What you can learn from these pages:
How we aim to respect privacy and freedom of expression
When government authorities might demand that we share data or restrict our services
The challenges operators face when handling demands
Circumstances in which access to communications could be restricted or blocked
The challenges operators face when handling government demands
Our annual reporting on disclosure demands
How we collaborate to continually improve our approach
One of our highest priorities is to make sure that our customers can use our networks and services confidently and securely.
We are focused on building a culture that respects the rights to privacy and freedom of expression to justify the trust that people place in us.
We respect our customers’ lawful rights to hold and express opinions and share information and ideas without interference. It is also the case that local laws and regulations set out circumstances in which we are required to respond to lawful demands to share customers’ data and, in certain circumstances, governments can require us to restrict our services.
Types of government demands
The laws which allow government agencies to access personal data and restrict communications are country specific and can be complex . Vodafone is committed to transparency and, where permitted, to sharing information about the demands we receive that could impact our customers.
Types of law enforcement demands:
Lawful interception requires operators to implement capabilities in their networks to make sure they can deliver, in real-time, the actual content of the communications (for example, what is being said in a phone call, or the text and attachments within an email) plus any associated data, to the monitoring centre operated by an agency or authority.
Disclosure of communications data (metadata)
In many countries, agencies and authorities have legal powers to order operators to disclose communications data. Although less intrusive than lawful interception, it can reveal a lot about how and who someone communicates with, or where they go online.
You can read more about metadata here
Restriction of services and network shutdowns
Many governments reserve the right to order operators to take down or restrict communications services, including the shutting down of network services or access to the internet. eg in the event of a local emergency.
IP/URL content blocking and filtering
Many countries have laws that enable agencies and authorities to require operators to prevent access to certain content or websites identified by their internet protocol (IP) address ranges or uniform resource locators (URLs). This is typically achieved by requiring a filter to be applied at the network level.
How do we comply with government demands?
In many countries, it is a condition of an operator’s licence that they put in place technical and operational measures to enable lawful interception.
We follow the European Telecommunications Standards Institute (ETSI) lawful interception technical standards unless we’re required to do something different by the local authorities. The ETSI standards include a formal handover interface to ensure that agencies and authorities do not have direct or uncontrolled access to the operators’ networks as a whole.
Disclosure of communications data (metadata)
In some countries, operators are required by law to retain some communications data for a specific period of time solely to fulfil the lawful demands of agencies and authorities who require access to this data for investigation purposes.
Lawful demands for access to communications data can take many forms. For example, police investigating a murder could require the disclosure of all subscriber details for mobile phone numbers logged as having connected to a particular mobile network cell site over a particular time period, or an intelligence agency could demand details of all users visiting a particular website. Similarly, police dealing with a life-at-risk scenario, such as rescue missions or attempts to prevent suicide, require the ability to demand access to real-time location information.
When an operator is instructed to shut down communications in a specific region or across its entire national network, the priority is to ensure that the shutdown is carefully controlled to enable the network to be restore the network as quickly and reliably as possible once the government order is lifted.
IP/URL content blocking or filtering
Telecommunications operators have technical options available, when we have to block access to specific online content, all of which are based on checking a customer’s request to access a specific IP address or URL against a list of banned domains or URLs.
Governments generally stipulate the minimum technical specifications of how the restrictions must be applied to the network, content or services in order for operators to fulfil demands received from agencies and authorities. Some technical options are more robust than others—web-proxy content filters are one option. They’re hosted within an operator’s network and are the most expensive but also the most effective approach. In the majority of cases, most web traffic passes through an operator’s proxy servers. When a customer requests content, it will usually be delivered to them straight away. If the content the customer wishes to access is not on the block list, the content sought will be retrieved and served back to the customer. If it is on the block list, best practice is to ensure the customer is made aware of this by means of a warning ‘splash page’ while preventing the specific content from being accessed; a point we address. We talk about this more in our Freedom of Expression Principles.
We typically get these blocked lists from a database that is updated regularly. Domain/URL block lists are typically supplied to operators as a regularly updated dynamic database that is downloaded from an external source. We then upload it on the proxy servers within the operator’s network. List entries. The list might refer to a single IP address, or they may refer to an entire website domain or sub-domain. If there’s a court order requiring a block, then this would usually be done manually.