[LINK] Telstra, IIA and various ISPs - not protecting your privacy

Irene Graham exec@efa.org.au
Mon, 04 Nov 2002 18:10:05 +1000 

According to recent media and other reports, Telstra has commenced
routinely over-riding telephone callers' clearly expressed privacy choice
to block transmission of their silent telephone number, and any other
number with a CND block in place, when Internet users dial in to ISPs'
systems to connect to the Internet. To date and at the least, this would
affect Internet users whose ISP has dial in lines provided through
Telstra's MegaPop service, e.g. Bigpond and a number of other ISPs, 
http://www.news.com.au/common/story_page/0,4057,5389026%255E15306,00.html
and either does or soon will affect OzEmail customers. 
http://www.ozepay.com.au/newsletter/ozemail/20020923/view/news
There have also been reports on ISP discussion/mailing lists, that are
archived on the Web, that appear to allege that Comindico discloses silent,
and CND blocked, telephone numbers to ISPs when users log in. 

Telstra's failure to protect callers' privacy appears to result from a
voluntary plan by the Internet Industry Association ("IIA"), which has few
of Australia's approx. 650 ISPs as members, to require all telephone
companies to automatically disclose every Internet user's telephone number
whenever they log in. Evidently, IIA wants Internet users to be treated as
second class citizens, that is, to have less privacy rights than other
telephone callers who do not use the Internet. Telephone callers have an
existing right under Australian law to protect their privacy by blocking
the transmission of the telephone number they are using (CND/Calling Line
Identification information) to the end-recipients of their telephone calls.

The privacy choice of any dial-up Internet user, and also any telephone
service subscriber who allows an Internet user to use their telephone line,
would be over-ridden by their telephone service provider (e.g. Telstra,
Optus, etc). In addition, anyone who shares use of a telephone line, that
has a silent/unlisted or CND blocked number, would have their number
disclosed to someone else's ISP when their child, partner, flatmate, etc,
uses the telephone line to connect to the Internet. 

In recent months, the Chairman of IIA and CEO of OzEmail, Justin Milne, has
reportedly made a number of claims that mandatory CND/Calling Line
Identification disclosure is needed to prevent spam and also that it is
needed for 'law enforcement'. EFA considers these incredible claims need
far wider scrutiny than they have received to date. A number of ISPs (by no
means all) also claim that CND information is necessary for billing, call
management and/or routing, fraud prevention and so on. In EFA's view, the
definition of "necessary" being used does not provide sufficient
justification for routinely over-riding the privacy preferences of every
Internet user who chooses to block CND. 

It is not necessary for ISPs to know the telephone number a customer is
calling from in order to provide Internet access services. Disclosure of
CND information to ISPs will not prevent spam and is an extraordinarily
privacy invasive idea for dealing a problem that could be significantly
reduced by far more effective, non privacy invasive, means. There is no law
that requires ISPs to routinely collect telephone numbers used by every
Internet user for law enforcement, national security, or any other purpose.
(It should be noted that ISPs are authorised and can be required by various
law enforcement agencies to collect CND information pertaining to calls
made from -particular- numbers during -particular- periods, such as when a
law enforcement agency is investigating the activities of  -particular
individuals- suspected of engaging in an unlawful activity.) 

If, as reported in the media, Telstra is routinely disclosing silent
numbers and other numbers with a customer choice CND block in place (which
is almost certainly beyond doubt), then: 

- apparently Telstra is disclosing CND information to ISPs in circumstances
that are not in compliance with the ACIF Calling Number Display Code (C522)
requirement that telephone companies ensure callers can block transmission
of CND information to end-recipients of calls and, in EFA's analysis, quite
probably breach the provisions of the Telecommunications Act 1997 and the
Privacy Act 1988, and 
- apparently some ISPs are currently collecting, from Telstra (and possibly
from other telephone companies), CND information in circumstances that, in
EFA's analysis, breaches the National Privacy Principles (NPPs) set out in
the Privacy Act 1988, is not required by the Telecommunications Act 1997,
and quite probably is not even authorised by the Telecommunications Act.

For more detailed information and links relative to information above, see:

EFA Campaign against mandatory CND disclosure to ISPs, Nov 2002
http://www.efa.org.au/Issues/Privacy/cndnomand.html

EFA submission to ACIF re ACIF's draft revised Calling Number Display
Industry Code C522, 2 Nov 2002.
http://www.efa.org.au/Publish/cndacif_subm.html


Irene

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Irene Graham
Executive Director - Electronic Frontiers Australia Inc. (EFA)
EFA: <http://www.efa.org.au>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~