[AusNOG] Telstra's Texan Teaser - Tin Foil Stetsun anyone?

Matthew Moyle-Croft mmc at mmc.com.au
Fri Jul 6 19:21:55 EST 2012


Suspect that's actually about the EARLIER one where they leaked a whole cust database:

http://www.smh.com.au/it-pro/security-it/telstra-customer-database-exposed-20111209-1on60.html

But the journo has linked them together.

Either way, Telstra's showing a poor attitude toward customer data.  This whole episode where it's been one of dismissal, denial and "don't worry" as well as out right lying and disregard demonstrates that the corporate culture is clearly bad for your privacy.

MMC

On 06/07/2012, at 6:31 PM, Matt Perkins wrote:

> Nice to see they are taking it seriously inside.
> 
> http://sl.farmonline.com.au/news/metro/national/general/customer-privacy-is-not-negotiable-telstra-boss-admits-leaking-customer-data/2612606.aspx
> 
> 
> On 30/06/12 11:39 AM, Geoff Huston wrote:
>> On 28/06/2012, at 12:02 PM, Narelle wrote:
>> 
>>> On Thu, Jun 28, 2012 at 3:03 AM, Paul Brooks
>>> <pbrooks-ausnog at layer10.com.au> wrote:
>>>> On 27/06/2012 1:36 PM, Mark Newton wrote:
>>>>> But those same carriers seem to think nothing of not only disclosing
>>>>> who everyone is communicating with, but in some cases even sending the
>>>>> contents of the communications themselves (e.g., "GET http://foo HTTP/1.0" --
>>>>> that's call content, not call metadata!)
>>>> IANAL, but this may contravene the Telecommunications (Interception and access) Act
>>>> 1979 - Sect 7 seems to apply.
>>>> 
>>>> This communication has clearly been intercepted while passing over a
>>>> telecommunications system, between handset device and webserver device. It has also
>>>> been recorded, stored, and sent to another person.
>>>> 
>>>> A real lawyer aught to have a look at that.
>>> IANAL either, but I did go briefly through the Telecommunications Act
>>> and the Interception Act yesterday to no avail.
>> 
>> IANAL but...
>> 
>> Interception of telecommunications in the Commonwealth of Australia is
>> governed by the Telecommunications (Interception and Access) Act 1979,
>> as amended in June 2006.
>> 
>> To quote the Explanatory Memorandum of the 2006 Act:
>> 
>>     "In relation to both telecommunications interception and access to
>>     stored communications, the Act makes clear that the general position
>>     is that these activities are prohibited, except in certain clearly
>>     defined situations. This reflects the primary focus of the Act which
>>     is to protect the privacy of communications."
>>     The terms "communication" and "telecommunications system" are defined in
>> the Act as follows:
>> 
>>     communication includes conversation and a message, and any part of a
>>     conversation or message, whether:
>>     (a) in the form of:
>>         (i) speech, music or other sounds;
>>         (ii) data;
>>         (iii) text;
>>         (iv) visual images, whether or not animated; or
>>         (v) signals; or
>>     (b) in any other form or in any combination of forms.
>> 
>>     telecommunications system means:
>>     (a) a telecommunications network that is within Australia; or
>>     (b) a telecommunications network that is partly within Australia,
>>         but only to the extent that the network is within Australia; and
>>         includes equipment, a line or other facility that is connected
>>         to such a network and is within Australia.
>> 
>> Section 7 of this Act states:
>>     (1) A person shall not:
>>        (a) intercept;
>>        (b) authorize, suffer or permit another person to intercept; or
>>        (c) do any act or thing that will enable him or her or another
>>            person to intercept;
>>        a communication passing over a telecommunications system.
>> 
>> A person who contravenes this section is guilty of an offence punishable
>> on conviction by imprisonment for a period not exceeding 2 years.
>> Limited exceptions to this prohibition are specified in other
>> subsections of s7. These include interception under an interception
>> warrant.  Interception warrants may be issued for two purposes: national
>> security and law enforcement. To the best of my knowledge neither case
>> applies to the web stalking interception activites.
>> 
>> Section 7 of the Act sets out a small number of exceptions to the
>> general prohibition on interception. One exception relates to carriers
>> and carrier employees:
>>        Exceptions applicable to carriers and carrier employees in relation
>>     to duties involving the installation of lines and equipment or the
>>     operation or maintenance of a telecommunications system.
>> 
>> So in this case the exceptions do not appear to apply - so it would seem
>> that there is case to be made that Telstra's actions constituted a breach
>> of the terms of Section 7 of the Telecommunications (Interception and Access)
>> Act.
>> 
>> But will we see this taken further and see the carrier and the
>> individuals involved prosecuted under the provisions of this Act?
>> 
>> Geoff
>> 
>> 
>> 
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> 
> -- 
> /* Matt Perkins
>        Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
>        Office 1300 133 299     matt at spectrum.com.au
>        Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
>        SIP 1300137379 at sip.spectrum.com.au
>        PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
> */
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120706/07e9257a/attachment.html>


More information about the AusNOG mailing list