It appears Telstra has joined the ranks of companies that have stepped on users’ toes by collecting and/or distributing information, in this case browsing data, without first obtaining the users’ permission.
According to an 18 June 2012 post on the Whirlpool forum by a Telstra mobile user, the URLs that were accessed by Telstra mobile phone users were being sent to a third party.
Later in the month, Telstra’s director of network and commercial planning Anthony Goonan posted an article explaining that Telstra had ceased the sale of a cyber-safety tool called Smart Controls as a result of customer complaints about data being collected from their mobile devices.
“The first thing to know is that at no time was a customer’s browsing history or ‘clickstream’ provided to the suppliers of this product,” says Goonan in his post. He also stressed that “[i]t is important to understand that before any URLs were provided to our supplier, all variable information contained in a URL was ‘stripped out’ and only the base or ‘root’ URL (the URL address) was provided to our supplier. In fact, at no time was information linking the URL address to any customer provided to our supplier. Only the URL address without any variables or other information from the internet site was stored in the Telstra or Netsweeper databases.”
Asia-Pacific Network Information Centre (APNIC) chief scientist of regional Internet registry Geoff Huston doesn’t buy it. In a post on his own blog, Huston says, “Here is a case not only of inspecting the user’s activities without the user’s knowledge and certainly without [his] consent, but then reaching inside the network conversation and eavesdropping upon the user’s digital conversation, extracting parts of the content of this conversation and passing it offshore to a third party. This third party then apparently uses this information in ways that are way beyond the user’s reasonable expectation of the limits of the role of a common carrier. It seems that such actions are way beyond the terms and conditions of the Australian Telecommunications Act, in so far as that parts of a user’s conversation have been intercepted by the public carrier, recorded, and then sent to a third party without consent. All this without any form of identified operational necessity in terms of the well-being and integrity of the network itself. It was a case of stalking, and that is not part of the legitimate role of a common carrier.”
For now, Telstra seems to have backed off from collecting mobile users’ Internet browsing information and sending it off to a third party. But how long before something like this happens again? Could it already be happening? When Google changed its privacy policies, people had until 31 March 2012 to not only delete their browsing history but also disable the history caching feature in order to limit the amount of personal information that Google could save and share with third-party vendors and partners. Those who missed the deadline missed out. Situations such as these leave one to wonder if privacy really exists anymore.
