Hi All,
I have asked the Attorney Generals Department about data retention and got the following response.
If you run a relay/bridge here you seem to be exempt from retaining data. If your not an ISP and you run a service from home the ISP/carrier will retain the data though.
This just general information.
Regards,
Paul
UNCLASSIFIED Dear Mr Templeton
Thank you for your enquiry to the Office of Communications and Cybercrime. I am re-sending our reply to your original enquiry that we sent on 12 September 2017 that seems to have not arrived. The extent of data retention obligations for your relevant service would relate to the extent to which elements of the data set “visible” to you. For example, where a provider does not have “visibility” of a customer’s IP address, it is likely that the IP address was assigned as part of a different relevant service. For example, if you have a record of the MAC addresses of users who access your network then this information must be retained for the required period. You are not obliged to retain the identity of the user if this is not information to which you have access. Whether the service is being offered on a commercial basis or is free is irrelevant in determining a service provider's obligations. In your email you noted that "The true origin of a connection and the true destination will never be known and there will be no way of obtaining the information. That also pertains to the ports used in the circuit and all data passing through the circuit will be encrypted." This sentence appears to suggest that you may be looking to offer some kind of an internet access service, in which case the destination is not required to be retained. Your reference to encrypted content suggests a VPN. If this is the case and this service is not operated you, obligations do not apply. Also, data retention would not require you to store the contents of the communications. Please do not hesitate to contact our office if you require further information.
Regards
Kerry
Office of Communications Access & Cybercrime Intelligence and Identity Security Division T: (02) 6141 2884
The information contained in this email is intended as guidance only. It does not constitute legal advice and should not be relied upon as such. If you require legal advice, you should consult an independent legal adviser.