Telstra reveals RSPCA, local councils accessing its customers' data

Telstra has revealed that non-police and intelligence agencies, such as the RSPCA, request customer information from the telco to aid with investigations.

At a parliamentary hearing today, Telstra told the Joint Committee on Intelligence and Security (PJCIS) that organisations such as the RSPCA, Melbourne Council and the Blacktown anti-dumping authority have all requested metadata -- customer communications data -- from Telstra.

“If an agency is able to verify that it actually undertakes an investigation for a criminal offence, that it protects the public revenue or it has the ability to impose a procurement penalty or all three of those, then they have the right to actually request, lawfully, from the telcos, that information,” Telstra said.

The PJCIS is currently carrying out an inquiry to consider proposals for reforms for telecommunications interception, telecommunications sector security and Australian intelligence community legislation.

During the hearing with Telstra, the PJCIS also noted that other organisations to request information from telco included the Victorian Taxi Directorate; the Office of Environment and Heritage; the Department of Health and Ageing; and the Department of Families and Community Services.

When asked why the RSPCA was requesting information, Telstra said the RSPCA typically looks for call charge records in order to link people under investigation for animal cruelty offences.

“I think people would be pretty surprised that the RSPCA could get access to data like metadata, particularly in the context of the inquiry we’re conducting in terms of people accessing this,” the committee said.

Like the police commissioners who appeared at yesterday’s hearing, Telstra noted the amount of data now being transferred between consumers is growing at a rapid rate and Telstra is unable to currently retain all data due to the vast volume that now exists.

The telco said it now has around 13.8 million mobile customers, 6.9 million PSTN customers and 2.6 million fixed broadband customers.

“Traffic on Telstra’s copper network is doubling every 18 months and on our mobile network it’s doubling every 12 months,” Telstra said.

“At the same time new modes of communication, particularly social media and over-the-top communications have made the communications environment far more complex than the days when the home phone was the only way of staying in touch.”

These over-the-top providers could also need to be included in a data retention scheme, Telstra said, as carriers are unable to provide metadata from these providers.

“We don’t collect that sort of data – that data is just on our network. We don’t have billing records for people using Skype [and] that sort of thing. It may well be that you could put in place quite an expensive and onerous data retention scheme with a large window,” Telstra said.

The telco also told the committee that having large datasets retained on a company’s network widens the risk of data being seen as an attractive source for hacking.

“It is true that we currently do face that type of [hacking] risk, but we perceive that there could be a heightened risk as a consequence of having a more attractive target,” Telstra said.

Telstra said it could take a year or more until a data retention scheme was in place. Telcos would firstly need to create a proposal for how data would be retained and the technologies which would be needed. This prep work alone to scope out a possible framework could cost Telstra several million dollars, it said.

“In terms of putting a firm proposal, and that would involve looking at the costs as well as just the technology side, we think [it would take] at least a year and then the implementation of the scheme would be rolled out over years from that point in time when there was a decision about what the final form would be,” Telstra said.

The costs associated with data retention, according to Telstra, would include costs associated with collecting data and destroying data once it has passed the two-year statute.

Telstra said law enforcement agencies would also incur significant costs associated with accessing data. Vodafone today told the inquiry that operators shouldn't be forced to wear the costs associated with data retention beyond the business records already retained by telcos for billing and auditing purposes.

Follow Stephanie McDonald on Twitter: @stephmcdonald0

Follow Computerworld Australia on Twitter: @ComputerworldAU

Copyright © 2012 IDG Communications, Inc.

How to supercharge Slack with ‘action’ apps
Shop Tech Products at Amazon