Hands off our packets, it's the law

Hands off our packets, it's the law

Summary: Was Telstra's decision to share the URLs its customers visited with an offshore organisation an illegal communications intercept?


When Telstra sent Next G customers' web-browsing history offshore, it failed in its duty as a common carrier, according to Geoff Huston, the chief scientist of regional internet registry Asia-Pacific Network Information Centre (APNIC).

Telstra said that no personal information was collected, and that it was reporting newly discovered URLs to internet content-filtering company Netsweeper as part of its development of a new add-on filtering service for the Next G mobile network.

But as Huston explained in his personal blog post entitled "All Your Packets Belong to Us", he believes that this constitutes an illegal communications intercept.

"It seems that such actions are way beyond the terms and conditions of the Australian Telecommunications Act, in so far as that parts of a user's conversation have been intercepted by the public carrier, recorded and then sent to a third party without consent. All this without any form of identified operational necessity in terms of the wellbeing and integrity of the network itself," he wrote.

"It was a case of  stalking, and that is not part of the legitimate role of a common carrier."

On this week's Patch Monday podcast, Huston describes how he sees the role of the internet as a common carrier. Service providers should be protecting the privacy of our communications in all except very limited circumstances — just like the telephone and post office before them.

That common carrier role is being eroded, as communications companies increasingly see the data stream as something to be monitored and even monetised. Part of the problem, says Huston, is the assumption that everything not encrypted is public.

"I have to expose something to you in order to communicate, but that doesn't necessarily mean that you and I have broadcast that to the world," he said.

"This de facto assumption that everything on the net, everything I publish, is public is a false assumption, and I think that's part of this erosion of privacy."

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 29 minutes, 09 seconds

Topics: Security, Privacy, Telstra


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I would have to say yes, this is illegal and should be severely punished

    The bottom line is that my personal information is my personal information. Telstra should not be giving any information to anyone that I did not explicitly (opt-in) tell them that I wanted them to give out.
  • Telstra as Carrier or ISP?

    Geoff Huston is making very direct assertions about the Telecommunications Act and a carrier’s responsibility. But even he touches upon his own experience at an ISP and the ambiguity associated with using HTTP proxies systems. HTTP proxies have existed for almost as long as the World Wide Web. Is a proxy just a benign way of improving the customer experience or an illegal interception of customer data? The current laws seem very far behind.
  • Telstra 3G "cookie-you-can-never-delete"

    I am amazed this has not got more attention: