• Enjoy the freedom to innovate and grow your business


    [ad] With Microsoft Azure you have hybrid cloud flexibility, allowing your platform to span your cloud and on premise data centre. Learn more at microsoftcloud.com.

  • IT Admin: No Time to Save Time?


    [ad] Do you spend too much time patching machines or cleaning up after virus attacks? With automation controlled from a central IT management console accessible anytime, anywhere – you can save time for bigger tasks. Try simple IT management from GFI Cloud and start saving time today!

  • Free Forrester analysis of CRM solutions


    [ad] In this 25 page report, independent analyst house Forrester evaluates 18 significant products in the customer relationship management space from a broad range of vendors, detailing its findings on how CRM suites measure up and plotting where they stand in relation to each other. Download it for free now.

  • Great articles on other sites
  • RSS Great articles on other sites


  • Reader giveaway: Google Nexus 5


    We’re big fans of Google’s Nexus line-up in general at Delimiter towers. Nexus 4, Nexus 7, Nexus 10 … we love pretty much anything Nexus. Because of this we've kicked off a new competition to give away one of Google’s new Nexus 5 smartphones to a lucky reader. Click here to enter.

  • News, Telecommunications - Written by on Wednesday, June 27, 2012 12:15 - 15 Comments

    Telstra cancels covert filter testing

    news The nation’s largest telco Telstra today announced it had stopped archiving the web browsing activity of its users for the purpose of implementing a new voluntary Internet filter product, following widespread concern expressed this week after the test was revealed by a savvy group of network administrators.

    Earlier this week it was revealed that Telstra was developing a new cyber safety tool dubbed ‘Smart Controls’, using technology from US company Netsweeper to build an Internet database that would allow customers of its broadband services to set categories of content which their children could access online. A spokeswoman for the telco said the system had “absolutely nothing to do” with Telstra’s marketing or billing divisions, but was a new platform which Telstra would offer parents to help manage their children’s use of the Internet.

    However, a number of Telstra customers expressed concern earlier this week after it was found that Telstra had been developing the system’s database partly by archiving web addresses visited by users of its Next G mobile network, with the data heading offshore to be stored in the US. Greens Senator and Communications Spokesperson Scott Ludlam issued a terse request on Twitter to Telstra to explain the behaviour, and the Pirate Party issued an extensive statement stating that it was “outraged” at what it described as Telstra’s “underhanded scheme”.

    “This raises a series of very serious issues. They are logging user behaviour without consent and the data is stored in the United States where our Privacy Act does not apply, but where the Patriot Act does apply. I find the claims that the non-consensual use of the data will be used to build an Internet filtering database for their ‘Smart Controls’ product to be troubling,” said Brendan Molloy, Party Secretary.

    “If they were simply comparing the access URLs against a list, there would be no need for their software to actually download the requested pages. The worst part is that the logging software they are using poses as a legitimate hit from a Firefox 3 browser, so one cannot just block or detect their logging software. It’s dishonest at best, and malicious at worst. You won’t find a Google indexing spider pretending to be another browser.”

    The Pirate Party called for the immediate cessation of the data logging by Telstra pending the consent of Telstra users, and a recommendation for an investigation by the Privacy Commissioner. “Pirate Party Australia will not tolerate any incursion into personal privacy, which includes data retention schemes with no judicial or public oversight,” the organisation wrote.

    This morning Telstra announced that it would back down with regards to the system, following the complaints by customers and the political pressure applied by several parties.

    “Our customers trust is the most important thing to us and we’ve been listening to the concerns of our customers regarding the development of a new cyber safety product,” a spokeswoman said in an emailed statement.

    “We want to reassure all our customers that at no point in the development of this product was personal information collected or stored. We’ve heard the concerns online and we acknowledge more consultation was needed. We are stopping all collection of website addresses for the development of this new product. More explanation would have avoided concerns about what we were collecting.”

    opinion/analysis
    Firstly, I want to thank the many readers who sent me information about this issue over the past several days. I didn’t quite have enough time to cover the issue until today, but I appreciate you all getting in contact about it. Data retention — particularly covert data retention — by Australian telcos is an incredibly important issue, and I’m glad we’ve finally gotten to the bottom of what was going on here. I also want to pay tribute to journalists at ZDNet.com.au and SC Magazine for their excellent work on this issue.

    My own personal view on this issue is that it was always a bit overblown. I was a bit time-constrained this week, but I also didn’t devote as much attention to this issue as some would have no doubt liked, because Telstra made it clear to me very early in my investigation of what was going on here that at no stage was the data being collected linked to individual account-holders, as it would be in the far more nefarious data retention initiatives currently being pursued by the Federal Attorney-General’s Department (commonly known as ‘OzLog’).

    I don’t particularly see why Telstra had to use live data for its testing of this new opt-in filter product, and I certainly don’t think the telco should be collecting such data without notifying its users that it’s doing so.

    However, in the grand scheme of things, Telstra isn’t an ‘evil’ company right now — in fact, by almost any measure it seems to be doing its best to become a good company which supports its customers with great customer service, disclosure and overall good products and services — and its activities here in logging this data weren’t designed to harm customers. It anonymised the data it collected, after all, and was collecting it in the first place to help build a system to protect children.

    For Telstra to collect anonymised data on the web sites its customers are visiting is pretty analogous to a major bank collecting anonymised data on what its customers are using their credit card for. Sure, this activity should be disclosed; but what Telstra was doing was very likely not illegal, not nefarious and probably quite useful in the long run. Before we all get on our high horse talking about our civil liberties being trampled on, I think we should remember that. There are far worse breaches of privacy going on out there at the moment; many of them involving government itself; and I suspect that in a week’s time this minor activity by Telstra will have already been forgotten.

    Image credit: Telstra

    submit to reddit

    15 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Marcus
      Posted 27/06/2012 at 12:32 pm | Permalink |

      So what happens to the data already collected?

      • Posted 27/06/2012 at 12:52 pm | Permalink |

        Interesting question; I’ll ask Telstra that.

    2. Eric PInkerton
      Posted 27/06/2012 at 1:39 pm | Permalink |

      Hi Renai,

      I agree with hindsight that this was probably a little overblown, but at the outset, I believe my concerns were justified especially in the light of precedents set elsewhere for example with BT and Phorm.

      I completely support the idea of a simple to use filter for parents and am sure it will be very successful, provided it isn’t trivial to circumvent of course.

      Also let’s hope, unlike another filtering product on the horizon, it won’t be marketed in a way likely to give parents a false sense of security. IMHO Children are more likely at risk from sites categorised as ‘social networking’ than pornography but blocking the former is likely to be a much harder sell.

      E

    3. Duke
      Posted 27/06/2012 at 2:12 pm | Permalink |

      “There are far worse breaches of privacy going on out there at the moment; many of them involving government itself; and I suspect that in a week’s time this minor activity by Telstra will have already been forgotten”.

      soooo…

      Its not to worry folks because the not so good stuff Telstra is doing without disclosure to its paying customers is…

      … not as bad as the really bad stuff others are doing.

      hmmmm…

    4. Posted 27/06/2012 at 2:23 pm | Permalink |

      Agreed Renai.

      It should be disclosed and for NOT doing that, Telstra SHOULD get a wrap on the knuckles. But what they’re doing amounts to only a small portion of what a company like Google does. The difference being Google asks.

      I would hate to see a legitimate attempt at providing a good tool destroyed by overzealous ‘privacy protection’ campaigners.

    5. PointZeroOne
      Posted 27/06/2012 at 2:35 pm | Permalink |

      But why are they needing to collect URLs to build a filter?

      The other thing is these URLs they are collecting are nothing like a bank collecting details on what you buy. These URLs if accessed could link you to things that are behind ‘security’ settings for them to not be public. Example facebook photos, if you get a direct link to one you bypass the ‘security’ facebook puts in place to stop people from seeing it on the facebook site.

    6. Bob.H
      Posted 27/06/2012 at 2:55 pm | Permalink |

      I would like the answer to some very simple questions.

      Why does Telstra need to harvest customers requests for an URL?

      They supposedly claim that they are running the URLs against the Netsweep data base. Netsweep have been providing filtering for years and to some hard markets like Iran according to what I have read. I would have thought that their data base was pretty accurate. Surely all Telstra needed to do was purchase the Netsweep system and configure it..

      Why would they need to go to the expense of developing and maintaining their own filter?

      A bit of tin foil hat I know but the explanation doesn’t quite sit comfortably for me. I would like to see some deeper digging into this.

    7. Jean W
      Posted 27/06/2012 at 5:16 pm | Permalink |

      It sounds like the storing and querying of unknown URLs is a built-in magic feature of the product they tested. Telstra might not have examined the product in detail before they flipped the switch. They perhaps should have.

      Oh well, at least they owned up to it quickly.

    8. Mike C
      Posted 27/06/2012 at 6:16 pm | Permalink |

      I think the analogy of a bank collecting anonymised information from its customers is flawed. If I go to a bank’s website, essentially my request terminates at the bank’s servers — the bank is collecting information about the accesses I’m requesting *of the bank*. In this case, it would appear that Telstra is collecting information about how I use *non-Telstra services*. In other words, they are intercepting a communication to which they’re not a party other than by virtue of being a carrier. And then “using” that data for product development (as against service management) purposes.

      By recording the data that they have, it would seem Telstra hae created a stored communication which can be accessed under the relevant part of the Telecommunications Act. Under s108 of the Act, accessing a stored communication without the knowledge of the sender or recipient is subject to penalty [same applies as well to non-stored communication, but that's harder to demonstrate]. Telstra has admitted the activity. So who will hold them accountable to the Act?

    9. Mark
      Posted 27/06/2012 at 8:53 pm | Permalink |

      So it seems that Google were unfairly penalised when they did less – they only grabbed people’s Wifi traffic for brief periods while they drove past.

      • Posted 28/06/2012 at 1:31 am | Permalink |

        This is exactly what I was thinking, Google only collected information from open wifi spots briefly, Telstra has been intercepting all traffic on it’s mobile network for an unknown time period and for a not yet fully disclosed purpose.

        As stated by Mike C above this is a clear breach of the privacy act, no doubt Senator Ludlam will hold them to account though when more information (like what Mark Newton was asking) comes to light.

        I will say I’m a bit surprised as Renai’s article, it doesn’t really matter if Telstra is a “good” company or whatever, it’s grossly breached the privacy act and admitted to it, just like the recent cases against Optus and TPG for their ACCC breaches Telstra need to be held to account for this, if they’re not then it sets a bad precident for other carriers and for peoples privacy rights online.

      • Bob.H
        Posted 28/06/2012 at 8:04 am | Permalink |

        Google only collected information from open WiFi systems that were publicly broadcast in their misguided drive by operation.

        Telstra has collected and distributed private data on a closed network, breaching the trust of their customers at the very least.

        Both have breached privacy in my opinion but the conduct of one seems more reprehensible than the other. I am sure you can figure out which is which.

      • Will Hughes
        Posted 28/06/2012 at 3:46 pm | Permalink |

        Google claim that their action in logging wifi packet data was accidental.

        Telstra are unable claim such a thing – it requires deliberate configuration to install traffic sniffing devices on the network, and configure them to forward that traffic to a third party.

        Simply: Telstra’s actions were deliberately monitoring traffic, Google’s accidental.

    10. Posted 28/06/2012 at 5:30 pm | Permalink |

      Telstra has posted an update on this situation here:

      http://exchange.telstra.com.au/2012/06/28/further-update-telstra-smart-controls-cyber-safety-tool/

      • Posted 29/06/2012 at 12:19 am | Permalink |

        This isn’t kindergarden Renai, I’m pretty sure that if (and by the sounds of it when) Telstra is found to have breached the privacy act by not informing customers of what they were doing, them simply saying sorry isn’t going to cut it.




    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:


  • Most Popular Content


  • Six smart secrets for nurturing customer relationships
    [ad] Today, we are experiencing a world where behind every app, every device, and every connection, is a customer. Your customers will demand you to be where they and managing customer relationship is the key to your business’s growth. The question is where do you start? Click here to download six free whitepapers to help you connect with your customers in a whole new way.
  • Enterprise IT stories

    • Greens claim NSW LMBR project turning into a disaster sydney

      The NSW Greens late last week claimed to have obtained documents showing that the NSW Department of Education and Communities’ wide-ranging Learning Management and Business Reform program, which involves a number of rolling upgrades of business administration software, was deployed before it was ready, with “appalling consequences for administrative staff, principals, teachers and students”.

    • NSW Govt trials inter-truck safety devices trucks-cohda

      The New South Wales Government has inked a contract with connected vehicle technology supplier Cohda Wireless, as part of a trial of so-called Cooperative Intelligent Transport Systems (C-ITS) which allow heavy vehicles to communicate directly with each other about their position on the road to help reduce road accidents.

    • Victoria finally kills $180m Ultranet disaster thumbsdown1

      The Victorian Government has reportedly terminated its disastrous Ultranet schools portal, which ballooned in cost to $180 million over the past seven years but ended up being barely used by the education stakeholders it was supposed to serve.

    • NetSuite in whole of business TurboSmart deal turbosmart

      Business-focused software as a service giant NetSuite has unveiled yet another win with a mid-sized Australian company, revealing a deal with automotive performance products manufacturer Turbosmart that has seen the company deploy a comprehensive suite of NetSuite products across its business.

    • WA Health told: Hire a goddamn CIO already doctor

      A state parliamentary committee has told Western Australia’s Department of Health to end four years of acting appointments and hire a permanent CIO, in the wake of news that the lack of such an executive role in the department contributed directly to the fiasco at the state’s new Fiona Stanley Hospital, much of which has revolved around poorly delivered IT systems.

    • Former whole of Qld Govt CIO Grant resigns petergrant

      High-flying IT executive Peter Grant has left his senior position in the Queensland State Government, a year after the state demoted him from the whole of government chief information officer role he had held for the second time.

    • Hills dumped $18m ERP/CRM rollout for Salesforce.com hills

      According to a blog post published by Salesforce.com today, one of Ted Pretty’s first moves upon taking up managing director role at iconic Australian brand Hills in 2012 was to halt an expensive traditional business software project and call Salesforce.com instead.

    • Dropbox opens Sydney office koalabox

      Cloud computing storage player Dropbox has announced it is opening an office in Sydney, as competition in the local enterprise cloud storage market accelerates.

    • Heartbleed, internal outages: CBA’s horror 24 hours commbankatm

      The Commonwealth Bank’s IT division has suffered something of a nightmare 24 hours, with a catastrophic internal IT outage taking down multiple systems and resulting in physical branches being offline, and the bank separately suffering public opprobrium stemming from contradictory statements it made with respect to potential vulnerabilities stemming from the Heartbleed OpenSSL bug.

    • Android in the enterprise: Three Aussie examples from Samsung androidapple

      Forget iOS and Windows. Today we present three decently sized deployments of Android in the Australian market on Samsung’s hardware, which the Korean vendor has dug up from its archives over the past several years for us after a little prompting :)

  • Enterprise IT, News - Apr 23, 2014 15:58 - 4 Comments

    Greens claim NSW LMBR project turning into a disaster

    More In Enterprise IT


    Blog, Telecommunications - Apr 24, 2014 14:00 - 11 Comments

    iiNet to splurge $350m on content, media

    More In Telecommunications


    Analysis, Industry - Apr 24, 2014 16:05 - 0 Comments

    Free to fail: Why corporates are learning to love venture capital

    More In Industry


    Blog, Digital Rights - Apr 23, 2014 12:57 - 35 Comments

    Cinema execs blame piracy for $20 ticket prices

    More In Digital Rights