British telecommunications company Vodafone joined the whistleblowing ranks of Edward Snowden on Friday, revealing that several countries around the world directly eavesdrop on Vodafone customer communications.
In the company’s first-ever transparency report, Vodafone says that governments around the world are able to access customer text messages and phone calls, some through warrants, others through a direct pipeline to communication that does not require permission from telecom companies. Vodafone says it complies with these governments because it must follow laws "designed to protect national security and public safety." However, this revelation, in light of the one-year anniversary of Mr. Snowden’s National Security Administration leaks, draws more attention to the heightened state of surveillance in our world today.
Vodafone did not reveal the names of the countries that have direct and permanent access to customer communications because, the company says, it worries about retaliation from certain regimes against Vodafone workers in those countries. Vodafone operates in 29 countries, and in nine of those countries (Albania, Egypt, Hungary, India, Malta, Qatar, Romania, South Africa, and Turkey) it is illegal for companies to disclose information about governments accessing citizens’ communications. Vodafone has more than 400 million customers worldwide.
Vodafone says that many countries offer the company a warrant to use surveillance tactics on anything from Vodafone metadata to national content. A graphic by the Guardian shows that nearly every one of the countries (aside from the ones that do not allow companies to reveal this type of information) where Vodafone operates has filed thousands of warrants for information. Some countries could not access communication due to limited technical ability, Vodafone points out. There were particularly high numbers of warrants, compared to population, in Italy, Malta, and the UK.
Overall, however, Vodafone has little ability to control how much information governments can glean from its customers due to various country-by-country laws.
"After months of detailed analysis, it has become clear that there is, in fact, very little coherence and consistency in law and agency and authority practice... even between neighboring EU Member States,” Vodafone says in the report. "In a small number of countries the law dictates that specific agencies and authorities must have direct access to an operator's network, bypassing any form of operational control over lawful interception on the part of the operator."
Vodafone is calling for an end to this direct access information pipeline to allow telecommunications companies to be more transparent with which countries are filing warrants. Privacy groups praised Vodafone for transparency, but say this is yet another worldwide wake-up call.
“While it does the more traditional 'transparency reporting,' Vodafone also correctly notes that the mere release of numbers is insufficient,” writes Gus Hosein, executive director of the London-based advocacy group Privacy International in a blog. “Each government permits different levels of reporting on the monitoring of communications, and some not at all.”
“We have learned from Mr. Snowden that governments see us not as people, but as objects to be monitored, tracked, and profiled,” he adds. “There is so much more to do.”
Previously, Verizon, Deutsche Telekom, and others have released transparency reports, but only for respective domestic operations. Vodafone’s report is by far the most comprehensive to date.
In the meantime, major tech companies (such as Google, Reddit, and Mozilla), privacy groups, and activists (including Mr. Snowden) banded together this week to begin an initiative called “Reset the Net.” This is a campaign that aims to strengthen privacy rights online.