Privacy group demands spy details from telecom firms Published duration 5 November 2013

image caption At what point did intelligence agencies intercept data?

Privacy International has asked the Organisation for Economic Co-operation and Development to investigate telecoms companies over the alleged interception of private data on their networks.

It follows allegations from whistle-blower Edward Snowden that fibre-optic networks were accessed as part of mass surveillance programmes.

His latest leaks suggest that data was intercepted on British territory.

The privacy group wants more information about how this was done.

Privacy right

"With each passing day, the public finds out more and more how private companies are colluding with governments to operate mass surveillance programs that intercept our daily phone calls, text messages, emails and personal data," said Eric King, head of research at Privacy International.

"Far from being coerced, it appears some of the companies have gone well beyond their legal responsibility by colluding with GCHQ on its Tempora [data collection] programme.

"We call on these companies to do the right thing and halt their involvement with mass surveillance," he added.

Privacy International wants companies such as Level 3, BT, Verizon, Vodafone Cable, Viatel and Interoute to explain all the steps they took to oppose or challenge requests from GCHQ, the UK's intelligence gathering headquarters, in Cheltenham.

It also wants them to cease any voluntary compliance with GCHQ and introduce policies to ensure that further requests do not interfere with what it calls "the fundamental right to privacy".

In response BT said that it would study the details of "any complaint we receive".

"We are clear that matters of national security are for governments, not telecommunications providers. As a company, we comply with the law," it told the BBC.

Level 3 said: "All of the countries where we deliver services have law enforcement and security concerns, and we are periodically compelled by in-country government authorities to assist in their investigations.

Our policy is the same everywhere. We comply with applicable local law, including all the applicable laws in the UK, while taking all reasonable steps to protect our customers' privacy."

Meanwhile Interoute declined to comment.

"The particular concern of Privacy International is that phone companies and [internet service providers] went beyond what the law required, either because they wanted a quiet life or because they thought that it was a good thing to do," said digital forensic expert Prof Peter Sommer.

Unwinding what legislation had been used and whether warrants had been issued for each intercept could be tricky though, he added.

"One of the puzzling things is how does it happen politically? Do the spooks go to their political masters and say, 'We are going dark. We can't follow the people we want to follow,' and ask for special warrants?"

"And if these are granted why aren't the politicians asking whether it is a good idea or not?"

Muscular programme

Last week the Washington Post alleged that the US National Security Agency had worked with British counterpart GCHQ to access the private data networks of Yahoo and Google.

The paper said it did not know exactly how the interception had worked only that it "happens on British territory".

Slides supplied by Edward Snowden appeared to show that the NSA had tools that could pull apart data packages sent across Yahoo and Google's internal networks.

The project, referred to as Muscular, was operated by GCHQ and offered "large international access located in the United Kingdom", according to the slide.

Companies such as Google have multiple data centres worldwide to share the load of the vast amount of traffic generated daily, making it easier and quicker for consumers to access the data they want.

"The allegations are that the spooks are able to get inside these networks, decode the information and reap the benefits," said Prof Sommer.