* Posts by czthomas

34 publicly visible posts • joined 3 Nov 2015

Australia's metadata retention scheme costs telcos $500k per cuffing

czthomas

Re: What a waste of money.

A VPN doesn't make one jot of difference to the data retained under the Data Retention Act.

On the other hand, it does expose your connection details and internet activity to whoever runs and who ever has access to the servers that provide the VPN service.

czthomas

Yes, they know how many requests are made every year, and in fact 2016-2017 had about 10% fewer than the previous year.

These kinds of requests have been the norm since the 1979 Telecomms Act, so the only ISPs having trouble are the ones who weren't keeping proper records in the first place, which is why the Labor government had to have this updated legislation drawn up.

There is no "huge trawling expeditions". They are targeted requests.

Australian Federal Police accessed metadata without warrant, broke law

czthomas

It's also going to lead to a good few arrests following the computer seizures detailed here:

http://www.smh.com.au/world/queensland-man-arrested-after-massive-child-porn-seizure-in-philippines-raid-20170514-gw4d2w.html

As for the "journalist" (whatever that is) whose telecomms data was accessed by police - I do hope the cops manage to successfully investigate the bent cop that was passing confidential police database records to that journalist.

We have good news and bad news about metadata retention

czthomas

Re: Open Metadata

They can't "publish" it - that would breach the Privacy Act.

What they *do* is send it to you every month. You may refer to it as your "bill".

The bit of retained data they don't put on your bill is your smart phone's data registrations via 3G/4G, because you would end up with an extremely long and pointless list wasting paper.

czthomas

Re: Who can access the metadata without a warrant?

They're not just smiling, they're laughing - a VPN makes no difference whatsoever to the data retained under the Data Retention Act.

In any case, assuming you aren't a criminal, or wanted by the RSPCA, nobody is ever going to access your metadata anyway.

But you've got slow internet and some dodgy character in Romania harvesting all your passwords because you've gone with a completely unnecessary VPN.

You *can* see why they're laughing, can't you?

czthomas

Re: Open Metadata

Your browsing habits have no impact on the retained data and nothing about them is included.

If you want to know what data is being retained, have a look at your bill. It's pretty much all in there, assuming it itemises your cell calls.

The main thing you won't see on your bill is the non-voice registrations your mobile makes as you travel from cell to cell. They don't waste paper sending you this because nobody wants it.

...Unless you're in the frame for kidnapping somebody that is, in which case the cops will be very interested in getting hold of it to see if it can help confirm/deny that you were in the area.

This is how they found that girl in the ACT last year who crashed her car into a ravine on a country road in the middle of the night. They got her telco to give them the last few cell registrations. this gave them a good guess as to where she was headed and they eventually find the car and got to her before she died.

Actually, same thing happened with a nurse in QLD about a month ago - her car had rolled so far from the road nobody could see it driving past. Cell data helped find her. Not sure she survived though.

Ditto with that guy earlier this year in VIC whose wife "went missing". His telco gave the cops his cell tower registrations and these told a very interesting story which led the cops to conclude he was in dire need of prosecution.

The fact is, if you've done nothing wrong, there is nothing to worry about, but it is very much in our interest that this data be retained because it can save lives.

czthomas

Er...Simon, if civil litigants previously had access to telecomms meta data, and the new Act specifically excludes data retained under the Act from being accessed in civil litigation, then the very opposite of scope creep has occurred.

The real issue now is that a civil litigant will front up to court asking for a subpoena requiring certain data to be disclosed and both the court as well as the Telecomms provider are going to be tied up in knots untangling which data may not be disclosed (it was retained solely for the purpose of complying with the Act) and which data may be required to be disclosed (it was retained for other reasons).

Not only will the courts be faced with the same confusion stemming from their incomprehension of the technology as can be witnessed on 99% of media articles on the issue, but they will be stuck with the fact that the "compliance with the Act" dataset and the "other data" dataset are not exclusive of one another.

Australia telcos warn: Opening metadata access will create a 'honeypot' for lawyers

czthomas

Re: Never

What could your rego possibly have to do with a parking meter's telecomms service?

czthomas

Data Retention has nothing to do with web-browsing.

Your VPN changes absolutely nothing to the data that is retained under Data Retention about your service.

Your SMTP story is incoherent.

Apparently you have been misinformed.

I would advise: think about who has led you to believe this nonsense: now remember who they are and treat their opinions and assertions with greater scepticism next time.

czthomas

Re: What ?

Yeah, but dealing with Data Retention in a factual way wouldn't provide the opportunity to wallow in paranoia and revel in spreading FUD.

Parking meters - a government-owned meter would not be subject to the Act. A private meter, assuming it dialled on-demand for each ticket it prints out, would generate a long list of connections. When I think about where I park in the morning - about 500 spaces, about 5 meters. So Data Retention would cause to be created 5 records, each with about 100 lines in it. So about 100KB of data. Compressed for storage, this would be about 10KB. Data deduplication could reduce this to 2KB.

"Enormous amount of data"? You could only believe this if you were entirely ignorant of the topic. But enthusiastic about spreading FUD.

czthomas

Maybe somebody who was interested in becoming informed could just read the parliamentary submissions where this question is answered extensively and in detail?

Telstra wants civil litigants to pay up front for access to metadata

czthomas

Re: This is fair

I did a few sums 2 years ago and my conclusion was that assuming I had good data deduplication and compression, I could keep 1 year of Australia's data retained under the Data Retention Act on a $150 USB HDD from Dick Smith.

And seeing as the Telcos were already keeping this stuff, it's not clear how this would have any impact on them.

czthomas

Re: Civil Litigation?

Accidents, including workplace accidents.

The Australian Lawyers Alliance says,

"22. Data outlined in s187AA is currently available to parties to civil proceedings pursuant

to a subpoena or court order in any number of circumstances. Our members (the

majority of whom are personal injury lawyers) currently access metadata routinely

in civil proceedings as needed, depending on the facts in issue in the case. "

czthomas

Re: Civil Litigation?

...or alternatively we can ignore literary fiction and just read the legislation which is clear on what this "metadata" actually is.

czthomas

Re: This is fair

They've been keeping it since 1979. It isn't very bulky. There was no "huge costs", just "huge whingeing".

Comms sector teams with business lobby to slam George-Brandis-as-NetAdmin law

czthomas

Re: The first security reform...

Actually, fibre is much more cleanly tapped than copper nowadays - tapping copper affects the current (making the tap detectable by anybody who's looking out for it), whereas tapping fibre has no effect on the light stream.

Anyway, government-mandated standards for security in telecomms services is a great idea. We wouldn't have the problem of deliberately unsecured IoT devices proliferating into households if the government simply banned them.

Also, there is a tragedy of the commons issue in that some security risk mitigations provide no direct benefit or advantage, but cost money, whereas if the government mandated all providers implement them then everybody is on a level playing field and the entire industry and its consumers all benefit.

For example, detecting spoofed source IP addresses and dropping the traffic to eliminate DNS amplification DDOS attacks would be a fantastic bit of progress, but it will take government mandating it to get it in:

http://www.internetsociety.org/doc/addressing-challenge-ip-spoofing

Australian randoms are chill with Internet data retention

czthomas

Re: they left out the word "informed"

Informed Australians don't regard the reality of 40 years trouble-free retention of, and law-enforcement access to, telecommunication billing data as being any kind of "unjustified intrusion".

czthomas

...and that's precisely how it has been used since 1978.

...AND that's precisely what all the law enforcement agencies told us they were doing within their submissions to the Data Retention Bill.

If you thought it was about something else, and you paid no attention to the Bill, its sponsors and the submissions it attracted, then your choice to be ill-informed doesn't translate into a right to be outraged about some belief of yours which is incorrect.

czthomas

Re: they left out the word "informed"

An Australian who is informed as to Data Retention would not call it an "unjustified intrusion".

czthomas

The parliamentary submissions from various law enforcement bodies that were made in the lead-up to the parliamentary debate all made it clear that this is how they use telecomms billing records.

If you think you were "sold" something different, you are complaining about simply not having taken the trouble of informing yourself about the issue.

Data retention grants still not flowing to Australia telcos

czthomas

A. A VPN encrypts nothing whatsoever that is subject to Data Retention.

B. the people running the VPN will readily hand over your private data to foreign governments or gangsters if they see a profit in doing so.

C. Some VPNs have been setup specifically for the purpose of stealing unsuspecting customers' private data in order to hijack their computers to use as hacking proxies.

https://krebsonsecurity.com/2017/01/the-download-on-the-dnc-hack/#more-37410

czthomas

Re: No Money, No Retention.

No, the ISPs have no such right.

This kind of playground thinking is precisely the reason why the government had to introduce a new Bill to update the 1978 Act and make it clear to even the most simple-minded or irrational that telecomms service providers are obliged to keep proper records and to cooperate with law enforcement when requested.

In 1978 we had adults in charge who understood this perfectly. Fast forward 35 years and a horde of simple-minded overgrown children have been molly-coddled all the way into supposed adulthood without ever being made aware of the concepts of reason and responsibility and they need a nanny-state to tell them the facts of life.

czthomas

Re: No Money, No Retention.

No Retention, fines.

The legal onus is on the telco to keep proper billing records, not on the government to pay them anything to do so.

czthomas

Ludicrous suggestions.

It is the Telcos' legal responsibility to keep proper billing records.

The government is under no obligation to subsidise them to carry out their business properly and in accordance with the law in the first place.

Oz gummint's miserly data retention cash-splash launched

czthomas

Why should the Government cough up any money?

Data Retention has been part of a Service Provider's legislated responsibilities since the 1979 Telecomms Act. The new Act has been made necessary by uncooperative cowboy ISPs failing to provide information to police when asked to.

Australia's data retention regime starts October 13th says A-G

czthomas

Re: Bring it on

So everybody you know,

- wants to massively slow down their internet access,

- wants to subject their personal and private data to dodgy foreign servers in dodgy foreign countries,

- thinks a foreign company can be better trusted with their privacy than can their local ISP who is subject to Australian privacy and contract law,

- has no clue and thinks that a VPN will encrypt something that is subject to Data Retention.

...says a bit about your social circle, really....

czthomas

Re: DDoS storage limits

"DDoS storage limits

How much traffic is needed to flood the storage? I am sure it can be achieved by looking up cat pictures alone!"

Looking up cat pictures generates precisely zero traffic that is subject to Data Retention.

Go for your life - all you are doing is wasting your download limit.

Data retention: Still a shambles ahead of October rollout

czthomas

A VPN doesn't encrypt anything that is subject to the Data Retention Act.

...and I don't know where these "millions of dollars" are, considering grown-up ISPs have been retaining the relevant data ever since the 1979 Telecomms Act.

Data retention has started in Australia, but carriers aren't ready

czthomas

Re: speed boost

Web traffic has nothing to do with Data Retention.

'Get a VPN to defeat metadata retention' is good advice. Sometimes

czthomas

I think it would be more important not to discuss the performance and efficacity of VPN services, but to discuss what it is people imagine a VPN can do in relation to the Data Retention Act.

...because as a person who has both read the Act and understands VPNs, I can't for the life of me see why you think they are relevant...

VPNs do not encrypt the Communcations made using a Service that comes under the Act.

VPNs encrypt communications that pass over the top of Service that is subject to the Act.

And s187A,4, spells out in black and white that such communications aqnd services are not subject to Data Retention.

So you are subjecting yourself to poor performance and data insecurity issues (you don't trust your local telco, but you trust an anonymous foreign VPN provider...? srsly?) for no purpose whatsoever.

czthomas

Re: VPN provider trustworthiness?

...and then you login to their dodgy service that is obviously designed by and for criminals and they can see all your passwords. Nice. That's not paranoia, that's just stupidity.

czthomas

Re: VPN provider trustworthiness?

More importantly, your ISP is covered by your country's commercial contract laws and privacy laws.

What if your VPN gets an offer they can't refuse and turns over all your unencrypted data to the Russian mafia/CIA?

How do you sue them? Where are your rights to privacy?

All this "use a VPN" nonsense is just so ironically wrong it's almost funny.

Australian telcos coughed to cops 600,000 times in one year

czthomas

So you think stalkers and abusive ex-husbands should be able to text threats and abuse at their victims and get away with it?

czthomas

Nothing to worry about

"the disclosures were made before Australia enforced collection of communications metadata, a measure we're told is necessary because authorities need more access to information"

er,...as the article says, the disclosures were made under the 1979 Telecomms Act, so *after* Australia enforced collection of comms metadata.

And if you'd read the Senate submissions, you would know that the problem wasn't that they needed *more* information, the problem was that new-fangled cowboy ISP operations were declining to help police and/or failing to keep any records of communications using technologies that were not around and were therefore not mentioned in the 1979 Act.