Update on Telstra’s mobile cyber-safety tool
Filed under: customers, cyber safety, mobile internet, news, Privacy
A number of our customers have contacted us over the past 24 hours about network activities some users have noticed on the Telstra Mobile Network, and the topic has generated a lot of discussion inside Telstra too. I wanted to address the concerns.
Firstly, it’s crucial for me to point out that our customers’ trust is the most important thing to us, so upon hearing concerns about the development of our new cyber-safety product we have stopped all collection of website addresses for its development.
We’ve made this decision as part of our acknowledgement that more consultation was needed before launching this service.
The new cyber-safety tool was designed to allow adults to choose the website categories kids in their care can access on a mobile phone. The website addresses were being collected to allow parents to specify the website categories kids can access on their mobile phone.
In order for this product to work accurately we needed to classify internet sites, based on the content they hold.
I want to reassure all our customers that at no point in the development of this product was personal information collected or stored and we’ll be reviewing what we learned from this project.
We understand our customers’ concerns about protecting their privacy online and are serious about keeping trust on this front by being transparent about the way we deal with customer data.
We’re already talking with key industry bodies to determine how best to proceed in the future. Cyber-safety is an important issue to address but we’re also very conscious of individual rights.
Please feel free to post your questions or concerns below as we’re happy to respond individually to any customers with concerns.
“no point in the development of this product was personal information collected or stored”
That is an outright lie, seeing as private URLs were collected, stored and passed onto a third party.
I agree, Telstra simply cannot be trusted with privacy matters. It denies, denies, denies.
Remember last year when Telstra allowed the personal information of 800,000 customers to be made available publicly via a portal? It just never ends with Telstra.
Even in the current matter it says that no personal information is sent to the USA — well, some URLs contain personal information. Furthermore, why must our browsing history be sent abroad anyway?
Telstra, you are despicable.
Hi Jason, I hope you’ve seen Anthony’s reply which goes into a bit more details than I was able to myself. Hope this helps. Danielle
Everytime I hear the “won’t somebody think of the children” type of response to these issues I get even more frustrated.
The post does not address anything, namely:
– Why weren’t we told?
– Is any data stored that can be used to identify the user?
– What sort of restrictions arep laced on the use of said data by the third parties?
– How do I opt out?
– Why can’t I opt out?
– Where in my contract does it state you can give my data to a third party?
– Did you seek advice from the privacy commissioner before handling the data in this way?
– Have you stopped doing this now? If not when? and why?
Hi Jon, my colleague Anthony is far better at answering these specifics and has address some of the questions here as part of a new post. Hope you’ve been able to see it and it’s been useful in answering your questions. Danielle
Can you please clearly state:
* What specific data was being collected?
(e.g. for HTTP which of: client IP, server IP, URL, GET/POST variables, headers, authentication information.)
* Of the above information, what was communicated to a third party?
(i.e. specifically what was stripped or anonymised)
* Who was the third party, and what is their privacy policy?
* Was data collected on protocols other than HTTP on port 80?
Hi Frazer, we’ve published some more information that includes a diagram detailing the process Telstra undertook in the development of the Smart Control tool. http://exchange.telstra.com.au/2012/06/28/further-update-telstra-smart-controls-cyber-safety-tool/ Hope this helps. Danielle
I understand that as my isp you can track what I’m doing. I also know there are local laws and policies that prevent you from doing that. But you gave that data to a foreign company without telling me?
My concern is that it has been shown again and again that anonymising this kind of data is not an effective method of protecting personal data. Just look at what happened with AOL in 2006.
I’m also concerned that this data is being sent to the US. A country with very different data privacy laws to Australia.
I am more than annoyed at Telstra’s actions, I am very, very angry.
I am a retired web developer and I’ve been following the Whirlpool thread on your actions since it started.
I understand the implications of what you have done, the fact that you used a US based site to fetch the user’s URL page data rather than an Australian site invites the assumption that you tried to avoid any Australian legal implications.
You suck.
If it was within my power to avoid Telstra/Bigpond for my telephony services you can bet your life I would be gone.
You can guarantee I’ll be supporting any and all possible actions and sanctions against you that I can possibly assist with.
Hi,
You say no personal information was sent to this US based company. Can you please confirm explicitly then that you have been stripping out usernames and email addresses that are sometimes contained in URLs before you send them to this company?
Thank you.
Hi Ash, I posted below to let you know we’ve published some more information detailing the process Telstra undertook in the development of the Smart Control tool. http://exchange.telstra.com.au/2012/06/28/further-update-telstra-smart-controls-cyber-safety-tool/ Wanted to make sure you had seen it. Danielle
This doesn’t address the moral problem with being involved with a company (Netsweeper) who has customers who use this technology to suppress human rights (freedom of speech and access to information).
With companies such as Telstra being customers of Netsweeper, it makes their technology affordable to those states who wish to use it to oppress their citizens.
Indeed:
A Canadian tech company is under growing scrutiny for helping some of the world’s more repressive regimes filter online content, prompting calls for Ottawa to establish a clear foreign policy for cyberspace.
Netsweeper Inc., based in Guelph, Ont., has provided services for telecommunications companies in Qatar, United Arab Emirates, and Yemen, according to the Open Net Initiative.
http://www.citytv.com/calgary/life/article/146397–canadian-online-censor-netsweeper-under-scrutiny
Telstra, now helping suppress human rights.
Will Telstra be making a data breach disclosure to the Information Commissioner for inadvertently or otherwise allowing transnational data flows without consent in violation of National Privacy Principle 9(b)?
It is also (relatively) well known that anonymization is nowhere near perfect and often rather flawed. Will Telstra be disclosing exactly how they attempted to make this data anonymous so that the claim can be independently verified?
See: http://arstechnica.com/tech-policy/2009/09/your-secrets-live-online-in-databases-of-ruin/
Given accessing some of these URLs may have actually revealed customer data – will Telstra now ensure that the data gathered from this exercise is securely deleted?
(Including backups, logs, and captured website data)
Hi Will, just following up to make sure you’ve seen my colleague Anthony’s post as he goes into some more detail about online information collection – he’s included a diagram that provides a step-by-step overview. Danielle
Why did you initially lie and say it was “normal network operation” when it is now acknowledged that it was for a product that didn’t exist and thus, far from “normal network operation”? What other lies has Telstra told?
Does Telstra acknowledge that the list of URLs that I may visit is my personal information and may be personally identifiable information?
Aside from this incident, what other information have you kept for any reason, including “product development”? Are you recording my calls?
You said that you would respond to these queries and yet you haven’t. Another lie??
Hi Nick, we’re certainly not lying. My colleague Anthony has published a post that goes into more detail about the additional queries posted here. As you can see there’s been quite a few requests and we’re doing our best to get back to all major concerns. We do talk more about the type of information that was collected for the cyber-safety product in Anthony’s post. I hope you’ve had time to read it. Once again, I’d like to apologise on behalf of Telstra – causing concern and confusion is not good enough. Danielle
This obvious attempt to avoid litigation does nothing to restore the loss of confidence and trust Telstra will rightfully suffer from this debacle. If this were an honest attempt to create a better internet environment from users, why were we not told? Why was there no way to opt-out from having our data (call it what you want, you were sending our personal browsing data) sent to a country with very sketchy privacy laws? I suppose what I’m ultimately asking is that if this were such a harmless exercise, why did Telstra feel the need to carry it out in such a private manner? Surely if you feel entitled to privacy in your dealings, you should extend that privacy to your users.
Telstra deserve neither our respect or another chance. I encourage everyone to join me in switching networks. Telstra have made it clear that in their eyes what they were doing is justifiable and the probem rests with our response to it.
Danielle it might be helpful if you post clear instructions about how a person impacted by this can request a copy of the data that has been collected by Telstra as a part of this project, and also that data which has been handed on to any 3rd party companies.
If a 3rd party has received any of this data, it would also be helpful if the details of those parties were published, along with relevant instructions for how a concerned individual could request a copy of any data they may have stored relating to them or their browser usage or history.
I agree. It must make available an easily accessible mechanism for customers to access what was sent abroad.
I might not be the brightest regarding the internet but I am not stupid either and I am an experienced teacher of little children. Not one of the proposed “cyber-safety” options I have looked at (with the help of experienced and savvy net users) to date, has gone close to being able to keep children safe on the net; they’ve only allowed people like this example to spy on others for their own benefits.
“Cyber-safety tool” Are you kidding me? Trying to play this down with cleverly worded phrases just makes you look worse in our eyes.
Hey, here’s an idea how you “might” respond: Inform every single user that “hey, we’ve kinda been doing something you most likely won’t be terribly happy with being told in retrospect, which we kept secret”.
Telstra are a complete joke, another enormous privacy bungle swept under the rug.
This is unacceptable, not only were we not notified of change of policy, we were opted into this, we do not want out production testing systems being indexed into a datamining server in another country.
Classification of websites for use in a future tool? Is this not purchasable information from a third party? Why conduct your own ‘research’ when there are third parties who already have this information.
Given that this customers data handed to a US company becomes subject to the Patriot Act (and we’re all seeing how Bradley Manning and Julian Assange is being treated), Telstra has screwed up royally on this matter. User needed to be informed and offered an ‘opt out’ (I know that I would have opted out). Waiting until it breaks out in the media and telling us that it’s for cyber safety just isn’t good enough and only diminish customer’s trust in Telstra.
This is embarrassing sycophantic nonsense, you make no attempt to acknowledge the grave intrusions of privacy nor Telstra’s personal responsibility in the matter.
How can anyone possibly trust your organisation with their data when they obviously have no grasp of the simple concepts of privacy.
“I want to reassure all our customers that at no point in the development of this product was personal information collected or stored and we’ll be reviewing what we learned from this project.” – This is just a flat out lie! – there is no factual base on which this statement is made whatsoever.
Telstra should be held accountable!
I have to wonder what people are looking at on the web to stir such passions.
Any foreign company or power looking at my browsing habits would loose interest very quickly.
Don’t be ridiculous. It is a false dichotomy to claim that we shouldn’t be worried unless we have something to hide. Have you considered that perhaps other individuals lead lives more important, significant and private than yours which involves browsing Facebook and news.com.au? This is a massive breach of privacy by Telstra, especially given that all users were opted in without their consent. You might not be privy to information that others would be interested in gaining access to, but don’t assume that is true for the rest of the internet population.
Wow, everyone that’s commented on this article really needs to calm down and put down your torches and pitchforks.
You give away far more information by accessing a social network site, i.e facebook, let alone any website (can anyone honestly say they read the privacy statement of EVERY SINGLE website they visit? – even then, too late you’ve accessed the site to read the privacy message!)
Maybe read their privacy statement, which is also provided when you connect/upgrade your service, both as a welcome pack and in your contract: http://www.telstra.com.au/privacy/privacy-statement/
———
How we use your personal information
Your personal information may be used to:
research and develop our services;
gain an understanding of your information and communication needs in order for us to provide you with a better service; and
maintain and develop our business systems and infrastructure, including testing and upgrading of these systems
—-
When we disclose your personal information
In order to deliver the services you require, we may disclose your personal information to organisations outside of Telstra. Your personal information is disclosed to these organisations only in relation to us providing our services to you.
These organisations carry out our:
website usage analysis.
—-
These privacy terms have been around for ages. Perhaps you should stop crying foul and read your contracts/statements….and stop watching ACA, it’s clearly making you paranoid.
“In order to deliver the services *you require*, we may disclose your personal information to organisations outside of Telstra”
—
The fact is that I, and by the sounds of it, many other Telstra customers do not “require” this particular filtering service.
“Wow, everyone that’s commented on this article really needs to calm down and put down your torches and pitchforks.
You give away far more information by accessing a social network site, i.e facebook, ”
You do know that some of us don’t use such sites because we like our privacy?
My children are all adults and their internet activities are not my concern. I don’t have a Farcebook, Twatter, GMail or any login to anything affiliated with such data miners. If they want my personal info (is that my intellectual property?) they can work for it – I’m not doing it for them.
If you think its ok for our own telecommunications company to give you up to another country, go right ahead, but I didn’t give you – or Tel$tra – the right to sell me.
People using a social networking site are made aware of how the site intends to use the information that they -volunteer-. The sites also tend to provide rich interfaces for setting the exact level of privacy that you’re comfortable with as you use them.
Telstra do not state, implicitly or explicitly, that they will be recording data of this type in their privacy policy at all, which means everything else regarding the ways in which recorded information will be used or disclosed in that policy is entirely irrelevant.
“Personal information held by us may include your name, date of birth, current and previous addresses, telephone or mobile phone number, email address, bank account or credit card details, occupation, driver’s licence number and your Telstra PIN, username or password. We also hold details of your Telstra services (including their status), as well as certain details about your personal interests.” — http://www.telstra.com.au/privacy/privacy-statement/
“We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.” < — This certainly doesn't apply as US law doesn't provide anywhere near the scope of protection of private information that Australian law does.
"website usage analysis" certainly seems to refer to analysis of the use of the Telstra website, rather than any intent to read every website you visit over your shoulder.
Note that it's legal to record video of the public as there is no assumption of visual privacy in a public place, but it is illegal to record audio as anything quietly spoken to the person beside you is not generally assumed to be audible to people ten metres away.
Mobile devices are used with a similar assumption of (visual, audio & telecommunications) privacy as an audio conversation, which means it falls under the category of internet wiretapping – something only certain government departments are able to do, if they're able to obtain the necessary court order.
I'd really like to see this case tested in court!
"We’ve made this decision as part of our acknowledgement that more consultation was needed before launching this service." <– Service? I believe the IT security community refer to what was done as a man-in-the-middle attack.
We're upset that our privacy has been violated, not that it has been violated so that Telstra can launch a "cyber-safety tool" maybe possibly eventually one day in the future for better protection of our privacy. The ends don't justify the means so let's not skew the issue here Danielle. You can't threaten our privacy to possibly give us better privacy later.
P.S: "Email (will not be published) (required)" <- haha suure!
@ Michelle,
Guess you don’t use any websites at all? It’s not just websites that require a login that ‘mine data’, location, browsing history, time spent per page, targeted advertisements, any website can do this or more, with or without an account.
No, you might need to brush up on what IP actually means, your personal details are just that, personal details.
I doubt they were mining for ‘personal information’ again, all of this ‘outrage’ is stemming from misguided low-level speculation. Based on the product they were testing for, it doesn’t seem likely anything other than high level web addresses and their *public* content were logged, and no originating or identifying details. – I guess we will wait for more official statements as they come out.
“If you think its ok for our own telecommunications company to give you up to another country, go right ahead, but I didn’t give you – or Tel$tra – the right to sell me.”
I also suggest you read the whole comment and take a look at your welcome packs and contracts (and the terms in the privacy link) for any services you take with ANY service provider – you can bet they have similar, if not identical terms and abilities.
Everyone just chill out until you get all the facts. There is no ‘sweeping under the rug going on’ – it’s all there in writing, and I’m pretty confident that more details will emerge, just as Danielle C has advised.
I would like to know SPECIFICALLY what information regarding my phone/online use was forwarded anywhere by Telstra, and at what point is it ok to forward anything to an outsourced foreign company when customers would have a right to believe this was – at the very least – able to be handled by Telstra internally.
Hi Anne, just in case you haven’t seen my post above I wanted to let you know my colleague Anthony is best placed to answer specific queries and he’s published a blog that goes into more detail here: http://exchange.telstra.com.au/2012/06/28/further-update-telstra-smart-controls-cyber-safety-tool/ – I hope this clarifies things for you a little better. Danielle
I have just spent half an hour on the phone trying to talk to Telstra about this.
If you ring their privacy line, and suffer the menu, and press the key to talk to a ‘consultant’, you get transferred to the messagebank helpdesk.
The messagebank helpdesk staff do their best and transfer you to another Helpdesk. That helpdesk has just transferred me to the business mobile area, who are now trying to find who transfer me to. It looks like Telstra’s internal phone book has no area for privacy issues. I am now being transferred to “customer care”…
Customer care want to transfer me to Sales. I pointed out I don’t want to buy anything, so us not helpful. I suggested they transfer me to the privacy area.
After referring this to a supervisor, they have decided to log it as a complaint….and someone will ring me back
So there is no one to ring.
If you wish a copy of the information Telstra holds on you, you may write to a locked bag in Victoria somewhere.
Somehow, I don’t think Telstra care very much about privacy.
I contacted Telstra by phone yesterday and was put through to the Phillipines where a very condasending person thought I should be pleased that Telstra were going to refund my elderly mother for a service she was not receiving from Telstra. No apology!
Please post an opt-out page for this. Better yet, an opt-in page, as it isn’t reasonable to have to opt-out, really.
At no point does this article mention collecting your personal data.
What does classifying a website involve?
Going to a URL (like http://www.google.com) and giving it a rating.
All internet URL’s are publicly available.
It does not mention that they are intercepting what YOU visit.
What a waste of time that would be since the information is already publicly available.
n00bs, the lot of ya.
They are just going to classify internet sites, via the collection of website addresses.
I interpret this as basically provide a ‘parent block’ for porn.
Like blocking access to 1900 adult numbers.
There are plenty of kids with iPhones…they can all access the deep dark interwebs.
This will be a valuable tool for parents who can’t watch their kids for every second of their life.
It would probably be a Value Added Service with the relevant T&C’s to cover the privacy stuff.
If you are worried about this issue, then look at the bigger picture: http://en.wikipedia.org/wiki/Internet_censorship_in_Australia
This classification system, down the track, will allow for censorship, something that is driven by the government.
Go direct your energy to a better cause.
How about you answer just one of these questions, Telstra?
People seriousally, does it really matter? I bet all ISP have been doing similar stuff for years. Credit Card companies have been passing on purchasing history to marketing companies for ages. “Big Brother” is already here and has been for ages. What are you so ashamed of that you care so much??
If it takes steps like this to stop my kids from viewimg porn on their mobile phones, and other graphic indecent and disturbing material online I am all for it.
Most of you are pretty sad at just jumping on board slaming Telstra for other petty issues but forget that they also give back more to the community than most organisations in Australia through sponsership, awards to small business, and also i heard they are giving away over a $1M to non profit organisations.
Privacy is a concern once it has been comprimised, until then im not worried. CCard Companies have insurance for fraud.
Telstra should use this with the Police to catch pedo’s etc!
Focus on the real issues people, not how long you were on hold for!!
Are you really saying that supporting a company that is happy for it’s technology to be used to suppress human rights is okay because it just may block some site you deem unsuitable for children?
There are other companies that do not sell to people wanting to use their products to oppress their citizens.
There is also the possibility of you purchasing software yourself for use on devices used by your children, that way you get full control and get to easily participate in the excellent thing that is consumer choice and competition for your dollars.
It’s people like you that are running headlong into Big Brother’s arms. You honestly believe that the rest of the population should give up their privacy because you can’t be bothered to act as a responsible parent? You would rather rely on a filter to stop your children accessing inappropriate content rather than teaching your children appropriate standards and morals? And all of this at the cost of other people’s freedom?
Telstra have a responsibility to make clear what information was accessed and precisely how it was used.
I would like to ask all commenter here, “do you realy think any of the Telcos are any different to Telstra in matter like this” if you think so then maybe you should think again as most of them are owned by overseas companies so all your data is over there anyhow. My concern is that all steps are taken to protect our information and this is why I don’t use my telephone for activities like this. They found out they were doing wrong and are trying to rectify it and by the way NO I DON’T WORK FOR TELSTRA but trust them more than most of the other companies.
Thanks for all the comments here. Many of them seek clarification on a range of topics and we are working to get back to you on these things tomorrow. Please continue to ask questions here as we are committed to clarifying any points of concern you might raise. Danielle
More weasel words tomorrrow?
Danielle,
My number one concern is why did Telstra downright lie about what was happening?
In no way is that normal network operation, please don’t take your customers for fools.
All my services are with Telstra at present and contracts ending next month, I will now be very closely considering my alternatives.
“…so upon hearing concerns about the development of our new cyber-safety product we have stopped all collection of website addresses for its development.”
This statement trivialises the concerns to the point of being offensive.
It paints those of us who complained as anti “cyber-safety” in what I believe is a deliberate attempt to spin the burden of reasonableness away from Telstra.
The concerns are completely detached from the explanation of why… the fact that they were being used for “a good thing” is immaterial to the discussion.
The hubris is stunning.
I have often accessed my bank accounts through my Telstra mobile, via their websites.
Has this been recorded and if so, what information has been captured?
Is my data, my personal banking information safe?
Unbelievable.
Rang Telstra after finding out about this. Got the complaints department, and despite referring to a supervisor the person I spoke to had no clue.
Is this is how telstra treats its customers, spying on them via an overseas company?
Why was the original response a lie?
I would love to have clarification on that.
Anand
Does your illegal network activity extend to ADSL network, if so what are you collecting? It seems to me you would not be able to strip out all the ‘personal’ data from every communication? What other laws are Telstra breaking?
Telstra have shown they cannot be trusted, there has to be other trust issues with them. Supporting a company that supports inhuman regimes would be a trust issue, would’nt it?
Maybe, with recent generations coming of age and getting into these companies, their ‘don’t care about anybody’ attitude is the problem.
McDonalds is good example, there greeting is now ‘whaddya want?’
Seems like more regulation is needed as current regulation not working. ‘Code of practice’ is waste of time, but was/is good political trick.
I feel like I’ve caught someone tapping my phoneline and, when caught, they’ve said “Oh I was only giving away a list of the people you’ve been calling, I haven’t been attaching YOUR name to it.” despite the fact that I’m easily identifiable by the fact that I contact everyone else in my family.
Although in this case it’s because I visit their blogs and homepages.
The argument that “well nothing is really private these days, so surely everyone is expecting us to bug their personal internet connections for our own needs” really doesn’t fly with me.
I regularly access confidential copyrighted material in the course of my daily work, and sometimes this is via my NextG connection when I’m out of the office.
That Telstra has been sharing this material, without my or my employer’s knowledge or consent, with a private company outside the Commonwealth of Australia is intolerable to me.
I will be recommending to my employer that we close all NextG mobile accounts immediately and move to another provider.
Could a Telstra representative please advise how I can request a copy of every piece of information disclosed to this third party?
I have to say I’m pretty disgusted at Telstra’s behaviour in this matter.
Breaching the telecommunications act on privacy, changing terms and conditions of contracts without due notification etc.. Sending private information to an off shore site
Lying about what has actually happened.
Just astoundingly bad.
“..are serious about keeping trust on this front by being transparent about the way we deal with customer data.”
I’d assume by transparency, you would be providing a way for those affected to review the data transferred and to whom the data was provided to.
I, like many others, want an answer to these questions:
: Why weren’t we told?
: Is any data stored that can be used to identify the user?
: What sort of restrictions are placed on the use of said data by the third parties?
: How do I opt out?
: Why can’t I opt out?
: Where in my contract does it state you can give my data to a third party?
: Did you seek advice from the privacy commissioner before handling the data in this way?
: Have you stopped doing this now? If not when? and why?
Yours, Peter Valentine
Hello Dr PA Valentine – your questions are valid and I encourage you to read my colleagues blog which goes into some more detail about the data and information collected, here: http://exchange.telstra.com.au/2012/06/28/further-update-telstra-smart-controls-cyber-safety-tool/
Hi Danielle,
This issue is not going to go away with a press release.
What Telstra were doing is totally unacceptable and hastily changing your T’s&C’s is not going to save you.
It may be worth reading Mark Newton’s thoughts on it over at whirlpool http://whrl.pl/Rdexb5
Cheers Marty
As usual Telstra has treated its customers with contempt. It has passed identifiable clickstream data onto a company which provides censorship tools to the worst regimes in the Middle East. It has lied about its behaviour when it was found out. It has demonstrated just how insecure mobile Internet access is over its network. It has confirmed that it cannot be trusted. How can anyone be sure that the present apparent back down is genuine and that other similar invasions of customers’ privacy are not still occurring? At least I have learned just how careful I need to be when browsing the Net with my phone – a valuable lesson indeed.
Thanks, cloud, for saying that two wrongs *do* make a right, and implying it’s our fault for wanting our browsing history to be private. Further, you played the “won’t someone please think of the children” card, really, a stellar effort in one post. And then to finish with the implication that if this bothers you you must be a pedo? Humph.
@John: that’s facile, a URL often contains data that identifies the session (it has to, HTTP is stateless) and therefore the user.
I understand that the information being sent to the USA contained the URL of the page you had accessed as well as sufficient identifying information to enable them to know if you were accessing the site a second time. This must be sending enough data to identify the Australian user. How can they say no personal information was being sent? I am sure they have breached Australian privacy laws which explicitly prohibit sending sensitive information overseas.
“Please feel free to post your questions or concerns below as we’re happy to respond individually to any customers with concerns.”
Have you responded to any of these? Your response is overly vague, and doesn’t answer any of the questions put to you, such as:
* What data, apart from URLs, has been logged, and to where?
* What provisions have been taken to safeguard this data?
* Why were customers not informed of this beforehand, nor given a chance to opt-out?
* Why have you still not notified customers directly of the breach of privacy that has occurred?
Saying that nothing has been logged or stored is clearly false, as the URL requests coming from a US IP address indicate that you have transmitted data from Australian customers offshore, and the mention of the creation of a filer product would imply that the URLs, at the least, are being stored for analysis.
Before becoming too enraged I would like Telstra to publish the Data Schema used to transit information across to the US. This being the only way I can be reassured that no user identifiable data such as the MSDN, IMSI or IMEI is being stored. Also I would like to know the common algorithm they are using to anonymise the URL data and if they are ignoring WSDL transactions commonly used by Banking and Superannuation entities!
How naive can you people get if you are thinking that none of the other Telco’s don’t do this as well, they do but at least Telstra told you they did. Any company will onsell your inform if the price is right and that includes banks, service providers, businesses and the list goes on and on. There are even companies that make it their business to obtain and sell your information but what is the most important thing with all this, is what information they are selling. How do you think developers of information, technology, researchers and the like know what to develop or improve? Becsause someone or some business somewhere has passed it on at some time, that’s life as we know it today so you may as well get used to it. Why did the Government develop the “DO NOT CALL REGISTER” simply because your information is so easily obtained but even this does not stop the cold callers pushing business, does not stop the scammers who are regularly ringing you. Why was Wickieleaks formed and developed, not to protect us but to make money and the founder did until he was caught out and is in hiding now in a foreign embassy overseas. Get over it and calm down.
@Mick: Yet another argument that says in essence that if other people do something wrong, it’s ok if we do something wrong too. Try that argument in front of a judge sometime.
Thanks again to everyone for your comments. My colleague Anthony – who is best placed to provide specific details to questions posted here – has responded to your questions in a new post which can be viewed here: http://exchange.telstra.com.au/2012/06/28/further-update-telstra-smart-controls-cyber-safety-tool/