Category Archives: SERVICES

Telstra backflips on refusing customer access to metadata

Ben Grubb tells the story

After previously refusing, Telstra will soon provide its customers with some of their personal metadata.

After previously refusing, Telstra will soon provide its customers with some of their personal metadata. Photo: Bloomberg

Telstra has become the first Australian telco to offer its subscribers similar access that law-enforcement and intelligence agencies have to their private phone metadata, backflipping on its previous position of refusing them access to it.

Starting April 1, Telstra will give their customers access to a limited set of their “metadata” for a fee — information about who they’ve called, the time, location and duration. It does not include the content of a communication, such as the detail of what you said or wrote in an email or SMS.

Triangulation: A German politician got his metadata from his telco and showed how it plotted his movements.

Triangulation: A German politician got his metadata from his telco and showed how it plotted his movements.

But the scheme won’t give customers access to information about another party to a communication with them, such as who called them (this information is collected though, and can be handed over to law-enforcement agencies).

Still, the move will provide customers with much more access than they otherwise would’ve had through Telstra’s MyAccount portal or through their monthly bills, with information being made available to include “the actual location of the cell tower an outgoing call was connected to when the call was made”.

The fee to get the data will depend on how far back into Telstra records you request, Telstra said.

“Simple requests are expected to cost around $25, while detailed requests covering multiple services across several years will be charged at an hourly rate. This is the same practice of cost recovery that is applied to requests from law enforcement agencies,” a statement on Telstra’s website published on Friday said.

“This new approach is all about giving you a clearer picture of the data we provide in response to lawful requests today.”

The decision to allow subscribers access to their metadata follows this writer lodging a complaint with Australia’s federal Privacy Commissioner, Timothy Pilgrim, following Telstra’s refusal to provide access to his metadata under the Privacy Act. The Act gives Australian citizens a right of access to their “personal information” from a company, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.

It was argued that while Telstra regularly provides the Australian Taxation Office, spy agency ASIO and numerous other Australian law-enforcement agencies access without a warrant to any customers’ metadata, it should also be obligated to provide it to its own customers under privacy laws.

Since the complaint was lodged over 20 months ago, Telstra has argued that it shouldn’t have to provide its customers with access.

Despite this, it has handed over access to some metadata over the time of the complaint, but not all of the information it provides to law-enforcement. For example, it has argued that to provide incoming call record logs (who has called a customer) would be in breach of that person’s privacy.

If access to such logs were ever provided, it could help track down pesky telemarketers.

This writer has argued that if the other party is using caller ID, then the number should be provided.

Telstra has also previously failed to provide internet-related metadata it might have on its systems, such as IP address logs. But Friday’s announcement made no mention of this data.

The Privacy Commissioner heard this writer’s complaint in a hearing late last year and is imminently expected to release his decision.

Meanwhile, the Abbott government recently adopted a recommendation of the Parliamentary Joint Committee on Intelligence and Security — which scrutinised Australia’s upcoming “data retention” laws — that will cement current privacy laws, forcing telcos to provide access to customer metadata.

The telcos, through industry body group the Communications Alliance, have said they are unhappy with this requirement.

The upcoming retention laws, which Prime Minister Tony Abbott wants passed by the end of this month, will force all Australian telcos to store for two years customer metadata for access by law-enforcement agencies. It’s argued the laws are required because telcos are regularly deleting metadata which the agencies say is crucial in investigating crime.

The retention regime is estimated by PricewaterhouseCoopers to cost anywhere between $188.8 million and $319.1 million to establish. But the government has yet to say exactly how much it is prepared to commit to it, raising the prospect of higher internet fees passed on by telcos to customers.

Following this writer’s request for access to this data, Wilson da Silva, a science journalist and a former editor-in-chief of science magazine Cosmos, argued that allowing people access to their metadata might actually improve their lives.

“Being able track your own everyday movements [with metadata], and match ­them with your entire digital footprint, might … bring you countless health and lifestyle benefits, such as predicting the onset of heart disease or depression,” he said.

The request for access in Australia followed German politician Malte Spitz successfully suing his telco in 2011 to get his metadata.

He published it to show constituents just how invasive having all of your metadata stored was in the wake of mandatory data retention in his country.


Henry Sapiecha


Public hearing into proposed Maritime Patrol Aircraft Replacement facilities

Public hearing into proposed
Maritime Patrol Aircraft Replacement facilities

The Public Works Committee is conducting a public hearing into the proposed facilities, infrastructure and airfield requirements for the Maritime Patrol Aircraft Replacement Capability Project (AIR7000 Phase 2B).The project being examined by the Committee will provide the facilities, infrastructure and airfield works to support the new aircraft. The works will take place at the main operating base, RAAF Base Edinburgh (SA), the forward operating bases, RAAF Bases Darwin (NT), Pearce (WA) and Townsville (Qld), and HMAS Stirling (WA).Works are expected to begin in October 2015 at RAAF Base Edinburgh and HMAS Stirling, with works at the forward operating bases planned to commence in 2018. All works are expected to be completed by the end of 2020. The estimated cost of the project is $707.9 million, excluding GST.Public Hearing Venue: Education Development Centre, 4 Milner St, Hindmarsh, SA
Date: Thursday, 29 January 2015
Time: 2.00pm to 3.00pm

Members of the public are welcome to attend.

Full details on the project are available on the Committee’s website:

NB the Public Works Committee is neither involved in the tendering process nor the awarding of contracts. Enquiries on those matters should be addressed to the Department of Defence.

For interview: Contact the office of Mr Graham Perrett MP, Deputy Chair, on (07) 3344 2622.

For further information, including the public hearing times, and copies of submissions when they become available, please visit the Committee website or contact the Committee Secretariat on (02) 6277 4636.

Media release date: 28 January 2015

More than 84,000 Telstra customer records accessed by government agencies


Telstra says the majority of access requests were performed to check whether customer accounts were active. 

Only 3.9 per cent of Telstra customer records accessed by policing and spy bodies in 2014 were approved by a court order or warrant, according to the company’s first annual Transparency Report.

Government agencies and policing bodies gained access to 84,949 Telstra customer records in financial year 2014. Telstra is Australia’s biggest telecommunications provider by market share with around 3 million fixed-line internet customers and 16 million mobile customers.

The number of requests has also risen over the past 12 months with 44,305 requests in the second half of the year compared to 40,644 in the first half.

“Between 1 July 2013 and 30 June 2014, we received and acted on 84,949 requests for customer information,” the company said. “Of this, 2,701 were warrants for interception or access to stored communications.

“Outside of Australia, we received less than 100 requests across all the countries that we operate in.”

Of the 84,949 cases of information handed over by the company, just 598 were in response to court orders while 2,701 were based off warrants for the interception to data. Around 6,202 were related to emergency calls for help to triple-0 or similar services.

Telstra said the vast majority, 75,448, of these records were carriage service records, customer information or “pre-warrant checks” that determine whether or not a customer is still active at the company.

A range of police and spy agencies are allowed to access customer information with a “lawful request” that does not require a warrant or court order.

These range from conventional bodies like the Australian Federal Police to other agencies such as the Royal Society for the Prevention of Cruelty to Animals (RSPCA) and local councils.

The number of customer records accessed across all telcos is likely to be far higher because Telstra only manages around 50 per cent of the market. It is one of the very few companies in Australia to provide a detailed breakdown of data requests from police and spy agencies.

Greens Senator Scott Ludlam has been leading a Senate inquiry into Australia’s surveillance and data retention laws. He said he was concerned about the figures and that the number of warrantless requests was rising by 10-20 per cent every year.

“It’s a huge escalation of warrantless access to people’s records and you’d have to expect that if the data retention regime was brought forward that the number would continue to skyrocket,” he said.

Civil libertarian and privacy advocacy groups are fighting the federal government’s push to force telcos to capture and store the metadata of all customers for a two year period.

Critics pointed to the often confused and contradictory announcements made by different government ministers over what types of metadata would be recorded with fears the scheme would cost the industry hundreds of millions of dollars.

“It appears these agencies can conduct their business and have done for years and years without a data retention policy and without access to new categories of metadata that didn’t exist ten years ago,” Senator Ludlam said.

“Even if the data retention proposal was taken off the table … we’ve got a very big problem with the warrantless accessing of extremely invasive material including location records.”

Telstra has already admitted it has provided the browsing history of some customers without a warrant “in rare cases”. The telecommunications industry is negotiating with the federal government over what will be included in the highly controversial scheme.

But spying and law enforcement bodies have said the system is vital for fighting crime and terrorism in a digital age.

Henry Sapiecha

Telstra found divulging web browsing histories to law-enforcement agencies without a warrant

Telstra says it has divulged customers' web browsing histories without a warrant.image www.intelagencies.coms

Telstra says it has divulged customers’ web browsing histories without a warrant.

The federal government has been left red-faced following revelations that law-enforcement agencies have been accessing Australians’ web browsing histories without a warrant.

Access to phone and internet data held by telecommunications companies has been the subject of much debate recently, as the government seeks to extend the power of intelligence agencies to fight terrorism. It has proposed telcos retain customers’ metadata for up to two years for investigation.

However, spy agency ASIO and federal police have given assurances that data on what websites Australians visit – know as web history – could only be obtained with warrants.

Now a paper published by the parliamentary library on Monday has revealed an industry practice of providing website addresses (URLs) to law enforcement without warrants.

Telstra confirmed on Tuesday evening it had provided URLs to agencies without a warrant “in rare cases”. It did not name the agencies or how many times it provided information.

Jaan Murphy, author of the report, said the current regime already appeared to allow for access.

“The current regime for access to metadata arguably allows law enforcement and intelligence agencies to access [Uniform Resource Locators] under the umbrella of ‘metadata’ (provided the URL does not identify the content of the communication) despite stakeholders holding contradictory perspectives,” Murphy wrote.

In the paper, Murphy quotes a little-known submission by Telstra to a previous inquiry which examined, among many things, whether telcos should be required by law to store certain customer data for a period of up to two years.

Telstra’s submission indicated that the type of data it had already disclosed to law-enforcement and national security agencies without a warrant included “…(URLs) to the extent they do not identify the content of the communication”.

“Industry practice therefore illustrates that URLs are currently provided to law-enforcement and national security agencies without a warrant,” Murphy concluded.

A Telstra spokeswoman said the company did “not collect URLs as a normal part of providing customer services”.

“The last time we did so was in relation to a life-threatening situation involving a child more than 12 months ago,” she said.

In further comments published on Telstra’s Twitter account, company representatives said it did “not collect and store web browsing history against customer accounts”.

“We welcome the clarity from government that browsing history is not part of the current proposal,” Telstra added in two subsequent tweets, referring to the controversial data retention proposal.

In a Senate inquiry discussing comprehensive revisions of the Telecommunications Interception and Access Act last month, outgoing ASIO chief David Irvine said to gain access to web browsing histories agencies such as ASIO needed a warrant.

“Web surfing … is not picked up by us and is not regarded by us as metadata; it is regarded as content, and we need to have a warrant for that,” Mr Irvine told Senator Scott Ludlam.

The Act requires Telstra comply with warrantless authorisation requests from law-enforcement agencies or non-content data. Agencies that can access the data include federal, state and territory police, Medicare, Bankstown Council in NSW, WorkSafe Victoria, the RSPCA, the Tax Office, Australia Post, ASIO, ASIC and many others when conducting criminal and financial investigations.

In 2012-13 the Attorney-General’s Department reported that such data was accessed 330,640 times, an 11 per cent increase over the previous year and a jump of 31 per cent over two years.

A spokesman for Attorney-General George Brandis declined to comment to Fairfax Media, but told ZDNet that access to URLs should require a warrant.

“Security agencies currently require a warrant to access URLs and this requirement will continue,” the spokesman reportedly said.

Earlier this month, the Attorney-General and Prime Minister Tony Abbott said a mandatory data retention regime had been given “in principle” cabinet approval for legislating later this year. They said it was needed to ensure telcos continued to retain data for law-enforcement purposes.

But both have struggled to explain exactly what data would be retained under the regime, although Communications Minister Malcolm Turnbull has explicitly ruled out web browsing histories.

Telstra’s contradictory statements and assurance that it doesn’t normally collect URLs, but was able to provide them in rare cases, is unlikely to satisfy privacy advocates and civil libertarians.

The Attorney-General’s department, which administers the Act, has, over the past month, repeatedly refused to answer Fairfax questions about what constitutes metadata and whether it includes web browsing histories.

Victoria Police and NSW Police have also refused to provide a definition of metadata.

In high-level briefings with intelligence officials in Canberra, journalists were told that web browsing histories did not constitute metadata. Internet surfing history was considered “content”. Websites visited were also not metadata, they were told.

Northern Territory Police and Victorian Police have previously lobbied parliament for browsing histories to be stored as part of any data retention regime.

Australian Federal Police Assistant Commissioner and National Manager of high tech crime operations, Neil Gaughan, has also said previously that any data retention regime should include browsing histories, despite deputy commissioner Andrew Colvin recently saying the opposite.

Several Coalition MPs have spoken out about the data retention plan, warning there is a potential for the changes to breach the rights of individuals to privacy.

Prime Minister Abbott’s recently appointed Human Rights Commissioner Tim Wilson is also against data retention, as are a number of other civil liberties groups.

Optus said it did not comment on specific data retention practices or law enforcement requests.

“Optus co-operates fully with law enforcement and national security agencies as required by legislation and in accordance with the rules established for access to customer information,” an Optus spokeswoman said.

Comment was also sought from Vodafone but it had not responded at the time of publication. Its privacy policy was recently updated to include the fact it collected “the websites you visit and the online searches you perform“.

Henry Sapiecha


Welcome to Acbo Call Centre


Henry Sapiecha

pi spy glass line-13