Friday, 13 July 2012

We knew nothing, nothing! Honestly?


Following widespread social and mainstream media reporting The ISP Column in July 2012 recapped:

On the 18th June, it was reported on an Australian users' forum, Whirlpool, that whenever a Telstra mobile data service user contacted a web site, then some 250ms later the same web site URL was fetched from a different source address. It appeared that somehow this third party was stalking the mobile data user, visiting all the same web sites as the user, in every case shortly after the user. (http://forums.whirlpool.net.au/forum-replies.cfm?t=1935438)
This third party was reported to be on the IP addresses 50.57.104.33 and 50.57.190.97. These addresses are used by Slicehost, who appears to be a hosting service provider located in San Antonio, Texas in the US.
Other users reported on the same behaviour, and it quickly became evident that this was a more general behaviour that had been quietly introduced by this national carrier without any form of notice to their users. The observed behaviour was that all URLs used by end users of their mobile network, whether private or public, were being passed across to this US-based third party, who in turn were repeating the original access call to the visited URL, if the URL was a novel URL. There was some speculation in the forum on the particular motives were driving Telstra to stalk its users in this manner, and some speculation that Telstra was attempting to monetize its user's browsing behaviour by on-selling this user behaviour data to a foreign third party……
In response to an accusation of unethical behaviour on the part of Telstra, a local industry publication, SC Magazine, reported the following:
"But in a short statement, Telstra’s senior media boss Craig Middleton said the company’s wireless network management assured that “there is nothing untoward in what the Whirlpool member has observed - it is a normal network operation”."
[
http://www.scmagazine.com.au/News/305928,telstra-says-its-not-spying-on-users.aspx]……
A few days later, on the 26th June, it was reported that:
"Telstra has confirmed it is tracking websites visited by its mobile users in the lead up to a launch of a new web filtering solution.
Days after suspicions of Telstra's networking monitoring activity was first aroused, the telco has revealed it captures web addresses visited by millions of subscribers on its Next G network.
The addresses are compared to a blacklist of criminal sites curated by web filtering company Netsweeper, and held both in Australia and the US.
[
http://www.scmagazine.com.au/News/306441,telstra-tracks-users-to-build-web-filter.aspx]

Finally, after trying to say the secret data collection was all about protecting our kids, in the transcript of this email (from Telstra CEO David Thodey) Telstra senior management appears to be asserting that it didn’t know what Team Telstra had been doing with customer information:

Team
I want to talk to you about why customer privacy is not negotiable.
Last week, the media ran with a story that Telstra was sending information about the web browsing activity of Next G customers to a third party company in North America. We were collecting this information to classify Internet sites for a new cyber-safety tool called Smart Controls.
We stopped the program immediately, as this was the right thing to do. We informed the media and briefed the Privacy Commission and other regulatory bodies. But by then, the damage to our reputation was already done.
Some of our customers may feel we have broken their trust, and, frankly, they are entitled to feel that way.
The hard reality is it will take months of hard work to win back that trust.
I am also concerned that this incident occurred in the same week that the Australian Communications and Media Authority and the Privacy Commissioner handed down their findings on a privacy breach last December, when customer records were exposed on the Internet.
Judging by media reports, the Privacy Commissioner, Timothy Pilgrim, is also concerned. He told The Australian last Friday that he was now on the lookout for systematic privacy weaknesses in our operational culture.
It’s not hard to see why. These incidents and investigations create an impression that Telstra does not care enough about the privacy of our customers. Not only that, they undermine the great work we have done to improve customer satisfaction and change the way our customers talk about us.
Of course, the truth is we care deeply about customer privacy.
That’s why I want to remind everyone that privacy is not an aspiration at Telstra – it is an essential requirement and our license to operate.
Privacy at Telstra is everyone’s responsibility. We have to do better.
If you have concerns with anything that threatens the privacy of our customers, then raise the issue with your manager as a matter of urgency.
Our customers’ trust is a commodity that’s both precious and fragile. It takes months and years to build, but can be broken in one day.
That’s what happened last week. It must not happen again.
David

No comments: