Vodafone Privacy Disclosures Seen Spurring Rivals to Follow

Jun 09, 2014 1:34 am ET

(Updates with Google’s response in 20th paragraph.)

June 9 (Bloomberg) -- Vodafone Group Plc’s sweeping disclosure of wiretapping on its network worldwide means technology and phone companies could follow by revealing how much access governments are seeking to phone calls, data and e- mails.

Deutsche Telekom AG, with 145 million wireless customers in Europe and the U.S., said it may increase disclosure after Vodafone last week released its law-enforcement transparency report, the most comprehensive by a global telecommunications carrier. Vodafone said 29 governments from Albania to the U.K. asked for access to its network or user data, with requests ranging from intercepting calls and messages to accessing data such as conversation and Web-browsing records.

The report underscores how the debate over personal data privacy has shifted one year after documents leaked by former U.S. National Security Agency contractor Edward Snowden shed new light on the extent of government spying. While companies like Google Inc., Facebook Inc. and phone-service providers were long seen as being the primary culprits, Snowden’s revelations gave companies the ammunition for laying blame with governments.

“They want to put the onus back on the government and say: ‘It’s not us,’” said Chetan Sharma, an independent wireless analyst in Issaquah, Washington. “It does put pressure on other companies to be transparent, so their customers know what’s going on.”

Vodafone said the document, which covers the year through March 31 and took months to compile, sought to address reports alleging the Newbury, England-based carrier’s role in government surveillance programs.

Deutsche Telekom

Deutsche Telekom last month published its own data on police and court requests for user information in its German home market. Alexia Sailer, a spokeswoman for Bonn-based Deutsche Telekom, said the carrier is reviewing disclosure for markets outside of Germany.

Representatives for BT Group Plc, operator of Britain’s largest landline network, Orange SA of France, Spain’s Telefonica SA and Telecom Italia SpA declined to say whether they plan to step up disclosure. All of the carriers said that they adhere to local laws regarding handing over customer data.

Vodafone’s report sparked outrage from privacy groups -- particularly after revelations that six countries have direct access to its network, allowing officials to snoop on users without the carrier’s permission or help. Matt Morgan, a Vodafone spokesman, declined to identify the nations, citing potential retaliation by governments that may put employees in those countries in danger.

Direct Access

In an 88-page appendix to its report compiled by law firm Hogan Lovells, Vodafone detailed the rules countries can use to gain direct network access without carriers’ oversight. It said some countries use perceived national security risks to justify those laws to override other protections.

Albania, Egypt, Hungary, Ireland and Qatar all have provisions allowing authorities to gain access without Vodafone’s control. Turkish authorities can “entirely” suspend the right to privacy in communication in emergency situations, according to the document.

“One year after the Snowden revelations, this shows again the scale of collection by governments,” European Union Justice Commissioner Viviane Reding told reporters on June 6.

While governments such as Australia, Germany and the U.K. already publish some requests for data access, creating a common standard for government disclosures in Europe is necessary, said Stefano Mele, a lawyer who specializes in technology and privacy at Carnelutti Law Firm in Milan.

Common Rules?

“While it may be understandable that a government engages in espionage activities against foreign entities, it is very disturbing behavior for those states to conduct massive collection of information on their citizens,” said Mele. “This is why work on a European level on common rules regulating this kind of activity and behavior is now an indispensable step.”

The U.K. forbids Vodafone from disclosing lawful interception attempts. A government agency publishes its own annual survey. Last year, 2,760 communications interception warrants were authorized, according to the report.

Google’s most recent transparency report showed 27,477 requests for use data from governments and courts around the world in the second half of 2013. The U.S. accounted for 38 percent, or 10,574 requests.

AT&T, Verizon

AT&T, the largest U.S. phone company, received 301,816 demands for information from U.S. federal, state and local courts, including subpoenas, court orders and search warrants, in all of 2013. It had 22 requests from outside the U.S.

Verizon Communications reported 321,545 subpoenas, orders and warrants from law enforcement last year, in addition to more than 1,000 national security letters. Verizon said that outside the U.S., the country with the most inquiries was Germany. It made almost 3,000 requests last year, followed by France’s 1,347 and Belgium’s 473.

By contrast, in the 12 months ended March 31, Vodafone’s Italian unit alone received 605,601 requests for communications data such as the locations where phones were used, length of calls and other so-called meta-data related to use of its network.

“In our view, it is governments –- not communications operators –- who hold the primary duty to provide greater transparency on the number of agency and authority demands issued to operators,” Vodafone said.

Bypassing Vodafone

Ed McFadden, a Verizon spokesman, said the carrier plans to update its transparency report for the first half of 2014 “in the July timeframe.” AT&T spokesman Mark Siegel said the company releases its reports semi-annually. Leslie Miller, a spokeswoman for Google, declined to comment.

To support its argument, Vodafone said the data is hard to come by and reporting on official snooping in some countries risks reprisals. Many governments restrict what carriers are allowed to disclose and some require carriers to grant them a direct line into their networks -- bypassing the companies that own them when they want to snoop on users.

The only employees that can handle the requests for governments and police usually have to have a high level of security clearance to do so, Vodafone said. Even they may not be fully aware of the details of the demand, making it difficult for Vodafone to independently verify the numbers.

“As the largest mobile operator that’s headquartered in a democratic country, it matters that the largest starts,” said Roger Entner, an analyst at Recon Analytics LLC. “Their hope is that the others are agreeing with them, and it makes it easier for them to stand up as well.”

--With assistance from Cornelius Rahn in Berlin, Daniele Lepido in Milan, Scott Moritz in New York and Brian Womack in San Francisco.