Telstra has release its second ever Transparency Report, available on its website here.
The report shows that in the last year Australian government agencies made nearly 85,000 requests to Telstra for information – one request every five minutes, ever hour of every day. But that does not include information about who has what phone number – that more than doubles the number to nearly 200,000.
Requests to Telstra, 2013-14 Financial Year
|
Type of Law Enforcement Request |
Number |
|
Telstra customer information, carriage service records and pre-warrant checks |
75,448 |
|
Life threatening situations and Triple Zero emergency calls |
6,202 |
|
Court orders |
598 |
|
Warrants for interception or access to stored communications |
2,701 |
|
Total |
84,949 |
It also does not include requests by national security agencies – we are not even allowed to know how many requests they have made. They are beyond scrutiny. That is not Telstra’s fault – such information is protected by the Telecommunications (Interception and Access) Act 1979.
The Act is currently under review, but the current climate does not suggest that ASIS and ASIO and whoever else are likely to become more open in the way the use the information they can access.
We are also not allowed to know which agencies made requests, and nor is Telstra obligated to tell any customer whether information about them has been requested. “Any enquiries of the activities of Government agencies need to be directed to the agencies themselves,” says the report, which is not very useful when we don’t know which agencies have made a request.
“Like all telecommunications companies that provide services in Australia, we are required by law to assist Australian Government agencies for defined purposes, such as investigating and solving crimes,” says Telstra’s report.
“We also provide assistance to emergency services agencies in response to life threatening situations and Triple Zero emergency calls.
“Part of our obligation is to act on requests under law for our customer information and carriage service records, and warrants for communications travelling over or held in our network. We only disclose customer information in accordance with the law and we assess any request for information to ensure it complies with the law.”
Yes, it’s all perfectly legal. Between 1 July 2013 and 30 June 2014, Telstra received and acted on around 84.949 requests for customer information. “Typically, a request relates to a set of telecommunications data associated with a single unique service. These figures relate to activities by law enforcement agencies, regulatory bodies and emergency services organisations.”
By far the majority (89%) of request are for customer information, which Telstra describes as “details that appear on a phone bill, such as the customer’s name, address, service number and connection dates.” It can include other information such as a customer’s date of birth and previous address. Carriage service records relate to use of telecommunications services, including call records, SMS records, and internet records. These records include information such as details of a called party, and the date, time and duration of a call.
Internet session information includes the date, time and duration of Internet sessions as well as email logs from BigPond addresses. This does not include URLs. “The Government has stated URLs are considered to be content and as such they will only request to access this information under a warrant or other court order.”
A pre-warrant check confirms that telecommunication services of interest are still active with Telstra.
Telecommunications carriers act on requests from authorised emergency service agencies (police, fire, ambulance) where the release of customer information could prevent or lessen an imminent threat to the life or health of a person. Information may also be requested by law enforcement agencies where calls to emergency service numbers (i.e. 000, 112 and 106) have taken place.
Court orders such as subpoenas and coronial requests issued by a court or judge require Telstra to provide customer information and carriage service records. Typically, court orders involve a civil dispute that involves individuals or organisations and related telecommunications data is required by the court to adjudicate on the matter.
A warrant is required for an agency to access the content of a communication. Warrants require us to provide the relevant agency with real time access to communications as they are carried over our network (e.g. a lawful interception). Warrants may also compel us to supply the content of communications after it has been delivered.
Telstra also maintains Australia’s Integrated Public Number Database (IPND), a centralised database of all Australian telephone numbers, including the service and directory addresses provided by the customer. It contains numbers from all telecommunications service providers in Australia.
Between 1 July 2013 and 30 June 2014 the IPND was accessed by agencies approximately 104,000 times, a number which again excludes national security agencies. Telstra says the IPND is used most critically for the operation of the Triple Zero emergency call service and for law enforcement and national security purposes.
“Relevant agencies are able to access certain information, in particular the name and address associated with a particular phone number. The IPND Code and Telecommunications Act 1997 contain strict provisions on how information on the IPND can be accessed and used.”
The Report also covered Telstra’s international operations, but says the total number of requests it received from outside of Australia for the year was less than 100.
From time to time Telstra receives requests from Government agencies to take actions at an infrastructure level to prevent a crime. For example, Telstra blocks the Interpol generated ‘worst of the worst’ list of child abuse sites under a Section 313 request. “These network or infrastructure level requests are relatively infrequent and generally do not involve the disclosure of customer information.”
