Telstra transparency report reveals extent of customer data sharing

Telstra received approximately 40,000 requests for information about its customers during the second half of 2013, the company has revealed in its first-ever transparency report.

The Telstra Transparency Report broke down the nature of the requests from law enforcement agencies, regulatory bodies and emergency services organisations but did not specify figures on requests by national security bodies, which the company said is prohibited under the Telecommunications (Interception and Access) Act 1979.

During the half year, some 36,053 requests for customer information – including details that appear on a phone bill such as a customer's name, address, service number and connection dates – were handled. These requests also include carriage service records, such as call records, SMS records, and Internet records with details such as the called party, date, time, and duration of a call.

Telstra may also have provided Internet session information that includes the date, time, and duration of Internet sessions as well as email logs from addresses.

Emergency-service agencies requested details in life-threatening situations some 2871 times where "the release of customer information could prevent or lessen an imminent threat to the life or health of a person," Telstra's report says. "Information may also be requested by law enforcement agencies where calls to emergency service numbers have taken place."

Telstra details were provided under court order 270 times during the half year, while warrants for interception or access to stored communications – which Telstra says "may compel us to supply the content of communications after it has been delivered" – were executed 1450 times.

The report also revealed that Telstra's international arm, Telstra Global, received less than 100 requests for customer information during the half-year.

One significant feature of Australian law is that agencies can run pre-warrant checks, to ensure that a particular service is active before they submit a formal data request.

Published for the second half of 2013 in its first incarnation, the Telstra Transparency Report will be published annually from now on, at the end of each financial year.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Copyright © 2014 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)