Vodafone has revealed the existence of a secret network of direct-access wires and pipes that allow governments to record and track mobile phone users in several countries, and joined Microsoft and Cisco in calling for a global debate on covert electronic snooping.
The revelations were made in Vodafone’s Law Enforcement Disclosure Report, the first in what is intended to be an annually updated series of updates on global network security.
The publicly available report has revealed for the first time the legal frameworks, governance principles and operating procedures associated with responding to demand for information from law enforcement and intelligence agencies across the 29 countries where Vodafone operates.
The direct access phone-tapping network is a legal requirement in some of these countries, although Vodafone has not disclosed which countries to safeguard its local operations and workforce.
It did, however, reveal that in Albania, Egypt, Hungary, India, Malta, Qatar, Romania, South Africa and Turkey it is illegal for the company to reveal information on traffic interception and recording.
In Italy, Vodafone revealed it received more than 600,000 warrants in the most recent year for which data was available, while in Malta, with a population of under 500,000, it received nearly 4,000. The British government made more than 500,000 requests for data across all mobile operators but did not break out figures relating specifically to Vodafone. Ireland refused permission to publish figures.
Direct access illegal in UK
In the UK, Section 19 of the Regulation of Investigatory Powers Act 2000 prohibits disclosure of the existence of a lawful interception warrant and the existence of any requirement to provide assistance in relation to such a warrant.
This duty extends to all matters relating to warranted lawful interception, and data related to lawful warrants cannot be published since to do so would reveal their existence, Vodafone explained.
However, Vodafone’s Stephen Deadman confirmed that this meant the existence of direct access pipes is illegal in the UK.
Deadman told the Guardian that Vodafone was calling for an end to direct access as a means for governments to get their hands on civilian communications and amendments to national legislation that enabled agencies and authorities to access its networks without the operator’s knowledge. He called for a global debate on balancing the legitimate needs of law enforcement and intelligence agencies and the general population.
“Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper in an important constraint on how the powers are used,” he said.
Vodafone said that despite the revelations, the company would not itself take steps to end government oversight of its networks, saying that refusal to comply with local laws was “not an option”.
Shami Chakrabarti, director at human rights campaign organisation Liberty, described Vodafone’s revelations as “unprecedented and terrifying.”
Tech industry demands action
With the publication of its report, Vodafone has joined a growing number of IT and telecoms firms calling for an end to, or at least a candid discussion on, covert electronic snooping.
Microsoft general counsel Brad Smith yesterday called for the US to end bulk interception of data, saying the government was in breach of the Fourth Amendment, which forbids unreasonable searches.
Smith said that growing concern over data privacy was beginning to impact its cloud business, particularly in Europe.
Smith was writing as Edward Snowden collaborated with a number of technology organisations, including Google and Mozilla, to launch the Reset The Net campaign, marking a year since the NSA whistleblower first disclosed the extent of government surveillance.
In May, Cisco’s John Chambers revealed that the NSA routinely intercepted its hardware while in transit through the IT channel and told Washington its actions were in danger of undermining confidence in the industry.
Read more on Mobile networks
Investigatory Powers Tribunal finds NCA EncroChat hacking warrants were lawful
Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears
NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’
Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation