Communication companies are spilling their surveillance secrets. First UK telecoms company Vodafone revealed the existence of cables giving multiple governments access to their networks, and now German company Deutsche Telekom has hinted that it may do something similar. At a GSMA conference in Shanghai this week, a meeting point for the world's top mobile operators, details of these and any other companies' plans are set to be a hot topic.
The move toward transparency over how government agencies like the NSA collect users' data echoes steps being taken by internet giants to distance themselves from the surveillance. The New York Times reported that companies like Google, Microsoft, Facebook and Yahoo are adding new layers of encryption to make it more difficult for the NSA to get at their customers' data.
So why are telecoms companies stepping up to reveal what they know?
It started last week, when Vodafone revealed the secret wires that allow government agencies to directly access all communications carried out on its networks. In some countries, those with access can listen to and record conversations, and sometimes even pinpoint the location of someone using the network, all without a warrant. Vodafone said this access is “widely used” in some of the countries in which it conducts business.
These details weren't released through a leak, but through the company's first Law Enforcement Disclosure Report. The report also showed how many requests for customers data they received from the police and other agencies (in the countries that would allow such a disclosure). Vodafone has provided information in previous years on their privacy policies and law enforcement assistance, but this report went further than any other telecommunications company so far by providing data country by country.
The Guardian reported that, according to industry sources, “in some cases, the direct-access wire, or pipe, is essentially equipment in a locked room in a network's central data centre or in one of its local exchanges or 'switches.'” By revealing the existence of these systems, the company is taking a stand against them. “We are making a call to end direct access as a means of government agencies obtaining people's communication data,” Stephen Deadman, Vodafone's group privacy officer told the newspaper.
I got in touch with Vodafone to find out more about why they decided to make the revelations. “The protection of our customers' privacy is absolutely integral to our business model,” a representative of the company told me. “If we lose our customers' trust, then our business is severely damaged.”
When I asked if this move was to regain public trust in a post-Snowden world, the representative elaborated, “Not in the sense that we needed to react to it from our customers' perspective. We've not had a commercial drive of our customers saying they have a real concern about what intelligence agencies are doing to us.” Instead, this report “was the right thing to do.”
“When the Snowden revelations first appeared, we and other operators were accused of […] essentially a voluntary, cosy cooperation with international intelligence agencies,” he continued. Indeed, Vodafone was one of the companies alleged to be involved in the GCHQ program Tempora back in August 2013, which allows access to internet communications.
“They want to put the onus back on the government and say: 'It's not us,'” said analyst Chetan Sharma to BusinessWeek. “It does put pressure on other companies to be transparent, so their customers know what's going on.”
Other companies are already following Vodafone's move. Last month Deutsche Telekom published data on its police and court requests for Germany, and has said they have plans to release the data for more countries. They operate in 14 countries, including the US.
The Vodafone representative told me that attendees at the GSMA conference this week “are all talking” about the report, but it's unclear whether this will lead to similar revelations from other companies.
I reached out to a few different UK providers to see if they would be doing the same as Vodafone, and if so, why? EE did not respond, and a representative from BT, Britain's largest telecommunication company, told me that, "We do not comment on matters of national security. We comply with the law in the countries where we operate."
BT's comment is interesting, in that it states they comply with the law. In giving direct access to government agencies, Vodafone too is doing exactly that: abiding by the law. In the UK, for example, the company explains that s. 11 (1) (a) RIPA, a section of the Intelligence Services Act 1994, means that an “intelligence agency need not inform the service provider in question that the intercept has occurred.”
Whatever their motivation, Vodafone did a brave thing in releasing this information and offered a new insight into quite how the kind widespread surveillance we've been learning about over the past year works. If other companies follow suit and publish similar reports, it could greatly inform the debate around privacy.