Privacy Law and Policy Reporter
Tim Dixon updates the discussion of the introduction of CND published in the previous issue ((1997) 4 PLPR 102).
With Calling Number Display now available on most of the telecommun-ications network, confusion surrounds the status of public commitments of both Telstra and the Government to fulfil the guidelines for the introduction of CND laid down by the AUSTEL Privacy Advisory Committee (PAC) in 1996.
My article in the last issue ((1997) 4 PLPR 102) discussed the key requirement of the PAC report — that before a carrier introduced CND, it must conduct a public education campaign and achieve a minimum 80 per cent awareness of key CND and privacy issues both in the general population and amongst special needs groups (such as older people and people with disabilities). AUSTEL also recommended that carriers establish an independent reference panel consisting of consumer representatives to oversee the public education campaign and research to test awareness levels.
Prior to launching the CND service, Telstra both conducted a public education campaign and established an independent reference panel. However, it failed to reach the required levels of public awareness. The launch of CND went ahead nevertheless, with a major dispute between the reference panel and Telstra over both the validity of figures released by Telstra and the extent to which the public education campaign had met the guidelines laid down by Telstra.
After examining the final research data in late November, the reference panel recommended to Telstra that the introduction of CND be delayed. The group unanimously agreed that Telstra had fallen substantially short of the targets, and urged Telstra to address the deficiencies in its public education campaign (as outlined in the previous article).
Telstra rejected the reference group’s advice, arguing that, while they had fallen short of their target, the shortfall was only marginal. Telstra argued that in any case, even if the targets had not been achieved they had done their best to achieve them. The Telstra representatives suggested that perhaps the targets were unreasonable — or perhaps people had so few concerns about CND that they had just switched off from watching the advertisements. Finally, Telstra argued that commercial considerations were too significant to delay the introduction of CND indefinitely in the hope that they may at some time achieve the awareness levels laid down in the AUSTEL report.
The media release issued by Telstra claimed that they had largely achieved the necessary awareness levels for the introduction of CND. According to Telstra’s research, the first AUSTEL requirement had been achieved, with over 80 per cent awareness that CND was being introduced. On the second AUSTEL requirement, awareness of blocking, Telstra claimed 67 per cent awareness. This was based on responses to the following question:
CND provides you with the option of choosing to prevent the sending of your phone number for either all the calls you make or just certain calls you make. Were you aware you could do this before today?
The reference group did not accept that this question was a valid measure of awareness of blocking, since respondents were being prompted. In fact, the figures from Telstra’s research (which Telstra did not release publicly) indicated that a substantial majority of people did not know how to arrange permanent line blocking, and only a small number of people could identify how to arrange per-line blocking. However, Telstra’s refusal to release the full contents of its research makes it difficult for an open debate over whether or not the PAC requirements have been met.
The most serious shortcoming in Telstra’s education and research strategies has related to the privacy impacts of CND — the issue identified as the third public awareness requirement in the AUSTEL guidelines. The Telstra media release noted an 82 per cent awareness level in response to the following question:
With CND, the number of the caller (unless blocking) will be displayed. Before now, were you aware that if the receiver recognises your number, they will know who is calling prior to answering?
The reference group expressed surprise that Telstra believed this question to be an adequate measurement of awareness of privacy implications. In fact, the question appeared to be simply another way of asking about awareness of what CND is — it did not relate directly to privacy implications. The AUSTEL guidelines had explicitly stated that consumers’ awareness must involve ‘the privacy implications of sending their number, in that consumers may be identified by their number before their phone call is answered and that their number may be captured by organisational users of CND.’ The issue of organisational use of CND was not addressed in the question used in Telstra’s research.
In fact, Telstra does have research data indicating awareness levels relating to organisational use of CND. This includes responses showing that most people did not feel that the privacy impact of CND had been fully explained to them, and that when asked their opinion about businesses linking telephone numbers to databases, most thought this was a bad or a very bad idea. However, Telstra did not release these findings publicly.
The reference group has written to Senator Richard Alston, Minister for Communications, the Information Economy and the Arts, raising concerns over Telstra’s plan to go ahead with the introduction of CND despite the results of its research, and requesting him to reaffirm the government’s commitment to the AUSTEL guidelines. It has also raised concerns that Telstra had substantially failed to reach the required awareness levels among special needs groups such as older people. At this stage, the Minister has not responded to the correspondence.
It remains an open question as to whether the deficiencies of Telstra’s campaign can be addressed. Telstra has refused to address the issue of unethical business use of CND in its campaign, on the basis that this would create a commercial conflict for Telstra. The reference group felt that Telstra had essentially conducted its campaign as if unethical business use of personal information were not a potential implication of CND — an approach which appears to be in clear breach of the AUSTEL guidelines.
Nevertheless, Telstra indicated some willingness to support efforts to raise awareness through advertising and other efforts coordinated by consumer groups. This is a matter of ongoing consultation, and an adequately resourced campaign would go a long way towards addressing these concerns.
Aside from ensuring that public awareness targets are achieved, the other main concern of consumer groups has been to ensure that safeguards are in place to protect consumers from unethical business use of CND. In the absence of a consistent national framework for privacy protection, specific sectoral initiatives are necessary to provide these safeguards. The Minister wrote to the telecommunications carriers in November asking them to put such safeguards in place, by requiring business users of CND to comply with privacy guidelines through provisions in their contracts.
Initially Telstra had indicated that such a mechanism would not be practical. However, following the Minister’s letter Telstra indicated a willingness to comply with his request. (On the other hand, it is understood that Vodafone, which offers CND within its mobile network, has indicated that it could not adopt this approach because it does not have direct customer relationships — it deals with a network of service providers.)
While no details have yet been released on how the contractual safeguards approach might work, it seems likely that consumer complaints would be directed to the Australian Communications Authority, which would then investigate the matter with the carrier. If an organisational user of CND was found to have breached the AUSTEL guidelines, the carrier might then terminate their use of the CND service. At this stage it does not appear that consumers will have any other avenue of redress, and it is doubtful that the CND code for the telecommunications industry (currently being developed through the Australian Communications Industry Forum) will offer any better solution, since its reach is limited to the telecommunications industry.
While this framework recognises that CND poses a significant threat to personal privacy, it is a clumsy and obscure solution. Most consumers are unlikely to be aware of their rights. Nor is it clear that secondary business users of CND information — who may not have a commercial contract with carriers — will be covered. Australia’s experience with the launch of CND should provide some valuable lessons on both the self-regulatory framework of telecommun-ications regulation and the patchwork approach to privacy protection.
Tim Dixon, Secretary,
Australian Privacy Charter Council.
Tim Dixon represented the Communications Law Centre on Telstra’s Public Education Campaign Reference Group.