Feeds

No, minister Turnbull, IP addresses aren't part of routine billing data collection

Meta-splaining Malcolm's metadata misstep

Beginner's guide to SSL certificates

Australia's government is still trying to explain exactly what its metadata retention regime will capture, in spite of last week's intervention into the debate by the formerly-silent communications minister Malcolm Turnbull.

Meanwhile, president of the Internet Society of Australia Narelle Clark has cast doubt on the assertion that holding IP addresses long-term represents “nothing new” in what carriers normally do.

On Friday, Turnbull joined the list of government ministers who have made contradictory statements about metadata collection, saying that IP addresses will and won't be included in the metadata collection regime. He also reiterated statements by attorney-general George Brandis and ASIO director-general David Irvine that the government isn't proposing the collection of any new data.

To the Australian Broadcasting Corporation's AM radio programme on Friday, Turnbull said: “the security services, the police, ASIO and so forth, are not asking the Government to require telcos to record or retain information that they are not currently recording.”

“And they also want the IP address, which is the number that is assigned to your phone or your computer when you go online by your ISP, so that you can be connected on the internet. And, that is of course connected, that the ISP knows that IP address is connected to your account. That's recorded in their records. They want that information to be kept for two years,” he continued.

That statement was apparently repudiated on Channel 9's Today programme (the video displays at the top of this story in The Australian:

“What I can confirm is that the law enforcement agencies, and therefore the government is not seeking that the telcos … retain any information that they are not not currently retaining. In particular they are not seeking that the telcos retain details of your Web browsing history, which sites you go to, which IP addresses you connect with” (emphasis added).

The Register was curious regarding one aspect of the latest round of “meta-splaining”, that ISPs retain the association between IP addresses and subscribers as business records, so we contacted Narelle Clark, president of The Internet Society of Australia.

Partly, Clark said, it depends on whether a user is on a fixed or mobile connection.

“When it's a mobile network connecting to a mobile device – a GSM-based system where you're using 3G or 4G or LTE protocols – there's pretty good binding between the IP address and the handset,” she said.

And unless you're routinely turning your phone into an open hotspot that you share with all and sundry, that in turn creates a good association between an IP address and an individual that can be extracted from customer records later.

So far, so good: but how about a fixed broadband connection in the IPv4 world, where the shortage of addresses demands they be shared among an ISP's customer base?

Clarke is sceptical of the idea that such records are part of the day-to-day business operations of ISPs. For most providers, she told The Register, such a record is of operational rather than business value: good for faultfinding and troubleshooting, but not a useful business or billing record.

Noting that log files (such as those on a Radius server, where a subscriber might be provisioned with their IP address) get very large, very quickly, Clark notes that ISPs might never have provisioned enough storage to keep those files for the periods sought by law enforcement.

It's the kind of data that an operator “might want to keep” for fault investigation, but after that, it's likely to be flushed. In the computer world, “logging was not designed for billing, it was designed for troubleshooting”, she continued.

Moreover, in the fixed world, there's so much address sharing that Clark is concerned that “there's very little correlation between an end user device and a human being.”

That means retention of IPv4 address data will end up gathering an awful lot of haystack for very little needle.

Clark emphasised that the service provider community is happy to help law enforcement and national security agencies. In that light, she said, the collection of data under warrants (which would among other things identify whose data is being collected) isn't what worries ISOC-AU's members. Rather, it's indiscriminate data collection that can be accessed by too many parties that matter – particularly if there's a lack of process and oversight. ®

Intelligent flash storage arrays

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.