From: Digest To: "OS/2GenAu Digest" Date: Mon, 24 Aug 2015 00:00:21 WST-8WST,10,1,0,7200,4,1,0,7200,0 Subject: [os2genau_digest] No. 2113 Reply-To: os2genau_digest at os2site.com X-List-Unsubscribe: www.os2site.com/list/ ************************************************** Sunday 23 August 2015 Number 2113 ************************************************** Subjects for today 1 Re: Australian Data Retention Legislation : Peter Moylan 2 Re: Australian Data Retention Legislation : **= Email 1 ==========================** Date: Sun, 23 Aug 2015 15:44:47 +1000 From: Peter Moylan Subject: Re: Australian Data Retention Legislation On 2015-Aug-22 04:54, deadmail wrote: > Hi All, > > FYI > > This email list needs to comply with the "Australian > Data Retention Legislation" of 2015. As of the > 13th October 2015, all information in relation to > email headers of emails received, emails sent, and > in the case of this email list, the entire contents of > the email body will be kept for possible retrieval > of every person the Australian government deems > has a need to have access to such information. > > [Basically anyone from Local, State, Federal > Government, or law enforcement here in Australia] This message left me a little worried, and I had to go away and read the act. That didn't much help without a lawyer, because there's a lot in there that's ambiguous. (For example, must incoming e-mail be logged, including spam that's been blocked by a firewall, or only outgoing?) As I read it, you still have another year to find an off-shore VPN, and you're entitled to apply for a government grant for the cost of implementing the changes. Most likely those grants will be given only to the big players, though. As far as I can tell, I'm safe for now. My mailing lists are hosted in less paranoid countries, and my mail server seems to be covered by the "immediate circle" rule. I have no idea, though, whether I'll have to turn off my web and ftp servers. I think that's covered by the fact that requests are coming in from outside. Technically, as I read the rules, it will be ftp and web _clients_ that will become illegal, but it should take the government a long time to figure that out. > The list is archived anyway so really there is no > main problem that I can see except I need to > retain the actual email logs from Weasel as well > as the list emails. Except that they have to be stored in encrypted form, as I read the rules. It would be interesting to see whether one-way encryption would satisfy the rules. A court would probably rule that the encryption has to be one that Australia's spy agencies have already cracked, but I don't see such a provision in what I've read. > In the not to distant future it also looks like the AG's > department here in Australia will also be dictating what > hardware and software can, and cannot be used in > Australia on public networks in the interest of > National Security. That ones going to be interesting... Another interesting case that could arise: I still have a university e-mail account, but I don't use it because the university, in its stupidity, gave the contract for e-mail management to Microsoft, and Microsoft has an arrangement with America's NSA to supply it with a copy of all mail. The people "in the know" at the university have warned everyone never to send "commercial in confidence" information via a university e-mail account, but the management just doesn't care. Now, it is not possible for Australia's spies to get information captured by American spies, and clearly the university is already in violation of the confidentiality rules. What can/will the AG do about that? -- Peter Moylan peter at pmoylan.org http://www.pmoylan.org A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ----------------------------------------------- To Subscribe/Unsubscribe go to =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This is a pulp free product. **= Email 2 ==========================** Date: Sun, 23 Aug 2015 15:06:32 +0800 (WST) From: Subject: Re: Australian Data Retention Legislation Hi Peter, I was going to reply privately but figured I might as well leave it all on the mailing list. > This message left me a little worried, and I had to go away and read the > act. That didn't much help without a lawyer, because there's a lot in > there that's ambiguous. (For example, must incoming e-mail be logged, > including spam that's been blocked by a firewall, or only outgoing?) I'm on Internet Org Australia, AusNOG and a few other lists and the only way I think most have muddled there way through it is to go back and forth with the AG's dept who have a dedicated email address and phone line. Note that when you go through the process everything becomes confidential, which makes it hard to pass on information. They have however helped with a fact sheet that https://www.internet.org.au/ and the Comms Alliance have all helped with. Anyone wants a copy, happy to email it to you. > As I read it, you still have another year to find an off-shore VPN, and > you're entitled to apply for a government grant for the cost of > implementing the changes. Most likely those grants will be given only to > the big players, though. Actually, no one knows who gets that money, or when, or how much and under what conditions, and it only covers a fraction of the costs. Many are of the opinion that the end game is to remove a lot of the smaller comm's players to make it easier for law enforcement to track and trace people. You have to have a DRiP in, which is basically a plan of how you are going to become compliant, and when you expect to. That DRiP should have been in by 13th August 2015 though there is some scope for delayed submission. No one else has said it but I will mention that the AG's (Attorney Generals) Dept is ending up with a nice up to date map of who does what that can also be cross referenced with the TIO's office. Strangely enough, I cant see that helping track terrorists and others - MacDonalds and other public WiFi areas are exempt :o) > As far as I can tell, I'm safe for now. My mailing lists are hosted in > less paranoid countries, and my mail server seems to be covered by the > "immediate circle" rule. I have no idea, though, whether I'll have to > turn off my web and ftp servers. I think that's covered by the fact that > requests are coming in from outside. Technically, as I read the rules, > it will be ftp and web _clients_ that will become illegal, but it should > take the government a long time to figure that out. It doesnt apply to HTTP/Web servers or FTP servers, it is a Communication Bill so it only applies to communications such as email, IRC and VoIP. So your email lists are safe, and you can ignore the legislation unless you start hosting an email list here in Australia, then you can probably apply for an exemption if your willing to follow the paper trail but dont expect any funds to cover any of it. I cant say to much about "immediate circle" as what that means really depends on where you look but I do get the impression that means an email server for family and friends, or a small business based server is exempt if it is only for the usage of that one company and not for public usage. > > The list is archived anyway so really there is no > > main problem that I can see except I need to > > retain the actual email logs from Weasel as well > > as the list emails. > > Except that they have to be stored in encrypted form, as I read the > rules. It would be interesting to see whether one-way encryption would > satisfy the rules. A court would probably rule that the encryption has > to be one that Australia's spy agencies have already cracked, but I > don't see such a provision in what I've read. If the archives are public then encryption can be ignored as you are not required to encrypt and store if you still need the data for normal business. If I were to remove the public archives then I would be required to encrypt and store the data for two years. I would also be required to have in place a system to handle peoples applications for copies of thier private data, which means stripping out everyone elses data so only the applicants data is provided back to them. See what I mean by its all becoming to hard to bother with. > > In the not to distant future it also looks like the AG's > > department here in Australia will also be dictating what > > hardware and software can, and cannot be used in > > Australia on public networks in the interest of > > National Security. That ones going to be interesting... > > Another interesting case that could arise: I still have a university > e-mail account, but I don't use it because the university, in its > stupidity, gave the contract for e-mail management to Microsoft, and > Microsoft has an arrangement with America's NSA to supply it with a copy > of all mail. The people "in the know" at the university have warned > everyone never to send "commercial in confidence" information via a > university e-mail account, but the management just doesn't care. The above is not covered by Australian law unless it is hosted in Australia. As to the NSA, I will only say point of entry and leave the rest to your imagination. > Now, it is not possible for Australia's spies to get information > captured by American spies, and clearly the university is already in > violation of the confidentiality rules. What can/will the AG do about that? They can and do. Australia, NZ, UK and USA all have data sharing agreements, as to the nitty gritty, thats up to your imagination, or a search engine. I use to do contract work for AT&T in the 90's, and I'm not dumb as to what, how, and why some equipment was configured. And the AG doesnt have to do anything about it :o) The Trans Pacific Agreement thingy would make things a lot more clearer re the law and obligations BUT that also means we would very likely have to also have the same copyright and other laws as USA, and likely the same or a very similiar court system. From what I've heard the Australian Gov has already said it will not be going with that agreement in its current form. Cheers Ian Manners http://www.os2site.com/ ----------------------------------------------- To Subscribe/Unsubscribe go to =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This is a pulp free product.