As government and industry debate the practicalities of mandatory data retention in Australia, Vodafone has revealed it is already working on a scheme to match individual internet users to the sites they visit.
Speaking at a Senate Committee review on the Telecommunications (Interception and Access) Act, Vodafone’s general manager of industry strategy and public policy, Matthew Lobb, said that although the scheme was in its “infancy”, Vodafone was beginning to implement IP identifier tracking.
“We’re starting to move to a situation where there will be a clear IP identifier for each session when a customer accesses the internet or uses data,” said Lobb.
“When you start a session you’re assigned an internal IP identifier and you’re also assigned a public identifier and those are dynamic,” he added. “The capability that is emerging is that that is linked to a particular customer.”
Lobb conceded that “a primary reputational requirement of a telco is that people trust how their information is being used”. However, he also noted that the move towards IP identification was something that was being called for by Vodafone customers.
“Consumers are wanting to know how much of their data they’re using on Facebook or on Twitter,” he said.
Greens Senator and Committee member Scott Ludlam challenged Lobb on the need to store the IP identifying data of all customers if it was only a feature requested by some, particularly in light of Lobb’s comments on Vodafone’s commitment to privacy.
“For customers it’s a useful experience,” Lobb replied. “We think that the majority of customers will appreciate knowing how they use that data and what they use that data for.”
Lobb said that IP identification has “not been a traditional capability” in Vodafone’s data storage regimes and it would still be some years before such a scheme would be a “robust capability” of the telco.
But he added that “we’re moving to an IP world so the IP identifier is going to be an established part of how you access data”.
While he would not comment on plans being put in place by Vodafone’s competitors to IP match their customers, he said he “would expect that the capability is something that is evolving across the industry”.
There was no indication in today’s committee hearing of whether law enforcement would request access to data that matched information about particular internet users to the sites they visited — information that Vodafone says it stores for a period of 90 days.
Lobb said Vodafone already had systems in place to deal with lawful requests for phone call data by law enforcement agencies — adding that details such as the number dialled and the billing information of the caller were historically stored by telecommunications companies for tax purposes “before the law enforcement services thought it was useful”.
He said increased capability to match a particular IP identifier, date and time with information about “who accessed that bad website” was simply a “legitimate modernising of the current regime”.
Update, 3:30 p.m. AEST: After Vodafone’s appearance at the Senate Committee hearing, Telstra’s director of Government Relations James Shaw told the Committee that Telstra does not currently match IP identifiers to browsing history.
“We don’t collect web browsing history linked to customers’ accounts,” said Shaw. “I’m certainly not aware of any proposals in our business to go down that route to provide a commercial service like that. Vodafone have clearly made a decision…to provide that service to their customers.”