How your phone can spy on you

Telecoms around the world are failing in their crucial obligations to protect privacy, writes Solomon.

phone
With a presence in more than 70 nations, Vodafone is deferring "to local authorities" in many countries well-known to be systemic abusers of human rights [GALLO/GETTY]

New York – A glimpse at the future of mobile security came to light recently in London, at the Vodafone Annual General Meeting (AGM) – though most people do not yet understood the significance of what transpired. This meeting may have lacked the overt drama of the Olympics, but it revealed nonetheless the attitude towards users’ personal privacy and security held by the head of the world’s largest telecom company – one that has access to more than 370 million users around the world. 

Only a year ago, my organisation, Access, called Vodafone to answer publicly for its complicity with dictators – in shutting down communications networks at the behest of Egyptian government officials at the height of the Egyptian revolution. On July 24 of this year, we engaged in shareholder activism, asking Vodafone to publish an account of how many government requests for user data they receive (including call records, IP addresses visited, location tracking, and more); to put on the record what their policy for responding to these requests is; and to answer, in public, the question of how many of these government requests Vodafone ultimately complies with. 

Once again, the chairman of the globe’s top telecommunications company failed to show basic leadership on human rights. New Chairman Gerard Kleisterlee deferred to local authorities in disregard of the company’s obligations to international law – and even in disregard of its own internal policies.

Chairman Kleisterlee responded that the company has recently published their policy on what he called “government assistance”. However, Kleisterlee could not – or chose not to – detail what exactly that policy means. Rather, Kleisterlee avoided being accountable on his end and passed the buck, pointing us to “local parliaments, local regulation, local politicians”. Some of these, of course, are entities that routinely spy on their citizens, and abuse them based on surveilled “evidence” such as – phone records.

Kleisterlee emphasised that, “at the end of the day, it’s the authorities that determine the legal obligations”. Let us not lose sight of what this sidestepping of responsibility means: with a presence in more than 70 nations, including the Democratic Republic of Congo, Turkmenistan, Bahrain and Sri Lanka, Vodafone is deferring “to local authorities” in many countries well-known to be systemic abusers of human rights.

On paper, Vodafone takes a better position: Vodafone’s new privacy policy, for instance, commits it to respecting human rights. But obviously, without any strong leadership from the company’s top management, Vodafone will have a great deal of trouble implementing these words.

Not sole offender

Vodafone, to be fair, is not the sole offender, or even the worst: telecoms around the world are failing in their crucial obligations to protect privacy. Recent revelations confirmed that Swedish telecom TeliaSonera actually enabled authoritarian regimes in Belarus, Azerbaijan and Uzbekistan to access its systems directly in order to spy on those nations’ citizens. Their actions implicate the company in the human rights abuses that followed. And our organisation is finding that it’s not just the “baddies”, tyrannical regimes, who are cozying up to telecoms to spy on citizens: democratic nations are facing these issues as well.

For example, US Congressman Markey recently unearthed 1.3 million government requests for cellular user data in the US in 2011 alone. Most of these US requests came without any judicial oversight, a basic element of due process. That same year, the UK government made 494,078 requests for user data. 

“US Congressman Markey recently unearthed 1.3 million government requests for cellular user data in the US in 2011 alone.”

This pervasive snooping on has not gone far enough for the Cameron government: Parliament is currently considering surveillance legislation known as the Draft Communications Data Bill. This so-called “snooper’s charter” takes this trend one nightmarish step further; it requires mobile providers to log ALL customer calls, and forces internet service providers to track EVERY email sent, and EVERY website visited, by UK citizens.

Lawmakers won’t have access to the specific “content” of individual communications – but that caveat hardly matters: it doesn’t take much to discern the reason one might visit a certain website, or contact certain people.

Meanwhile, the UK is profiting from selling spyware to tyrants: the UK-based organisation Privacy International is threatening the UK government with legal action for “turning a blind eye” to the sale of surveillance technology to rights-abusing regimes, despite its having the power to restrict such exports.

More than civil liberties are at risk. Recent activity at the United Nations indicates a stronger link between the human rights to free expression and access to information, on one hand, and provision of open and secure internet access on the other. In June 2011, Special Rapporteur on Freedom of Expression, Frank la Rue, wrote that, because of its importance to freedom of expression – the “enabler” of other human rights – “access to the internet for all individuals, with as little restriction to online content as possible, should be a priority for all States”. 

The Human Rights Council referred to la Rue’s report in its June resolution, adopted unanimously, calling on all states to promote internet access and protect rights online in the same way they do offline.

To read this article in full, please visit DailyCloudt.com.

Brett Solomon is Executive Director of Access, an international NGO that promotes open and secure access to the internet as a means to the realisation of human rights and the free, full and safe participation in society.

A version of this article first appeared on DailyCloudt.com.