• Great articles on other sites
  • RSS Great articles on other sites

  • News, Telecommunications - Written by on Wednesday, June 27, 2012 12:15 - 15 Comments

    Telstra cancels covert filter testing

    news The nation’s largest telco Telstra today announced it had stopped archiving the web browsing activity of its users for the purpose of implementing a new voluntary Internet filter product, following widespread concern expressed this week after the test was revealed by a savvy group of network administrators.

    Earlier this week it was revealed that Telstra was developing a new cyber safety tool dubbed ‘Smart Controls’, using technology from US company Netsweeper to build an Internet database that would allow customers of its broadband services to set categories of content which their children could access online. A spokeswoman for the telco said the system had “absolutely nothing to do” with Telstra’s marketing or billing divisions, but was a new platform which Telstra would offer parents to help manage their children’s use of the Internet.

    However, a number of Telstra customers expressed concern earlier this week after it was found that Telstra had been developing the system’s database partly by archiving web addresses visited by users of its Next G mobile network, with the data heading offshore to be stored in the US. Greens Senator and Communications Spokesperson Scott Ludlam issued a terse request on Twitter to Telstra to explain the behaviour, and the Pirate Party issued an extensive statement stating that it was “outraged” at what it described as Telstra’s “underhanded scheme”.

    “This raises a series of very serious issues. They are logging user behaviour without consent and the data is stored in the United States where our Privacy Act does not apply, but where the Patriot Act does apply. I find the claims that the non-consensual use of the data will be used to build an Internet filtering database for their ‘Smart Controls’ product to be troubling,” said Brendan Molloy, Party Secretary.

    “If they were simply comparing the access URLs against a list, there would be no need for their software to actually download the requested pages. The worst part is that the logging software they are using poses as a legitimate hit from a Firefox 3 browser, so one cannot just block or detect their logging software. It’s dishonest at best, and malicious at worst. You won’t find a Google indexing spider pretending to be another browser.”

    The Pirate Party called for the immediate cessation of the data logging by Telstra pending the consent of Telstra users, and a recommendation for an investigation by the Privacy Commissioner. “Pirate Party Australia will not tolerate any incursion into personal privacy, which includes data retention schemes with no judicial or public oversight,” the organisation wrote.

    This morning Telstra announced that it would back down with regards to the system, following the complaints by customers and the political pressure applied by several parties.

    “Our customers trust is the most important thing to us and we’ve been listening to the concerns of our customers regarding the development of a new cyber safety product,” a spokeswoman said in an emailed statement.

    “We want to reassure all our customers that at no point in the development of this product was personal information collected or stored. We’ve heard the concerns online and we acknowledge more consultation was needed. We are stopping all collection of website addresses for the development of this new product. More explanation would have avoided concerns about what we were collecting.”

    opinion/analysis
    Firstly, I want to thank the many readers who sent me information about this issue over the past several days. I didn’t quite have enough time to cover the issue until today, but I appreciate you all getting in contact about it. Data retention — particularly covert data retention — by Australian telcos is an incredibly important issue, and I’m glad we’ve finally gotten to the bottom of what was going on here. I also want to pay tribute to journalists at ZDNet.com.au and SC Magazine for their excellent work on this issue.

    My own personal view on this issue is that it was always a bit overblown. I was a bit time-constrained this week, but I also didn’t devote as much attention to this issue as some would have no doubt liked, because Telstra made it clear to me very early in my investigation of what was going on here that at no stage was the data being collected linked to individual account-holders, as it would be in the far more nefarious data retention initiatives currently being pursued by the Federal Attorney-General’s Department (commonly known as ‘OzLog’).

    I don’t particularly see why Telstra had to use live data for its testing of this new opt-in filter product, and I certainly don’t think the telco should be collecting such data without notifying its users that it’s doing so.

    However, in the grand scheme of things, Telstra isn’t an ‘evil’ company right now — in fact, by almost any measure it seems to be doing its best to become a good company which supports its customers with great customer service, disclosure and overall good products and services — and its activities here in logging this data weren’t designed to harm customers. It anonymised the data it collected, after all, and was collecting it in the first place to help build a system to protect children.

    For Telstra to collect anonymised data on the web sites its customers are visiting is pretty analogous to a major bank collecting anonymised data on what its customers are using their credit card for. Sure, this activity should be disclosed; but what Telstra was doing was very likely not illegal, not nefarious and probably quite useful in the long run. Before we all get on our high horse talking about our civil liberties being trampled on, I think we should remember that. There are far worse breaches of privacy going on out there at the moment; many of them involving government itself; and I suspect that in a week’s time this minor activity by Telstra will have already been forgotten.

    Image credit: Telstra

    submit to reddit

    15 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Marcus
      Posted 27/06/2012 at 12:32 pm | Permalink |

      So what happens to the data already collected?

      • Posted 27/06/2012 at 12:52 pm | Permalink |

        Interesting question; I’ll ask Telstra that.

    2. Eric PInkerton
      Posted 27/06/2012 at 1:39 pm | Permalink |

      Hi Renai,

      I agree with hindsight that this was probably a little overblown, but at the outset, I believe my concerns were justified especially in the light of precedents set elsewhere for example with BT and Phorm.

      I completely support the idea of a simple to use filter for parents and am sure it will be very successful, provided it isn’t trivial to circumvent of course.

      Also let’s hope, unlike another filtering product on the horizon, it won’t be marketed in a way likely to give parents a false sense of security. IMHO Children are more likely at risk from sites categorised as ‘social networking’ than pornography but blocking the former is likely to be a much harder sell.

      E

    3. Duke
      Posted 27/06/2012 at 2:12 pm | Permalink |

      “There are far worse breaches of privacy going on out there at the moment; many of them involving government itself; and I suspect that in a week’s time this minor activity by Telstra will have already been forgotten”.

      soooo…

      Its not to worry folks because the not so good stuff Telstra is doing without disclosure to its paying customers is…

      … not as bad as the really bad stuff others are doing.

      hmmmm…

    4. Posted 27/06/2012 at 2:23 pm | Permalink |

      Agreed Renai.

      It should be disclosed and for NOT doing that, Telstra SHOULD get a wrap on the knuckles. But what they’re doing amounts to only a small portion of what a company like Google does. The difference being Google asks.

      I would hate to see a legitimate attempt at providing a good tool destroyed by overzealous ‘privacy protection’ campaigners.

    5. PointZeroOne
      Posted 27/06/2012 at 2:35 pm | Permalink |

      But why are they needing to collect URLs to build a filter?

      The other thing is these URLs they are collecting are nothing like a bank collecting details on what you buy. These URLs if accessed could link you to things that are behind ‘security’ settings for them to not be public. Example facebook photos, if you get a direct link to one you bypass the ‘security’ facebook puts in place to stop people from seeing it on the facebook site.

    6. Bob.H
      Posted 27/06/2012 at 2:55 pm | Permalink |

      I would like the answer to some very simple questions.

      Why does Telstra need to harvest customers requests for an URL?

      They supposedly claim that they are running the URLs against the Netsweep data base. Netsweep have been providing filtering for years and to some hard markets like Iran according to what I have read. I would have thought that their data base was pretty accurate. Surely all Telstra needed to do was purchase the Netsweep system and configure it..

      Why would they need to go to the expense of developing and maintaining their own filter?

      A bit of tin foil hat I know but the explanation doesn’t quite sit comfortably for me. I would like to see some deeper digging into this.

    7. Jean W
      Posted 27/06/2012 at 5:16 pm | Permalink |

      It sounds like the storing and querying of unknown URLs is a built-in magic feature of the product they tested. Telstra might not have examined the product in detail before they flipped the switch. They perhaps should have.

      Oh well, at least they owned up to it quickly.

    8. Mike C
      Posted 27/06/2012 at 6:16 pm | Permalink |

      I think the analogy of a bank collecting anonymised information from its customers is flawed. If I go to a bank’s website, essentially my request terminates at the bank’s servers — the bank is collecting information about the accesses I’m requesting *of the bank*. In this case, it would appear that Telstra is collecting information about how I use *non-Telstra services*. In other words, they are intercepting a communication to which they’re not a party other than by virtue of being a carrier. And then “using” that data for product development (as against service management) purposes.

      By recording the data that they have, it would seem Telstra hae created a stored communication which can be accessed under the relevant part of the Telecommunications Act. Under s108 of the Act, accessing a stored communication without the knowledge of the sender or recipient is subject to penalty [same applies as well to non-stored communication, but that’s harder to demonstrate]. Telstra has admitted the activity. So who will hold them accountable to the Act?

    9. Mark
      Posted 27/06/2012 at 8:53 pm | Permalink |

      So it seems that Google were unfairly penalised when they did less – they only grabbed people’s Wifi traffic for brief periods while they drove past.

      • Posted 28/06/2012 at 1:31 am | Permalink |

        This is exactly what I was thinking, Google only collected information from open wifi spots briefly, Telstra has been intercepting all traffic on it’s mobile network for an unknown time period and for a not yet fully disclosed purpose.

        As stated by Mike C above this is a clear breach of the privacy act, no doubt Senator Ludlam will hold them to account though when more information (like what Mark Newton was asking) comes to light.

        I will say I’m a bit surprised as Renai’s article, it doesn’t really matter if Telstra is a “good” company or whatever, it’s grossly breached the privacy act and admitted to it, just like the recent cases against Optus and TPG for their ACCC breaches Telstra need to be held to account for this, if they’re not then it sets a bad precident for other carriers and for peoples privacy rights online.

      • Bob.H
        Posted 28/06/2012 at 8:04 am | Permalink |

        Google only collected information from open WiFi systems that were publicly broadcast in their misguided drive by operation.

        Telstra has collected and distributed private data on a closed network, breaching the trust of their customers at the very least.

        Both have breached privacy in my opinion but the conduct of one seems more reprehensible than the other. I am sure you can figure out which is which.

      • Will Hughes
        Posted 28/06/2012 at 3:46 pm | Permalink |

        Google claim that their action in logging wifi packet data was accidental.

        Telstra are unable claim such a thing – it requires deliberate configuration to install traffic sniffing devices on the network, and configure them to forward that traffic to a third party.

        Simply: Telstra’s actions were deliberately monitoring traffic, Google’s accidental.

    10. Posted 28/06/2012 at 5:30 pm | Permalink |

      Telstra has posted an update on this situation here:

      http://exchange.telstra.com.au/2012/06/28/further-update-telstra-smart-controls-cyber-safety-tool/

      • Posted 29/06/2012 at 12:19 am | Permalink |

        This isn’t kindergarden Renai, I’m pretty sure that if (and by the sounds of it when) Telstra is found to have breached the privacy act by not informing customers of what they were doing, them simply saying sorry isn’t going to cut it.




    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:


  • Enterprise IT stories

    • Super funds close to dumping $250m IT revamp facepalm2

      If you have even a skin deep awareness of the structure of Australia’s superannuation industry, you’ll be aware that much of the underlying infrastructure used by many of the nation’s major funds is provided by a centralised group, Superpartners. One of the group’s main projects in recent years has been to dramatically update and modernise its IT platform — its version of a core banking platform overhaul. Unfortunately, the $250 million project has not precisely been going well.

    • Qld’s Grant joins analyst firm IBRS peter-grant

      This week it emerged that Peter Grant, the two-time former Queensland Whole of Government CIO (pictured), has joined well-regarded analyst firm Intelligent Business Research Services (IBRS). We’ve long had a high regard for IBRS, and so it’s fantastic to see such an experienced executive join its ranks.

    • Westpac dumps desk phones for Samsung Android mobiles samsung-galaxy-ace-3

      The era of troublesome desk phones tied to physical locations is gradually coming to an end in many workplaces, with mobile phones becoming increasingly popular as organisations’ main method of voice telecommunications. But some groups are more advanced than others when it comes to adoption of the trend. One of those is Westpac.

    • Ministers’ cloud approval lasted just a year reverse

      Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed.

    • WA Govt can’t fund school IT upgrades oops key

      In news from The Department of Disturbing Facts, iTNews revealed late last week that Western Australia’s Department of Education has run out of money halfway through the deployment of new fundamental IT infrastructure to the state’s schools.

    • Turnbull outlines Govt ICT vision turnbull-5

      Communications Minister Malcolm Turnbull has published an extensive article arguing that the Federal Government needed to do a better job of connecting with Australians via digital channels and that public sector IT projects needn’t cost the huge amounts that some have in the past.

    • NZ Govt pushes hard into cloud zealand

      New Zealand’s national Government announced a whole of government contract this morning for what it terms ‘Office Productivity as a Service’ services. This includes email and calendaring services, as well as file-sharing, mobility, instant messaging and collaboration services. The contract complements two existing contracts — Desktop as a Service and Enterprise Content Management as a Service.

    • CommBank reveals Harte’s replacement whiteing

      The Commonwealth Bank of Australia has promoted an internal executive who joined the bank in September after a lengthy career at petroleum giant VP and IT services group Accenture to replace its outgoing chief information officer Michael Harte, who announced in early May that he would leave the bank.

    • Jeff Smith quits Suncorp for IBM jeffsmith4

      Second-tier Australian bank and financial services group Suncorp today announced that its long-serving top technology executive Jeff Smith would leave to take up a senior role with IBM in the United States, in an announcement which marks the end of an era for the nation’s banking IT sector.

    • Small business missing the mobile, social, cloud revolution iphone-stock

      Most companies that live and breathe the online revolution are not tech startups, but smart smaller firms that use online tools to run their core business better: to cut costs, reach customers and suppliers, innovate and get more control. Many others, however, are falling behind, according to a new Grattan Institute discussion paper.

  • Blog, Enterprise IT - Jul 5, 2014 13:53 - 0 Comments

    Super funds close to dumping $250m IT revamp

    More In Enterprise IT


    Blog, Telecommunications - Jul 5, 2014 12:12 - 0 Comments

    What should the ACCC’s role be in guiding infrastructure spending?

    More In Telecommunications


    Analysis, Industry, Internet - Jun 23, 2014 10:33 - 0 Comments

    ‘Google Schmoogle’ – how Yellow Pages got it so wrong

    More In Industry


    Blog, Digital Rights - Jun 30, 2014 22:24 - 0 Comments

    Will Netflix launch in Australia, or not?

    More In Digital Rights