[LINK] Telstra. Making it easier?

Ross Johnson rpj@ise.canberra.edu.au
Tue, 17 Oct 2000 17:43:44 +1100 

I just got a call from a friend to tell me the story
of how she wasn't able to dial in to her work system.

The reason it failed, she discovered, was because she had
been late paying the bill on her second phone line and, even
though she'd paid it over a month ago, Telstra have found
a new and clever way to remind her.

Now admittedly she had been on her first reminder notice,
however, if I understand my friend correctly then Telstra
have come up with an efficient way to do several things at
once. These are:

	embarrass and undermine the privacy of an account
	customer's private dealings with Telstra,

	harass account customers,

	mount "denial-of-service" attacks against
	customer's fully paid up non voice connections.

How?

Apparently, if you're late paying your telephone account,
you now get a recorded message to remind you that your
account is overdue whenever you make a call. The way it
works is: At some point, presumably after the first
reminder has been sent, Telstra flag the line to get the
message. Now when someone wants to make a call they pick up
and dial the number as usual. At this point the recorded
message takes control. It tells the caller (not callee)
that the bill is overdue and takes you through a recorded
message and button-pushing dialog that doesn't allow any
shortcuts. Only after giving you this lecture will it
connect the call.

Now this may all sound well and good to some BUT ... 
remember, my friend had paid her overdue bill five weeks
ago. Today was the first time that she's needed to use the
line since, and the connection failed because the
message was still there.

Apparently the only way to get the message taken off, even
after you've paid your bill, even on non voice lines with
no handset, is to attempt a call and go through the recorded
dialog, part of which appears to be a sequence to have the
message removed. Even then, it appears to take several hours
to remove the message.


How this invades privacy
------------------------
Anyone who uses the phone to make a voice call (the customer's
partner, children, friends or neighbours) is given information
concerning the customer's private business status with Telstra.

How this harasses
-----------------
Every time the customer goes to use your phone to make a
voice call they're asked to pay up.

How this mounts Denial-of-Service attacks
-----------------------------------------
A large proportion of phone lines are used for dialup,
fax, or other non voice purposes including connecting
monitoring and security equipment. They don't
have a handset and people won't know that there's a
recorded message fouling up their connections, even
after they've paid their bill ... long after.

As a final coup, ISPs will cop the complaints when
connections keep failing.

Apart from being a dumb idea, Telstra's cleverness
doesn't even appear to extend as far as automatically
linking bill payment to message removal.


Ross Johnson