back to article Telstra to let customers access their own metadata for AU$25

Australia's dominant carrier, Telstra, will give its customers the chance to access their metadata, for a fee. The new policy, explained in a post from chief risk officer Kate Hughes, is based on the principle that “offering the same access to a customer’s own metadata as we are required to offer to law enforcement agencies …

  1. PleebSmash
    Joke

    "from April 1st"

    how appropriate

  2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    So you think they'll tell you everything they hold on you, eh?

    Wow it must be boring up there in the hamstrung Telstra marketing/PR machine. Perhaps they were alerted on Twitter that these days free headlines only go to those who are 'open'.

    But few will be sucked in: This is Telstra after all. And who can you afford to pay a Corporate to do data collection for them? Only gov agencies have deep enough pockets to get a semi-skilled DBA on the job.

    Curious to see what is actually being stored, a few might stump up $25. Unfortunately Telstra will only pay call-centre trainees in the Phillipines to email some redacted screenshots from their latest CRM system for $25.00. Anything more will cost as much as you want them to spend looking, assuming they are prepared and capable of doing it.

    Government bods OTOH will get direct access and talk to Telstra DBAs whenever they want to pickup the phone.

    But if you are interested to see what they collect, think before you ask: Requesting your private data be harvested could have unintended consequences:

    You: How long will it take to get everything you have on me?

    A truthful Telstra: We have many legacy systems that have never been rationalised, properly implemented, frequently fail and are frustratingly slow: There are many bugs and other challenges that make this a pain-staking task. How much can you afford?

    You: Can you give me a rate perhaps?

    A truthful Telstra: It depends on who is needed to query the system. A call-centre employee costs less than a DBA.

    You: OK, so how much do they cost?

    A truthful Telstra: $50-$500/hr

    You: OK, let's say I want it all, could I get it for $10,000?

    A truthful Telstra: We can't say. Also, we have many other priorities. Government agencies come first, and pay us a lot more than that 'per target'

    You: I see. What if Telstra is keeping personal data that is inappropriate to keep. Will you tell me everything you have or withhold certain information?

    Automated response Telstra: It is against Privacy laws for us to tell you everything we might have on you.

    So you see, this is hardly like to excite many of us to examine what data Telstra has been storing and sharing with hackers and agencies since they implemented their first database.

    And what the first person that makes a request will receive will look very different to what they 20th or 200th person gets, once the various steps and queries have been written, tested and carried out. Always nice to see a company offering a product before it is built.

    If you still wish to proceed, this is what you need to know- that 'they' won't tell you:

    When the process of trawling customer accounts related to a target begins, whether it be requested by the customer or by a third party (E.g. an agency, paying partner or just a hacker that crafted an internal order rather than go find all the data-stores and dump them out- or start thinking up and executing all the necessary queries), there are a number of queries above and beyond the methods they might use to ultimately package and provide the information. For example:

    As a result of such a request-

    Will the data be duplicated between systems and offices?

    Will the systems used to read and store this data be connected to the Internet?

    Are these systems secure? Who certifies that they are appropriately managed and maintained?

    When transferred between systems or networks, how will the data be protected from active and passive duplication?

    Will the data be appropriately encrypted at source?

    What data, if any, will be transferred over the Internet?

    Will all the recipients of the data be properly authenticated?

    Who else may be able to read the data once it is being transferred or arrives and is stored?

    After the process is complete, how will duplicated data will be removed?

    Will queries written in the time billed be re-used to collect others' data?

    What backup sets and other duplicates exist or may exist once the order is complete?

    What checks and controls are in place to ensure the steps you have taken to secure data that is accessed, transferred and duplicated remains secure and is destroyed once used?

    What steps are taken in the event of an emergency, such as when data is lost or compromised?

    Who is responsible for any failure in any of the above circumstances?

    Also, what legal jurisdictions (local laws, agencies) and other controls exist to stop these staff selling the data they collect on the open-market or to other government agencies, commercial third parties, malicious actors (eg spammers or worse) who may be meeting them and paying dinner, booze and gambling tabs (amongst a myriad of other desired items, rewards or services)?

    Other things that would be interesting to know:

    If an agency subsequently requests your 'file', will they get a discount, or will they get charged a reduced rate as the work has already been done?

    What if you request the search first, and an agency subsequently requests it, will you get any discount? (Technically you already paid through my share of tax revenue).

    The real elephant in the room in all this is where this particular stream of taxpayer money will show up on the balance sheet? The line item "Excess dollops of taxpayers' millions" is a little general, needs to become a heading with several hundred sub-headings and items.

  4. Anonymous Coward
    Anonymous Coward

    Move along

    These are not the data ASIO are looking for...

  5. Winkypop Silver badge
    Big Brother

    But....

    ...will Telstra provide data on the data request for your metadata?

    1. silent_count

      Meta meta data

      And to whom will Telstra be providing metadata about requests for metadata?

      I'm sure I'm not the only programmer who sees this as an opportunity to twist politicians into [meta] linguistic knots.

  6. Diogenes

    Of course it has

    I have fond memories of being hassled to complete a project that was holding up the rollout of /A4 exchanges - the reason given, the AFP & ASIO were screaming for the extra functionality

  7. -tim
    Devil

    What call records?

    Telstra doesn't store call records, they store billing records and now that some bright bean counter has finally figured out that it cost far more to process a billing record than it does to process a call, they are trying to change their traditional business plan of charging every call. That had the potential for making the ability to track calls go away so when they informed the police agencies that their metadata pool was about to be closed, the politicians stepped in and went down the legislation path.

    1. GrumpyOldBloke

      Re: What call records?

      This also goes back to the December PWC report that highlighted that the cost of data retention could be offset by the telco's offering new services with the data. Such offsets could reduce payments the government might be required to offer in order to reimburse telco's for the scheme. It suggests the governments proposed payments are on the miserly side. This is ideologically consistent with the LNP, the population should not be looking to government for handouts but should pay their own way to be surveilled.

  8. JaitcH
    FAIL

    Sounds like the HSBC

    In a recent court action it was revealed that a HSBC UK employee leaked data about me, quite deliberately, in the belief I was dead. (Surprise!)

    I contacted the Data Protection Officer who informed me that for the princely sum of GBP10 she would let me know what exactly was leaked.

    The information also included voice analysis data - which I had confused by using voice changing software.

    As I explained to the woman, I can find out exactly what was leaked by reading the transcript, what I really wanted to know what they were doing about the leaker.

    Cue long, pregnant, silence.

    CAUTION: MOST CALLS TO HSBC, world-wide, ARE SUBJECT TO SECRET ANALYSIS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like