Vodafone’s head of privacy tells Channel 4 News the company will be “contacting the government… and challenging them” on interception of text messages.
Documents seen by Channel 4 News and the Guardian revealed for the first time a secret operation to harvest hundreds of millions of our text messages.
The leak from Edward Snowden reveal how America’s National Security Agency (NSA) collected and stored nearly 200m texts a day from around the world and how British spies at GCHQ have been given a back door to exploit that information. The system, named Dishfire, traced people as they travelled abroad with a mobile phone, and the texts allowed the NSA to monitor people’s whereabouts, their contacts, their banking details and their movements as they travelled from country to country.
What you’re describing is something that sounds as if that (the law) has been circumvented. Stephen Deadman, Vodafone
In the company’s first comments made on the Snowden revelations, a spokesman for Vodafone told Channel 4 News he was “shocked and surprised”.
Stephen Deadman, group privacy officer and head of legal for privacy, security and content standards at Vodafone Group, said: “It’s the first we’ve heard about it and naturally we’re shocked and surprised.”
He added: “What you’re describing sounds concerning to us because the regime that we are required to comply with is very clear and we will only disclose information to governments where we are legally compelled to do so, won’t go beyond the law and comply with due process.
“But what you’re describing is something that sounds as if that’s been circumvented.”
Read more: What GCHQ knows about us – a timeline of revelations
Mr Deadman added that Vodafone was meeting with the government to discuss the company’s concerns about UK and US spies’ access to Vodafone metadata.
“We’re going to be contacting the government and are going to be challenging them on this,” he said. “From our perspective, the law is there to protect our customers and it doesn’t sound as if that is necessarily what is happening.” He said that if the goverment was working around the law, “that’s a huge problem for us”.
Under US law, the American spies have to delete the data gleaned from Dishfire from its own citizens. But texts coming to and from international mobile phones – including Britons, were fair game and could be spied upon at will.
In Britain, spy agencies can only access text message data of specific targets with permission under the regulation of investigatory powers act (Ripa), and if they want to see the content of the message they must get a warrant from a secretary of state.
By contrast Dishfire collects data on everyone so by accessing the system, British spies can pull off information they wouldn’t be entitled to under strict British laws.
Sir Swinton Thomas, the former Interception Commissioner, also told Channel 4 News that he would have been concerned about this kind of use of foreign intelligence agency data.
“It is a worry, yes, and certainly in my time I would take the view that it not open to our intelligence services to obtain or certainly to use communications or data which would not have been lawful in this country,” he said.
“It’s not dissimilar to the question of whether you use material which you may have reason to believe has been obtained by torture. It’s a different area of course, but the concept is very similar.”
The NSA confirmed Dishfire does exist, and said that it lawfully collects SMS data. The agency also said that privacy protections were in place – for US citizens.
GCHQ told Channel 4 News: “All of GCHQ’s work is carried out in accordance with the strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate and that there is rigorous oversight.”