Vodafone: Here's how (and where) governments are spying on your calls

Summary:Mobile operator reveals scale of government surveillance, and says that speaking out is "not without risk"

vodafone

International mobile phone network operator Vodafone has revealed the scale of government surveillance of its customers across the world.

The company has published a report covering the 29 countries where it does business, detailing the requests made by various governments for access to data about customer communications.

That law enforcement and intelligence agencies request this data is hardly new. But Vodafone said the evolution of communications technology — and the desire of governments to tap into it — has created a tension between citizens' right to privacy and the state's need to ensure safety and security. Concerns about widespread surveillance and habitual data harvesting by intelligence agencies have triggered a debate about the scale and legitimacy of such monitoring .

While in most places Vodafone retains control over the systems used for lawful interception of communications, it revealed that in a small number of countries where it operates (which it did not name), the authorities have direct access to an operator's network, bypassing the telco completely.

As a result, in those countries, government authorities have complete and permanent access to all customer communications via their own direct link — without needing a warrant for the interception.

The report focuses on the two categories of law enforcement demands that account for the overwhelming majority of all such activity: lawful interception and access to communications data.

The company said that it does refuse to comply with demands that are fall into the other category of demands: the unlawful ones. It said the majority of rejections it issues tend to be for defects in the legal process or documentation, or in response to demands issued under inappropriate legal powers.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.

But is also noted handling such demands can be difficult for the operator: "the powers in question are often used in the context of highly sensitive and contentious developments — for example, during major civil unrest or an election period — which means that Vodafone colleagues dealing with the authorities in the country in question can be put at risk for rejecting a demand on the basis that it is not fully compliant with the law."

The company said that while it wanted to publish the data for all of the countries on a coherent basis, "after months of detailed analysis, it has become clear that there is, in fact, very little coherence and consistency in law and agency and authority practice, even between neighbouring EU member states". Governments should do a better job of disclosing their surveillance activities themselves, it added.

The company said in the case of at least 10 of the 29 countries covered, it was the first time that this kind of information has been placed into the public domain by a mobile operator.

In its country-by-country list it details the number of warrants issued to its local businesses as the most reliable measure of activity currently available. But the company warned it is hard to reach conclusions about the levels of survelliance from those figures, as each warrant can target any number of different subscribers, different communications services, and devices.

The also company pointed out that there trying to shine a light on the murky area of government surveillance can have consequences. "Our decision to make the disclosures set out in this report is therefore not without risk. In some countries, providing what to many observers would seem to be relatively anodyne information about the legal powers and processes used by agencies and authorities could lead to criminal sanctions against Vodafone employees."

The full list of countries and details of intercept requests can be found in Vodafone's Law Enforcement Disclosure Report.

Further reading

Topics: Mobility, EU, Networking, Privacy, Security, Telcos, United Kingdom

About

Steve Ranger is the UK editor-in-chief of ZDNet and TechRepublic, and has been writing about technology, business and culture for more than a decade. Previously he was the editor of silicon.com.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.