The release last week of a corporate disclosure report from Vodafone, which gave a 29-country breakdown of the requests it has received for both retained call data and for intercepts of live calls (phone taps), came as a surprise, both in content and intent.
While many suspected surveillance agencies might have larger scale spying operations than suspected, revelations of special rooms in some countries for agents to sit and listen live to conversations stunned even hardened privacy advocates.
But it is the depth and breadth of all activities that shocks. Ireland alone made more than 4,000 access requests in a year. The Department of Justice has released figures suggesting about 10,000 requests are made to all operators for retained data, excluding warrants for live wire taps.
So, 4,132 requests to a single operator gives an indication of the number of warrants plus data requests and suggests a very high number of live taps alongside the retained data requests.
In publishing the report Vodafone will have annoyed many governments and surveillance and investigative agencies – including our own – which would generally prefer that such things be kept quiet.
Nobody was specifically asking Vodafone for this report, so why do it? There's a one-word answer: Snowden.
In the year after his first (and ongoing) explosive revelations about state-conducted mass surveillance, including evidence that many ICT multinationals secretly supplied access to their users’ data, the world’s view of such activities, and of corporate responsibility, has changed.
A shrinking number defend the activities of the US National Security Agency (NSA) and Britain’s GCHQ as a necessary unpleasantness to ensure safety against terrorists. Notably, this included many US Senate and Congress members who shifted position as more and more damning information came out into the open.
On the corporate side, after at first being cautious, companies gradually released more and more data on the number and type of requests they received. Question marks remain over who is telling the true story here, though, as what the companies say has not always aligned with documents released by Snowden. They cannot both be correct.
More transparent
But companies now understand the public expects them to protect their information and be more transparent about who gets access to it and why.
Hence the Vodafone report, but it goes far beyond just supplying numbers. First off, it makes for insightful reading on the tensions, conundrums and compliance issues global companies face when they are the regular target of surveillance requests from government agencies.
The report is also a sharp criticism of how things are currently (not) done. Okay, says Vodafone, we haven’t done this kind of thing before, and we want to do it now in as much detail as we are allowed under various country laws. And we need to have global consistency, across operators, on how such information is reported. But, the company says, the onus should really be on governments to be transparent and supply such information, as they are the ones asking for the intercepts and data.
A second surprise element is the huge, 88-page appendix in which Vodafone sets out all the relevant laws and the responses it got from national governments when it asked to be as detailed as it could on data and intercept requests.
Without such an appendix, we would not have known that Ireland was among a small handful of (not very attractive) countries in apparently having laws that allow security agencies to gain access to communications without Vodafone’s control. Joining us in that select group are Albania, Egypt, Hungary, and Qatar.
The Irish Government, almost alone among western democracies, also refused permission to the company to give greater details on the types of requests it had received for data and intercepts. The UK also refused, but it published that type of detail in an annual report from the government. We have no such transparency here about data requests.
Vodafone’s initiative in creating this 40,000-word report is important and groundbreaking, regardless of how critical one might be of its past conduct. Thanks to this report we might at last start to get a better picture of how our information is handled and used. And governments may be held more accountable, and be forced themselves to become more transparent.