BT and Vodafone Helped GHCQ Snoop on Transatlantic Fibre Optic Cables

Telecoms giant BT (codename “Remedy“) and Vodafone (codename “Gerontic“) are among several major telecoms operators that have been named by former NSA employee, Edward Snowden, as helping the UK Government’s Communications Headquarters (GCHQ) to snoop on more than 200 of the world’s transatlantic fibre optic cable links.

The not particularly surprising revelations follow on from earlier reports that revealed how GHCQ’s top secret operation Tempora (here) had been quietly tapping into the fibre optic cables that come into and go out of the United Kingdom for almost two years (albeit only the basic 10Gbps links.. for now.).

Tempora typically stored the somewhat indiscriminate data it collected, which allegedly included everything from recordings of phone calls to the content of emails, website visits and Facebook updates, for a period of up to 30 days (any longer would be a nightmare for even modern storage systems). It’s claimed that a sophisticated system then sniffed through the data to find specific needles in a haystack of information.

Documents leaked earlier by Edward Snowden have now revealed which of the major telecoms and network giants were involved. Each of the firms, which could potentially stand to lose some of their international business as a result of the allegations, was given a super-secret codename to mask their identity. This obviously worked extremely well because The Guardian has linked them all.

GHCQ Snooping Telecoms Firm (“Codename”)
BT (“Remedy“)
Verizon Business (“Dacron“)
Vodafone Cable (“Gerontic“)
Global Crossing (“Pinnage“)
Level 3 (“Little“)
Viatel (“Vitreous“)
Interoute (“Streetcar“)

It’s interesting to ponder whether or not they got to choose the codename themselves. Naturally some of the operators (BT) didn’t want to comment on the report but the others did say that they were obliged to comply with UK law.

This is believed to be a reference to an obscure clause in the original Regulation of Investigatory Powers Act (RIPA), which allows the government’s home or foreign secretary to approve such activity as long as one end of the snooped communication is abroad (i.e. international traffic and connections).

A Spokes-Spy-Person for Vodafone said:

“Media reports on these matters have demonstrated a misunderstanding of the basic facts of European, German and UK legislation and of the legal obligations set out within every telecommunications operator’s licence … Vodafone complies with the law in all of our countries of operation.

Vodafone does not disclose any customer data in any jurisdiction unless legally required to do so. Questions related to national security are a matter for governments not telecommunications operators.”

The fact that ordinary UK domestic traffic isn’t likely to have been the primary focus of GHCQ’s snooping effort (that was more the semi-defunct Comms Data Bill’s focus) might put a few minds at rest but then you never really know whether what the intelligences services “sources” are saying is true. International investors and other countries may have a different viewpoint. At least it’s all done in secret though, right? Oh.