Vodafone Concerns Over Surveillance in USA

Vodafone’s privacy boss has taken the unusual step of garnering public support – via mainstream news media – as part of his company’s strategy to protect customers from surveillance. Stephen Deadman is Vodafone’s Group Privacy Officer, with responsibility across the 25 countries where Vodafone operates. Last week, he gave an interview to Britain’s Channel 4 News. He emphatically stated that Vodafone will ‘challenge’ the UK’s government, and other governments, about the legality of spying activity like the NSA’s DISHFIRE program. His motivation was obvious; government snooping is bad for Vodafone’s business. Here is the video of that interview, so you can judge for yourself:

talkRA has argued that wholesale gathering of data about private communications causes commercial harm. People communicate in the belief that their actions are not being scrutinized by unknown third parties. If that trust is lost, then they will find other ways to communicate with each other. The importance of trust is clearly at the forefront of Deadman’s mind, and this is consistent with how he has approached his job in the past. The following was written by Deadman and his Vodafone colleague Amanda Chandler, for a book on privacy impact assessments:

Trust – For a communications company, user trust is an essential ingredient for providing a trusted network and environment for customers and users as they spend more of their lives connected to Vodafone’s networks, platforms and services. Respect for privacy is an essential element in building trust.

In that piece, Deadman and Chandler go on to describe the relevant governance and accountability for implementing Vodafone’s privacy policy, how they embed privacy management within business practices, how their risk-based approach draws on lessons learned from Business Continuity Management, and the use of privacy impact assessments to identify, communicate and prioritize risks and the responses to them. I recommend it as a good read for anyone interested in how telcos should integrate privacy with the management of information risks – and I believe anyone trusted to work with large volumes of customer data should be taking an appropriate interest in safeguarding privacy. However, I draw three further lessons from this paper, and from Deadman’s appearance on news media:

  1. Some risks are driven by factors outside of the company, and are not completely within the company’s control. In such cases, the risk manager still has to come up with a response, even if it means challenging government or going public to assure customers that their service provider is on their side.
  2. Problems like this do not go away by ignoring them. There will be many telcos who note ‘privacy’ in a token list of risks, then address it in a similarly token fashion, by taking inward-looking steps like training the company’s junior staff or issuing a policy that nobody reads. When government action undermines customer privacy, the company will not prosper by ignoring valid customer concerns.
  3. There are important people in this world who need to be appeased. Some of them are in government. But the most important people to a business are its customers. Without them, there is no business. So the business must prioritize their needs above all others.

It is a relief to see that some telcos have the backbone to stand up for their customers. After all, this is a situation where the interests of telcos and customers are the same, and where customers will reward telcos that are on their side, and punish the telcos that side against them. However, the telecoms sector is inherently subject to a lot of government interference and regulation, so it might be tempting for telcos to bend to the will of government. In the end, all businesses will abide by the law in their country. However, Vodafone’s action shows how telcos can address customer concerns when they fear the law is being used against the interests of their customers. It also demonstrates how the rule of law is strengthened by public engagement rather than quiet backroom chats between big government and big business – which may only encourage extra-legal activity.

When the rule of law is given healthy respect, even governments are bound by it. And governments can break the law too, as is part of the argument about the NSA’s spying program. President Barack Obama gave a speech about curtailing spying that employed soaring oratory, taking listeners on a vivid journey from the American Revolution, via the Nixon scandals and the Cold War, to the 9/11 terrorist attack and the future of technology. However, on matters of real substance, he said bugger all. So it is apparent that the USA will continue to spy on all non-Americans, save for a few allied national leaders of the highest rank, like Angela Merkel. This will cause problems for global telecoms businesses like Vodafone. And when it comes to protecting the rights of American citizens, the limit of US law will be tested in the courts, with Senator Rand Paul leading that charge. This is how Paul summed up his argument that the current spying program is against the US constitution:

He mentioned Paul Revere, but Paul Revere was warning us of the British coming. He wasn’t warning us the Americans are coming. The thing is, the lesson from the American Revolution that the President I think misunderstands is that we were upset about British soldiers writing their own general warrants — like national security letters — that allowed them to go into the colonials’ house and look at their papers. We didn’t like that so we wrote the Fourth Amendment to say the warrants have to be individualized… we didn’t want a dragnet.

It is atypical for opinions about business practices in the telecoms sector to be discussed alongside politics, like I have. However, I feel this is justified because this topic is political. In that respect, I believe most of the trade press is letting us down. We do not just work for telcos, we are also customers of telecom services. We are people, and privacy matters to people. This subject may be uncomfortable for some working in the sector. They might prefer to treat all business as apolitical. But this risk, like all risks, will not go away just because we ignore it. And the political dimension of this public debate is ramping up, not declining, despite the minor tweaks that Obama announced to US spying programs. In fact, Obama pointed the finger at our sector during his speech, by saying the following:

…the challenges to our privacy do not come from government alone. Corporations, of all shapes and sizes, track what you buy, store and analyze our data, and use it for commercial purposes. That’s how those targeted ads pop up on your computer and your smartphone periodically.

Other politicians, across the world, are also talking about the hurt done to business as a consequence of spying. David Davis is a senior British politician, and a former front-runner for the leadership of his party. Davis argued in last week’s Times that state snooping could prompt an exodus of technology companies from the UK; you can read his op-ed here. Nick Pickles, head of the UK’s Big Brother Watch campaign organization, also wrote that US government spying will hurt UK business; see here. The reasons for telcos to participate in this public debate was underlined when Pickles cited Vodafone’s example. And Pickles called for more telcos to transparently report on how much customer data they hand to government. When the use of telco data is being discussed publicly like this, telcos cannot afford to play deaf.

Technologists are not immune from the topics that occupy the minds of lawyers and politicians. They are also interested in them, as human beings. They handle the data that lies at the heart of this debate. And recent events have ably demonstrated how technological back doors can be implemented to achieve results that lawyers and politicians may be ignorant of. Everyone working with data in telcos has a stake in this debate. We need to find our voice. One way or another, we are going to be listened to. For our own interests, and for our customers’ interests, we need to speak clearly, so everyone can hear us.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.   Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.   Commsrisk is edited by Eric. Look here for more about Eric's history as editor.
  • Eric,

    Fine journalism here.

    In Stephen Deadman, Vodafone picked the perfect spokesman. Even if somebody decides to shoot the messenger, there’s no problem because he’s already a Dead-man :- )

    Joking aside, Deadman did a fine job of explaining a very serious issue for telecoms. You’re right, this will not go away — the crisis will intensify.

    We are at a tipping point. Mobile operators see money to be made in moneteizing their data — to sell more services and allow third parties to piggback on their intelligence. Asia-Info Linkage is enabling this in China with mall retail stores. But what flies in Beijing may not in Los Angeles or London because of privacy.

    Yet there’s a paradox here. While we recognize that privacy is important, millions compromise their private details to strangers on Facebook.

    And if Americans really care about privacy, why was there little public outcry over NSA snooping and the political tricks the IRS played on Tea Party? When Nixon’s people were caught wiretapping a Democratic office at the Watergate hotel, people lionized the journalists for uncovering a case of dangerous political corruption. Nixon was even kicked out of office for it.

    Forty years later, where are those heroic journalists? They are sheepishly silent. Meanwhile the Washington Post is sold to Jeff Bezos, CEO of Amazon, one of most successful digital monetizers of all time.

    IMO, telecoms cannot be half-hearted in their support of customer privacy. They also need to let their customers to opt-in or opt-out out of the analytics arena — in that way they can differentiate themselves from the “do-no-evil” Googles and other email scanners.

    So it’s good to see Vodafone drawing a line in the sand. The rest of the industry should thank them for their courage — and their enlightened self-interest.

  • @ Dan, thanks for your comment, which was as thought-provoking as ever. In particular, I’ve struggled with the question as to why there is not more public outcry about privacy. It’s a topic I’ve thought about since the beginning of my career. My professional experience tells me that the public’s awareness of privacy violations lags the reality of such abuses. However, abuses of data, by governments, businesses, spies and criminals now occur with such regularity that even the most naive member of the public must be conscious of them. Let me make three observations which I think explains why we have not seen more of a public backlash.

    1) Young people are more concerned about privacy than other sections of society, but disparities in wealth and power mean their voice is underrepresented. Note that politicians like Rand Paul receive disproportionate support from young voters. Changing economics and demographics mean that youth movements generate less interest and momentum than they did back when Nixon was embroiled in the Vietnam War.

    2) The political and ideological issues raised do not neatly fall into the hackneyed ‘left-right’ political axis. The abusers of data may be private companies that pursue profit, governments seeking to pursue a moral good, or lone individuals seeking to redress a perceived injustice or imbalance in society. Poor articulation of the issues means that old media will play down their political significance in favour of stories that more comfortably fit an established left-right paradigm that suits the established prejudices of journalists and their audience.

    3) As George Orwell sought to illustrate in 1984, and as built upon by thinkers like Noam Chomsky, the selective use of language can impede free democratic debate and create the illusion of consensus by denying the opportunity to articulate opposition. Given that young people have the best technological understanding of the scale of data abuses, whilst having least influence over mainstream media, and that the old political paradigms are not suited to analysing these issues, there is a repeated tendency to suppress proper analysis of the implications of privacy abuses. Obama’s speech, high on rhetoric but low on substance, gives a vivid example of the sub-standard quality of public debate and how the mainstream media does little to improve it. However, suppressing debate is not a long-term solution. Societies are strong if they can change piecemeal, thus forestalling more revolutionary change. If they do not, the result may be unpredictable behaviour when suppressed public anger boils over. Whilst I cannot predict if data abuses might one day prompt the kind of outraged protest as seen in Tiananmen Square, or the Arab Spring, the absence of the revolt so far is not proof of an absence of frustration that can lead to volatile civil disobedience.

  • Michael Lazarou

    While youth is the group that mostly understands and gets frustrated about the issue of privacy there is one more issue. We are dependent on these companies (telcos, googles apples and oranges) and we *trust* them. So it all comes down to finding a way – incentivising – companies to be more ethical and responsible with the data they have. There are two incentives or motives for any company’s operations: what customers want and what is imposed on them by regulation/law. As time passes it will have to be the first who demand both ethos and regulation by politicians. I tend to believe that tech and telco companies are forward thinking but above all they don’t want consumers holding back on usage and feeling uneasy, so they will have to ensure they are doing everything possible to avoid eavesdropping. As mentioned in a previous post on another issue, either policy is demanded by society or companies start to think ahead and tailor their mechanisms to consumer demand beforehand. So yes, thumbs up to Vodafone for being pro-active and responsible.

  • Michael Lazarou

    There is a never-ending stream of reports of snooping: http://www.bbc.co.uk/news/technology-25927844