How Data Retention affects web hosting service providers

The more I deal with Data Retention the clearer it is the Federal Government have bought themselves a disaster. Over the years public servants and politicians have not understood the difference between hosting content on the Internet and connections to the Internet. As a result companies that provide hosting of websites on hardware that belongs to others (like AWS) and no other access to the Internet fall into a peculiar gap.

To be required to ‘Retain Data’ under the new Part 5-1A of the Telecommunications (Interception and Access) Act (which is so new AustLII doesn’t have it consolidated yet) an entity must be at least one of:

What ordinary people think of as an ISP is really a Carriage Service Provider because the interweaving of the definitions mean a business that isn’t a licensed carrier providing services using services provided a licensed carrier almost always becomes a CSP.

So what does that make a pure web hosting business?

Web hosting services are definitely Content Services under Schedule 7 of the BSA.

They are also defined as ‘Internet Content Services’ under Schedule 5 of the BSA.

So the question is ‘are they Internet Service Providers’?

The definition is “For the purposes of this Schedule, if a person supplies, or proposes to supply, an internet carriage service to the public, the person is an internet service provider.”

Parsing that we need to understand the words.

  • Person – a person at law i.e a company
  • “internet carriage service” means a listed carriage service that enables end-users to access the internet.
  • end-users – not actually defined in the BSA but we can take it to mean users of the internet
  • public – the Act contains this “Note: If a company makes internet content available for access on the internet, and an individual obtains access to the content using an internet carriage service, the company and the individual are end-users in relation to the carriage of the content by the internet carriage service.”

So it looks like the Parliament put a nice clear indicator of their intent right in the Act. On the face of businesses that operate websites are end-users of the Internet.

But if the owner of the website pay a hosting business, who allocates IP addresses to its customers and carries IP packets from an upstream ISP to the web server, that is ISP-like behaviour that a reasonable person would think would be captured by Data Retention, but the connection to the Internet is happening entirely within the web server which only looks like a carriage service if you squint very hard.

Squinting at Section 87 of the Telco Act:

Carriage service providers – Basic definition

(1) For the purposes of this Act, if a person supplies, or proposes to supply, a listed carriage service to the public using:

(a) a network unit owned by one or more carriers

And the definition of Listed Carriage Services is in Section 16:

Listed carriage services

(1) For the purposes of this Act, the following carriage services are listed carriage services:

(a) a carriage service between a point in Australia and one or more other points in Australia

So is the same Ethernet port, CPU and memory two distinct points or one point? If they are two distinct points then Data Retention would apply, if not it wouldn’t.

And if the server is a WEB server, what part does the claimed STRONG prohibition in the new Part 5-1A of Act against retaining web browsing history play?:

(4) This section does not require a service provider to keep, or cause to be kept:

(ii) was obtained by the service provider only as a result of providing the service

Note: This paragraph puts beyond doubt that service providers are not required to keep information about subscribers’ web browsing history.

If you were cynical you would conclude that the only reason Internet access providers don’t have to record web browsing histories is because Internet content providers are required to record it already. But only if the web hosting operator is considered to be a carriage service provider.

At some point this is likely to be tested in the Federal Court and High Court. That will be fun to watch.

Finding a reliable Reminders app

I have been playing with the app Due on iOS and OSX. It’s a good “to do list” app that lets you record when you want reminders for whatever reason. I’m using it because I can’t trust iOS and OSX Calendar and it gets cluttered with boring “Buy Milk” reminders. It’s _slightly_ idiosyncratic.

The OSX application allows you to click on the days you want a repeating alert to sound. Four nights a week Mr12 finishes at the normal time and one night is late. It’s easy to enter this in the OSX application but there doesn’t seem to be a way to do it in iOS, even on an iPad because it shows dates on the usual iOS poker machine reels.

There appears to be a few little bugs. The settings for the alert sounds seem to bounce around a bit at first. I set one which worked but the other one changed immediate afterwards. It all seems stable now so I’m guessing they used uninitialised variables!

I had previously purchased version 1 of the app. For some reason buying the app for AUD$12.99 still left me needing to pay another $3.79 for an in-app purchase for “Upgrade from 1.0”. Yes, I clicked Restore In-App Purchases and no, that didn’t work. Your experience may vary.

I needed the upgrade because I wanted access to Dropbox syncing.

Using Dropbox it can sync in the background.

Using iCloud you have to open the app on each device and then it will sync.

Yes, Apple really know how to cripple tools that might compete with what they have decided is fundamental functionality.

The Due apps are meant to have good natural language parsing for dates and they show it in their promotional videos but typing something like “Noon on the Third Thursday of the Month” doesn’t work for me. It’s easy enough to enter manually but only parsing “Next Thursday” or a long form date is just lame.

Is it worth nearly $20? I’m satisfied with it and it appears to work so far. It syncs in the background and it has a nice simple interface. It is NOT OmniFocus or Evernote and that’s fine because I already have them for keeping track of project work.

Due is a great way of reminding yourself every Friday morning to put the bins out.

Tax time

I finally earned enough income from consulting that I needed to pay myself as an employee.

The last time I was self employed which was a long long time ago in the 90s this involved lots of paper forms and indeed when I created my company the ATO sent me stuff that was from exactly that era but this financial year they didn’t. They don’t want pieces of paper. They want electronic data uploaded directly into their computers.

As I mentioned previously I use Xero for my accounts. It’s very easy to set up and use, so I thought I would use the built-in payroll tools. This looked good until I realised that no matter what I couldn’t set the payroll module to use the “Wages Payable” account in the general ledger. It’s a leftover from a previous version of Xero. I had to manually create a new Wages Payable liability account and then I could select it from the Payroll module. Nasty.

Once I got through that things were fairly easy to get right and at any point I could nuke what I had done and start again.

In the modern era the ATO want to know that you have paid your employee’s superannuation entitlements. Someone dreamt up the idea that super funds should lodge this data with the ATO electronically and naturally, it being the second decade of the twenty first century, various organisations have sprung up to make this simple for self managed super funds and after doing some digging I found smsfdataflow who provide this as a FREE service. This looked much better than paying Australia Post or some other organisation some tens of dollars per year. Now I know that because it’s free I am the product but heck, I’m sure that if I paid those other organisations they would sell my email address to a bunch of advertisers anyway.

I entered all my details as an employee into Xero and told it to tell the ATO I’m an employee.

That worked.

I entered what I was paying myself and it worked out the statutory super contribution amount. I entered some other allowance and super details and set it in motion. This was harder than it should be for someone paying themselves as off end of financial year lump sum.

But it worked well enough.

I generated myself a payslip. Haven’t had one of those for 18 months.

I scratched around to work out how to get the PAYG Payment Summary out. That’s what us old folks call a Group Certificate.

It turns out that Xero does all of this automatically, emails it to your staff AND lodges it with the ATO as long as your browser has been set up with an “Auskey” to talk to the ATO. Even if it hasn’t you can load your Auskey into Xero with a bit of work.

I had to do a bit of messing about with the quarterly BAS and lodged that via the ATO site and all was done and dusted.

So Xero makes paying staff really easy. Makes me feel like employing someone!

On the other hand the ATO website is a piece of archaic puke. It doesn’t work with Chrome. It doesn’t work properly with Safari. It just barely works with Firefox. It runs on your computer under Java which every security professional loathes like a weeping sore in a swimming pool. blargh!

tl;drLegal – Software Licenses in Plain English

While researching Swagger, a remarkable API library manager and code generator released under the Apache Licence 2.0 I wanted to know just what commercial use is allowed and the terms of that use. A quick search came up with tl;drLegal which documents software licenses. This is a very useful tool. While I’m not a lawyer and neither is tl;dr they claim that their information on many popular licenses have been verified by actual lawyers with expertise. Now of course you should probably go find the smartest open source IP lawyer you can find an get independent advice but if tl;drLegal says the license you want to use has restrictions on commercial use you should probably use that as a starting point.

The Apache License 2.0 is pretty free and easy. If I develop a commercial client/server application in Swagger for a client who is paying me I can sell them the intellectual property I create and they can use that plus Swagger and the code Swagger creates without fees as long as they include the appropriate copyright notice and license, state any changes made to their software and include any NOTICE file.


Labor made data retention

You can’t have it both ways Labor. Reports that you’re “rethinking” Data Retention mean you’ve worked out your supporter base doesn’t actually like surveillance. You unquestioningly supported it in spite of the evidence put in front of you by experts. So now it’s yours. You made it. You didn’t OPPOSE it, so you get no credit for opposing it now. Future performance is predicted by past behaviour – remember that at the ballot box voters.

The Age article

Everything on demand?

Grahame Lynch, publisher of CommsDay wrote a piece yesterday that got me thinking. I wrote the following as a reply to his post to Facebook.

The future of lean back entertainment is everything on demand. Broadcasters today can still earn good to great money for advertising on live sports events but it’s a race to the bottom for the filler ads on the reruns of Gilligan’s Island on the digital dividend junk channels. I’m not currently buying ad spots but I believe the News shows and early evening still command a reasonable premium because they are watched live. Other entertainment shows are being recorded on PVRs and the ads skipped. The PVR industry, under the influence of broadcasters under the Freeview brand have tried to limit the amount of storage in PVRs to 1TB because they know every show stored in the box is another lost opportunity to display ads during live shows. When you add VOD services operated by the PVR vendor there is an added incentive to reduce recording because it impacts VOD revenue. Along comes Netflix with the equivalent of a infinite back-catalogue of TV shows and old movies. Binge watching ensues.

The ISPs deluded themselves that they would get to clip the ticket on video services but when the opportunity to do it via their monthly access charges came along they stuffed it up. They _are_ dumb pipes and every time they try to be anything else it’s either by being highwaymen holding customer performance to ransom or by building the sorts of bundled-with-crap services only telcos can dream up. To win, build a set of products that customers need, price it to make a profit, provision, rate and bill it correctly first time every time and provide awesome customer support services. But the commercial model of the NBN makes it very hard to make a profit unless you have vast numbers of highly profitable low consumption customers. Many of those are quietly shifting to mobiles as the PSTN is turned off in NBN service areas.

Fixed line ISP retailers are going to have to raise their retail prices or face sharply falling profits.

Years of begging the ACCC for increased margins by forcing the reduction of Telstra’s wholesale prices in a market with a dominate ex-incumbent with three parallel private access networks have left them with no way out.

Do Greeks pay enough tax?

Let’s look at the assertion that Greeks don’t support their welfare state by paying tax.

Using OECD data from
Australia’s tax revenue 2012
$416b total tax revenue
$163b personal tax 

23m population

AUD$18K total tax per person

AUD$7K personal tax per person (not per adult, per person)

Greece’s tax revenue (from the Greece equivalent page) 2013

EUR65b total tax, say $92b at 2013 exchange rates (similar to now)

EUR13b personal tax, say $19m

11m population

AUD$8K total tax per person

AUD$1.7K personal tax per person

But you say, the bankers have crippled Greece with austerity so let’s look at 2004.

Using OECD historic data from

Greece’s total tax revenue was EUR58b

Interestingly the population was the same 11m, so that’s EUR5K per person which means the current EUR8K austerity induced “small” tax take is 60% higher. Small relative to Australia’s tax revenues which are more than double at current exchange rates.

Australia’s total tax revenue was USD$205b or AUD$281b and the population was 20m, so that’s AUD$14K, compared to $18K now, a 30% increase.

So Greeks are now paying more tax, 60% more, but they certainly weren’t paying tax on the scale needed to support their welfare state a decade ago.

If they can grow their economy at the current tax rates they might just about reach the point where they are paying enough tax to support a reasonable welfare system.