Last month Telstra became the first non-U.S. telco to release a regular report on government and law enforcement requests for user data.
Access has long called for all telcos to release their own statistics and policies on government requests for user data, and we are encouraged by the growing international momentum toward transparency in the telecom sector. Access welcomes Telstra’s commitment to transparency reporting, and urges Australia’s largest telco to release future reports that are progressively more comprehensive and detailed.
Government requests for user data
Telstra’s report covers the six-month period ending December 31, 2013, and tallies requests from law enforcement, emergency services, and regulatory agencies. Over this time period, Telstra reports a total of 40,644 requests. However, this figure does not include requests by national security bodies, as Telstra says such reporting would be illegal under its interpretation of Australia’s Telecommunications (Interception and Access) Act 1979.
Of these requests, 36,053 asked for Telstra customer information, including the name, address, date of birth, and service number, along with call, SMS, and Internet records. These phone records include information such as details of a called party, and the date, time and duration of a call. Internet session information includes the date, time and duration of internet sessions as well as email logs from Telstra-administered Bigpond addresses.
Another 2,871 requests for user data were the result of “life threatening situations and Triple Zero emergency” calls necessary to “prevent or lessen an imminent threat to the life or health of a person.” Finally, there were 270 court orders, and 1,450 “warrants from relevant agencies” for interception or access to stored communications data.
Unlike recent reports by AT&T, CREDO Mobile, and other telcos, Telstra did not disclose the number or requests that the company rejected or challenged, or instances where partial or no information was released. Such information could provide useful insight into the application of internal privacy policies, and Telstra’s compliance with industry best practices for handling government requests, such as the Telco Action Plan. Though Telstra is not participating in the Telecommunication Industry Dialogue, Access recommends the company consult that group’s Guiding Principles as well.
Transparency and accountability
The Australian government releases its own annual reports covering requests arising from each of the Telecommunications (Interception and Access) Act 1979 and the Surveillance Devices Act 2004. While these reports provide important insight into the application of these laws, they are no substitute for telco transparency reports. Government and company reports are mutually reinforcing, and can be compared to paint a complete picture and help ensure accountability on the transfer of user data.
Despite the growing trend of internet firms releasing transparency reports—pioneered by Google in 2010—globally few telcos have released their own transparency reports. Vodafone recently committed to releasing data for each of its 25 markets—the only other non-U.S. telco to do so. In addition to reporting on government requests for user data, Vodafone also plans to report on any legal barriers to disclosure in its countries of operation. If Telstra included similar information in its future reports, this data could shed light on the Australian legal framework governing national security-related requests.
While systematic transparency reporting is necessary to protect user rights, it is not an end unto itself. Its real value comes from informing users and investors about country and company-specific trends on how and why governments request information, and how companies respond to those requests, so that users can make informed consumer choices. Furthermore, shining a light on the application of governing laws and policies will enable citizens and policymakers to advocate for more fair and sustainable privacy frameworks.
Moving forward, Telstra should build on the progress of this report, and further disclose progressively more detailed information on official requests for user data. Telstra should also include data requests from its international operations, or explain any legal barriers to disclosure. Finally, Access urges Telstra to join the Telecommunications Industry Dialogue, to contribute to the ongoing exchange among global telcos and other stakeholders on best practices for constructive transparency reporting.