Telco Hall of Shame: Telstra

Inductee: Telstra

Headquarters: Australia

CEO: David I. Thodey

Telstra Board of Directors

CORPORATE INFO

Network Size: 13.8 million mobile subscribers, 2.4 million retail fixed broadband customers and more than 2.5 million mobile broadband customers.

Countries of OperationTelstra Global has partner carrier relationships in 230 countries and territories and more than 1,300 “Points-of-Presence” throughout Australia, Asia Pacific, Europe and the U.S.

Finances: Total revenue of $25.4 billion for year ending 30 June 2012, with net profit after tax of $3.42 billion.

HUMAN RIGHTS POLICY

Telstra values and respects human rights.

Telstra seeks to support and respect the principles on human rights set out in documents such as the UN Global Compact and Universal Declaration of Human Rights. Telstra complies with applicable legislation that is reflective of human rights in the jurisdictions in which it operates including anti-discrimination and privacy legislation. In the event of a conflict between local laws and Telstra policy, Telstra will abide by local law, while endeavoring as far as possible to act in accordance with the spirit of Telstra’s policy.”

THE RECORD

Tracking web browser histories

Without notifying its customers, Telstra tracked and sent websites visted by users of its Next G mobile broadband service in Australia to the US office of Netsweeper, Inc., a Canadian web content filtering and threat management firm that specializes in filtration software, content control mechanisms, and blacklists of websites as spam, fraud, and pornogrpahic material. Netsweeper tools have been found in use filtering content in Qatar, the UAE, and Yemen, among others.

In June of 2012, Telstra admitted to gathering and delivering this user data as part of trial testing for a “new internet filtering product,” allegedly for enhancing parental control over their children’s web browsing.

The scheme was only uncovered when an independent engineer set up a test to verify rumors that user data and browsing URLs were being sent overseas.

Following this revelation, the company stopped selling the parental controls filtering service but reintroduced it in November.

Facilitating warrantless access to user data

Australian government agencies accessed private telecommunications data and internet logs more than 300,000 times during criminal and revenue investigations between 2011 and 2012, a 20 percent increase on the level of surveillance activity in the year before. Australian law allows these requests without a warrant or judicial oversight. Although disaggregated data is not available by ISP or operator, Telstra is the nation’s largest telecoms provider, and it is likely a proportional number of those warrantless requests are made to Telstra about their users.

734,000 accounts leaked

Telstra left 734,000 customer records publicly accessible on the internet for eight months in 2011. This data leak broke multiple Australian consumer privacy laws, revealing customer names, addresses, dates of birth, and even drivers license numbers. Usernames and passwords were also revealed for 41,000 accounts. Telstra IT security specialist Scott McIntyre characterized the privacy breach as the result of “one little oops,” that became a “wonderful learning experience” for the telco.

Throttling peer-to-peer content sharing

Telstra is planning to slow the speed at which its ADSL customers download content through peer-to-peer (P2P) networks in peak periods as part of a trial. Telstra confirmed the move in a statement, after it was reported that the telco had planned to introduce throttling as a “trial” that would likely become permanent, and would required users to opt out if they didn’t wish to take part in the “trial” experience.

Telstra has also stated it will employ ‘network enhancements’ to reveal the ‘signature’ of the traffic, but claims it will not inspect packets of data for their content. In analyzing internet traffic, detecting the ‘signature’ of the traffic is the first step. The ‘header signature’ reveals, at the least, information such as the IP address of the party requesting a response from the host server, the protocol of their request, the port they used, and possibly their browser or the referring site for web traffic. Experts can identify P2P services by identifying their common ports, and other signature inspection methods as Symantec notes.

Know something about Telstra that we missed? Let our telco policy expert Peter Micek know [email protected] | Public Key: 0x22510994