Deutsche Telekom Secretly Tracked Phone Calls

Dekortage writes "German telephone giant Deutsche Telekom has admitted to secretly tracking the phone calls between board members and journalists, in an effort to identify media leaks about internal affairs. As noted by the German Journalists' Association, 'This company has special access to the records of its customers.... That means it has a special obligation to be trustworthy.' DT denies having eavesdropped; it merely tracked the calls dialed."

The President's Analyst

[goombah99]

Best line in that movie. "Who could possibly bug every phone in the united states?" TPC

Not clear if customer records are affected

[Florian+Weimer]

Deutsche Telekom might just have screened call data records on company phones (provided to employees and board members for company purposes). In this case, it's very difficult to say if this practice was illegal -- or even morally wrong.

Re:Not clear if customer records are affected

[jeiler]

Morally questionable, at best. Business records are to be used for business purposes: here in America, there is an expectation of privacy that extends even to internal data usage at a company. Only the billing department should know about my call history, and then they only need to know the minimum information required to correctly calculate my bill. Who I call is no one's business--including the telco.

Re:Not clear if customer records are affected

[snowraver1]

Funny you mention that, when just the other day there was an article on /. that indicated that almost 50% of US companies routinely monitor outgoing email to make sure that there are no information leaks.

I think that if the company owns the phone, and the employee (by paying them) then all communications are fair game for monitoring.

Now if they were snooping on customers, that would be a WHOLE different story...

Re:Not clear if customer records are affected

[jellie]

Good point. The article isn't very clear what type of spying was used, but the other article linked in the story does mention some of the tactics:

The goal of the "Clipper" and "Rheingold" surveillance programs, as well as other "secondary projects," the fax makes clear, was to "analyze several hundred thousand landline and mobile connection data sets of key German journalists reporting on Telekom and their private contacts." It seems very similar to the HP scandal, which also involved boardroom leaks and spying on telephone records. Of course, HP is not a telecommunications company, unlike Deutsche Telekom. The article continues, ominously:

Moreover, the letter continues, the office of an "important business journalist," had been infiltrated by a mole who had reported "directly to corporate security" at Telekom for several months. It's actually kind of amusing (or sad) how the scandal erupted. The outside "consultant" hired to do the spying sent an angry fax, demanding to be paid. Remember, kids, if you've hired evil Anthony Pellicano-consultant types, please remember to pay them and to end those business arrangements when you leave office.

Re:Not clear if customer records are affected

[ronocdh]

Business records are to be used for business purposes An interesting tactic you've employed there. Wouldn't it be rather trivial (at least in the States), to defend a business doing this? I mean, they're just trying to manage PR. That's a business purpose, isn't it?

I'm referring completely to casual conversation logic, not what would hold up in the courtroom. Although perhaps that's unreasonably optimistic of me.

Re:Not clear if customer records are affected

[jeiler]

You're quite correct: I should have been more specific. I was referring to the telco monitoring my home or business account.

If this was monitoring calls placed within the telco to (whatever outside source), then the grounds for moral objection become a lot less clear. I had understood the article talking about board members calling people from their homes.

Re:Not clear if customer records are affected

[jeiler]

Wouldn't it be rather trivial (at least in the States), to defend a business doing this? I mean, they're just trying to manage PR. That's a business purpose, isn't it?

An interesting analogy. :D

PR is, indeed, a "business purpose." But in the States, the business is restricted by privacy rules in all of their dealings. If said business abuses the privacy of its customers--for any purpose, with a very few clearly delineated exceptions--they've violated the law.

Now, that doesn't mean it doesn't happen. For some, the profit line is more important than the moral line.

Re:Not clear if customer records are affected

[SpectreBlofeld]

How do you feel about network admins monitoring traffic on the company network?

Re:Not clear if customer records are affected

[jellie]

From my understanding, they were monitoring the calls of journalists and their contacts -- which may or may not have included board members. Here's the quote from my other post in this thread:

The goal of the "Clipper" and "Rheingold" surveillance programs, as well as other "secondary projects," the fax makes clear, was to "analyze several hundred thousand landline and mobile connection data sets of key German journalists reporting on Telekom and their private contacts." Furthermore, this is a telecommunications company that (presumably) has the calling logs of its customers. Sure, it's not like they hacked another company's data, but it's still an incredible abuse of power. There's also a limit to the "fair game for monitoring." Deutsche Telekom may own the central infrastructure (or whatever) to route calls, but that doesn't mean they can listen in, though that wasn't what you meant. In any case, the anti-government folks might point out that Telekom is partially owned by the German government, which somewhat blurs the line between government and private entities.

Re:Not clear if customer records are affected

[CowTipperGore]

I think that if the company owns the phone, and the employee (by paying them) then all communications are fair game for monitoring.

Now if they were snooping on customers, that would be a WHOLE different story...

According to the article linked to in TFA, they were snooping on customers:

The goal of the "Clipper" and "Rheingold" surveillance programs, as well as other "secondary projects," the fax makes clear, was to "analyze several hundred thousand landline and mobile connection data sets of key German journalists reporting on Telekom and their private contacts."

Other spying campaigns had already been "specifically planned and assigned," including "the surveillance of one of your shareholders, a company headquartered in New York."

Moreover, the letter continues, the office of an "important business journalist," had been infiltrated by a mole who had reported "directly to corporate security" at Telekom for several months.

Re:Not clear if customer records are affected

[Florian+Weimer]

Der Spiegel has a tendency to exaggerate news stories as soon as journalists are affected. Typically, journalists are portrayed as primary targets, despite their actual involvement. So this part should be taken with a grain of salt, like when bloggers are writing about other bloggers.

And you're right about paying. Actually, I think you should that kind of stuff in the family, without relying on outside parties.

Re:Not clear if customer records are affected

[LilGuy]

Well if that's truly the case then system, network, and security administrators hold the keys and no one is exempt. That means these guys have access to all the communications across the whole network and that includes communications between the uppers. I'm willing to bet those guys wouldn't be so keen on having other people privy to their communications. Somehow I'd imagine you're arguing that it's only okay to snoop on the peon communications.

Re:Not clear if customer records are affected

[Tom]

Now if they were snooping on customers, that would be a WHOLE different story... They were, that's why it is. :-)

Re:Not clear if customer records are affected

[MadMidnightBomber]

I worked briefly as a summer student at British Telecom - this was expressly illegal there and that was back in '97. We had to sign a couple of documents about it even though we were nothing to do with phones.
I can't believe the UK privacy laws are better than the German ones, so odds on are it's illegal.

Re:Not clear if customer records are affected

[hughk]

It wasn't just Der Spiegel - all the German newspapers took a dislike to this (even Bild). Monitoring employees has to be done very carefully to be within German law.

The Solution

[imyy4u3]

"Hello."
"Hey, what's up?"
"Well, I'm a board member, and they're tracking our calls now, so I can't call you at (insert newspaper name here)'s HQ from the office anymore, and that's why I'm calling you from a pay phone."
"OK, just meet me at the coffee shop at 7pm tonight."
"Sure."

Problem solved. Idiots.

Re:The Solution

[Yvanhoe]

This implies that you knew the calls were tracked

Re:The Solution

[rodrigoandrade]

> Problem solved. Idiots

Yeah, until men in black suits show up at said coffee shop.

Re:The Solution

[Lilith's+Heart-shape]

It also implies that you can find a working pay phone. Good luck doing that in America.

Re:The Solution

[maxume]

It's always the men in suits that ruin the atmosphere.

Re:The Solution

[oodaloop]

Having done phone call analysis for the government, this is hardly a viable solution. Multiple calls from a pay phone would stick out like a sore thumb in this day and age.

Re:The Solution

[trybywrench]

It also implies that you can find a working pay phone. Good luck doing that in America. German telephone giant Deutsche Telekom ;p

Re:The Solution

[Poorcku]

The action takes place in Germany. Not everything happens in the US, you know.

Re:The Solution

[Mark+Trade]

Actually, if you know that you are subject of surveillance, you have a whole arsenal of methods to evade from it. It you aren't, and that's the sneaky little problem with it, you are an open book.

Oh, and they did not only monitor outgoing calls in the company HQ. They tracked all phone calls they were servicing in the whole country and then ran searches against business and private phone numbers of known journalists and employees. So not even at home you were secure.

Re:The Solution

[edelholz]

Mod parent up! They didn't just track employees and board members, they tracked hundred thousands of customers, monitoring many journalists that happened to have a T-Mobile phone.

Re:The Solution

[QuantumRiff]

Right, but guess who owns T-Mobile, a large, US wireless company? (They were called Voicestream wireless before they got bought by Deutsche Telekom, along with a dozen small cell companies, to form one big one.)

Re:The Solution

[owlnation]

German telephone giant Deutsche Telekom ;p

Yes... but before you get all patronizing... you might want to note that Deutsche Telkom also is T-Mobile, which is an international company. Are you sure they only did this in Germany? Because I seriously doubt they restricted this immoral action to the borders of Germany.

Re:The Solution

[Poorcku]

All the reports seem to be indicating that it happened in Germany and not in the US. So arguably one should discuss it in a german context and not in an american one. Moreover, just because you doubt it doesn't mean it happened.

Re:The Solution

[Jesus_666]

However, the basic point still holds - pay phones have become a rarity over here, as well. Mobile phones have displaced them. However, the German mobile phone market is fiercely competitive and it's easy to pick up a new SIM card for your mobile and use a competitor's network. Or, if you're less cautious, just get yourself a second SIM card from T-Mobile and don't tell your bosses about it.

It's not as if it'd actually cost you real money. In that regard Germany is different from the States.

Re:The Solution

[Jesus_666]

Man, suddenly I'm very happy to be on the E network... (The German mobile networks have letter designations; The A, B and C networks were anlog and have been shut down; T-Mobile is present in the D network (900 MHz) and only slightly in the E network (1800 MHz). Anyhow, my prepaid card is not from T-Mobile and that's good.)

Re:The Solution

[Opportunist]

Indeed. I think we should ban politicians, hot air simply has to add to global warming!

Re:The Solution

[Lilith's+Heart-shape]

Yeah, I saw that. I wasn't going to assume, however, that it was as hard to find a working pay phone in Germany as it is here in the People's Christian Republic of Amerika.

This just in!

[Ngarrang]

A major corporation providing a necessary public service mis-uses those records for personal reasons! Film at 11!

Okay, is anyone else not surprised to read this? Do any you have actually think that your local telecom ACTUALLY respects your privacy and doesn't do funny things with your data?

Sure, this was only on its own executives. But doing this to faceless subscribers is not a far leap of the imagination.

Re:This just in!

[ms1234]

This was the case with the Finnish telecom Sonera which also tracked calls to find out who was leaking information in the company.

Re:This just in!

[Tom]

Yes, I think that. Mostly because I work at the local telecom company. :-)

The people in our company who handle this data are very aware of what they're handling, and in addition to their contract had to sign numerous papers saying they'll never break those laws, not even under a direct order from a superior. We have not one but two departments handling regulation and compliance.

That is why this is such a big scandal in Germany right now: Pulling this stunt off means that there is massive corruption at all levels within T-Com.

Re:This just in!

[hughk]

That is why this is such a big scandal in Germany right now: Pulling this stunt off means that there is massive corruption at all levels within T-Com.

Oh, I am shocked, quite shocked that there is corruption within Telekom.

Remembers back to the time when a firm I worked for reputedly had to pay Telekom employees a fortune in back-handersto get some lines moved quickly

Re:double-edged

[Mark+Trade]

The data retention law in Germany has been in effect since the beginning of 2008 with a phase-in until 2009 when non-compliance becomes punishable. So the self-organized (shall we call it "grass roots"?) data retention of the Telekom was unlawful. In fact, there were privacy laws that outlawed such a thing explicitly.

The spying does not only come from logging (which is bad enough without it being prohibited) but from using the data at all. Bonus points for using it against their own board.

Summary incorrect

[Denial93]

The company's internal security didn't just track the phone calls between board members and journalists. Obviously, they "had to" check for journalists' number in board members' connection lists. But they also checked for board members' numbers in the connection lists of journalists who wrote particularly much about the company. So hundreds of thousands of connections between journalists and informants, friends etc. were monitored.

I don't think Germany even has laws that are adequate for crimes of this scale. After all, data is knowledge, knowledge is power, power is abusable. More data means more knowledge means more abuse. It is time for lawmakers to react.

Re:Summary incorrect

[Archangel+Michael]

1) I'm not worried
2) Even if I was worried, there is nothing I can do about it
3) It is going to happen more and more
4) No law is going to prevent people from doing immoral or unethical things.
5) People who think laws will protect them are fools. Only You can protect yourself.

You see, man can't rule himself, let alone others. There was this guy some 2000 years ago, who by most accounts did absolutely nothing wrong, and they (man, men, govnmt etc) had him executed.

If they could kill him, then they can kill anyone. They can trump up charges, and don't need a law to make something illegal to do it.

Which brings me to my point. The only thing you can do to stop this is when it happens to you, you go and kill the bastard that is trying to kill you first.

See the 2nd Amendment to the US Constitution. Tyrants love an unarmed, unorganized populace.

People who are more afraid of my guns more than the tyrants who are plundering them actively are idiots. In the days of old, theft was met by lethal force, by the owner.

Re:Summary incorrect

[QuantumPete]

Indeed, Germany's postal secrets act stems right from the constitution and like in America that's pretty serious stuff. Monitoring of phone calls is illegal, unless you have a warrant. Monitoring who places calls where isn't, since you didn't glean insight into the contents of the message. It's like a postman looking at the addressee and sender information on a letter.

Re:Summary incorrect

[Tom]

I don't think Germany even has laws that are adequate for crimes of this scale. After all, data is knowledge, knowledge is power, power is abusable. More data means more knowledge means more abuse. It is time for lawmakers to react. Knowing beats thinking. :-)

Germany has several laws against this, in fact. At least three were very obviously breached, and criminal proceeds are very likely to be initiated very soon.

Source: I work at a german telecommunications company (not T-Com). Due to my position I had to sign extensive paperwork about all the laws I have to know and follow when I started working there.

Re:Summary incorrect

[Jesus_666]

I don't think Germany even has laws that are adequate for crimes of this scale.

Don't worry, those responsible will receive the harshest punishment known to the German legal system: They will be forced to learn the entire German tax law and all associated fluff by heart. That's about ten years of their lives right down the drain, not to mention mental scarring, burnout etc.

Re:Summary incorrect

[mxs]

Source: I work at a german telecommunications company (not T-Com). Due to my position I had to sign extensive paperwork about all the laws I have to know and follow when I started working there. And never in a million years would anybody who ever signed any papers that are required to be signed to start work breach that agreement when ordered to do so by a superior (or when assuming that you'll never get caught). He signed a paper, for chrissakes ! It cannot be !

There are plenty of honorable people in the business, but there are also plenty of opportunistic bastards who will sign these things and never give them a second thought.

Re:Summary incorrect

[Tom]

Wrong place to put that argument. :-)

GP said: "there ought to be a law". I said: "there already is, dumbo". Your argument misses the point.

Re:Summary incorrect

[mxs]

Wrong place to put that argument. :-)

GP said: "there ought to be a law". I said: "there already is, dumbo". Your argument misses the point. From your argument it read as if you were holding up the "we all sign it, so we could never do such a thing !"-card as well, though. Sure, there is a law -- in some industries, the law gets broken without missing a beat, as a matter of course -- and it is never prosecuted. Take, for instance, again the Deutsche Telekom AG. They, as a matter of course, have breached existing law for years by saving call data at variance with the BDSG and TMG -- of course now they are required to do so by law (even though that law is being examined by the Bundesverfassungsgericht), but for the years before they were obligated not to do such a thing. No, they did not care -- and in the one lawsuit they lost in, the only outcome was that for that single customer, they would purge the records immediately -- all other customers' call data would be collected and saved as before.

So sure, it may be against the law, some people and managers may have signed a worthless piece of paper saying they would not break the law -- but if management is the party commanding subordinates to break that law (or simply not doing anything about such breaches even though they know they occur), that signature is truly worthless. Well, maybe not, in a scandal like this the head of the tech that did the surveillance will roll. Managers will just insulate themselves by pointing to that piece of paper.

Re:Summary incorrect

[Denial93]

I said for crimes of this scale. In German law, sentences for multiple crimes of the same severity don't stack - i.e. for a crime that gets you up to five years in prison, doing it twice will still only get you up to five years in prison.

This is why for some crimes, there are several variants depending on the scale of the crime - possession of five grams of marihuana isn't the same crime as possessing five tons of it. Of course Germany has laws against breach of telecommunication privacy, but the sentences are relatively light and because of the above, multiplying them a hundred thousand times isn't going to do much. So there is a criminal law equivalent to the five grams case, but not to the five tons one.

Links

[goombah99]

The President's Analyst

The bigger news story from now on

[iminplaya]

will be when you find out your line is not being tapped. At this point, it's best to assume the worst and work as though everything you do is being broadcast on the TV.

Re:double-edged

[Timosch]

Plus even under new laws, they only have to store the data, but may not access it without the permission of a judge, and only in cases of danger to life or the constitution (as to an injunction by the Federal Constitutional Court, the trial about the constitutionality of this law is still pending...)

Oblig....

[heyetv]

Deutsche Bags

*ducks*

In related news

[Bovius]

Comcast admits to keeping a list of users that access porn sites and using it for targeted ads, claims they aren't checking which pictures they're looking at so it's not a violation of privacy.

Blame America.

[Gnodab]

I'm sure that some how this will end up being America's fault. Just waiting for it.

Actually...

[Grashnak]

The question isn't whether or not this is wrong; the question is who on earth is stupid enough to use a phone company's own system to leak secret information about that phone company....

Re:Actually...

The question isn't whether or not this is wrong; the question is who on earth is stupid enough to use a phone company's own system to leak secret information about that phone company....

Lots of people, since everyone knows that the evil Bush/Cheney/Haliburton/Rove conspiracy has been demolishing privacy rights in the USA while progressive Europeans are protected by their benevolent governments.

There was a case a few years back when a bunch of senior people at Canadian investment bank were planning to jump ship, set up a competing firm, and steal clients. The bankers were doing the planning on their company blackberries...

Re:double-edged

[RomulusNR]

Duh, they *have* to keep the CDRs for numerous reasons, not the least of which is billing.

And they also review CDRs to identify network problems. I've personally worked on data mining software that used CDRs to identify device problems, and other esoterics.

People will complain "oh, they're keeping records of my calls." Then they will complain "how do they not know their towers are faulty, can't the tell by the records of people's calls?"

Nah - self inflicted..

The slide started when they went after tax dodgers using stolen data. At that point the situation became SIMILAR to the US (there, I mentioned the US, happy now?) in that some are above the law provided they find a cute enough excuse:

- "He's a terrorist so we can torture him as long as he's not in the US"/"We can lock up anyone without due process or fair hearing as long as it's not on US soil" (US, Guantanamo Bay - the original reaction was understandable, the continuation of a clear wrong isn't)
- "Oops" (US bombing a Chinese Embassy)
- "I shot this man, but he looked like a terrorist" (UK, Tube bombing, Brazilian got shot without any detectable reason or provocation, police got off as usual).
- "I am ABOVE the law, 'coz I have to protect our ceetizeens" (US, by means of close to 150 "Signing statements" President Bush has conveniently exempted himself from well over 200 laws)
- "Those evil evil tax dodgers are evil, I tell you." (evil enough to ignore the fact that the German tax office didn't just BUY stolen goods, they SOLD THEM ON to other countries - in total violation of their own laws on stolen goods. Next time you buy a stolen TV, well, the government did it first).

Transparency and accountability are the hallmark of a true democracy. Germany wasn't doing too badly until they pulled this stunt with Liechtenstein. Had they followed the law, well done. But they patently didn't. This lot is simply trying to join the "exempt" club.

I find this hard to believe.

Twelve years ago, Deutsche Telekom handed my account over to a collection agency after they were unable to produce records of calls they asserted I made, nor were they capable of tracking payments for which I sent copies of the transfer statements. The collection agent who called me barely even tried to get the money. Her attitude was more along the lines of "I know, they really do suck." So now we expect them to be able to track their own phone usage? I doubt it.

Re:I find this hard to believe.

[Hal_Porter]

Twelve years ago, Deutsche Telekom handed my account over to a collection agency after they were unable to produce records of calls they asserted I made, nor were they capable of tracking payments for which I sent copies of the transfer statements.

The collection agent who called me barely even tried to get the money. Her attitude was more along the lines of "I know, they really do suck."

So now we expect them to be able to track their own phone usage? I doubt it. When I was leaving Germany I was in during the day, packing my stuff up.

The doorbell rang, and there was a delivery guy with a box for the apartment upstairs. He rung several times - he needed a signature. Being a good neighbour I signed for it and put a note in the letterbox for the upstairs apartment - "I have a parcel for you, please come down and pick it up".

A harried looking young German woman arrived in the evening and said (and I quote) "It was good of you to pick it up but you really shouldn't have DT sent it to me I didn't order it I saw they had charged me and so I called them they told me that they couldn't cancel the order I didn't make but they could schedule delivery for a time that I wasn't there and make it registered so that no one would be there to sign and then would get sent back to them and they agreed to pay the postage and the computer would void the contract based on German Law but now that you picked it up I will need to pay the return postage and contract cancelation fees [Deep intact of breath] But it was nice of you to sign for it. Thanks."

It was like fixing an obvious bug in some horrible hacked system and then seeing it collapse spectacularly because one of the side effects of the bug was the only thing keeping it up.

Compared to DT, British Telecom were actually quite customer friendly. And that is saying something.

Germany?

[Nathrael]

Invoke Godwin's Law in 3...2...1...

Re:Germany?

[jeiler]

Actually, that's one that's been missed.

So far.

...waits for the other shoe....

Re:Germany?

[Opportunist]

Funny enough, the Gestapo wasn't really known for phone tapping. Sure, they did it, but it was anything but their primary source of information. They relied on anonymous informants more than on surveillance hardware.

Well, they failed because they thought that the majority of people support them. Our leaders today won't repeat that mistake.

T mobile

[kondor6c]

Correct me if I'm wrong, but isn't T mobile a division of Deutsche Telekom?

Re:T mobile

[Stonent1]

Korrect.

Re:T mobile

[dbcad7]

Yep, way back when there was a lot of fuss about a foreign company owning a telephone utility in the US. (back when they were starting to buy voicestream). The reason I remember this is because voicestream at the time was about the only GSM provider in the US.. and as all of Europe (an most of the world) is GSM it made sense that DT would look at them.. And they have done a lot with the company that became T-Mobile.

I am not a mobile "power user".. but I am a customer, and I have not had any problems with them and I am happy with the service in my area.

It's not just listening in that's the problem

[hyades1]

This isn't about eavesdropping, it's about getting information you have no right to possess. If my girlfriend steals my cell phone and finds out that I've been calling Wendy's House of Spanking Ecstasy on the same days as I subsequently say I was working late, she doesn't need the contents of the call to get seriously pissed off and do some major damage to my professional life.

This is exactly the same kind of thing. The telcom has no right to use its special situation to assume police-like powers and check up on people.

And my mention of Wendy's was just an example, OK? I don't know of any such place and I don't know if it even exists and I've never been there if it does. OK? Got it?

Re:Conundrum

[MadMidnightBomber]

But they are not allowed to break the law to do so - which they almost certainly have done.