[AusNOG] Telstra's Texan Teaser - Tin Foil Stetsun anyone?

Mark Newton newton at atdot.dotat.org
Wed Jun 27 14:24:46 EST 2012 

On Wed, Jun 27, 2012 at 02:09:19PM +1000, Matt Perkins wrote:

 > The some what scarey part is that had Telstra batched this info off on a 
 > weekly basis and it not been done in real time chances are we would 
 > still be oblivious.

Yes. It was only Netsweeper's predictable behaviour which made everyone
twig to what was going on.

Betcha that behaviour is about to change.

That's why attitudes and corporate culture with respect to trust are
so important.  We all know that what's going on is _possible_.   Whether
or not it _happens_ depends on the ethos of the decisionmakers.

... which, we've observed, seem to have a cultural opposition to 
transparency, and seem prepared to run full steam ahead with things they
know will erode trust.

 > Im guessing within the T&C's that im sure we all agreed to but didn't 
 > read they are likely to have permission to do whatever they want with 
 > the data.

Pretty sure they know that's not true, and that's why they rushed out
section 27 yesterday afternoon.

However:  Their T&Cs only govern their relationship with their customers,
not with third parties.

If Jane Doe puts some private content online, and discloses the URL
to me, a NextG customer, and I access it, and the content is subsequently
downloaded by Netsweeper, then *Jane* has had *her* privacy invaded by
Netsweeper, even though she has no contractual relationship with Telstra
at all. 

I'd love to see how they can weasel their way out of that one.

 > There are some laws however that deal directly with carriers 
 > and there are certain privacy laws that apply to carrier's only. Without 
 > making at $5000  call to someone in the legal field im not sure I can 
 > confirm that.

Records accumulated by the network can only be disclosed to internal
parties who have a need to know, and to external parties on the basis
of a warrant.

Again: I'd love to see how they can weasel their way out of that one.
In my opinion, browser history pulled from a DPI box or a transparent
proxy is clearly a "record" within the meaning of the Telecommuniations
Act.

 > One thing I would think would be correct is that if US Music/Film studio 
 > a) sends a subpoena to Telstra's outsourced data miner company b in the 
 > US to hand over all there data so they can trawl it for url's of torrent 
 > sites. Im guessing they would be compelled to hand over the data without 
 > question.

If I download a movie over HTTP on a NextG service, and that inspires 
Netsweeper to download it too, has Netsweeper infringed copyright? :-)

  - mark

More information about the AusNOG mailing list