BT, Vodafone and others face legal action over undersea cable spying

Privacy International has sent letters to the companies asking for further details about their involvement

Seven telecoms companies, including BT and Vodafone, are facing legal action under the Human Rights Act, for allowing GCHQ to tap their undersea fibre optic cables for citizens' private data.

Privacy International has sent letters to the companies asking for further details about their involvement, and has warned them they face being added to action it is already bringing against GCHQ over its involvement in the Prism spying scandal.

The Prism data hoovering operation is controlled by the US National Security Agency, and GCHQ is said to have accessed the data gleaned from it for security reports. Prism came to light from documents leaked by former US security contractor Edward Snowden - now granted political asylum in Russia.

Last week Germany's Suddeutsche Zeitung newspaper published the identities of the companies providing GCHQ with access to their undersea fibre optic cables, as part of GCHQ's "Tempora" spying programme. They were named as BT, Verizon Business, Vodafone Cable, Level 3, Global Crossing (now owned by Level 3), Viatel and Interoute.

Until last week the companies involved had not been named and had been given codenames by GCHQ, although any telecoms and/or security watcher would have assumed the likes of BT and other prominent undersea cable firms would have allowed access to the security services when asked to do so.

A condition in their licenses is said to allow the government to get access to their cables and other equipment under certain conditions.

In a "pre-action letter" issued to the companies, Privacy International demands the companies provide details on their relationship with GCHQ. This includes outlining company policies for assessing the lawfulness of government requests, and describing any requests they received from authorities to intercept information, any steps taken to oppose or resist such orders, and the amount they have been paid for their cooperation with governments.

Eric King, head of research at Privacy International, said: "Tempora would not have been possible without the complicity of these undersea cable providers. Despite the companies' obligation to respect human rights standards, particularly when governments seek to violate them, spy agencies are being allowed to conduct mass surveillance on their systems.

"Human rights obligations are especially important when the government requests are made without public scrutiny, and are governed by secret law. These companies are the last line of defence for customers against the government's intrusion into our private lives."

He said: "What the public deserve to know is this: To what extent are companies cooperating with disproportionate intelligence gathering, and are they doing anything to protect our right to privacy?"

Privacy International argues that telecoms companies have a human rights obligation, under Article 8 of the European Convention on Human Rights, to take reasonable steps to protect customers' privacy, including from intrusion by governments.

"By complying with government requests, companies are unlawfully participating in mass and indiscriminate surveillance and are in breach of Article 8," said Privacy International.

In July, Privacy International brought a claim in the Investigatory Powers Tribunal (IPT), challenging Tempora and GCHQ's access to the Prism programme.

"Unless the companies provide a satisfactory response, Privacy International will be adding them as respondents to its IPT claim," it said.

For their part, when their identities were made public in relation to Tempora, a number of the telecoms companies last week said they complied with all UK and international laws when it came to data protection.

Join the CSO newsletter!

Error: Please check your email address.

Tags TempoPrivacy InternationalBTNetworkingsecuritypublic sectorGCHQ

More about BT AustralasiaEuropean Convention on Human RightsGCHQGlobal CrossingNational Security AgencyPrismPrivacy InternationalVerizonVerizonVerizon BusinessViatelVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antony Savvas

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts