The collection and storage of metadata has been a hot topic in politics and technology circles lately. The government is attempting to introduce new legislation requiring ISPs to retain this information for a period of 2 years. Currently there’s a mixture of opinions including those who think it’ll be too expensive, others that say it’ll help prevent terrorist threats and others who say encrypted connections won’t be captured so the exercise is pointless. Well Telstra has announced a very interesting response to the challenge.
Telstra will offer customers the ability to see what metadata is stored for them in a transparency move by the company to assist their customers. The ability to request your metadata records will start from the 1st of April (no not a joke) via their privacy portal. This will attract a cost of $25.
techAU had a chance to chat with the Chief Risk Officer at Telstra, Kate Hughes and can now clarify a number of points in this morning’s announcement.
Q: Malcolm Turnbull recent said on the 730 Report that the government is not asking providers to collect data on the websites you visit, but does this include user and server IP addresses that would deliver the same information as URLs?
A: No, this only occurs if Telstra are served with a warrant, for that to occur, someone would already need to be suspected of illegal activity. Once Telstra are issued, they would then start logging activity (web etc).
Q: In terms of access, are users getting all the metdata collected against them or just a subset?
A: The data provided is limited in a very specific way, if you request your metadata, to protect the privacy of others, the information relating to their side is not provided. An example of this is who called you in phone logs.
Q: What happens if metadata from a home phone or internet account is data used by other people in the same home (i.e. sharehouse).
A: The legal owner of account, the same person who can make changes to or cancel the account would need to prove their identity and would receive the metdata for that account. If people are sharing an account, this includes all metadata, even those people not on the account as that person is legally responsible for what happens on that service. It is important to understand the liability you have if you let other people use the service not on the account.
Q: Does this extend to companies Telstra invests in or is partners with (i.e. Foxtel)
A: No, this announcement just covers metadata pertaining to Telstra.
Q: Recently Telstra released their first API for SMS, is the company considering the release of metadata to their API program for developers to leverage in new and interesting ways?
A: There’s nothing to announce at this stage, however Telstra understands the massive obligation they have to treat customer data incredibly carefully. It is possible that done properly, that users could one day access and use more of what they’ve shared with Telstra and their services.
Q: In relation to price, simple requests are expected to cost around $25 why is this?
A: There’s really no way of predicting how many people will access the service once it launches. Right now the process is a little manual and does include verification and possible redacting information to protect the privacy of others. The cost was established by looking at international providers undertaking similar tasks and was a reasonable figure on par with those charges. The charge only occurs if the request is actioned. If Telstra staff can point users to the information elsewhere like their online account or through mobile apps, they won’t be charged. The charge will be re-evaluated in 6 months to ensure the charge is appropriate.
Telstra are committed to the service and will scale up resources if necessary to meet demand. It’s highly likely most customers won’t ever request their metadata, but those that do will likely spike when the service launches. Some early inquiries Insurance have surfaced customer needs for this information like providing a geolocation at a specific date and time to prove to an insurance company they were/weren’t at the scene.
Q: How much consideration was given to the date of launch, given April 1st is usually a day where the internet goes to hell in handbasket?
A: At Telstra, we have a great sense of humor, so April 1st was a good day, but the launch also gave time for regulatory bodies and government to fully understand what Telstra are doing here.
Q: As you’re the first Australian telco / ISP to do this, is your expectation that other telcos will follow suit and offer access to user’s metdata?
Full statement from Telstra.
Millions of Australians place trust in Telstra every day to protect your privacy and keep your data secure. As part of honouring this trust, we are introducing new transparency measures that mean you will have more access to the data we hold than ever before.
In a first for the Australian telecommunications industry, we will be giving you access to the metadata* related to you that we would provide in response to a lawful request without a warrant from a law enforcement agency. We believe that if the police can ask for information relating to you, you should be able to as well.
With digital technology increasingly central to our lives, we are generating more data than ever before. With this trend has come some community concerns about who has access to this data.
Protecting citizens is one of the Government’s most fundamental roles and providing assistance to the police and security agencies is a profound responsibility for Telstra. In living up to our legal responsibilities we believe being open and upfront with you – our customers – is the best way to earning your confidence and trust.
In a recent post on how we work with law enforcement agencies, we explained the types of requests we receive from law enforcement agencies and how we respond to them. This initiative builds on the greater transparency we are offering in this area, including being the first telco in Australia to publish a Transparency Report.
We already make a lot of data available to customers, such as call records and service details, through our bills and Telstra MyAccount. We will build on this with our new principle of offering the same access to a customer’s own metadata as we are required to offer to law enforcement agencies.
This new approach is all about giving you a clearer picture of the data we provide in response to lawful requests today. As new technologies evolve and data management practices change (including potentially through the introduction of a data retention regime), we see this principle as continuing to apply.
The new option to request additional information that we hold on you will be available from 1 April 2015, through a web form on our privacy portal.
Requests for data beyond what is available on MyAccount will be subject to a cost recovery fee when a request is actioned. This fee will depend on how far back into Telstra records you request. Simple requests are expected to cost around $25, while detailed requests covering multiple services across several years will be charged at an hourly rate. This is the same practice of cost recovery that is applied to requests from law enforcement agencies.
The data provided will be limited to information associated with your account. Information about another party will not be provided, such as who called you.
* Metadata is the data generated when you use a telecommunications service – information such as the number you called, when you called and how long you spoke for. It does not include the content of a communication, such as the detail of what you said or wrote in an email or SMS. The police and other enforcement agencies can access metadata under law without a warrant.
Image credit: Beau Giles