Online Spying Accusations Lobbed at Australia’s Telstra

Telstra, an Australian telco, has been accused of tracking its Next G mobile phone users’ Internet use without their consent, and then sending the data to a United States office of Netsweeper Inc., a Canadian company. A Telstra representative confirmed the practice in comments given to the press, saying the data was being collected “for a new tool to help parents and kids when they're surfing the net."

The practice came to light after a user noticed that a server in the U.S. accessed a given webpage at the exact instant that he visited the page on his mobile device. The systematic tracking and sharing of user data has sparked outrage, and Internet users are now calling for the Australian Privacy Commissioner to investigate.

Netsweeper, meanwhile, has drawn the ire of activists before, both for its role in providing Internet filtering software to foreign governments and for refusing to publicly commit not to respond to a request for proposals floated by Pakistan earlier this year for a net-filtering program geared toward enabling Internet censorship.

If Telstra’s Tracking Didn’t Get You …

It was a spectacularly bad news week for Telstra. Two days after the news broke that it was sending Internet data to the U.S., the media also revealed that the telco had inadvertently published personal information of 700,000 of its customers online.

Due to a problem with the company’s system for tracking orders for bundled services, personal details such as names, addresses, drivers’ license details and places of birth were rendered publicly accessible for a full eight months.  The Australian Communications and Media Authority (ACMA) found that the company violated the Telecommunications Consumer Protections (TCP) Code and the Australian Privacy Act by failing to protect its clients' information and being too slow to respond to a flaw in the web-based management system, called Visibility Tool.

If Police Can Ignore Privacy Rules, What’s The Point In Having Them?

Peter Hustinx, Data Protection Supervisor for the European Union, made it clear at a June 21 press conference that the new proposed EU Data Protection Regulation would be ineffective if police and law enforcement were excluded from the scope of the law.

The European Union is currently in the process of revisiting the EU’s data protection directive, a major project that isn’t expected to be complete until the summer of 2013. Members of the European Parliament want to ensure that the new data protection rules extend to government agencies, but some member states want individual governments to have the power to decide where to draw the line between privacy and police investigations.

Notably, the proposed text would establish a regulation, rather than a directive. While member states are granted discretion when transposing a Directive into national law, Regulations have more teeth since they become immediately enforceable as law in EU member states.

Hustinx was speaking at an event held to mark the release of the European Data Protection Supervisor’s annual report, which outlined the actions of the data protection agency.  The report noted that 107 complaints were filed in 2011, with allegations ranging from violations of data confidentiality to illegal use of data. Of those,
 26 were deemed admissible
.

“In its support of technological advances and economic development, particularly in an age of austerity, it is important that the EU administration does not lose sight of the right of the European citizen to privacy and data protection,” the report noted. “Only a joint effort to apply a consistent and effective approach will maintain this fundamental right.”

Loss of privacy at the hands of law enforcement has been taken to the extreme in some cases. In mid-June, the British government unveiled a far-reaching proposal for a surveillance bill that would vastly expand police powers to intercept every email, phone call or text message.

Twitter Gets Transparent

Twitter has released its Transparency Report, modeled after Google’s, to demonstrate its commitment to “hold governments accountable, especially on behalf of those who may not have a chance to do so themselves.” The data -- which spans from Jan. 1 to July 1 of this year -- provides some heretofore unseen, juicy details on how many user information requests the social media company received from governments around the world, along with some reporting on how often those requests were honored. There’s also information on the total number of court orders seeking content removal, plus a tally of copyright takedown requests. First, a nod of approval: Kudos on letting the sun shine in, Twitter!

Here’s the quick takeaway on government requests for user data. Since Twitter is an American company based right here in San Francisco, it should come as little surprise that the authorities most interested in user information are located in the U.S.

Twitter received 679 governmental requests for user information from within the U.S., pertaining to 948 user accounts, according to this handy chart. The company responded, either in part or in full, to 75 percent of them.

Japan was the next most likely country to come knocking on Twitter’s door, with 98 requests filed for information pertaining to 147 accounts since the beginning of 2012. Twitter turned over the records, in part or in full, 20 percent of the time. Canada and the UK were tied for third place, meanwhile, with 11 user information requests each, pertaining to 12 and 11 accounts, respectively. Twitter responded 18 percent of the time to each of them. Finally, a long list of other world governments, from Austria, to India, to Korea, to Turkey, filed fewer than 10 requests each.

This kind of transparency is needed now more than ever. Google’s own Transparency Report, which spans from July to December of 2011, reveals a 37 percent spike in U.S. government requests for users’ private data as compared to the previous year.