Exposed: Telstra’s secret FBI spy deal



news Telstra signed a secret agreement a decade ago with US Government agencies such as the FBI and the Department of Justice that provided American law enforcement and national security organisations with an extremely broad level of access to all of the telco’s telecommunications passing in and out of the US, it was revealed late last week.

On Friday independent media outlet Crikey published what what appeared to be the text of the agreement. It notes that it was signed in November 2001 between Telstra and its Hong Kong partner telco PCCW, and the US Federal Bureau of Investigation and the Department of Justice.

The document cites principles such as the US Government’s need to preserve the “national security” of the US and to ensure that US communications were “secure in order to protect the privacy of US persons”. It notes that the stimulus for the agreement to be signed was the application of Telstra/PCCW submarine cable joint venture Reach — which operates major underwater fibre links between a number of Asian countries, as well as Australia and the US — to provide telecommunications services from the US back in 2001, shortly after it was formed by Telstra and PCCW.

The agreement states that all telcos operating in the US must maintain facilities that were compliant with US law enforcement regulations in that country, such as the ability to hand over details, including calling data but not the content of communications, of all communications received or which originated in the US.

Data to be stored by Reach for two years included identifying information relating to telephone calls, such as telephone numbers, Internet addressed used, the time, date, size and duration of a communication, any information relating specifically to the identity and physical address of those communicating, and a host of other information, especially billing records, which typically show details of all telephone calls made by telephone service subscribers.

The agreement stipulated that Reach must ensure that the data it was maintaining for the US Government and providing access to, must not be stored in a manner which could be subject to mandatory destruction under the laws of foreign countries such as Australia; meaning that even though Telstra was majority owned by the Australian Government at the time of signing the agreement, it would be required to avoid deleting the stored data, even if required to do so under Australian law.

In addition, the agreement contains provisions designed to block details being released under Freedom of Information laws, as well as provisions designed to make the US Government aware if any foreign governments or corporations sought access to data held by Reach. The document is signed by Douglas Gration, then company secretary at Telstra.

The agreement is particularly concerning for Australians, given the volume of Internet traffic and routed telephone calls which pass through Reach’s infrastructure to the US, where much of the world’s largest Internet backbones and data sources are located. It is likely that Reach’s data retention facilities in the US have stored hundreds of millions to billions of records about Australian telecommunications and Internet access over the past 12 years; all of which would have been made available to US Government agencies.

Asked about the issue on Friday, a Telstra spokesperson attempted to downplay the situation.

“This Agreement, at that time 12 years ago, reflected Reach’s operating obligations in the US that require carriers to comply with US domestic law,” they said. “It relates to a Telstra joint venture company’s operating obligations in the United States under their domestic law. We understand similar agreements would be in place for all network infrastructure in the US. When operating in any jurisdiction, here or overseas, carriers are legally required to provide various forms of assistance to Government agencies.”

The company declined to make an executive available to take comments on the issue, despite the graveness of the issue and the massive nature of the data retention records its Reach joint venture would have stored with respect to Australians’ communications passing through the US.

Crikey’s revelation of the agreement has sparked instant outrage amongst civil liberties and political groups, which have labelled Telstra’s decade-old deal — likely still operational — as yet another example of secret collusion between major technology companies and the US Government with the intention of invading the privacy of ordinary citizens not guilty of committing any crime. Such issues have been recently raised due to the revelation of the US Government’s PRISM program, which has reportedly seen the National Security Agency gain direct access to the systems of major cloud computing players such as Google, Microsoft, Apple and so on.

The Greens called on Telstra to immediately disclose details of the deal with the US Government. “Telstra, at the time majority owned and controlled by the Howard Government, struck a deal to allow 24/7 surveillance of calls going in and out of the United States, including calls made by Australians. The cables in question are operated by Telstra subsidiary Reach, which controls more than 40 major telecommunications cables in the region, including cables in and out of China and Australia,” said Greens communications spokesperson, Senator Scott Ludlam. 
“While the current Australian Government recently pushed then abandoned a two-year mandatory data retention scheme, for more than a decade this secret deal with the United States compelled Telstra, Reach and PCCW to store all customer billing data for two years. The deal also compelled Telstra, Reach and PCWW to provide any stored communications and comply with preservation requests;  to provide any stored meta-data, billing data or subscriber information about US customers;  to ignore any foreign privacy laws that might lead to mandatory destruction of stored data;  and to refuse information requests from other countries without permission from the United States.
“This secret deal also allowed FBI and US Department of Justice officials to conduct inspection visits of Telstra and Reach offices and infrastructure. “This is an extraordinary breach of trust, invasion of privacy, and erosion of Australia’s sovereignty,” said Ludlam.

Julian Assange’s WikiLeaks Party issued a similar statement condemning Telstra’s deal with the US Government. WikiLeaks Party spokesperson, Omar Todd said: “Whilst these agreements appear to be entered into in the immediate aftermath of 9/11 Australians are entitled to ask the current board of Telstra whether or not it has entered into any further agreements with US security or intelligence agencies since that time.”

“Furthermore Telstra should come clean on the extent to which its customers’ privacy has been compromised by the 2001 agreement with the FBI and the US Department of Justice. The shareholders of Telstra in particular should be told by the company whether or not it is participating in the United States global intelligence gathering networks” Todd added.

The WikiLeaks statement said Crikey’s revelations also raised the question of whether or not
other information or Internet service providers were also participants in sharing data with the United States.

“In light of recent revelations by former NSA analyst Edward Snowden that Australia has been participating in the United States PRISM program as part of the ‘five eyes’ intelligence-sharing network, customers of telecommunications companies and ISPs should be asking if their privacy
has been compromised,” The WikiLeaks Party said.

“The WikiLeaks Party believes that all Australian telecommunications companies and ISP’s should be compelled by law to disclose to the Australian Parliament any arrangements or agreements that they have entered into with any foreign power to hand over or store metadata or other forms of private information about their customers.”

The Pirate Party Australia described the situation as “entirely unacceptable,” with the party’s lead candidate for the Senate in NSW, Brendan Molloy stating in a media release that Telstra’s action “must stop immediately”.

“If what the media is saying is true, why is an Australian company colluding with the United States Government to spy on Internet traffic of Australians citizens?” asked Molloy. “The Government must answer why it has been complicit in the spying on of Australian citizens, as this began when Telstra was still partially Government owned.”

I have several things to say about this situation.

Firstly, did we really expect anything different? We’ve seen recently with the NSA PRISM situation that the US Government’s law enforcement agencies have direct hooks into the country’s major technology players. Did anyone really believe that one of the most surveillance-happy countries in the world would have ignored old-style telephone calls and bulk Internet data by international telco giants hooking into its US cables? Of course this was going on. Even the scale of Telstra’s participation in this arrangement could be expected and predicted.

It is hardly news that the US Government — or, really, any government, including all of Australia’s Federal, State and even some local governments — have long had access to telecommunications data from major telcos. I mean, this deal with Telstra is over a decade old. This kind of thing has been going on for a long time and is more or less standard practice in the telecommunications sector, as any industry expert will tell you. The only reason it’s even coming up now is that more people are becoming more aware of how their privacy is being systematically violated through the telecommunications services they’re paying for — and are becoming more outraged about it.

The second thing I would say is that we shouldn’t expect this situation to change soon. Rightly or wrongly, law enforcement officials the world over have become reliant on access to this kind of data to do their job. As we’ve seen with the ‘shelving’ of the Attorney-General’s Department’s data retention proposals in Australia, the current fight which global residents have on their hands is more or less to stop further encroachment of Internet and telco surveillance, not to wind back agreements such as this one with Telstra which have been in place for more than a decade now. Just holding the current ground is more than fight enough for this movement, globally.

If you do want to stop governments spying on your data, I would suggest that you take technical measures to address the situation, rather than fruitlessly trying to address it through legislative change to block deals like this with Telstra. Encrypt your data, use secure instant messaging services instead of SMS, block all tracking mechanisms on your PC, use a VPN to anonymise your web traffic and so on. None of this will completely stop law enforcement authorities from accessing their data if they really want to. But these kinds of measures will stop telcos like Telstra from frivolously storing all of your communications as a routine manner. And perhaps that’s half the battle.

Image credit: Mateusz Stachowski, royalty free


    • Their site has a few documents describing how they care about your personal information, describing each cookie they use and which third party companies they disclose them with, that they comply with privacy laws etc etc.

      All this details gives the impression they are protecting their customers privacy, however they do say they will disclose information to “government and regulatory authorities and other organisations, as required or authorised by law;” –

      So i think this means the Federal Government explicitly required or authorized Telstra to allow foreign governments to eavesdrop on Telstra Customers.

      • If the cable landing station is in the US (which it is) then the carrier would have to sign up to US legal jurisdiction. Its not like these things are embassies.

          • Point i was trying to make is that whatever reason Telstra has to sign such agreements or not, the fact that they do it should be reflected in privacy agreements they make with their customers.

            If they break their own agreement they have made with customers they could have legal problems, not just political ones.

  1. C’mon guys, it’s not like the agreement says “here is an ODBC source, go for your life FBI et al!”

    The data is required to be collected, and presumably with an appropriate warrant, made available on request to recognised law enforcement agencies. That seem to be the text of the agreement.

    They collect this data already – to send you a bill – so it’s hardly news that there is an agreement in international law to share that data with a third country LEA upon production of the appropriate judicial oversight.

    I’m all for personal privacy, but seriously, this current crop of stories adding to fuel the PRISM fire is just tabloid trash; Renai’s opinion not withstanding – its actuially quite a balanced addendum.

    • “and presumably with an appropriate warrant,”

      Looking at what Snowden has said i think thats a pretty huge assumption, and prior to that we already knew that the US have broad roving wiretaps, the NSA-AT&T collaborate at the exchange level, and most big companies just quietly do whatever law enforcment wants.

      Its all fine and dandy to say law enforcement needs certain powers to be able to do their job, but without independent oversight its ignorant not to expect that that power to be abused.

  2. The obvious lying to the Australian people not to mention the undermining of the sovereignty of Australia, requires a full investigation, open and transparent and publicly followed.

    I will never be using this company again, nor will any endeavour i am or will be involved with.

    I await full parliamentary investigation and disclosure.

  3. gypsyranger – I think you will be waiting a long time for a big disappointment. Are you so naive to think that the Australian Government doesn’t already know about and endorse this ??

  4. Patrick,

    yes of course but it is only through public outcry can we force such a thing to happen.

    Or do we just throw politics out in it’s present form and discuss as a nation what to do going forward.

  5. Get used to it, large business and government departments have had data share agreements for years. Yes it is wrong however there has been no real protection for privacy in Australia for years. With smart phones and the internet it has become even more of an issue. Web browser plugin for Google Chrome and Firefox clearly show you how you are being monitored while on the internet. If you use Chrome or firefox (I would recommend you do so you can see how you are being monitored) download the Collusion add-on. it shows you every company and organization that tracks your movements (IE doesn’t allow you to see this).

    Smart phones, look at the privacy policy when you download an app, it tells you they want access to your contacts, location etc. this information is also stored with your phone provider. A lot of criminal cases have been solved by tracking a person mobile phone location using the gps tracker (too bad if you have an iphone because you can’t turn off the gps even if you have turned it off in the settings, and turning your phone off will not help either).

    Flybuy cards, reward cards etc, all do the same thing, they can see where, when, how much and how you pay for items then sell that information. See a nice new car going in a raffle, guess what, that information is sold to database companies, they don’t really make that much money from selling the tickets, the real money comes from selling the information. FCSonline, Mirusonline and other companies like these are the ones behind the raffles, you pay them money for a chance to win a car and they sell the information you provide at around $5 per listing. Win win for them.

    If you want privacy, don’t use Android, iPhone or other smart phones. Don’t user rewards cards, don’t enter competitions and get off facebook and other social media sites. The only reason privacy is dead is because people are giving the information away for free all the time.

    If you want to find someone go to companies like Oztrace, Veda advantage, Dun & Brad street, National Data Collection and other data collection companies, by a report and get all the information you want. The only companies from the above mentioned that do actually have some sort of restrictions in place are and national data collection. Veda, D&B and even experian give out the information without any real checks or privacy restrictions. I have been trying to get information out of Oztrace and National data collection without any luck as they say it is not available to the public.

    Stop giving out your information for free and you won’t have an issue.

Comments are closed.