In a brave move, the world’s second largest telecommunications company, Vodafone, has issued an 88-page long Law Enforcement Disclosure Report, which details the shocking extent to which 29 governments around the world access Vodafone’s customers’ phone records,
‘In every country in which we operate, we have to abide by the laws of those countries which require us to disclose information about our customers to law enforcement agencies or other government authorities, or to block or restrict access to certain services. Those laws are designed to protect national security and public safety or to prevent or investigate crime and terrorism, and the agencies and authorities that invoke those laws insist that the information demanded from communications operators such as Vodafone is essential to their work.’
In around six of those countries, governments have installed direct access pipes, so even Vodafone doesn’t know how much information they may have obtained. Vodafone refused to name these countries, while making it clear that other telecoms companies were also complicit in such surveillance.
‘Agencies and authorities have the scope to apply advanced analytics techniques to every aspect of an individual’s communications, movements, interests and associations – to the extent that such activity is lawful – yielding a depth of real-time insights into private lives unimaginable two decades ago.’
The Guardian compiled the following table from the report’s Country-by-country disclosure of law enforcement assistance demands. It does not provide any information on direct access demands, but by listing the number of warrants issued to its local businesses it is the best measure of each country’s activity available.
Vodafone’s chief privacy officer, Stephan Deadman confirms the existence of direct access pipelines,
‘These pipes exist, the direct access model exists. We are making a call to end direct access as a means of government agencies obtaining people’s communication data. Without an official warrant, there is no external visibility.’
Vodaphone has been accused of cooperating with GHCQ in the past, but in the report it danced around the issue, saying that in the UK a direct tap would not be legal as a warrant is required to access information, but if served with a warrant ‘there is the possibility that this power is broad enough to permit government direct access to Vodafone’s network.‘
Gus Hosein, executive director of Privacy International, an organization that is legally challenging the UK government over GCHQ’s unlawful hacking of computers and mobile phones, told the Guardian that,
‘These are the nightmare scenarios that we were imagining. I never thought the telcos would be so complicit. It’s a brave step by Vodafone and hopefully the other telcos will become more brave with disclosure, but what we need is for them to be braver about fighting back against the illegal requests and the laws themselves.’
If there is one silver lining to this very dark cloud, it is that some telecoms operators do indeed seem inspired to come forward and be honest about how their systems are being used for government surveillance. Deutsche Telekom, for example, which has 140 million customers worldwide, has stated,
‘Deutsche Telekom has initially focused on Germany when it comes to disclosure of government requests. We are currently checking if and to what extent our national companies can disclose information. We intend to publish something similar to Vodafone.’
We applaud Vodafone’s decision to go public with the information in the report, and hope that it achieves its aim,
‘We need to debate how we are balancing the needs of law enforcement with the fundamental rights and freedoms of the citizens. The ideal is we get a much more informed debate going, and we do all of that without putting our colleagues in danger.’