What Stops Telcos Being Champions of Privacy?

I was struck by a recent headline in Wired:

VERIZON — YES, VERIZON — JUST STOOD UP FOR YOUR PRIVACY

The subtext is clear. The journalist and the audience think it remarkable that a major US telco might defend customer privacy in the same way that Google and Apple does. The story is summarized in the opening paragraph:

Fourteen of the biggest US tech companies filed a brief with the Supreme Court on Monday supporting more rigorous warrant requirements for law enforcement seeking certain cell phone data, such as location information. In the statement, the signatories—Google, Apple, Facebook, and Microsoft among them—argue that the government leans on outdated laws from the 1970s to justify Fourth Amendment overreach. One perhaps surprising voice in the chorus of protesters? Verizon.

After that, the rest of the article is just a commentary on why it is, or is not, amazing that a telco might have “bucked a longtime trend of telecom acquiescence.” What does “acquiescence” mean in this context? The writer of the piece does not spell it out, but it means giving law enforcement the evidence they ask for in order to investigate crimes. When put this way, “acquiescence” does not sound like such a bad thing to do. A lot of people like it when the police catch murderers and rapists. Which telco executive wants to have a murder on their conscience – and the negative press reaction – when the police starts blaming them for not handing over data about the killer’s phone?

Like it or not, everybody has been sleepwalking towards a situation where societies have to ask tough questions about the relationship between law enforcement and electronic comms. Telco executives, politicians, law enforcement, academics, journalists… for decades nobody was paying attention to how the growth in law enforcement requests for data had been enabled by improvements in technology, although that may not have always been a good thing in itself.

I do not blame the police for wanting to obtain every possible resource to pursue their objectives. It is obvious why they now request all the records relating to suspects of serious crimes, even if they have no idea what they will learn from them. And so it also becomes natural to seek information about everybody connected to those suspects. And if the telcos know more about people, because of the new services and technologies they have implemented, then the police asks for more. The trend is perfectly intelligible. But if there comes a time when law enforcement are asking for too much, why is it up to the telco to point this out? The relevant decision-makers are the people in government… and the people who put them there (otherwise known as voters).

The truth is that telcos have never really wanted to supply all this data to law enforcement. Why? Because it costs money. Clever-clever tech journalists on both coasts of the USA like to pretend they understand how the world works but rarely square this circle:

  • Telcos are supposedly greedy big businesses that will cut any cost (firing people, not paying for adequate security, lousy customer service) and do anything to make more money (rip-off tariffs, selling customer data); and
  • Telcos are also supposedly happy to store more and more ultra-detailed data on behalf of law enforcement even though that is expensive.

So which caricature does the press prefer? The truth is the press want to present both stories at the same time: they pretend telcos are cynical about profits and they pretend telcos are lap dogs of the government. They do this even when it leads to a contradiction.

In many ways, the traditional telco was an easy ally of the privacy activist. You cannot violate somebody’s privacy if you fail to maintain records about the person, and that was how telcos generally behaved. In the past, telcos did not waste money on saving data they could not practically use, so the data was thrown away. The ramifications of this low-data approach can be seen in many fields that tech journalists like to gripe about. For example, ISPs bill everybody the same amount because they have no idea how much each customer is using. This then leads to fair use policies because a tiny proportion of the customer base will cause almost all the congestion, and so drive up costs for everyone. This results in traffic shaping as a piecemeal attempt to address the issue without disconnecting anyone’s service, and this generates complaints that ‘eat all you want’ tariffs have been dishonestly advertised. If ISPs just billed everyone for what they used then none of the negative consequences would have followed, but they were not going to bill everyone that way because that would necessitate collection of lots of additional data at a non-trivial cost to the business. This is just one illustration of how the public expects telcos to have data without factoring in the actual cost of having that data, and so ignores how telco policies are often driven by trying to construct a viable business strategy whilst lacking pertinent information.

Seen in this light, the reasons why companies like Google have always defended privacy becomes clear. Their reasons are utterly self-serving. The traditional telco business made money whilst knowing very little about the customer. They could track a customer’s usage in theory, but they rarely did more than was necessary than to issue a bill, and then the data would be erased. In contrast, Google’s business model depends on collecting and storing ever larger amounts of data about people. So who has most to lose from law enforcement agencies wanting to get more and more access to data? Irrespective of the impact on the company’s reputation, giving data to the police will cost Google money. They have a good incentive to keep those costs down by arguing for tough limits on what data must be supplied, and when. At the same time, Google is never going to complain about the costs of managing data because that would alert some somnambulant members of the public, prompting them to ask why Google offers everything for free.

If telcos always want to keep their costs low, why did they pour increasing resources into supplying law enforcement with data? We know why police and politicians wanted telcos to hand over data – they received a boost to crime detection rates but the related costs were outsourced to the private sector. This means the average citizen had less reason to gripe about taxes… though they might have been complaining about their phone bill instead! The reason why telco execs have been ‘happy’ to bear this cost is because they have to deal with the bigger picture, and that means understanding how the decisions made by politicians and their appointees will determine the profitability of the telco. Governments exert a lot of influence over the profitability of telcos, Whether it is through price controls, demands for investment in infrastructure, or granting permission to use physical resources like land and radio spectrum. Paying for a couple more staff in a police liaison team is small beans compared to acquiring 6 MHz of broadcast spectrum, and politicians and telco executives know it, even if the average tech writer cannot join the dots.

The irony is that journalists express surprise that telcos might not fight savagely for customer privacy, even whilst another article in the same magazine will argue that net neutrality rules should give government appointees extensive power to limit what telcos can charge for, set the price for their services, and arbitrarily enforce vague rules about when neutrality has supposedly been abused. (Yes, I used the words ‘arbitrary’ and ‘vague’, because it is easy for journalists and politicians to assert that telcos should not influence the speed of the internet but bloody impossible to write a law that states how fast is fast enough.)

On the one hand, we have a public perception that governments should exert increasing control over telcos. On the other hand, we have the widespread belief that telcos, as privately-owned businesses, should do more to counter government overreach. It does not take a genius to forecast how that scenario will play out in practice. Whilst the information era has done a lot of good, too many see the benefits delivered by technology as being synonymous with the objectives of large and lucrative tech businesses, to the detriment of older corporations like telcos. This is what now stops telcos being the champions of privacy they previously were by default.

Eric Priezkalns
Eric Priezkalns

Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.

Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar’s National Committee for Internet Safety and the first leader of the TM Forum’s Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.

Commsrisk is edited by Eric. Look here for more about Eric’s history as editor.