news The nation’s largest telco Telstra today announced it had stopped archiving the web browsing activity of its users for the purpose of implementing a new voluntary Internet filter product, following widespread concern expressed this week after the test was revealed by a savvy group of network administrators.
Earlier this week it was revealed that Telstra was developing a new cyber safety tool dubbed ‘Smart Controls’, using technology from US company Netsweeper to build an Internet database that would allow customers of its broadband services to set categories of content which their children could access online. A spokeswoman for the telco said the system had “absolutely nothing to do” with Telstra’s marketing or billing divisions, but was a new platform which Telstra would offer parents to help manage their children’s use of the Internet.
However, a number of Telstra customers expressed concern earlier this week after it was found that Telstra had been developing the system’s database partly by archiving web addresses visited by users of its Next G mobile network, with the data heading offshore to be stored in the US. Greens Senator and Communications Spokesperson Scott Ludlam issued a terse request on Twitter to Telstra to explain the behaviour, and the Pirate Party issued an extensive statement stating that it was “outraged” at what it described as Telstra’s “underhanded scheme”.
“This raises a series of very serious issues. They are logging user behaviour without consent and the data is stored in the United States where our Privacy Act does not apply, but where the Patriot Act does apply. I find the claims that the non-consensual use of the data will be used to build an Internet filtering database for their ‘Smart Controls’ product to be troubling,” said Brendan Molloy, Party Secretary.
“If they were simply comparing the access URLs against a list, there would be no need for their software to actually download the requested pages. The worst part is that the logging software they are using poses as a legitimate hit from a Firefox 3 browser, so one cannot just block or detect their logging software. It’s dishonest at best, and malicious at worst. You won’t find a Google indexing spider pretending to be another browser.”
The Pirate Party called for the immediate cessation of the data logging by Telstra pending the consent of Telstra users, and a recommendation for an investigation by the Privacy Commissioner. “Pirate Party Australia will not tolerate any incursion into personal privacy, which includes data retention schemes with no judicial or public oversight,” the organisation wrote.
This morning Telstra announced that it would back down with regards to the system, following the complaints by customers and the political pressure applied by several parties.
“Our customers trust is the most important thing to us and we’ve been listening to the concerns of our customers regarding the development of a new cyber safety product,” a spokeswoman said in an emailed statement.
“We want to reassure all our customers that at no point in the development of this product was personal information collected or stored. We’ve heard the concerns online and we acknowledge more consultation was needed. We are stopping all collection of website addresses for the development of this new product. More explanation would have avoided concerns about what we were collecting.”
Firstly, I want to thank the many readers who sent me information about this issue over the past several days. I didn’t quite have enough time to cover the issue until today, but I appreciate you all getting in contact about it. Data retention — particularly covert data retention — by Australian telcos is an incredibly important issue, and I’m glad we’ve finally gotten to the bottom of what was going on here. I also want to pay tribute to journalists at ZDNet.com.au and SC Magazine for their excellent work on this issue.
My own personal view on this issue is that it was always a bit overblown. I was a bit time-constrained this week, but I also didn’t devote as much attention to this issue as some would have no doubt liked, because Telstra made it clear to me very early in my investigation of what was going on here that at no stage was the data being collected linked to individual account-holders, as it would be in the far more nefarious data retention initiatives currently being pursued by the Federal Attorney-General’s Department (commonly known as ‘OzLog’).
I don’t particularly see why Telstra had to use live data for its testing of this new opt-in filter product, and I certainly don’t think the telco should be collecting such data without notifying its users that it’s doing so.
However, in the grand scheme of things, Telstra isn’t an ‘evil’ company right now — in fact, by almost any measure it seems to be doing its best to become a good company which supports its customers with great customer service, disclosure and overall good products and services — and its activities here in logging this data weren’t designed to harm customers. It anonymised the data it collected, after all, and was collecting it in the first place to help build a system to protect children.
For Telstra to collect anonymised data on the web sites its customers are visiting is pretty analogous to a major bank collecting anonymised data on what its customers are using their credit card for. Sure, this activity should be disclosed; but what Telstra was doing was very likely not illegal, not nefarious and probably quite useful in the long run. Before we all get on our high horse talking about our civil liberties being trampled on, I think we should remember that. There are far worse breaches of privacy going on out there at the moment; many of them involving government itself; and I suspect that in a week’s time this minor activity by Telstra will have already been forgotten.
Image credit: Telstra