Subscribe:
27 Jun 2012
By Danielle Clarke
Jun
27
2012

Update on Telstra’s mobile cyber-safety tool

telstra-logo-blog-header

A number of our customers have contacted us over the past 24 hours about network activities some users have noticed on the Telstra Mobile Network, and the topic has generated a lot of discussion inside Telstra too. I wanted to address the concerns.

Firstly, it’s crucial for me to point out that our customers’ trust is the most important thing to us, so upon hearing concerns about the development of our new cyber-safety product we have stopped all collection of website addresses for its development.

We’ve made this decision as part of our acknowledgement that more consultation was needed before launching this service.

The new cyber-safety tool was designed to allow adults to choose the website categories kids in their care can access on a mobile phone. The website addresses were being collected to allow parents to specify the website categories kids can access on their mobile phone.

In order for this product to work accurately we needed to classify internet sites, based on the content they hold.

I want to reassure all our customers that at no point in the development of this product was personal information collected or stored and we’ll be reviewing what we learned from this project.

We understand our customers’ concerns about protecting their privacy online and are serious about keeping trust on this front by being transparent about the way we deal with customer data.

We’re already talking with key industry bodies to determine how best to proceed in the future. Cyber-safety is an important issue to address but we’re also very conscious of individual rights.

Please feel free to post your questions or concerns below as we’re happy to respond individually to any customers with concerns.

By

Posts: 11

84 Comments

  1. Birg says:

    If I could find an alternative to Telstra I would, however other telcos based overseas are even more “unreachable” and therefore even more unaccountable then Telstra. I would like to see if our Minister for Communications etc has any commentary – I doubt it. I am a network engineer and have no illusions regarding the porosity and vulnerability of ANY network; the issue here is Telstra’s continued arrogance towards it’s clients and assumption that it is above any questioning – comes from having a monoploy. ACCC investigation anyone, Mr Minister?

    • NextG-dropout says:

      This is not just an update on the Cyber Safety tool, it is an update on a ***serious privacy breach of all NextG mobile data services***

      Calling it a CST issue is another way to try to reduce the fallout.

  2. Mick Nicholls says:

    Mike, I was not saying it was right but what I was saying its nothing new, it happens all over the place. Most of the other Telcos are overseas owned which means it is harder to have any control over them. Every page you access on the web has cookies and that is almost the same. Even though I have my security set to not allow cookies my daily virus scan always tells me that they have deleted at least 2 cookies from my system so they can get past most of what we do in some way. What would you prefer, except of course it not happening at all, a company that does it and tells you or a company that does it and never tells you, that is what I am trying to say. At least Telstra are now up front where the others aren’t because they gather everything overseas out of our control. My privacy is such to me that I never do anything that involves my financial transactions on my mobile phone because that medium has less security than any other medium. Oh well, none of us can win this argument as we are damned if we do and damned if we dont I guess.

  3. Aaron Titman says:

    “We understand our customers’ concerns about protecting their privacy online and are serious about keeping trust on this front by being transparent about the way we deal with customer data.”
    If this were honestly the case, then you wouldn’t have done what you did. Stop spinning propaganda and tell the truth, you made a decision that was either a)not thought out, and therefore you appear incompentant or b) was thought out and you decided to do it anyway, and therefore you already betrayed that trust. How about you stop with the FUD admit the mistake, and make yourself a better company.

  4. Lies, sweet precious lies.

    Tell us why you were really stealing our data; most of us do not have children and no vested interest in ‘protecting’ them against the internet.

    - An disgusted ex customer

  5. Rhett says:

    I cannot believe that Telstra was this underhanded.

    The only inferences available on the material before us are that:

    1. Telstra intercepted HTTP requests of their customers to extract URLs;

    2. Telstra did not obtain consent from their customers to intercept their data;

    3. Telstra forwarded those URLs (and god knows what else of the data captured) to a third party immediately following the request (thereby giving the third party the time of the request as well); and

    4. The third party was retrieving the content available at those URLs (for god knows what purpose, but presumably, the data was stored somewhere).

    It is also noteworthy that the third party apparently faked its user-agent when retrieving the data (Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0). More slight of hand.

    I cannot see how anyone can reasonably draw the distinction between URLs versus content. Either way, Telstra intercepted private communications without their customer’s consent and passed those URLs to a third party.

    Certain (damning) inferences should also be drawn from Telstra’s silence on the issue, and apparent lax attitude to customer privacy (particularly after the massive breach of bundled customer’s details in 2011).

    This has to be a breach of the Privacy Act.

    The Australian Privacy Commissioner must step in. This sort of mass, underhanded interception of customer data cannot be tolerated.

  6. Sam Watkins says:

    “our customers’ trust is the most important thing to us”

    You have permanently and irreversibly lost my trust.
    Many other tech-savvy users feel as I do.

    Can you afford to do something so outrageous like this? Geeks around the country are furious, and we are taking the time to explain it to grandma.

    We are analysing the evidence, and we will explain to our friends and the general public just how badly you have abused their trust.

    The only excuse would be ignorance. We cannot trust a company of ignorant chuckle-heads either. Whether deceptive, malicious, or ignorant, we cannot trust you.

    Governments and “intelligence” agencies around the world are so very keen to monitor and track our every move. Oh, do they want to save us from terrorists? from nude pictures? I for one highly doubt that big brother has our bests interests at heart.

    Telcos needs money, and leaders need votes. You will not be getting any from me.

    Telstra has truly committed an outrageous breach of trust.

  7. Ash says:

    Hi Danielle,

    You said that Anthony has responded to our questions in his post. This is not true. There are many questions from this post and his that remain unaddressed. If you really mean that trust is important to you, and you are not just saying it because it’s in the Telstra PR manual, then don’t say things that are untrue and don’t say you’ll do things unless you intend to actually do them.

    I left Vodafone for two reasons, because the network stopped working properly was the first, but what frustrated me far more were the lies from their staff. Telstra has a good network and some very good people. You don’t need to lie and ignore issues like this. You really don’t.

  8. Rick says:

    http://www.smh.com.au/technology/technology-news/customer-privacy-is-not-negotiable-telstra-boss-admits-leaking-customer-data-20120706-21lzo.html

    According to this Thodey himself has admitted customer privacy has been violated. I’m personally shocked by Telstra’s behaviour, especially given the recent plethora of privacy breaches which have emerged. The latest one is seriously making me wonder if I should continue my Telstra service.

    The post also fails to address the fact that the information Telstra has provided (which they claim is not personally identifiable, but I dispute) is being given to a US-based organisation, which under the US government’s Patriot Act they can gain access to. This in itself is a gross violation of my privacy (why would I want a situation where a foreign government could potentially access my data?). It most likely breaches Australian privacy laws as well (hence why the Privacy Commissioner is looking into it).

    Their lack of reasonable response to this, and attempted justification of the matter, is also frankly disgusting.

    Please provide a decent, human response without some type of marketing spin or jargon.

  9. D. Metcalf says:

    Telstra – you are paid to be a CARRIER. Your job is to “carry” to the next hop based on headers. Not to perform deep packet inspection on them. The data in our packets are OUR intellectual property and ** NONE OF YOUR BUSINESS **.

    This is a fundamental breach of your primary duty as a trustee of our information.

    It would be exactly the same as Australia Post having a secret program to open envelopes of letters we send in the mail, taking copies of the contents and sharing them with their friends. What you are doing is NO DIFFERENT and since we have to explain, ** IT IS WRONG **

    We don’t care what excuses you make, or how you want to down play it. Did we ever opt in? NO. You’re sneaky, underhanded and conniving in your abuse of our data.

    I’ll save the expletives of what I really think, but whoever came up with this program should be fired. Learn to treat your customers with some respect!

    Corporate go to Telstra for security. This isn’t “a couple of months” of earning trust back. This will be remembered.

  10. Birg says:

    As many respondants have already commented the application of spin by referring to a breach of trust as “cyber safety” is insulting. The statement “we have stopped all collection of website addresses for its development” is a warning that Telstra does not understand fundamentally what can be done with networks in terms of hacking. The application of “Do Not Trace “software will not be effective when Telstra clients websites are recorded and data aggregation techniques are used for analysis. I am not a conspiracy theorist by any means but am becoming very aware that what should be a flagship carrier (note: carrier) appears not to understand the basics of a carriage service as noted by D. Metcalfe.

Leave a Comment