<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Suspect that's actually about the EARLIER one where they leaked a whole cust database:<div><br></div><div><a href="http://www.smh.com.au/it-pro/security-it/telstra-customer-database-exposed-20111209-1on60.html">http://www.smh.com.au/it-pro/security-it/telstra-customer-database-exposed-20111209-1on60.html</a></div><div><br></div><div>But the journo has linked them together.</div><div><br></div><div>Either way, Telstra's showing a poor attitude toward customer data.  This whole episode where it's been one of dismissal, denial and "don't worry" as well as out right lying and disregard demonstrates that the corporate culture is clearly bad for your privacy.</div><div><br></div><div>MMC</div><div><br><div><div>On 06/07/2012, at 6:31 PM, Matt Perkins wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Nice to see they are taking it seriously inside.<br><br><a href="http://sl.farmonline.com.au/news/metro/national/general/customer-privacy-is-not-negotiable-telstra-boss-admits-leaking-customer-data/2612606.aspx">http://sl.farmonline.com.au/news/metro/national/general/customer-privacy-is-not-negotiable-telstra-boss-admits-leaking-customer-data/2612606.aspx</a><br><br><br>On 30/06/12 11:39 AM, Geoff Huston wrote:<br><blockquote type="cite">On 28/06/2012, at 12:02 PM, Narelle wrote:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><blockquote type="cite">On Thu, Jun 28, 2012 at 3:03 AM, Paul Brooks<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><pbrooks-ausnog@layer10.com.au> wrote:<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">On 27/06/2012 1:36 PM, Mark Newton wrote:<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">But those same carriers seem to think nothing of not only disclosing<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">who everyone is communicating with, but in some cases even sending the<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">contents of the communications themselves (e.g., "GET http://foo HTTP/1.0" --<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">that's call content, not call metadata!)<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">IANAL, but this may contravene the Telecommunications (Interception and access) Act<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">1979 - Sect 7 seems to apply.<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">This communication has clearly been intercepted while passing over a<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">telecommunications system, between handset device and webserver device. It has also<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">been recorded, stored, and sent to another person.<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">A real lawyer aught to have a look at that.<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">IANAL either, but I did go briefly through the Telecommunications Act<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">and the Interception Act yesterday to no avail.<br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">IANAL but...<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Interception of telecommunications in the Commonwealth of Australia is<br></blockquote><blockquote type="cite">governed by the Telecommunications (Interception and Access) Act 1979,<br></blockquote><blockquote type="cite">as amended in June 2006.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">To quote the Explanatory Memorandum of the 2006 Act:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">     "In relation to both telecommunications interception and access to<br></blockquote><blockquote type="cite">     stored communications, the Act makes clear that the general position<br></blockquote><blockquote type="cite">     is that these activities are prohibited, except in certain clearly<br></blockquote><blockquote type="cite">     defined situations. This reflects the primary focus of the Act which<br></blockquote><blockquote type="cite">     is to protect the privacy of communications."<br></blockquote><blockquote type="cite">     The terms "communication" and "telecommunications system" are defined in<br></blockquote><blockquote type="cite">the Act as follows:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">     communication includes conversation and a message, and any part of a<br></blockquote><blockquote type="cite">     conversation or message, whether:<br></blockquote><blockquote type="cite">     (a) in the form of:<br></blockquote><blockquote type="cite">         (i) speech, music or other sounds;<br></blockquote><blockquote type="cite">         (ii) data;<br></blockquote><blockquote type="cite">         (iii) text;<br></blockquote><blockquote type="cite">         (iv) visual images, whether or not animated; or<br></blockquote><blockquote type="cite">         (v) signals; or<br></blockquote><blockquote type="cite">     (b) in any other form or in any combination of forms.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">     telecommunications system means:<br></blockquote><blockquote type="cite">     (a) a telecommunications network that is within Australia; or<br></blockquote><blockquote type="cite">     (b) a telecommunications network that is partly within Australia,<br></blockquote><blockquote type="cite">         but only to the extent that the network is within Australia; and<br></blockquote><blockquote type="cite">         includes equipment, a line or other facility that is connected<br></blockquote><blockquote type="cite">         to such a network and is within Australia.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Section 7 of this Act states:<br></blockquote><blockquote type="cite">     (1) A person shall not:<br></blockquote><blockquote type="cite">        (a) intercept;<br></blockquote><blockquote type="cite">        (b) authorize, suffer or permit another person to intercept; or<br></blockquote><blockquote type="cite">        (c) do any act or thing that will enable him or her or another<br></blockquote><blockquote type="cite">            person to intercept;<br></blockquote><blockquote type="cite">        a communication passing over a telecommunications system.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">A person who contravenes this section is guilty of an offence punishable<br></blockquote><blockquote type="cite">on conviction by imprisonment for a period not exceeding 2 years.<br></blockquote><blockquote type="cite">Limited exceptions to this prohibition are specified in other<br></blockquote><blockquote type="cite">subsections of s7. These include interception under an interception<br></blockquote><blockquote type="cite">warrant.  Interception warrants may be issued for two purposes: national<br></blockquote><blockquote type="cite">security and law enforcement. To the best of my knowledge neither case<br></blockquote><blockquote type="cite">applies to the web stalking interception activites.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Section 7 of the Act sets out a small number of exceptions to the<br></blockquote><blockquote type="cite">general prohibition on interception. One exception relates to carriers<br></blockquote><blockquote type="cite">and carrier employees:<br></blockquote><blockquote type="cite">        Exceptions applicable to carriers and carrier employees in relation<br></blockquote><blockquote type="cite">     to duties involving the installation of lines and equipment or the<br></blockquote><blockquote type="cite">     operation or maintenance of a telecommunications system.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">So in this case the exceptions do not appear to apply - so it would seem<br></blockquote><blockquote type="cite">that there is case to be made that Telstra's actions constituted a breach<br></blockquote><blockquote type="cite">of the terms of Section 7 of the Telecommunications (Interception and Access)<br></blockquote><blockquote type="cite">Act.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">But will we see this taken further and see the carrier and the<br></blockquote><blockquote type="cite">individuals involved prosecuted under the provisions of this Act?<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Geoff<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">_______________________________________________<br></blockquote><blockquote type="cite">AusNOG mailing list<br></blockquote><blockquote type="cite">AusNOG@lists.ausnog.net<br></blockquote><blockquote type="cite">http://lists.ausnog.net/mailman/listinfo/ausnog<br></blockquote><br><br>-- <br>/* Matt Perkins<br>        Direct 1300 137 379     Spectrum Networks Ptd. Ltd.<br>        Office 1300 133 299     matt@spectrum.com.au<br>        Fax    1300 133 255     Level 6, 350 George Street Sydney 2000<br>        SIP 1300137379@sip.spectrum.com.au<br>        PGP/GNUPG Public Key can be found at  http://pgp.mit.edu<br>*/<br><br>_______________________________________________<br>AusNOG mailing list<br>AusNOG@lists.ausnog.net<br>http://lists.ausnog.net/mailman/listinfo/ausnog<br></div></blockquote></div><br></div></body></html>