By Sam Schechner and Simon Zekaria
LONDON-- Vodafone Group PLC said government agencies in multiple
countries have direct access to the global carrier's
infrastructure, allowing them to listen to conversations on its
networks, sometimes requiring little or nothing in the way of
formal requests.
The disclosure came in a report published Friday that provides
one of the most comprehensive surveys so far of broad government
access to voice calls and other data moving across global
telecommunications networks. The report offers new details on
hundreds of thousands of requests for wiretaps and user data across
Vodafone's global footprint, and lays out in general terms the
procedures governments use to request information, often with
little disclosure.
Vodafone's overview--covering 29 countries--is the latest in a
wave of disclosures that paint a more complete picture of how phone
companies cooperate with intelligence services around the world.
Several companies, including AT&T Inc. and Verizon
Communications Inc. in the U.S., have in recent months joined U.S.
tech companies in disclosing information about intelligence
requests, in an effort to limit the fallout of leaks by former U.S.
National Security Agency contractor Edward Snowden.
Vodafone, the world's second-largest mobile carrier after China
Mobile Inc., didn't disclose information about surveillance in the
U.S., despite owning until recently a minority stake in Verizon
Wireless. But because of the number of countries where Vodafone
does operate, the company's report provides what some privacy
activists said was the broadest survey to date of practices used by
other governments around the world--from a firm with firsthand
experience in complying with their orders.
"It would appear to be the most comprehensive report issued thus
far by a telecom," said Jonas Kron, senior vice president at
Boston-based Trillium Asset Management, which focuses on socially
responsible investing. "Vodafone's discussion of direct government
connections to its network raises serious concerns about government
practices, and what telecoms can do to protect human rights."
London-based Vodafone said that in six countries where it
operates, governments have direct wires connected to its network,
allowing live conversations to be listened to and recorded by
government entities. It said some governments also have the ability
to track the location of a mobile customer. In some cases, the
governments don't have to make an interception request for the
data, and access it directly from Vodafone's infrastructure, it
said.
In those six countries, the direct tapping is a legal
requirement. Vodafone said it isn't disclosing the names of those
countries for fear of local sanctions and retaliation by
governments against its staff.
The report could serve as a counterpoint to European governments
that have accused companies of cooperating too willingly with the
U.S. government following leaks by Mr. Snowden. An annex to the
report details individual countries' laws, including one approved
late last year in France, that allows government investigators to
request a wide array of user data from telecom and Internet firms
without a judge's authorization.
"In our view, it is governments--not communications
operators--who hold the primary duty to provide greater
transparency," Vodafone wrote in its report.
Vodafone said the requirements it disclosed Friday apply to all
carriers in the countries named, not just Vodafone. Indeed,
European intelligence services make frequent use of the
telecommunications networks in their territories as well as
overseas, seeking data on the location of targets as well as the
content of communications, one former European intelligence
official said.
"Everything that goes over our network...we can be required to
intercept, tap," a European telecom executive said, adding that
with the right tools intelligence services can "see, for example,
your browsing history, where you're going, what you're
posting."
Tech and telecom firms have been under pressure on both sides of
the Atlantic to give more information about how they interact with
governments and law-enforcement agencies where they operate. U.S.
tech firms, for instance, have for several years published data on
censorship, and earlier this year won an agreement from the U.S.
government to disclose limited information about orders they
receive from the Foreign Intelligence Surveillance Court, a
specialized tribunal for national-security matters whose decisions
typically are secret.
Telecom firms have generally recently been less forthcoming
about their dealings with governments. But the scope of Vodafone's
report could put fresh pressure on other carriers in Europe and the
U.S. to provide more information about how they handle such
requests, activists and officials said.
"Now would be a good time for other telecoms companies to be
transparent about what they are sharing with governments," said one
European Commission official.
A spokesman for BT Group PLC, a fixed-line operator in the U.K.,
said: "We do not comment on matters of national security. We comply
with the law in the countries where we operate." Deutsche Telekom,
which earlier this year released a transparency report for Germany,
said it is exploring issuing a similar report for other countries
where it operates. Orange SA said it "rigorously adheres to the
legal framework with regards to all surveillance requests emanating
from state authorities across its footprint."
Some privacy advocates said that transparency reports can be a
distraction from changing the underlying legal framework that
permits government surveillance. "Transparency is definitely
useful, but it appears to be sold as panacea for all ills," said
Joe McNamee, executive director of lobby group European Digital
Rights. "Transparency doesn't make right what is wrong. It does not
make legal what is illegal."
One problem companies face is the limited amount of data they
are allowed to disclose, which makes comparisons difficult. Italy,
for instance, topped other countries in Vodafone's survey with
606,601 requests for "communications data" in 2013. But the company
notes that a single request can cover multiple users, or a user can
be the subject of multiple requests.
Moreover, Vodafone said it is unlawful to disclose any
information related to wiretapping or interception of the content
of phone calls and messages in Albania, Egypt, Hungary, India,
Malta, Qatar, Romania, South Africa and Turkey. It disclosed no
numbers for those countries.
Vodafone said it published the information now to further the
debate on government surveillance systems, and will update the
report annually. Vodafone said that while its customers have a
"right to privacy" enshrined in international human-rights law, the
company also must abide by the laws of every country in which it
operates--including intelligence requests.
"Refusal to comply with a country's laws is not an option,"
Vodafone said. "If we do not comply with a lawful demand for
assistance, governments can remove our license to operate,
preventing us from providing services to our customers."
Lisa Fleisher and Frances Robinson contributed to this
article.
Write to Sam Schechner at sam.schechner@wsj.com and Simon
Zekaria at simon.zekaria@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires