Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Australia Privacy The Media

Vodafone Australia Employee Searched Journalist's Phone Records To Find Source 65

An anonymous reader writes: In 2011, a journalist named Natalie O'Brien published a series of stories on security problems in Vodafone's Siebel data system. "Customers' home addresses, driver's licenses and credit card details were all available online, O'Brien wrote, and criminal groups were paying for customers' private information." Now, Vodafone Australia has admitted that an employee went through her phone and text records to try and figure out who her sources were within the company. O'Brien wrote, "The invasion of privacy is devastating. It plays with your mind. What was in those texts? Who were they to? What did they see? What did they do with the information?" Despite the admission, Vodafone has denied that it engaged in improper behavior (PDF). The company says it found no evidence the employee was directed to do so by management. That said, leaked emails show management became aware of the privacy breach and its potential repercussions as early as 2012.
This discussion has been archived. No new comments can be posted.

Vodafone Australia Employee Searched Journalist's Phone Records To Find Source

Comments Filter:
  • ....says the CIA every time one of their agents is caught plotting an assassination, government overthrow, or arranging to help the rebels sell drugs for guns.

  • by DumbSwede ( 521261 ) <slashdotbin@hotmail.com> on Monday September 14, 2015 @10:00AM (#50518415) Homepage Journal

    So... some guy in the data-center just take it upon himself to go look up the info on some journalist, ‘cause you know that’s what IT guys do all day long, look up stuff on people with no direction.

    The company has very strict
    controls and processes around the privacy of customer information, and has appointed a dedicated privacy officer.

    So glad they have this in place, seems to be doing a bang up job. I can totally see how some low level employee would totally disregard this to dig up dirt on a Journalist and her accomplices. Because, you know, there’s so much in it for the low level employee.

    • See, that's the great thing about being a corporation ... no actual liability.

      Your staff does something shady? Well, you can fire them and say "the person responsible has been sacked".

      Your management tells your staff to do something shady? Well, you can pretend like it was a rogue employee and deny all responsibility.

      As you say, I find it exceedingly difficult to believe some tech guy just decided to do this on his own. I don't believe that at all.

  • by flopsquad ( 3518045 ) on Monday September 14, 2015 @10:10AM (#50518473)

    Now, Vodafone Australia has admitted that an employee went through her phone and text records to try and figure out who her sources were within the company. . . . Despite the admission, Vodafone has denied that it engaged in improper behavior (PDF). The company says it found no evidence the employee was directed to do so by management.

    Oh. Well, as long as it was some IT vigilante whose love for Vodafone just got the better of him. Sounds fine to me!

    Probably just some sweet, over-dedicated mook who took the workplace banner [flickr.com] too seriously. Definitely not any of the top brass directing this to happen.

  • by U2xhc2hkb3QgU3Vja3M ( 4212163 ) on Monday September 14, 2015 @10:10AM (#50518481)

    The company says it found no evidence the employee was directed to do so by management.

    Alright people, listen up! We have a spy in our ranks. We're not ordering or even asking anyone to search for the spy, but if one of you should happen to stumble into any bit of information about this, please keep in mind that we do offer a huge bonus.

  • by nimbius ( 983462 ) on Monday September 14, 2015 @10:12AM (#50518499) Homepage
    Its not uncommon to have middle management or even upper management that get a little overzealous with the amount of power they wield.

    Working for a hosting company, I once had a manager that was absolutely furious that we hosted a domain that endorsed abortions and facilitated service provider interactivity. my manager didnt have access to the accounts database, but she knew members of her team surely did. She wanted log summaries of people who visited, which is a request that has to go through InfoSec. Once they denied it based on lack of a warrant, she started trolling the team for info during lunch. The fact that we dont obsess over every single site, let alone her problem child, seemed to make her upset. She submitted 3 requests for content review by the abuse department, and finally quit when their manager kept sending the original report back. She hit all of us up for accounts information for the user, and even tried logging in as the tape backup administrator after finding their username in some documentation. She was eventually fired after trying to tie our performance raises for the account information.
  • A perfect example (Score:5, Insightful)

    by Somebody Is Using My ( 985418 ) on Monday September 14, 2015 @10:17AM (#50518525) Homepage

    This case is a perfect example of why this sort of data should be encrypted on the device and in no way accessible to anyone except the owner. Because if there is a backdoor to this data, whether protected by "procedure" or a escrowed key, it /will/ be abused. If it is not the government abusing this privilege, then it will be by a corporation, or by an individual with a personal grudge, or by criminal elements (or even worse, by marketing departments!). It doesn't matter what sort of "controls" you put on those back-doors, ultimately they will be ignored and abused. The number of people who get "hacked" in this way may be low, but even one is too many.

    This case should be dredged up every time a law-enforcement agency insists that easy access to personal data are a necessity in this digital age. They claim that there are protections in place to prevent this sort of thing; evidence (and common sense) show that this is nonsense. The only way to prevent this sort of abuse is not to remove the temptation from third-parties entirely; make the data on the device (or service) inaccessible unless you have the key to decrypt it, and ensure the only the owner of the data has that key.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      It's not data on the phone. It's records of what calls she's made, so that it identifies who she has spoken to. Those have to be stored centrally to generate statistics to identify system problems and to generate billing.

      It's the equivalent of an Apache access.log file, but one that can't be turned off because they do the bill runs off the data.

    • This case is a perfect example of why this sort of data should be encrypted on the device and in no way accessible to anyone except the owner.

      That ship has sailed. Like email, SMS texts are sent unencrypted. And it's going to take a herculean effort coordinating thousands of companies servicing billions of people to change it to something more secure. We've been trying to do just that with email for 20+ years and it's gone nowhere.

      I'm not sure what the solution is. This sort of stuff seems to happe

  • by NostalgiaForInfinity ( 4001831 ) on Monday September 14, 2015 @10:24AM (#50518557)

    You can never really protect against these kinds of invasions of privacy, in particular by telecoms or governments.

    Professional journalists should be using "burner phones" for this. That's their job as professionals, even if some countries (I guess Australia among them) make this difficult.

    People should also protest against legal requirements for registering their phones with the government.

    • by SJ2000 ( 1128057 ) on Monday September 14, 2015 @10:56AM (#50518721) Homepage
      There are no such thing as "burner phones" in Australia, you must have 100 points of ID in order to activate a mobile phone service.
      • by NostalgiaForInfinity ( 4001831 ) on Monday September 14, 2015 @11:23AM (#50518875)

        There are no such thing as "burner phones" in Australia,

        Sure there are: you can violate the law to get them (consider it an act of civil disobedience). You can get a foreign SIM card (there are plenty of companies that offer those, and quite cheaply too). Journalists can set a phone swapping club. Or you can use smart phones and use text messages only to initiate communications on privacy-conscious chat services.

        • Or, I don't know, just not use Vodafone?

          I know if I was a journalist doing some "juicy expose" on, for example, Verizon or AT&T here in the good old US-of-A, I'd surely be using my T-Mobile line for any communication with a whistleblower. Even if that T-Mobile line was 100% traceable back to me, it would remove the ability for the company I'm exposing to see who I was talking to, at least directly.

          Using a company's own services to communicate with internal employees who are leaking sensitive data is ju

          • by Anonymous Coward

            You're doing your juicy expose on Verizon.

            Someone you call while doing your juicy expose on Verizon happens to use Verizon.

            How did you stop your T-Mobile phone number from showing up in the Verizon call data?

"The voters have spoken, the bastards..." -- unknown

Working...