Millions of Users’ Information handed over to GCHQ

Posted by Karen on Nov 25, 2014 12:00:00 AM

Less than two weeks ago Fluidata wrote an article discussing how much privacy Internet users should have while at the same time ensuring that the UK remains safe from terrorist attacks and other threats organised online. During this article we noted that there is a fine line between security and privacy, however it looks as though this line may have already been crossed by the Government Communications Headquarters (GCHQ). A recent report has revealed that the telecommunications firm Cable and Wireless which was bought by Vodafone back in July 2012 has handed over millions of users’ information to GCHQ. The company was first rumbled by the controversial work carried out by Edward Snowden, however a recent Channel 4 News investigation has shown the extent of the information that has been handed over to numerous UK agencies. According to documents handed over by Edward Snowden, Cable and Wireless was part of a programme called ‘Mastering the Internet’ which collected huge amounts of data from users across Europe. Companies such as Cable and Wireless were given codenames such as ‘Gerontic’ in order to try and hide their identities, however documents have now revealed their true names and the parts they played in the ‘Mastering the Internet’ programme. Discussing the accusations against the company, a Vodafone spokesperson said: "Vodafone does not go beyond our legal obligations to collaborate with any security or intelligence agency in any country by opening up our networks to any form of mass observation. Direct access would be illegal under UK law. If we are presented with a formal warrant from any agency or authority which is appropriately authorised, Vodafone -- in common with all other operators -- is required in law to provide access to the specific data requested." Meanwhile, A GCHQ spokesman said: "It is longstanding policy that we do not comment on intelligence matters; Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight." However, this is not the first time that Vodafone has come under fire for breaching users’ privacy, as back when Snowden first released the controversial documents it was claimed that the company had hacked into German Chancellor Angela Merkel's phone. Vodafone is a key player in the German telecommunications market, which is why these claims led to many calling for their contract with the German government to be cancelled. German Green Party MP Florian Konstantin von Notz said: "The consequences would be to immediately suspend the contract, or cancel it. I believe cancellation is possible and legal. A company such as Vodafone, which has responsibility for so many customers, has to take a clear stand against these data grabs." True to form Vodafone denied these accusations, with a spokesperson saying: “The law in Germany governing all these areas of privacy and data protection are essentially the same as the laws in the UK. “What we have in the UK is a system based on warrants, where we receive a lawful instruction from an agency or authority to allow them to have access to communications data on our network. We have to comply with that warrant and we do and there are processes for us to do that which we're not allowed to talk about because the law constrains us from revealing these things. We don't go beyond what the law requires.” This is one of the biggest issues when it comes to privacy and international telecommunications corporations: there is no way to tell where one’s juris diction ends and another’s begins. This ultimately means that multi-national Internet Service Providers (ISPs) are able to provide information about certain countries to others and vice versa, leaving no-one safe. In our previous article concerning Internet privacy, Simon Stokes, Strategic Account Director at Fluidata, said: “At Fluidata we architect and deliver extremely secure networks and private UK cloud infrastructure but we are of course still subject to the law. Like every service provider Fluidata have an acceptable usage policy and as you would expect this allows us to remove users who break the law.” However, it seems as though some ISPs do not have the same beliefs when it comes to protecting their users’ information.

Topics: News