The Sydney Morning Herald | 6 March 2015
By Ben Grubb
Telstra has become the first Australian telco to offer its subscribers similar access that law-enforcement and intelligence agencies have to their private phone metadata, backflipping on its previous position of refusing them access to it.
Starting April 1, Telstra will give their customers access to a limited set of their “metadata” for a fee — information about who they’ve called, the time, location and duration. It does not include the content of a communication, such as the detail of what you said or wrote in an email or SMS.
But the scheme won’t give customers access to information about another party to a communication with them, such as who called them (this information is collected though, and can be handed over to law-enforcement agencies).
Still, the move will provide customers with much more access than they otherwise would’ve had through Telstra’s MyAccount portal or through their monthly bills, with information being made available to include “the actual location of the cell tower an outgoing call was connected to when the call was made”.
The fee to get the data will depend on how far back into Telstra records you request, Telstra said.
“Simple requests are expected to cost around $25, while detailed requests covering multiple services across several years will be charged at an hourly rate. This is the same practice of cost recovery that is applied to requests from law enforcement agencies,” a statement on Telstra’s website published on Friday said.
“This new approach is all about giving you a clearer picture of the data we provide in response to lawful requests today.”
The decision to allow subscribers access to their metadata follows this writer lodging a complaint with Australia’s federal Privacy Commissioner, Timothy Pilgrim, following Telstra’s refusal to provide access to his metadata under the Privacy Act. The Act gives Australian citizens a right of access to their “personal information” from a company, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
It was argued that while Telstra regularly provides the Australian Taxation Office, spy agency ASIO and numerous other Australian law-enforcement agencies access without a warrant to any customers’ metadata, it should also be obligated to provide it to its own customers under privacy laws.
Since the complaint was lodged over 20 months ago, Telstra has argued that it shouldn’t have to provide its customers with access.
Despite this, it has handed over access to some metadata over the time of the complaint, but not all of the information it provides to law-enforcement. For example, it has argued that to provide incoming call record logs (who has called a customer) would be in breach of that person’s privacy.
If access to such logs were ever provided, it could help track down pesky telemarketers.
This writer has argued that if the other party is using caller ID, then the number should be provided.
Telstra has also previously failed to provide internet-related metadata it might have on its systems, such as IP address logs. But Friday’s announcement made no mention of this data.
The Privacy Commissioner heard this writer’s complaint in a hearing late last year and is imminently expected to release his decision.
Meanwhile, the Abbott government recently adopted a recommendation of the Parliamentary Joint Committee on Intelligence and Security — which scrutinised Australia’s upcoming “data retention” laws — that will cement current privacy laws, forcing telcos to provide access to customer metadata.
The telcos, through industry body group the Communications Alliance, have said they are unhappy with this requirement.
The upcoming retention laws, which Prime Minister Tony Abbott wants passed by the end of this month, will force all Australian telcos to store for two years customer metadata for access by law-enforcement agencies. It’s argued the laws are required because telcos are regularly deleting metadata which the agencies say is crucial in investigating crime.
The retention regime is estimated by PricewaterhouseCoopers to cost anywhere between $188.8 million and $319.1 million to establish. But the government has yet to say exactly how much it is prepared to commit to it, raising the prospect of higher internet fees passed on by telcos to customers.
Following this writer’s request for access to this data, Wilson da Silva, a science journalist and a former editor-in-chief of science magazine Cosmos, argued that allowing people access to their metadata might actually improve their lives.
“Being able track your own everyday movements [with metadata], and match them with your entire digital footprint, might ... bring you countless health and lifestyle benefits, such as predicting the onset of heart disease or depression,” he said.
The request for access in Australia followed German politician Malte Spitz successfully suing his telco in 2011 to get his metadata.
He published it to show constituents just how invasive having all of your metadata stored was in the wake of mandatory data retention in his country.