

Vodafone reveals direct government wiretaps - darrhiggs
http://www.bbc.co.uk/news/business-27732743
Law Enforcement Disclosure Report: http:&#x2F;&#x2F;www.vodafone.com&#x2F;content&#x2F;sustainabilityreport&#x2F;2014&#x2F;index&#x2F;operating_responsibly&#x2F;privacy_and_security&#x2F;law_enforcement.html
======
cstross
This has been going on since 2003: it's not new.

[http://www.theregister.co.uk/2007/07/11/greek_mobile_wiretap...](http://www.theregister.co.uk/2007/07/11/greek_mobile_wiretap_latest/)

TL:DR; Vodafone Greece is known to have been bugged, to spy on the lines of
top government officials _including the Prime Minister_ by persons unknown.
Kostas Tsalikidis, Vodafone Greece’s head of network design, was found hanged
in a supposed suicide in 2005. As far as I know, nobody was identified, much
less charged/tried/convicted in this scandal.

Here's an in-depth report in IEEE Spectrum:

[http://spectrum.ieee.org/telecom/security/the-athens-
affair](http://spectrum.ieee.org/telecom/security/the-athens-affair)

The take-away I got from this is that the "hackers" _must_ have had highly
specific knowledge of how Ericsson AXE exchanges allow lawful intercepts, plus
knowledge of how Vodafone Greece's backbone was configured, and the
credentials to install diversions in that system. Which screams "Five Eyes".

And if it is known to have been happening in Greece prior to 2004, it was
probably going on in other national Vodafone subsidiaries at the same time or
even earlier.

~~~
coldtea
> _TL:DR; Vodafone Greece is known to have been bugged, to spy on the lines of
> top government officials including the Prime Minister by persons unknown.
> Kostas Tsalikidis, Vodafone Greece’s head of network design, was found
> hanged in a supposed suicide in 2005. As far as I know, nobody was
> identified, much less charged /tried/convicted in this scandal._

This is slightly different though. The case you mention is about the discovery
of the Greek government being bugged (obviously by another country, there were
specific allegations -- and connections -- against an Embassy operating
there).

Vodafone's recent revelation is about the governments themselves asking
Vodafone for a direct line to its data, in their own country.

~~~
cstross
Yes, but you'll note the scandal was about the government mandated wiretap
facility being used to wiretap the government itself. They tacitly admitted to
having (and presumably using) the capability in the first place.

------
shutupalready
This surveillance apparatus is built and operated by programmers and
engineers. It goes against the beliefs of 90% of programmers and engineers
that I know. Software people tend to place very high value on privacy and due
process, and they tend to be anti-authoritarian.

I can't understand why they haven't been leaking these massive violations to
the press and public.

They don't need to do "a Snowden". They don't have to even quit their job. If
anyone in the world can engineer an anonymous leak, surely a software engineer
building or operating the secret surveillance apparatus can do it.

EDIT: The public is indifferent when it's abstract or they think it doesn't
include them. I think most people would be horrified if a million snippets of
mundane conversation were leaked from a complicit telecom, and people heard
their _own voice_ in there.

~~~
rayiner
> We all know that this goes against the beliefs of 90% of programmers and
> engineers.

I don't know if your number is accurate for software developers in Silicon
Valley, much less the engineering community as a whole. The anti-
authoritarian/utopian strain of software developers is a distinct minority. In
my experience, engineers as a group are pragmatic and lean a little bit
conservative. They're pyramid builders--they build the infrastructure that
sustains the status quo.

~~~
lawnchair_larry
90% might be a little much, but safe to say, he's definitely correct about the
majority.

I'm curious why you feel the need to respond to every thread (falsely)
repeating that most Americans don't mind being the target of surveillance.
What motivates this?

~~~
nitrogen
I've asked this question before about a different subject. I think rayiner
just enjoys telling HN readers how wrong and insignificant and impotent they
are. It's a recurring theme in political threads.

In technical threads, rayiner often makes useful and informative comments, so
he's not like this all the time.

~~~
rayiner
[http://xkcd.com/386](http://xkcd.com/386).

Seriously, though, nobody likes it when someone claims to speak for them but
is really espousing his or her own views. People on HN have a real problem
taking up the mantle of speaking for the public at large, when in reality
they're often espousing quite minority views.

~~~
nitrogen
I'm not defending the pretentiousness of claiming to speak for a group that
doesn't wish to be spoken for, but a view being a minority view doesn't mean
it's an incorrect view. Maybe some minorities know something the majority
doesn't, or maybe the experience of being in a minority alone provides an
insight that the majority lacks (the inverse of which is sometimes referred to
using the IMO insufficiently specific word "privilege").

------
furyg3
_The firm said it could not specify the countries that have a direct line into
its networks, because those countries have laws prohibiting disclosure of
surveillance methods._

 _In six out of the 29 countries, governments have a permanent link to monitor
communications, the BBC understands._

So can they list the 23 countries who do not have a direct link to monitor
communications?

~~~
joshfraser
They did:

[http://www.vodafone.com/content/sustainabilityreport/2014/in...](http://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement/country_by_country.html)

~~~
glitchdout
And then search for "direct access".

Five of the six countries with direct access appear to be Qatar, Greece,
Hungary, Ireland and, not surprisingly, the UK.

------
k-mcgrady
>> "The firm said it could not specify the countries that have a direct line
into its networks, because those countries have laws prohibiting disclosure of
surveillance methods."

I find this such a bullshit excuse. What will the consequences be
realistically if you disclose? Disclosure is the only way these laws are going
to get repealed. I'm glad the UK isn't one of the 6 countries but as a
Vodafone user this makes me sick.

1) Can other countries listen into my calls or as a Vodafone UK customer am I
safe?

2) If I travel to one of these countries and use my Vodafone service is the
country now able to monitor all my communications?

~~~
cottonseed
From the Vodafone report [0], UK section:

> Section 19 of the Regulation of Investigatory Powers Act 2000 prohibits
> disclosing the existence of any lawful interception warrant and the
> existence of any requirement to provide assistance in relation to a warrant.
> This duty of secrecy extends to all matters relating to warranted lawful
> interception. Data relating to lawful interception warrants cannot be
> published. Accordingly, to publish aggregate statistics would be to disclose
> the existence of one or more lawful interception warrants.

This makes it pretty clear the UK prohibits disclosure. Sorry.

[0]
[http://www.vodafone.com/content/sustainabilityreport/2014/in...](http://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement/country_by_country.html)

edit: I think you can safely assume your phone calls are being monitored no
matter what country you are in or who your phone company is.

------
sp332
_the UK, law enforcement and intelligence agencies must have a warrant_

That's surprising. The GCHQ was the agency that tapped Google's datacenter
fiber. They actually had more-direct access to Google data than the NSA.

 _The firm said it could not specify the countries that have a direct line
into its networks, because those countries have laws prohibiting disclosure of
surveillance methods._

Couldn't someone compile a list of countries with such laws?

~~~
pjc50
It's quite possible that the UK _does_ have warrantless wiretapping and
D-notices prevent it from being reported.

~~~
vidarh
D-notices are not legally binding. They _advice_ about what government would
prefer not to have published, some of which _may_ result in legal proceedings.
It may scare people off reporting it, though.

~~~
JonnieCache
Obedience with regards to D notices is a requirement for continued access to
government leaks and gossip, which journalists rely on.

------
Oras
When its done in 3rd world countries, western countries stating this is
against privacy and violating human rights. But when western countries do it,
its to protect national security! Btw I'm not against it, I'm against the way
of dealing with it.

~~~
spacefight
Care to explain why you're not against it? I haven't found a single reason,
which justifies to tap on a full comms link of a whole network. Not a single
one.

~~~
Oras
If you lived in a country struggling from terrorism and corruption you'll
understand my reasons. I don't mind losing my privacy for sake of safety of
people.

~~~
bodski
"Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety." \- Benjamin Franklin

~~~
russgray
I always disagreed with that quote, and hate it when people roll it out like
it's some sort of irreproachable truth.

~~~
mpyne
Doesn't help that it's completely out of context as well, IIRC.

But even in this quote the weasel word " _essential_ " is included in the term
"essential Liberty". So what is absolutely essential? Could there be
legitimate disagreements on that?

------
rasz_pl
UK is one of those countries with direct access and Vodafone doesnt like it.

Recent project TEMPORA ( CIRCUIT / TIMPANI / CLARINET / REMEDY / GERONTIC )
leak gave them some courage to speak up?

~~~
matthewmacleod
Do they? Or are you, in fact, making that up?

There are enough real things to be terrified about.

------
danielweber
"Direct" in the headline is meaning that the government apparently has
arbitrary access without requiring warrants.

 _EDIT_ Fixed confusing phrasing backed on follow-up comments.

~~~
madeofpalk
I don't feel they're hiding that - they made it very clear and obvious thats
what's going on.

Vodafone said they "will not receive any form of demand for lawful
interception access, as the relevant agencies and authorities already have
permanent access to customer communications via their own direct link".

------
contingencies
Hah! They miss one of the most glaring thefts of metadata in the world, AMDOCS
'outsourced billing'.

They do at least mention that: _It is possible to learn a great deal about an
individual’s movements, interests and relationships from an analysis of
metadata and other data associated with their use of a communications network,
which we refer to in this report generally as ‘communications data’ – and
without ever accessing the actual content of any communications. In many
countries, agencies and authorities therefore have legal powers to order
operators to disclose large volumes of this kind of communications data._

Well, the game was won long ago by these guys, who are Israeli (widely
considered Mossad affiliated) though they did recently reshuffle their
corporate entities to pretend to be American. Partial client list at
[http://www.amdocs.com/About/Success/Pages/customer-
success.a...](http://www.amdocs.com/About/Success/Pages/customer-success.aspx)
... includes Vodafone in at least these markets: _global_ , Australia, India,
Germany, Netherlands, Romania, UK.

------
rustyconover
I'm shocked, shocked to find that wiretapping is going on in here! -- said no-
one ever without irony after Snowden's leaks.

My default assumption is now everything with tapped, everything is monitored
and recorded and while cryptography can help it is increasingly hard to trust
both the implementation and correct use by both parties. The further this
belief and approach spreads, the sooner we'll see constructive steps towards
restoring privacy, security and trust in communications.

------
Shivetya
The actual reports and country by country information is really good. I wonder
if any retractions will occur? Interesting they can declare disclosure illegal
yet disclose that fact at the same time. I would have expected some countries
to demand no comment whatsoever

So are all countries on this list valuable enough to warrant turning over call
information to authorities?

------
ninv
So moment a baby comes out of the uterus, doctor should read him/her the
Miranda Warning.

Kid! everything is bugged, we are watching and recording everything. any thing
you say or type, will be used against you in some kangaroo court. .... You
have the right to consult an attorney and his cell phone and emails are bugged
too. So nothing is confidential....

Good luck

------
richiverse
Maybe we should have some kind of tor phone that randomizes phone numbers and
scrambles the sound over the wire and reconstitutes the sound through some
well engineered Kickstarter phone.

This would render most govt taps moot.

~~~
Zikes
I imagine it would be pretty difficult to set up an efficient relay system
without some serious multiplexing.

Better to just migrate to VOIP, I'd say. Then you could literally route your
calls through Tor.

~~~
deathhand
> literally route your calls through Tor

My god the latency.

------
andywood
We know not to be surprised by all this by this point, right? I mean,
regardless of whether you think this is analogous to, say, a speed trap - but
in cyber space - regardless, we aren't surprised? Yes?

------
digitalengineer
I feel so save. They must have captured all the terrorists by now.

~~~
nix1
Nice irony. Your comment shouldn't be downvoted.

~~~
mpyne
Can you point to any safety-related mechanisms that have ever entirely
eradicated the unsafe behavior they were meant to protect against?

For those mechanisms that are not 100% effective, does that mean they should
all be removed completely, since they are not 100% effective?

------
opendais
[http://www.vodafone.com/content/sustainabilityreport/2014/in...](http://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement/country_by_country.html#country27)

Well, I'd say the fact the US isn't there means they are one of the 6 with
direct links who don't need a warrant or to bother with any of the other legal
niceties.

Meh.

EDIT: I was wrong, they sold in 9/13\. Ah well, my memory isn't perfect.

~~~
tptacek
Vodafone doesn't operate in the US.

~~~
jamescun
Did Vodafone not have a majority stake in Verizon up until very recently?

~~~
opendais
It was 45%, so a minority. I forgot they had sold it in September. :/

[http://www.bbc.com/news/business-23933955](http://www.bbc.com/news/business-23933955)

