Privacy group files OECD complaints over UK telco spying

While the OECD isn't a court and cannot impose sanctions, Privacy International hopes to get answers

Privacy International has filed complaints against U.K. telecommunications companies for assisting British intelligence agency Government Communications Headquarters (GCHQ) with mass interception of telephone and Internet traffic that passes through undersea fiber optic cables.

The formal complaints were filed with the U.K. office of the Organisation for Economic Cooperation and Development (OECD), which publishes guidelines for responsible business conduct followed by 44 governments including the U.K.

"Privacy International believes that there are grounds to investigate whether up to a dozen OECD guidelines, pertaining to companies' responsibilities to respect human rights, including the right to privacy and freedom of expression, were violated," the group said Tuesday. It said it believes that the telecom companies have violated human rights by enabling the mass and indiscriminate collection of data and interception of communications.

Privacy International, a U.K. charity founded to fight for privacy rights, filed the complaints after media reports alleged that BT, Verizon Enterprise, Vodafone Cable, Viatel, Level 3, and Interoute granted GCHQ access to their fiber optic network via a spying program called Tempora, the organization said.

The group hopes that the OECD British National Contact Point (NCP) will investigate how the companies participated with the surveillance programs as well as help to ensure stronger steps will be taken to assure that companies adhere to the guidelines.

While the OECD is not a court and can't impose any sort of legal judgment, Privacy International hopes the OECD will accept the complaint and obtain responses to questions that would otherwise remain unanswered, said Mike Rispoli, Privacy International's communications manager. "It is an avenue that could allow for a real investigation into the companies' business practices," Rispoli said.

Any interested party is allowed to file a complaint with the OECD and the organization in June accepted a complaint from Privacy International about the alleged use of surveillance equipment produced by U.K.-based company Gamma International against activists in Bahrain.

In July, the group also filed a legal action with the U.K.'s Investigatory Powers Tribunal (IPT) against the U.K. government for conducting mass surveillance on citizens across the U.K. via the GCHQ's Tempora program as well as the Prism program reportedly conducted by the U.S. National Security Agency.

The IPT is a secret court that can investigate complaints about any alleged conduct by, or on behalf of, the intelligence services, according to its site. The IPT is the only U.K. tribunal to whom complaints about the intelligence services can be directed.

Privacy International contemplated adding the complaint against the telecom companies to the IPT case but decided not to do so, said Rispoli. Cases at the IPT can drag on for seven to eight years, he said, adding that the problem with a secret court is that even those involved often don't know what is going on. Therefore, he couldn't provide an update about the case filed against the U.K. government other than it was filed and is being investigated.

While the OECD's process is not completely open, Privacy International hopes that the investigation into the telecom companies will be more transparent, Rispoli said, adding that the charity will push to get any results out in the open. The OECD could be a bit quicker too; the Gamma complaint for instance was filed in January and accepted in June, he said.

The OECD's British National Contact Point did not immediately respond to a request for comment.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags Privacy InternationalsecurityGovernment Communications HeadquartersOrganisation for Economic Cooperation and Developmentprivacy

More about BT AustralasiaGCHQIDGNational Security AgencyNCPOECDPrismPrivacy InternationalVerizonVerizonViatelVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place