{"id":3062,"date":"2012-06-29T10:32:51","date_gmt":"2012-06-29T00:32:51","guid":{"rendered":"http:\/\/www.flamingspork.com\/blog\/?p=3062"},"modified":"2012-06-29T10:32:51","modified_gmt":"2012-06-29T00:32:51","slug":"not-a-good-week-for-telstra-and-privacy","status":"publish","type":"post","link":"https:\/\/www.flamingspork.com\/blog\/2012\/06\/29\/not-a-good-week-for-telstra-and-privacy\/","title":{"rendered":"Not a good week for Telstra and privacy"},"content":{"rendered":"<p>The Office of the Australian Information Commissioner just posted this:\u00c2\u00a0<a href=\"http:\/\/www.oaic.gov.au\/news\/media_releases\/media_release_120629_telstra_breaches_privacy_act.html\">http:\/\/www.oaic.gov.au\/news\/media_releases\/media_release_120629_telstra_breaches_privacy_act.html<\/a><\/p>\n<p>This isn&#8217;t to do with what I&#8217;ve posted about here the past few days, but to do with an incident back in December 2011. The details of\u00c2\u00a0\u00c2\u00a0734,000 customers were available publicly on the Internet.<\/p>\n<p>Details exposed include:<\/p>\n<ul>\n<li>Name<\/li>\n<li>phone numbers<\/li>\n<li>Services held<\/li>\n<li>free text field (where information such as username, password, email or other information could be recorded)<\/li>\n<\/ul>\n<p>The ACMA report says that up to 41,000 customers had their user names and passwords exposed.<\/p>\n<p>So&#8230; who had access? I quote from the ACMA report:<\/p>\n<blockquote><p>Between 3 June 2011 and 8 December 2011, the Visibility Tool received 108\u00c2\u00a0access requests per day from unrecognised IP addresses (IP addresses that cannot be conclusively identified as Telstra IP addresses). On the day of the\u00c2\u00a0media publication, this number increased to 20,498 access requests.<\/p><\/blockquote>\n<p>The information was available from 29th March 2011 through 9th December 2011 with from a date in October it being easier to access (via a google search).<\/p>\n<p>Unfortunately this is yet another case of internal procedures failing and being inadequate and only when the issue was raised publicly (in Whirlpool and the media) was it swiftly fixed.<\/p>\n<p>It can be hard for a person inside a company to speak up, continue to speak up and be an asshole on these issues. It&#8217;s just human nature and after all, annoying your boss isn&#8217;t what everybody wants to do all day at work. I hope that the improvements that Telstra has committed to as a result of this investigation make it easier for people to raise such problems and ensure they are resolved.<\/p>\n<p>Achieving things inside large companies can be incredibly hard. I have sometimes felt I&#8217;ve had more success trying to convince a dead seal to go for a walk than to get a large company to fix something that&#8217;s obviously broken (and everybody knows it). Undoubtedly there were people inside Telstra who knew about the problem yet felt powerless to force a fix to happen. This kind of culture is poisonous and tricky to avoid in a large organisation.<\/p>\n<p>Both ACMA (Australian Communications) and OAIC have full reports:<\/p>\n<ul>\n<li>ACMA Press release:\u00c2\u00a0<a href=\"http:\/\/www.acma.gov.au\/WEB\/STANDARD..PC\/pc=PC_410412\">http:\/\/www.acma.gov.au\/WEB\/STANDARD..PC\/pc=PC_410412<\/a><\/li>\n<li>ACMA Report:\u00c2\u00a0<a href=\"http:\/\/www.acma.gov.au\/webwr\/_assets\/main\/lib410234\/mr48-2012-telstra_report.pdf\">http:\/\/www.acma.gov.au\/webwr\/_assets\/main\/lib410234\/mr48-2012-telstra_report.pdf<\/a><\/li>\n<li><a href=\"http:\/\/www.oaic.gov.au\/publications\/reports\/own_motion_telstra_bundles_June_2012.html\">http:\/\/www.oaic.gov.au\/publications\/reports\/own_motion_telstra_bundles_June_2012.html<\/a><\/li>\n<\/ul>\n<p>If we are extrapolate out for the latest incident (NextG and Netsweeper) we could expect:<\/p>\n<ul>\n<li>Telstra Incident report in ~2 months<\/li>\n<li>If ACMA or OAIC take action, a report in ~6months<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Office of the Australian Information Commissioner just posted this:\u00c2\u00a0http:\/\/www.oaic.gov.au\/news\/media_releases\/media_release_120629_telstra_breaches_privacy_act.html This isn&#8217;t to do with what I&#8217;ve posted about here the past few days, but to do with an incident back in December 2011. The details of\u00c2\u00a0\u00c2\u00a0734,000 customers were available &hellip; <a href=\"https:\/\/www.flamingspork.com\/blog\/2012\/06\/29\/not-a-good-week-for-telstra-and-privacy\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2],"tags":[482,211,470],"class_list":["post-3062","post","type-post","status-publish","format-standard","hentry","category-life-the-universe-and-everything","tag-oaic","tag-privacy","tag-telstra"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5a6n8-No","jetpack-related-posts":[{"id":3054,"url":"https:\/\/www.flamingspork.com\/blog\/2012\/06\/28\/telstra-has-a-database-of-your-nextg-web-activity\/","url_meta":{"origin":3062,"position":0},"title":"Telstra has a database of your NextG web activity","author":"Stewart Smith","date":"2012-06-28","format":false,"excerpt":"So, in what must be my biggest blog day ever, Telstra posted this:\u00c2\u00a0http:\/\/exchange.telstra.com.au\/2012\/06\/28\/further-update-telstra-smart-controls-cyber-safety-tool\/ What is clear from their previous post and the pickup in the media (including ABC, Crikey and news.com.au) is that people care about this, a lot. What is also clear is that they've had to go and\u2026","rel":"","context":"In &quot;life, the universe and everything&quot;","block_context":{"text":"life, the universe and everything","link":"https:\/\/www.flamingspork.com\/blog\/category\/life-the-universe-and-everything\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3031,"url":"https:\/\/www.flamingspork.com\/blog\/2012\/06\/26\/an-update-on-telstras-surveillance-of-what-you-do-online\/","url_meta":{"origin":3062,"position":1},"title":"An update on Telstra&#8217;s surveillance of what you do online","author":"Stewart Smith","date":"2012-06-26","format":false,"excerpt":"http:\/\/www.scmagazine.com.au\/News\/306441,telstra-tracks-users-to-build-web-filter.aspx I'd suggest going and reading:\u00c2\u00a0http:\/\/arstechnica.com\/tech-policy\/2009\/09\/your-secrets-live-online-in-databases-of-ruin\/\u00c2\u00a0to learn a bit about anonymization failures. What we know: Telstra has the ability to monitor every URL you visit on a NextG connection Telstra is, in fact, monitoring every URL you visit through your NextG connection and piping that to some computer system that\u2026","rel":"","context":"In &quot;life, the universe and everything&quot;","block_context":{"text":"life, the universe and everything","link":"https:\/\/www.flamingspork.com\/blog\/category\/life-the-universe-and-everything\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3039,"url":"https:\/\/www.flamingspork.com\/blog\/2012\/06\/27\/telstra-stops-tracking-still-supporting-netsweeper\/","url_meta":{"origin":3062,"position":2},"title":"Telstra stops tracking, still supporting Netsweeper","author":"Stewart Smith","date":"2012-06-27","format":false,"excerpt":"http:\/\/www.zdnet.com.au\/telstra-halts-customer-tracking-339340404.htm The big news: \"We are stopping all collection of website addresses for the development of this new product,\" Telstra said in a statement. This does not change their association (and presumed financial support) of Netsweeper, helping make its technology affordable to its government customers who use it to suppress\u2026","rel":"","context":"In &quot;life, the universe and everything&quot;","block_context":{"text":"life, the universe and everything","link":"https:\/\/www.flamingspork.com\/blog\/category\/life-the-universe-and-everything\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3036,"url":"https:\/\/www.flamingspork.com\/blog\/2012\/06\/26\/telstra-funding-censorship-in-middle-east\/","url_meta":{"origin":3062,"position":3},"title":"Telstra funding censorship in Middle East","author":"Stewart Smith","date":"2012-06-26","format":false,"excerpt":"This post inspired by\u00c2\u00a0https:\/\/twitter.com\/BernardKeane\/status\/217535549731389440 So, we know that Netsweeper is used by Telstra -\u00c2\u00a0http:\/\/www.zdnet.com.au\/telstra-logs-customer-history-for-new-filter-339340337.htm We know that Netsweeper is used in Qatar, the UAE and Yemen (\u00c2\u00a0http:\/\/en.wikipedia.org\/wiki\/Internet_censorship\u00c2\u00a0- see also\u00c2\u00a0http:\/\/www.guelphmercury.com\/news\/local\/article\/577673--aiding-repression-or-just-doing-business\u00c2\u00a0) and these states use it to suppress free speech and access to information. The majority of countries that implement suppression of\u2026","rel":"","context":"In &quot;life, the universe and everything&quot;","block_context":{"text":"life, the universe and everything","link":"https:\/\/www.flamingspork.com\/blog\/category\/life-the-universe-and-everything\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3092,"url":"https:\/\/www.flamingspork.com\/blog\/2012\/07\/05\/the-age-fairfax-picks-up-on-telstra-nextg-stalking\/","url_meta":{"origin":3062,"position":4},"title":"The Age (Fairfax) picks up on Telstra NextG &#8216;stalking&#8217;","author":"Stewart Smith","date":"2012-07-05","format":false,"excerpt":"http:\/\/www.theage.com.au\/technology\/technology-news\/telstra-accused-of-next-g-web-stalking-20120705-21ivs.html It took a while, but it's there. There is a mention of Netsweeper and that they provide products and services to Yemen, Qatar and the United Arab Emirates but it misses what these products are really for.","rel":"","context":"In &quot;life, the universe and everything&quot;","block_context":{"text":"life, the universe and everything","link":"https:\/\/www.flamingspork.com\/blog\/category\/life-the-universe-and-everything\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":605,"url":"https:\/\/www.flamingspork.com\/blog\/2006\/03\/02\/australia-press-telstra-to-charge-more-for-fixed-lines\/","url_meta":{"origin":3062,"position":5},"title":"AUSTRALIA PRESS: Telstra To Charge More For Fixed Lines","author":"Stewart Smith","date":"2006-03-02","format":false,"excerpt":"AUSTRALIA PRESS: Telstra To Charge More For Fixed Lines great - I get to pay more for a service I DON'T WANT! I just want internet, not a phone line (which I aparrently have to have to get ADSL).","rel":"","context":"In &quot;General&quot;","block_context":{"text":"General","link":"https:\/\/www.flamingspork.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts\/3062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/comments?post=3062"}],"version-history":[{"count":2,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts\/3062\/revisions"}],"predecessor-version":[{"id":3064,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts\/3062\/revisions\/3064"}],"wp:attachment":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/media?parent=3062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/categories?post=3062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/tags?post=3062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}