Friday, February 5, 2016

This man beat Centrelink's system and he says you can too

How to succeed with Centrelink

University student Tom Wade spent an hour on the phone to Centrelink and got nowhere with his issue. So, he went up the chain of command, and here's how he did it.
Uni student Tom Wade was one of hundreds of thousands of Australians driven to despair by Centrelink's customer service performance.

But instead of getting mad, Mr Wade got busy, accessing the Australian Government Directory and confronting senior Department of Human Services Bureaucrats directly with his complaints.

Tom Wade used the Commonwealth government directory to contact senior executives in the Department of Human Service when ...
Tom Wade used the Commonwealth government directory to contact senior executives in the Department of Human Service when he couldn't get through to Centrelink using the official channels. Photo: Chris Hopkins
The administrative blunder was soon sorted, Mr Wade says, and he is encouraging frustrated clients to take their grievances up Centrelink's food chain, saying departmental bosses should be held accountable for the failings at the coalface.

When Mr Wade's youth allowance payments were cancelled in late 2014 he did what most clients do and took to Centrelink's phone lines to solve the problem.

But in a story that will be all too familiar with hundreds of thousands of clients of the welfare agency, seemingly endless periods of waiting on hold resulted in being put through to someone who could not help the Melbourne student.

So, after using search engine Google to figure out who were the power people behind the scenes at Centrelink, the 23-year-old stumbled on his most powerful weapon; the Australian Government Directory.
"I got on the organisational structure from the Department of Human Services' website and just started Googling people from the top down, starting with Kathryn Campbell the secretary,
"Then I did [DHS customer service boss] Grant Tidswell, the second one down and his entry in the directory was the second Google result."

Eventually, Mr Wade settled his attentions on Brendan Jacomb, DHS' national manager of "service delivery performance and analysis".

"I got through to him directly and he's the one to who I started dishing out the (performance) targets from the department's annual report," Mr Wade said.

"He was caught a bit off guard about that, kinda surprised, but he said they'd get back to me about the details."

After the internal DHS blunder that caused his payment cut-off was corrected, Mr Wade decided he had hit on a winning formula and ran with it.

"I had to fix up the detail of my Medicare account, so instead of calling general inquiries and waiting ages, I found the lady in charge of Medicare, rang her up and asked her to fix it up for me," he said.

"She asked 'Where did you get my number?' and I just said I looked her up directly.

"She didn't know what to say to that, but she did forward me to the right people and I got straight through."
The department was not enthusiastic about Mr Wade's approach, with a spokesman saying that anyone unhappy with the service they have received should go through the usual channels.

"Customers can ask for a review of a decision, provide feedback or make a complaint by writing to us, calling 1800 132 468 or visiting one of our service centres," a spokeswoman told Fairfax.

After finishing his degree and moving into the workforce, Mr Wade is no longer a Centrelink client but he encourages anyone feeling the frustration of dealing with the giant agency to use his methods.

"For anyone who wants to get in touch with Centrelink, you already know the general inquiries lines are going to be backed up and a slow process, so find the person you feel has the power to help you directly and get in contact," he said.

"Put the responsibility on someone in a position of authority to help you with your problem.

"Sh*t rolls downhill so you've got to aim as high as you can, if you get in touch with someone too high up to deal with your problem then they will delegate."

theage.com.au 28 Jan 2016

Monday, February 1, 2016

Telstra privacy breach leaves customer's voicemail exposed

Telstra appears stumped as to how the unusual privacy breach occurred. Telstra appears stumped as to how the unusual privacy breach occurred. Photo: Bloomberg

When it was time to upgrade to the latest iPhone, Richard Thornton did what he had done many times before.

He wiped his old iPhone 5 with a factory reset, removed the SIM card, and sold the device second hand to a private buyer.

Melbourne dad Richard Thornton was the victim of a privacy breach. Melbourne dad Richard Thornton was the victim of a privacy breach. Photo: Richard Thornton
And then something "scary" happened. The buyer of the iPhone 5 contacted Mr Thornton to tell him he was receiving his personal Telstra voicemail messages.

"They told me, 'One of your mates called about a gig you were doing for New Year's Eve," Mr Thornton, a Melbourne-based IT professional and musician, told Fairfax.

The new phone owner (also a Telstra customer, who wishes to remain anonymous), explained to Mr Thornton that when the iPhone 5 was powered off and then on again, it downloaded Mr Thornton's voicemail messages to the phone's inbuilt visual voicemail app, where he could then browse and listen to them in full.

A screenshot of Mr Thornton's Telstra voicemail messages which appeared on the iPhone 5 after he wiped it and sold it. Photo: Richard Thornton
 
Meanwhile, the new owner was not receiving notifications for his own voicemail, and had to ring up Telstra's voicemail service manually to check them.

A screenshot of Mr Thornton's Telstra voicemail messages which appeared on the iPhone 5 after he wiped it and sold it.The serious privacy breach, which Mr Thornton detailed on his blog, has stumped both Telstra and Apple, although the responsibility appears to lie with Telstra rather than the iPhone maker.

Mr Thornton said Telstra gave him "the runaround" when he first notified them of the issue, telling him it was "impossible".

"They said it can't happen, you must have forgotten something," Mr Thornton said.

"You mustn't have reset your Apple ID, or you left your SIM in the phone [before you sold it].

"I thought, no, I work in IT – I kinda know what I'm doing here."
A Telstra customer service representative told him his only option was to disable voicemail, Mr Thornton said.

After more than 24 hours trying to resolve the issue with Telstra customer service, a senior Telstra engineer apologised to Mr Thornton and confirmed what was already clear: two separate phones were accessing and downloading his personal voicemail.

"He [the engineer] had a direct line to Apple, and [when he told them about the issue] they said, 'We don't believe you'," Mr Thornton said.

Telstra has now implemented a fix which rejects the old phone's automatic requests to download Mr Thornton's voicemails. However the telco has yet to determine the root cause of the problem.

"They know what the symptoms are but they don't know what the cause is," Mr Thornton said.

Replying to a post by Mr Thornton on Reddit, some suggested the problem may lie in Telstra's visual voicemail using a mobile phone's International Mobile Station Equipment Identity (IMEI) number for authentication. An IMEI is a unique number used to identify individual mobile devices.

However a Telstra spokesperson said the telco does not use IMEI numbers to authenticate visual voicemail.
Telstra is understood to not yet have been able to replicate the voicemail duplication issue, but is looking to analyse the individual iPhone 5 device to get to the bottom of the privacy breach.

"We are committed to protecting our customers' privacy, keeping their personal information safe and ensuring the security of their data," the Telstra spokesperson said.

It is unclear whether this type of problem has affected any other customers.

Mr Thornton said he was lucky the person who bought his iPhone 5 had been co-operative and forthcoming about the issue, but was worried about the implications for privacy-critical businesses such as law firms or medical and government organisations who resold their digital equipment.

He said he would "probably not" resell an old phone in the future, even though he'd done so three or four times in the past.

A recent Deloitte survey found 27 per cent of Australians give away their old mobile phones, while 8 per cent sell them.
 
smh.com.au  22 Jan 2016

So the $64,000 question could be:

Will Telstra be fined for breaching privacy laws?

Laws that apply to EVERYONE?