Deutsche Telekom's 'surveillance report' builds on a trend

Kirsten Gollatz, Humboldt Institute for Internet and Society (HIIG)

PUBLISHED ON: 20 May 2014

In the midst of the discussion about the freedom of expression and privacy rights of internet users and, the responsibility of the private ICT-sector that comes with it, Deutsche Telekom sends a signal. Germany’s largest telecommunications corporation and multinational network operator for the first time on 5 May 2014 published what is known to be called a ‘transparency report’. The full name of the report covering 2013 is Jahresbericht - Auskunft an Sicherheitsbehörden, Annual report -  Information to security agencies.

Following earlier initiatives and long-term announcements of other telecom operators in Europe and beyond, Deutsche Telekom’s recent step towards greater transparency on surveillance measures from governmental security and intelligence agencies came as a surprise. Reportedly, previous requests for the release of data have been refused by the German-based company on the basis that under German law, it had to bow to an obligation of confidentiality1. In other countries, especially in the UK and the US, internet companies are calling on governments to be allowed to publicly report on surveillance-related measures.

Statistics on National security requests

Telekom’s 2013 report2, which is supposed to become a regular, details the numbers of national security related requests it received by the German government for information about its users and subscribers in Germany. In addition, it specifies the respective provisions that apply in federal laws. The overall numbers are being reported in four categories under which the corporation is legally required to provide user information or enable the interception of internet communication.

First, for purposes of police investigation and criminal prosecution pursuant to the Code of Criminal Procedure a total number of 49.796 internet access points have been monitored. In addition, 436.331 orders were logged requesting internet traffic data. According to Deutsche Telekom, only a minority of those requests were based on the so-called ‘G-10 Law’, a federal law for the authorisation of German intelligence services which imposes limitations on the secrecy of telecommunications as provided in Article 10 of the Basic Law (constitution). Thirdly, in 28.162 cases law enforcement agencies manually obtained subscriber information as it is being determined in the Telecommunication Act (§ 113 TKG). Finally, with a annual number of 946.641 cases Deutsche Telekom was required by the German Copyright Act to disclose customer information on the base of IP addresses for prosecutions of apparent copyright infringements. Similar to the ever-increasing numbers of requests for copyright takedowns published by other internet companies, Telekom also stresses the sheer amount of requests to provide data for those instances.

Transparency now legal grounded

Telecommunication companies in Germany are largely exempt from liability for legal violations of private third parties. To this extent, they are being prevented from intervening in the exchange of customers’ information. Obligations that apply to crime investigation and national security related surveillance of internet and telephone communications are on the other side extensively enforced. They compel German network operators to both cooperation and confidentiality. Especially in the domain of intelligence practices, the national and states' Intelligence Services hold extensive power to monitor internet communications for the purpose of national security under the applicable G-10 Law, which furthermore allows warrantless automated wiretaps.

German telecommunication operators are by principle not allowed to publish information about ongoing requests from customers who eventually could jeopardise investigations. But in a recent response from the Federal Department of Justice to a request of a German parliamentarian of the Green party it says that a "publication of anonymous statistical information" is permitted3. This in fact, has also been stated in a legal opinion which was issued in relation to German internet service provider Posteo4.

The complexity of transparency reporting

After gaining more legal certainty and thereby reducing the risk of being sanctioned, Deutsche Telekom has become the first major network operator based in Europe to release a surveillance-related transparency report. However, the overall level of public awareness and of society effectively putting pressure on German companies to reveal data on surveillance practices has to be regarded as much lower than that of countries such as the UK and the US.

Responding to shareholder pressure, major US-based telcos Verizon5 and AT&T6 each produced their first-ever transparency reports at the beginning of 2014. Ongoing revelations of former NSA-contractor Edward Snowden about the surveillance practices on the behest of government furthermore prompted a number of US ICT companies who had cooperated with the US government on data transfer to insist they had done so only when compelled by a court of law. Engaging in the ‘We need to know’ coalition, company executives and user rights advocates issued two joint letters to US officials demanding the right to greater transparency and a change of legislation7.

Similarly, UK-based telco Vodafone also announced in January 2014 that it intended to publish regular transparency reports for each of the 25 countries where it operates. Aiming to reveal the data this coming June, Vodafone has to first ask governments for the legal permission to disclose the numbers of requests it receives for wiretapping, access to user data and the interception of communications. According to a Guardian article on the complexities of transparency reporting in the telecoms sector8, British law currently enacts extensive restrictions on disclosure under the Regulation of Investigatory Powers Act (RIPA). Even “discussing the existence of a warrant is punishable by five years in prison”, the report further points out.

Transparency and surveillance reporting expands to telcos

Following in the footsteps of established reporting practices by internet companies (e.g., Google9, Twitter10 or Dropbox11), telecommunication companies are the latest addition to an emerging transnational trend attempting to answer calls for greater transparency.

Moreover, private entities in the telecommunication sector slowly commenced proactively linking their worldwide business activities to human rights principles. A group of Europe’s largest network operators, among others Vodafone, Orange and Telefónica, are engaging in the Telecommunications Industry Dialogue. As a part of this voluntarily corporate initiative, companies commit themselves to implementing the Guiding Principles12 that cover issues of freedom of expression and privacy as they pertain to the telecom sector. While these principles do not address regular transparency reporting by companies, they explicitly point to governments to strike a fine balance between freedom of expression and privacy and issues of national security, and furthermore “to communicate transparently about the laws, regulations and policies relating to freedom of expression and privacy, and their implementation”. To this day, Deutsche Telekom does not partake in the Telecommunications Industry Dialogue.

As current laws will be amended or legally interpreted in ways that would allow to release overall statistical numbers, more companies can be expected to issue transparency reporting about surveillance practices on a regular basis. Although the depiction of mere numbers diversely defined and without contextual information limit the customer’s and the wider public’s ability to compare or evaluate the impact of surveillance, reporting does inform the public discourse. It might work as a first proxy for remedying violations of free speech principles and user privacy, which often occur at the explicit request of governments.

Footnotes

1. Article in German: http://www.sueddeutsche.de/digital/transparenz-bei-providern-behoerden-haben-telekom-anschluesse-ueberwacht-1.1950335

2. http://www.telekom.com/verantwortung/datenschutz/235758

3. Reference in German: https://posteo.de/Antwort_Bundesregierung.pdf

4. Reference in German: https://posteo.de/Gutachten_Transparenzbericht.pdf

5. http://transparency.verizon.com/

6. http://about.att.com/content/csr/home/frequently-requested-info/governance/transparencyreport.html

7. See the Center for Democracy & Technology website for more information on the campaign: https://cdt.org/insight/we-need-to-know/

8. http://www.theguardian.com/business/2014/jan/15/vodafone-aims-to-disclose-wiretap-demands

9. http://www.google.com/transparencyreport/userdatarequests/DE/

10. https://transparency.twitter.com/country/de

11. https://www.dropbox.com/transparency

12. http://www.telecomindustrydialogue.org/content/guiding-principles

Add new comment