> On 4 Oct 2017, at 20:02, Paul Templeton <[email protected]> wrote:
>
> The extent of data retention obligations for your relevant service would
> relate to the extent to which elements of the data set “visible” to you. For
> example, where a provider does not have “visibility” of a customer’s IP
> address, it is likely that the IP address was assigned as part of a different
> relevant service.
> For example, if you have a record of the MAC addresses of users who access
> your network then this information must be retained for the required period.
> You are not obliged to retain the identity of the user if this is not
> information to which you have access.
Tor Guards have access to client IP addresses.
So I'm not sure if you gave inaccurate information to the department,
or they misunderstood what you said.
But, even if you know the client IP address, you may be exempt under
section 4.3 of the FAQs, because the IP address is allocated by the
client's ISP, and you don't know the destination.
4.3. If provider offers an internet access service, is it required to retain IP
addresses allocated by other providers?
If the service in question only offers connection to the internet, a service
provider will not be required to retain IP addresses allocated by other
providers.
However, if a provider offers an additional OTT service, such as VoIP, it will
be required to retain the relevant destination communication information.
For example, if a provider operates both an internet access service and an OTT
service—it will be required to retain destination information only for the OTT
service.
https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf
But I'm not a lawyer, so you should get your own lawyer.
Or run a relay outside Australia.
T
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
