Vodafone Reveals Government Agencies Have Direct Access To Its Network Around The World, No Warrants Required
from the even-worse-than-we-thought dept
One of the important results of Snowden’s leaks over the last year is that the companies involved are not only becoming more open about how their services have been used by the NSA and GCHQ to spy on people, but they are even starting to push for less intrusion and more transparency. The latest to provide important information about what has been going on is Vodafone, with some fairly shocking news, as reported by the Guardian:
Vodafone, one of the world’s largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.
The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people.
The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a “nightmare scenario” that confirmed their worst fears on the extent of snooping.
The Guardian story has lots of new information, and is well-worth reading. It includes a table that shows the number of warrants issued last year for legal interception of content, on a country-by-country basis. There are some surprises here — for example, the fact that the Australian government issued 685,757 warrants for metadata, which is even more than the UK’s 514,608 warrants, despite the fact that Australia has well under half the population of the UK.
There are other fascinating details in the Vodafone Law Enforcement Disclosure Report itself. For example, it contains this explanation about what exactly a warrant might encompass these days:
Each warrant can target any number of different subscribers. It can also target any number of different communications services used by each of those subscribers and — in a modern and complex all-IP environment — it can also target multiple devices used by each subscriber to access each communications service. Additionally, the same individual can be covered by multiple warrants: for example, more than one agency or authority may be investigating a particular individual. Furthermore, the legal framework in some countries requires agencies and authorities to obtain a new warrant for each target service or device, even if those services or devices are all used by the same individual of interest. Note that in the majority of countries, warrants have a time-limited lifespan beyond which they must either be renewed or allowed to lapse.
As people’s digital lives grow more complex and the number of communications devices and services used at home and work on a daily basis continues to increase, the ratio of target devices and services accessed to warrants issued will continue to increase. To illustrate this with a hypothetical example:
a single warrant targets 5 individuals;
each individual subscribes to an average of eight different communications services provided by up to eight different companies: a landline phone line, a mobile phone, two email accounts, two social networking accounts and two “cloud”; storage accounts; and
each individual owns, on average, two communications devices fitted with a SIM card (a smartphone and a tablet) in addition to a landline phone and a laptop.
In the hypothetical example above, that one warrant could therefore be recorded as more than 100 separate instances of agency and authority access to individual services on individual devices used by individual subscribers.
That means that the number of warrants listed in the Vodafone report, and collected in the Guardian table mentioned above, is likely to be a significant underestimate of the total number of acts of surveillance being conducted. Alongside the main report, there is also an 88-page Legal Annexe (pdf):
This annexe to Vodafone’s Law Enforcement Disclosure report seeks to highlight some of the most important legal powers available to government agencies and authorities seeking to access customer communications across the 29 countries of operation covered in this report.
Whilst the legal powers summarised here form part of local legislation in each of those countries and can therefore be accessed by the public, in practice very few people are aware of these powers or understand the extent to which they enable agencies and authorities to compel operators to provide assistance of this nature.
As that notes, very few people are aware of the powers that exist around the world, which makes this Annexe an extremely valuable contribution to charting the surveillance landscape, not least because it is being released freely. As well as for this research, Vodafone deserves credit for making the following call, as reported by the Guardian:
Vodafone’s group privacy officer, Stephen Deadman, said: “These pipes exist, the direct access model exists.
“We are making a call to end direct access as a means of government agencies obtaining people’s communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used.”
That’s a hugely important point. Direct access, as revealed by Vodafone, not only allows governments real-time access to enormous quantities of private communications data, but does so in a way that hides the fact that the interception is taking place at all, even to the companies involved. As Vodafone notes, introducing the requirement for a warrant for all such interception would make it much easier for companies to resist, alert the public to the sheer scale of the surveillance being carried upon them, and probably act as a natural brake on governments. Direct access to the network represents a huge exacerbation of the dangers of government surveillance: it is simply too easy to “collect it all.” Vodafone’s disclosure report is an important step towards changing that; the “other telecoms groups” mentioned above should now follow suit by issuing their own.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: direct access, europe, surveillance, warrants, wiretaps
Companies: vodafone
Comments on “Vodafone Reveals Government Agencies Have Direct Access To Its Network Around The World, No Warrants Required”
Wow. I’m glad I am not a Vodafone shareholder.
I sense customers will be fleeing their service with Vodafone once they hear that Governments are given an all access pass to their network.
Makes me wonder what other Telco’s are doing this.
Re: Re:
With landline telephone service in the US, they all are doing it — both large and small telcos. That’s because it’s required by law (CALEA). They have no choice.
I’d be shocked if this wasn’t happening with all cell phone carriers as well.
Re: Re: Re:
As we have learned from the patent system, this is totally different because it is on the internet.
“fleeing their service with Vodafone”
Uh, so where to now, boss? Got any bright ideas?
Re: Re:
The only way individuals can fight this is to use encrypted peer to peer federated services whenever possible for communications, through a TOR if possible. Also, where possible use an encrypted ‘bulletin’ boards for family and group communications, also in a federated set-up. This however requires that people put a bit more effort into their communication that using the likes of Facebook and Twitter. These centralized services can be left to decay into what they are becoming, a means for companies and artists to communicate with fans, and the service behind public interest groups and the like.
Also use the mobile phone only for immediate communications, and more secure systems when it can wait for a bit. O.K. this means a lot of ‘tweets’ never get sent. Oh, and when out in a group, talk to the people there, rather than the ones who could not make it, they can be given a summary latter if required, and over a more secure channel than any available from a phone.
Re: Re: Re:
P.S. I forgot, if there is time to plan, use snail mail, which can carry micro SD cards.
One of the world’s largest telecoms calls BS on the surveillance state.
…I’d call this a win. More please.
>3%
Wikipedia says the population of Australia is about 23.5 million.
If we assume every one of those 685k warrants were only targeting a single person, and that everyone in Australia is on Vodafone’s service, that’s at least 3% of the population under surveillance or under suspicion of their government. Even for the most conservative estimate, that is staggering. Since not everyone uses Vodafone, and many of those warrants were for multiple people, that number is considerably higher.
Australians, do you know 20 people? If so, odds are at least 1 is under government surveillance.
Re: >3%
Well, as we learned from The Princess Bride, Australia is peopled entirely with criminals, so this is to be expected.
Ok vodafone, as someome who is completely disgusted with this whole thing and your part……you did good…….if you knew me, thats saying something……which means…..you did good, you made an actuall intelectual and in comparison to OTHERS balsy move…..wheres BT’s response huh?!
But saying that, if they should not budge as their fucking likely, not removing this poison FROM YOUR PROPERTY will make this MEANINGLESS……and just to clarify, the restrictions that apply to government also applies to corporations…….just incase for whatever reason, that needs saying…..i.e. it shouldnt, …….just incase, without actual evidence, never let there be evidence, not through secrecy but through morality
I guess I will switch to Vodafone.