it.
187E.2.b,c service providers must never be exempt from section 187BA when storing entity or personally generated data 187F.2.a add ensure adherence to encryption standards in 187BA; and
187F.2.b add: whilst still complying with 187BA
187F.2.f remove for the same reason as 187B.3.c
187G.1 Law enforcement uses a secured access standard under 187BA.a to access the data
187G.2.d change 'may' to 'must'
187G 4,5 Define a criteria for the ACMA's collection requirements
187K.1.d add: not approve an exemption from 187BA
187KA.4 define the ACMA's relation to policing here
187KA.4.f add: input from the PC and T.O
187KA.5 remove: ACMA considerations have nothing to do with policing for terrorists
187LA Should provide protection from abuse from government employees
187M add: Section 187BA(a)(b),
To clue you all in Section 187AA is the meat of the 80 page bill that defines what is captured. Section 187BA(a)(b) define, weakly, how the population will be protected from fraud. Whilst the single word change of 187B.2A is the critical change required to protect people from harassment. 187G.2.d give ISPs an out for complying with 187BA which further weakens the public's protection - as previously mentioned.
Also, if you are an ISP and the CAC says 'hey - collect this as well' the ISP must create a new project plan, submit it for approval, for which can take an unknown time, then once approved the ISP has a limited time to comply or be fined. The insanity of the compliance process for ISPs is truly breathtaking.
I feel sorry for my country and it's people. I work in IT, I understand how people will be defrauded because I've seen it and now I think it is inevitable that these cases will be more common. Our constitution says Australians are guaranteed 'responsible government' however I see this bill as a very
Unconcerned with this level of scrutiny? (Score:5, Informative)
Re: (Score:2)
I am sure the Australians would be more than happy to let the Chinese live in the desert. They are on their own for food, water, electricity, and data though.
Re: (Score:2)
You're so obviously biased. Now that Abbott is gone, do you realise that the mastermind behind this policy is in charge! After all Turnbull was communications minister up until a month ago, this is his policy!
I've mentioned in a previous post though, the issue got bipartisan support, so the public have no say on this. Then the anti-Abbott campaign run by the ABC and fairfax really just shows how the news cycle was dominated by ideologues out for revenge. Meanwhile, important news, I end up reading about on
Re: (Score:3)
Lol, Turnbull was the communications minister who said that data retention was pointless!
http://www.theguardian.com/aus... [theguardian.com]
https://newmatilda.com/2015/10... [newmatilda.com]
https://newmatilda.com/2015/10... [newmatilda.com]
http://www.smh.com.au/federal-... [smh.com.au]
But then again, he has done nothing to roll anything back now that he's in charge...
Re: (Score:2)
He was the minister of "just shut up and destroy the NBN so we can pretend that every policy before us was shit". "You can have my good mate Ziggy to help you empty the bank with no result".
He had very little leeway to do anything unlike ministers in previous governments - which is why so little has been done at all by the government in a couple of years.
Re: (Score:1)
"You're so obviously biased. Now that Abbott is gone, do you realise that the mastermind behind this policy is in charge! After all Turnbull was communications minister up until a month ago, this is his policy!"
False. Turnbull was forced to implement the policy as a member of the Abbott government. Turnbull watered down the policy and added safeguards, while also giving public interviews describing what tools can be used to get around the system. Hardly the mastermind behind the policy.
Re: (Score:2)
the issue got bipartisan support
Not because the center-left party agreed with the policy (or even understood it), they supported it because they have a policy of supporting all right wing security policies.
They opposed a lot of other stuff and had to agree with the government on something so they were not labelled as obstructionist. A tactic that was used successfully against them when they where in government.
Agreeing with the right wing government blindly on all security was also seen as a good strategy for the left as they had earnt a
Re: (Score:2)
Re: (Score:2)
In our case, the leader of the obstructionists (Tony Abbott) won the election, but struggled to move to a more constructive mode when in power and became deeply unpopular. The center left party didnt want to be associated with tactics that failed once in power.
Tony Abbott recently got dumped by his own party and was one of the shortest serving prime ministers in recent times.
Ironically, he was replaced by a moderate within the right wing party, one of the few people who spoke out against data retention, was
Re: (Score:2)
Re: (Score:2)
Re-read the comment. Abbott was the mastermind of incompetence and distraction. Now that he's gone people may have time to care about things such as data retention. Though in reality Abbott was just a face on which to lay blame. The problems in the government run deep on all sides of the political spectrum and it isn't solved by removing the figure head.
Re: (Score:2)
Trust me they won't get any less distraction now without Abbott, and it's because the media is running the narrative of public discourse, and the media is filled to the brim with ideologues. They're too busy spreading their doctrine on their holy trinity of refugees, gay marriage and climate change.
I just look at their coverage, when they do, of tech things, and on topics that I'm knowledgeable about, the Australian media is invariably hopelessly wrong.
Re: (Score:1)
To be fair, I often go to sites based in other countries and get my news there when it concerns certain topics. Journalism is now, and has always been, biased. There is no true fair and balanced journalism really - there probably never will be. I've taken a look into the history of "yellow journalism" and, yeah, it might actually be better today than it has ever been. At least we can, today, get our news from a wider group of sources which gives those interested some chance of actually finding out the truth
Re: (Score:2)
This.
As well as the mastermind behind killing the NBN (RIP NBN).
The problem is, replacing Abbott with Turnbull is just putting a new coat of paint on a rotting, termite infested house. We've still got Bernardi, Brandis, Abetz and the rest of the miscreants. The sickness in the LNP is at its cor
Re: (Score:1)
Maybe if you'd not let them take the firearms away in the first place that sort of question might not seriously be up for debate. I'll never understand why citizens willingly disarm themselves and I'm sure that's due to my cultural bias. However, I've tried to think about it logically and reason my way to understanding. The only conclusion I can make is that those citizens did not use logic and reason their way to understanding. Fear will do that, I suppose.
Me? I'm willing to accept that some violence occur
Re: (Score:2)
we'll have a chance to have a proper think about data retention and what it means, though it's probably too late.
No, it isn't too late and if you are really sincere about doing something just copy the amendments the bill requires [slashdot.org] into a letter to your local MP. Feel free to copy my work - this is a problem that needs to be fixed and I am happy for anyone to use it.
Re: (Score:2)
VPN is here (Score:2)
Thankful (Score:2)
Re: (Score:1)
lol nice try, we are trying to be like the trainwreck USA, some areas we may surpass but many of the attempted dismantling of socialism and increasing of inequality failed with this government and one more leader was again bumped off before their first term finished.
Re: (Score:2)
Thankful I'm not Australian. Worse than America almost. Maybe they're trying to be like Britain.
Because there is a stronger bill of rights in UK and the US, the bill is tested in Australia, then cut down, applied in the US, cut down again and applied to the UK. You can see that pattern of legislation around the western world. If it is not in conflict with the constitution they will attempt to pass it.
Estonia has 7 y mandatory data retention for Telec (Score:1)
For some reason, Estonia is heralded as something special and progressive when it comes to IT. It's far form it, when it come to privacy and basic human rights.
Telcos are forced to keep EVERYTHING for 7 years. All your activities in the web are logged and so are all your phone calls and mobile data activities.
If you look close, Estonia is a fucking privacy nightmare.
Reminds me ex EG (Score:2, Insightful)
Didint know Australia has such huge issues with terrorism that it forces them to spy all their citizens... Sounds more like something East-Germany might have had in place to enforce conforming with official truth.
Disaster waiting to happen (Score:5, Insightful)
Re: (Score:2)
Yes, you are absolutely correct, and the fact that the dipshits who conceived of this idea can't see that is astounding.
The stored data will end up on pastebin or somesuch. Its only a matter of time.
Really what all this scrutiny will do is just enhance the ever growing sense of paranoia in the First World, and lead to greater self censorship.
What if every ISP said no? (Score:1)
Sad. Just sad. (Score:3)
Re: (Score:2)
"Australians appear unconcerned with this level of scrutiny of their lives" Sad. Just sad.
If you have ever seen how much people post on Facebook, it is hardly surprising.
Helpful hint for Australian ISPs (Score:2)
Block all non-encrypted traffic and record per-flow stats into a compressed store. It may be a little difficult for customers to find secure alternatives at first... helpful hints in an information packet snail mailed to your customers could go a long way to making the arrangement workable for your users.
In the mean time Australian ISP associations should use every second they have left to make it clear to the world non-encrypted communications will no longer be accepted by Australian ISPs. If the world d
Help an ISP and use a VPN (Score:1)
The metadata retention scheme requires the storage of:
- Connection open time and duration
- Your location
- Total amount of data sent/received during the connection
- Your IP address
- * Does not require collecting the destination IP address, but it will be more effort to strip this out with lots of tools
So if you're web browsing lots from home or making lots of connections to servers an ISP has to store lots of records. However, they only need one database row for your VPN connection!
Then ISPs could offer disc
Community (Score:1)
Want communications without data retention? Join a community network like the wireless groups.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Air-Stream in South Australia http://air-stream.org/ [air-stream.org]
WACAN in Western Australia http://www.wacan.asn.au/ [wacan.asn.au]
Melbourne Wireless in Victoria http://melbourne.wireless.org.... [wireless.org.au]
Canberra Wireless http://www.cwn.net.au/ [cwn.net.au]
If there isn't one near you start your own and put up an access point for others to see.