Telstra handed over metadata for 75,000 warrantless requests

Telstra has revealed that it responded to almost 85,000 requests from law enforcement agencies to disclose data on its customers in the last financial year, including more than 75,000 warrantless requests for customer metadata.

While the telco was conforming to its obligations under current legislation, the statistics shed light on the potential scope of data retention plans being proposed by the Federal Government.

The numbers were issued as part of the telco's first ever "Transparency Report" which outlines the figures for data requests from law enforcement, broken down into categories such as "pre-warrant checks", customer information, warranted interception of communications data, and requests made in relation to Triple Zero emergency calls.

In the report -- which tracks requests from July 1, 2013, to June 30, 2014 -- Telstra outlines that it received a total of 84,949 requests for access to its customers' information.

Of these, more than 75,000 requests related to metadata such as a customer's name, address, service number and connection dates.

Telstra stipulates that this "customer information" also refers to internet session information, such as "the date, time, and duration of internet sessions as well as email logs from Bigpond addresses"; however, it specifically states that "this does not include URLs" which are considered to be content by the Government and therefore necessitate a warrant.

As far as warranted requests go, Telstra received 2,701 requests in the form of warrants for interception or access to stored communications, including communications content.

"A warrant is required for an agency to access the content of a communication," Telstra says of these requests. "Warrants require us to provide the relevant agency with real time access to communications as they are carried over our network (e.g. a lawful interception). Warrants may also compel us to supply the content of communications after it has been delivered."

In addition to these two main categories of requests for customer metadata and warranted requests for content, data was also provided to law enforcement as part of court orders and to facilitate timely responses to "life threatening situations" made by "authorised emergency service agencies (e.g. police, fire, ambulance)".

The figures in Telstra's Transparency Report do not include requests from national security agencies -- Telstra says its "understanding" of the position of the Attorney-General's Department is that reporting of these figures is prohibited by the Telecommunications Interception and Access Act.

Of its response to metadata requests and warrants, Telstra says "we only disclose customer information in accordance with the law".

We are required, like all telcos in Australia, to assist Australian national security and law enforcement agencies. This assistance is provided for specific reasons, such as enforcing criminal law, protecting public revenue and safeguarding national security. We also provide assistance to emergency services agencies in response to life threatening situations and Triple Zero emergency calls.

We are obliged to act on lawful requests for our customer information and warrants for communications travelling over or held in our network.

We believe complying with the law is an important part of being a responsible corporate citizen.

Telstra further clarified that its discussions with the Government on proposed mandatory data retention reforms are "ongoing" and that it welcomes the Government's "engagement with industry ...and the clarity they have provided that the scheme will not include web browsing data".