The campaign group Privacy International sued the UK government in July over intelligence agency GCHQ’s tapping of the world’s communications. However, it hit a brick wall in that case, so now the group has taken the issue to a higher authority.
Privacy International said on Monday that it had filed complaints to the Organisation for Economic Cooperation and Development (OECD) about the telecoms operators that have worked a little more closely than necessary with GCHQ, a major NSA partner:
“It has been recently reported that some of the companies have gone ‘well beyond’ what was legally required in facilitating GCHQ’s mass surveillance and received payment for their cooperation. By collaborating with GCHQ and providing access to networks, Privacy International argues that these companies have knowingly contributed to the violation of human rights by enabling the mass and indiscriminate collection of data and interception of communications.”
The telcos in question are BT(s bt), Verizon(s vz) Enterprise, Vodafone(s vod) Cable, Viatel, Level3 and Interoute, all of which operate the fat undersea cables that GCHQ is so fond of tapping (after all, they do mostly pass by the UK). According to Privacy International, the firms may have broken OECD guidelines around the respect of the rights to privacy and freedom of expression.
As the group noted, there is no evidence of any of these telcos pushing back against intelligence requests for cooperation. By way of contrast, web firms such as Google(s goog) and Yahoo(s yhoo) have at the very least made a show of trying to fight back on their customers’ behalf.
The Washington Post reported at the end of August that some telcos may have even profited from their collaboration with U.S. and British intelligence. It is quite normal for a telco providing assistance to law enforcement to request reimbursement for the costs that incurs, but making money on top of that is a different matter.
If the OECD’s UK contact point agency decides to take up the case and finds that the telcos have been as naughty as claimed, we’re still not talking serious enforcement — Privacy International is seeking a statement confirming a breach of OECD guidelines and asking for recommendations be given to the telcos as to how to avoid breaches in future. However, it sure would be bad PR for the vendors.