American telecoms giant Verizon has been handing information about British companies to the US government, putting it on a collision course with UK regulators.
On Verizon’s UK website, the company makes a point of telling customers it will help to defend them against spying by government agencies Photo: AP
The company has found itself at the centre of a major scandal in the US, after it emerged that the National Security Agency (NSA) is collecting the telephone records of millions of customers on an “ongoing, daily basis”, under a top-secret court order issued in April.
The US is also reaching directly into the servers of Facebook, Google and other internet companies to harvest data. The NSA’s classified PRISM programme reportedly allows the government to collect virtually limitless amounts of information from emails, pictures and social media accounts.
Verizon on Thursday battled to prevent a customer backlash by telling them it had no choice in the matter. The Obama administration justified the surveillance, claiming it was a “critical tool in protecting the nation from terrorist threats”.
Two other major American wireless providers, AT&T and Sprint, have also been receiving similar orders, as have credit card companies, sources told the Wall Street Journal.
It is not clear whether Verzion Wireless, the US wireless operator owned by Verizon and Britain’s Vodafone, has received an order. Vodafone, which owns 45pc and has no operational role in the company, had no comment on Friday.
US spy scandal threatens Silicon Valley 11 Jun 2013
US harvests data from Facebook, Google and other web giants 07 Jun 2013
US to declassify secret surveillance documents after uproar 07 Jun 2013
Obama govt secretly collecting US phone records 06 Jun 2013
Analysis: latest leak could devastate Obama 06 Jun 2013
EE to offer shared smartphone and tablet data plans 06 Jun 2013
Verizon’s court order did not just stop at US shores. Washington called for Verizon to hand over all telephone records “for communications between the United States and abroad”, including calls routed via Verizon’s UK subsidiary, based in Reading.
On Verizon’s UK website, the company makes a point of telling customers it will help to defend them against spying by government agencies.
“Whether global or local, [your communications] must be secure because there are many threats to your organisation, from those that want to destroy your reputation and from those that want to take what’s yours,” the company says in a video entitled “2013 data breach”.
“This year’s most talked about threat is espionage… with many [breaches] tracing back to state affiliated culprits, taking months or even years to detect.”
However, the US government’s secret court order instructed Verizon to collect the numbers of the people at either end of each call, information about their location and the time and length of the conversation. It was not asked to record the actual conversations, but it was obliged to hold the information for a minimum of three months.
The Information Commissioner’s Office, the regulator responsible for safeguarding privacy in the UK, is expected to investigate the security breach.
When ordinary customers make calls out of the US, their network will connect them to the UK network they are calling, meaning Verizon has limited information about calls. However, it has comprehensive details about business customers making calls to colleagues across the Atlantic, as their calls are kept within the confines of the same network. Verizon would have pulled the information from its UK servers.
These so-called enterprise systems are theoretically designed to reduce costs and boost security.
Verizon could not be reached for comment.
Unlike the phone tracking programme, where telecom companies are forced to hand over records, PRISM appears to allow the NSA to freely search the tech firms’ networks at any time.
PRISM also allows the government access to the content of online accounts, whereas the phone programme provides data on the time and location of a call but does not tell investigators what was said.
A secret slide show obtained by The Guardian and The Washington Post appear to indicate that the nine companies are willing participants in the programme, beginning with Microsoft in 2007.
However, the Guardian reported that several of the companies claimed to have no knowledge of that their servers were being accessed by the government.
Google said in a statement: “From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
An Apple spokesman said: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order,” he said.
The scale of the operation is detailed in a 41-page slideshow obtained by the two newspapers, which describes PRISM as the single largest source of NSA data.
By Katherine Rushton, US Business Editor
10:30AM BST 07 Jun 2013
© Copyright of Telegraph Media Group Limited 2013