[clug] The biggest mass surveillance scheme in Australian history

Sat Feb 28 20:01:47 MST 2015

On 28/02/15 01:14, Scott Ferguson wrote:
> On 28/02/15 00:17, Bob Edwards wrote:
>> On 27/02/15 23:01, Bryan Kilgallin wrote:
>>> {Parliament’s Joint Committee on Intelligence and Security has ticked
>>> off on the government’s proposed mass surveillance scheme, with some
>>> minor amendments.
>>>
>>> Once legislated, the scheme will require communications companies to log
>>> and retain data about all customers’ usage of their services for two
>>> years.}
>>>
>>> http://www.crikey.com.au/2015/02/27/committee-recommends-data-retention-with-some-half-baked-protections/
>>>
>>>
>>>
>>
>> Without wanting to be seen to be supporting this in any way, one
>> important difference between this scheme and PRISM is that each ISP
>> keeps it's own customers (meta)data, whereas in the U.S. it was all
>> being slurped up by the NSA into a single central govt. owned/controlled
>> database.
>
> Not just the US. Five-Eyes*1 (here too). Providing it for police is the
> justification for being able to force ISPs to retain (in most cases they
> do for their own purposes anyway) *and* hand over the metadata. Brandis
> has two motivations - (neither of which is law enforcement):-
>
> 1. make 5Eyes work easier - metadata is the key to the existing bulkdata
> collection. The metadata enables you to locate a needle in a haystack,
> the point is in the needle (not it's location). (i.e. you connected to a
> forbidden site - which your ISP already knows for billing purposes
> unless you use a VPN or Tor, but 5Eyes (and some peering providers) do
> stateful packet inspection... (BGPs compromised, likewise submarine
> cables*2).
>
> 2. TPP, make it easier to prosecute "pirates" and protect the revenue
> streams of those that back the parties (or attack the parties) - the
> media giants. Political self-preservation to be expected by all parties
> when they are actually in power.
>

Most of this is quite likely the case, but at Ruxcon 2014, the closing
panel, consisting of: Senator Scott Ludlum (Greens), Patrick Gray (Risky
Business), Tony Dimou (Head of Cyber Crime at Vic Police), Vanessa
Teague (Research Fellow, UniMelb CompSci) and Doran Moppert (?), spoke
about the then proposed metadata legislation (this is just months after
the highly dodgy ASIO bill was passed, and immediately after the Labor
leadership publicly admitted that they may have got that wrong...)

Anyway, the Vic Police guy stated that when investigating child
pornography, cyber-bullying and similar cases (possibly including
piracy), all they have to start their investigation with is an IP(v4?)
address. If they can't resolve that to a customer, then they have
"nothing" and the investigation essentially stops right there.

Patrick Gray proposed a simple fee (I think it was $800) to cover the
ISPs expenses in resolving a legal enquiry (warranted or otherwise)
and to put some back-pressure on the law-enforcement officers getting
too carried away seeking more metadata than they really needed.

The Vic Police guy thought that was going to impede investigations,
at which suggestion Gray (or maybe Ludlum) ridiculed him by suggesting
that resolving a cyber-bullying incident would definitely be worth
paying $800 for. The audience seemed, to me, to be in agreement with
that sentiment.

Another thing that came out was that the ISPs don't want/need to
store the (meta)data for more than the current billing period.

Whether this is true or not is up for debate. Seems that the Govt.
have decided to hand over $400M "to meet their costs", so playing it
their way seems to have been a winner for them. Either way, the ISPs
come out of all this ahead: They get to keep the (meta)data that they
may have been collecting anyway; they get paid for it; and, if anyone
complains, they can now blame the Govt. legislation.

As for how does all this affect Linux? Dunno. There were some great
Linux'y talks at Ruxcon 2014: https://ruxcon.org.au/slides/ :)

cheers,

Bob Edwards