Hi All,
I have asked the Attorney Generals Department about data retention and got the following response.
If you run a relay/bridge here you seem to be exempt from retaining data. If your not an ISP and you run a service from home the ISP/carrier will retain the data though.
This just general information.
Regards,
Paul
UNCLASSIFIED Dear Mr Templeton
Thank you for your enquiry to the Office of Communications and Cybercrime. I am re-sending our reply to your original enquiry that we sent on 12 September 2017 that seems to have not arrived. The extent of data retention obligations for your relevant service would relate to the extent to which elements of the data set “visible” to you. For example, where a provider does not have “visibility” of a customer’s IP address, it is likely that the IP address was assigned as part of a different relevant service. For example, if you have a record of the MAC addresses of users who access your network then this information must be retained for the required period. You are not obliged to retain the identity of the user if this is not information to which you have access. Whether the service is being offered on a commercial basis or is free is irrelevant in determining a service provider's obligations. In your email you noted that "The true origin of a connection and the true destination will never be known and there will be no way of obtaining the information. That also pertains to the ports used in the circuit and all data passing through the circuit will be encrypted." This sentence appears to suggest that you may be looking to offer some kind of an internet access service, in which case the destination is not required to be retained. Your reference to encrypted content suggests a VPN. If this is the case and this service is not operated you, obligations do not apply. Also, data retention would not require you to store the contents of the communications. Please do not hesitate to contact our office if you require further information.
Regards
Kerry
Office of Communications Access & Cybercrime Intelligence and Identity Security Division T: (02) 6141 2884
The information contained in this email is intended as guidance only. It does not constitute legal advice and should not be relied upon as such. If you require legal advice, you should consult an independent legal adviser.
On 4 Oct 2017, at 20:02, Paul Templeton paul@coffswifi.net wrote:
The extent of data retention obligations for your relevant service would relate to the extent to which elements of the data set “visible” to you. For example, where a provider does not have “visibility” of a customer’s IP address, it is likely that the IP address was assigned as part of a different relevant service. For example, if you have a record of the MAC addresses of users who access your network then this information must be retained for the required period. You are not obliged to retain the identity of the user if this is not information to which you have access.
Tor Guards have access to client IP addresses. So I'm not sure if you gave inaccurate information to the department, or they misunderstood what you said.
But, even if you know the client IP address, you may be exempt under section 4.3 of the FAQs, because the IP address is allocated by the client's ISP, and you don't know the destination.
4.3. If provider offers an internet access service, is it required to retain IP addresses allocated by other providers?
If the service in question only offers connection to the internet, a service provider will not be required to retain IP addresses allocated by other providers.
However, if a provider offers an additional OTT service, such as VoIP, it will be required to retain the relevant destination communication information.
For example, if a provider operates both an internet access service and an OTT service—it will be required to retain destination information only for the OTT service.
https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetention...
But I'm not a lawyer, so you should get your own lawyer. Or run a relay outside Australia.
T
On 4 Oct 2017, at 22:52, teor teor2345@gmail.com wrote:
But I'm not a lawyer, so you should get your own lawyer. Or run a relay outside Australia.
Or run an exit, because exits never know client IP addresses. All they know is the destination. And internet destinations are excluded from Australia's retention regime.
T
teor teor2345@gmail.com wrote:
On 4 Oct 2017, at 22:52, teor teor2345@gmail.com wrote:
But I'm not a lawyer, so you should get your own lawyer. Or run a relay outside Australia.
Or run an exit, because exits never know client IP addresses. All they know is the destination. And internet destinations are excluded from Australia's retention regime.
That might not be good enough. An Exit node can also be an entry point to the tor network. An Exit node can also even be a Guard node. Also, an exit node need not be an Exit node, depending upon the particular ExitPolicy involved.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************
tor-relays@lists.torproject.org
-
Paul Templeton -
Scott Bennett -
teor