Snowden document isn’t proof of telco-spy deal, says UK agency as it squashes privacy complaint

Last year the campaign group Privacy International tried to complain to the Organisation for Economic Cooperation and Development (OECD) about telecom companies – such as BT and Vodafone – being over-helpful to the British spy agency GCHQ in its mass surveillance efforts.

That attempt just failed. On Monday, the OECD’s U.K. national contact point (NCP), an agency run out of the Department for Business, Innovation and Skills, rejected the complaint because the only piece of evidence connecting the telcos with mass surveillance activities around the world — a presentation leaked by Edward Snowden and reported on by a German newspaper — didn’t provide sufficient proof of OECD guidelines being broken.

Snowden-derived presentation

The report in question came from Germany’s Süddeutsche Zeitung in August last year. It listed the codenames for carriers – [company]BT[/company], [company]Verizon[/company] Business, [company]Vodafone[/company] Cable, [company]Global Crossing[/company], [company]Level 3[/company], [company]Viatel[/company] and [company]Interoute[/company] – that work with GCHQ’s “special source” team as part of British surveillance schemes called Tempora and Mastering The Internet.

Privacy International (PI) used this article as a basis for its complaint to the OECD, saying that the companies had broken OECD guidelines that say multinationals must respect human rights, principally the right to privacy.

The OECD’s U.K. NCP conceded on Monday that the British government had “generally acknowledged” carrying out interceptions, that the privacy issues raised by this are relevant to the OECD guidelines, that Süddeutsche Zeitung saw the PowerPoint presentation it claimed to have seen, and that it had reason to trust Snowden as a source.

However, the NCP noted that the presentation “is reported to be an internal document and not a contract or other type of agreement” and said the agency “does not consider that this information substantiates a link between the activities of the enterprises identified and the issue raised.”

PI deputy director Eric King responded in a statement:

In collaborating with GCHQ in providing access to their networks, and receiving payment for their co-operation, the companies have knowingly contributed to the human rights violations that subsequently occurred. It is shameful that the Government refuses to hold companies accountable, especially by using a weak argument that the Snowden documents are not sufficient evidence of the cooperation between telecommunication companies and UK intelligence services.

No pushback

The NCP’s assessment included anonymous responses from the companies that PI complained about. Some of the companies rejected the accusation that they were doing more to aid GCHQ than the law requires of them, though some also pointed out that the Regulation of Investigatory Powers Act (RIPA) – the law that governs surveillance in the U.K. – forbids them from directly responding to PI’s claims.

One of the companies argued against PI’s claim (backed up by the United Nations, by the way) that any mass government surveillance program violates international law and the European Convention on Human Rights because it can never be necessary and proportionate.

The firm, identified only as “Company 3”, said RIPA made sure all lawful interceptions are justifiable. This is the same RIPA, pushed through Parliament as an anti-terrorist measure, that is regularly used to nail people for not paying their TV licence fee, putting their trashcans out for collection on the wrong day, and so on.

And so ends one strand of PI’s offensive against mass surveillance; one designed to censure the companies concerned, rather than to force any kind of change in behavior. The campaign group is also suing the British government through the Investigatory Powers Tribunal (IPT), which is supposed to keep an eye on RIPA abuses, and through the European Court of Human Rights.