Now That Vodafone Has Come Out With A Real Transparency Report, Will US Telcos Follow Suit?

from the of-course-not dept

On Friday, we reported the surprising fact that Vodafone had not just followed the latest trend in issuing a transparency report, but actually flat out admitted that many governments had direct access to its phone lines, which allowed those governments to listen in on calls without a warrant. That level of transparency is great, because all too often with the "transparency" reports we've seen from some companies, they seem more focused on hiding what's really going on. Too frequently, this is because of requirements from the government, which has (almost certainly illegal and unconstitutional) gag orders on what companies are allowed to say about requests for government information. However, it's almost certainly also because companies are now afraid of admitting the kinds of things they've allowed governments to do in secret -- and are worried about how the public would respond.

However, I'm hopeful that Vodafone's decision to just step up and admit the level of access that governments have had will lead other companies to "come clean" on the sins of their past, and how they've given governments way too much access. Rather than have it leak by a whistleblower, to have the companies step up and admit to exactly what's gone on, while at the same time calling for a change in laws and policies (as Vodafone did) might actually help to restore some confidence that these companies aren't just happily handing over access, but are willing to publicize what's happening and also fight back against the excesses as well.

In the US, for example, it was a remarkable struggle just to get the big telcos to finally agree to issue transparency reports -- and when those transparency reports were released, they were remarkably opaque, rather than transparent. Such a transparency report does little to build confidence in what's happening, and actually breeds greater distrust. Coming clean, saying what's really going on, and how the telcos plan to move forward, seems like the only real way to rebuild any semblance of trust.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Cx, Jun 9th, 2014 @ 9:09pm

    Canary of some sort?

    Shouldn't it, in theory, be possible for a company to issue a statement to the effect of "The following (insert agency/organization/governments) do NOT have direct access to X resources" similar to how a warrant canary works?

    I know that there's a lot of ways that this could get very complex very quickly but surely there's a way to create the right group of inclusion/exclusion statements for nearly any situation...

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jun 9th, 2014 @ 9:50pm

    Re: Canary of some sort?

    That's sure not going to work for AT&T. Knowledge of their direct hook to the internet feeds is already public knowledge.

    About the only way that US corporations will admit to this, is if they see there profit line disappearing and that credited to the damage received from the NSA fallout. Even then it is more likely to go the way of Goggle, who is saying they are securing their datalines but are not saying whether the NSA has issued them NSLs. I doubt you will hear that one out in the open unless the NSLs are ruled illegal.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jun 10th, 2014 @ 12:40am

    I found the part where Vodafone states if they have access to the decryption keys for a message, they must handover those keys to law enforcement if requested. So much for server-side encrypted email. Or anything else where the client isn't in sole possession of the decryption keys.

    I wouldn't even trust JavaScript cryto, because JavaScript is served up by the web server, to the client.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jun 10th, 2014 @ 9:43am

    Re:

    I wouldn't even trust JavaScript cryto, because JavaScript is served up by the web server, to the client.
    You shouldn't trust anything sent by the server (this is how Hushmail compromises their users), but Javascript can reside entirely in the client, e.g., in a Firefox extension, and would then be reasonably secure.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jun 10th, 2014 @ 10:12am

    Lawyers should be forum shopping in Europe now for civil cases. And most of countries have private bills of indictment, where citizens can bypass prosecutors in criminal courts. And on top of it, executives at telcos and their handlers at spy agencies have no immunity of ANY kind. That includes both local and foreign such as Clapper and Alexander.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    k-h, Jun 10th, 2014 @ 4:14pm

    Except they don't mention the US

    They don't mention the US in that report, unless I read it wrong.

    The land of the free?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.