Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Some govts maintain ‘permanent access’ to Vodafone customer data

Vodafone, the world's second largest mobile carrier, has revealed that some countries' governments maintain a direct link to its customer communications, leaving police and other government agencies no reason to formally request data.

On Friday, Vodafone released a law enforcement disclosure report acknowledging the practice.

“In a small number of countries, agencies and authorities have direct access to communications data stored within an operator's network,” the report said. “In those countries, Vodafone will not receive any form or demand for communications data access as the relevant agencies and authorities already have permanent access to customer communications via their own direct link.”

The revelation was made in the report's section on “communications-related data,” or metadata, disclosures.  

An example of metadata collected by law enforcement and government agencies would be “information about call duration, location and destination,” the company explained in the report.

In Friday email correspondence with SCMagazine.com, Vodafone provided a statement that said governments should begin to step forward and provide information on metadata requests, as it would give a clearer picture as to the scope of the practice.

“It is our firm belief that it is better for governments to publish for two key reasons: Firstly, no individual operator can provide a full picture of the extent of law enforcement assistance demands across the country as a whole,” the statement said. “Secondly, different operators will have widely differing approaches to recording and reporting the same statistical information.”

Via email correspondence, the company also provided a statement responding to the direct access maintained by the unnamed governments.

“In a small number of countries the law dictates that specific agencies and authorities must have direct access to an operator's network, bypassing any form of operational control over lawful interception on the part of the operator. Vodafone has not disclosed the names of these countries,” the statement said.

In its report, Vodafone explains that "lawful interception," also referred to as wiretapping, "requires operators to implement capabilities in their networks to ensure they can deliver, in real time, the actual content of the communications," from phone conversations to the text or attachments within an email, the company said.

The findings published on Friday, which cover data demanded between April 1, 2013 and March 31, 2014, make up Vodafone's first global law enforcement disclosure report. The report offers details about the legal process and operating procedures the company maintains when responding to law enforcement and intelligence agencies in its 29 countries of operation.

The London-based telecommunications company has over 430 million mobile customers worldwide.

Of note, Italy led the pack in the number of government agency and law enforcement data requests (among countries with which Vodafone could publish such information). According to the report, Italy made more than 600,000 requests to Vodafone for metadata over the course of the year.

Tanzania officials made over 98,000 metadata requests, while Hungary followed with 75,938 demands, the report revealed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.