Government operatives work in Vodafone's exchanges monitoring citizens in some countries, the network has admitted. In its first Law Enforcement Disclosure Report, the world's second-largest telecommunications network reveals how many requests it has received from law enforcement or other government authorities to intercept or find out information about your communications.
Vodafone's report is a 40,000-word survey of government surveillance of its network in the 29 countries in which Vodafone operates, including joint ventures in Australia, Kenya and Fiji. While US carriers Verizon and AT&T have disclosed similar information about their domestic operations, this is the first global report of its type.
Government surveillance has been in the spotlight since former NSA operative Edward Snowden leaked huge amounts of data a year ago, revealing the extent of government intrusion. This week Snowden backed a campaign to "Reset the Net", with technology companies including Google adding safeguards to websites and mobile apps.
Vodafone identifies two different types of surveillance requests: lawful interception, and access to communications metadata such as phone numbers, addresses, times when calls were made, who the person called, and even the location of a phone to track the whereabouts of the subject.
The highest number of eavesdropping requests were made in Italy, where police target the mafia. However, it's difficult to work out the number of people actually spied on for each nation because different countries measure things differently. A single request could also cover multiple people, or multiple warrants could target one individual.
In some countries, government agencies can tap directly into the network, without any need for a warrant or any explanation. In those countries, the direct access "pipe" into the network consists of equipment in a locked room in Vodafone's exchange, operated by employees with state security clearance who can't talk about their work.
However, in most places, agencies have to ask Vodafone for specific data. Vodafone says it complies with the standards laid out by the European Telecommunications Standards Institute (ETSI) for dealing with such requests.
The report doesn't go into detail for Albania, Egypt, Hungary, India, Malta, Qatar, Romania, South Africa and Turkey, where it's against the law to disclose whether surveillance is happening, let alone reveal hard numbers.
"Refusal to comply with a country's laws is not an option," says Vodafone, "If we do not comply with a lawful demand for assistance, governments can remove our licence to operate, preventing us from providing services to our customers."
Privacy campaigners have called for other companies to follow Vodafone's example.
"This is an excellent report," says Jim Killock of the Open Rights Group. "We need every telecoms company to tell us what they are being made to do by the government, so that we can have a proper debate about the scale of state surveillance. The report also shows why we need to reform the UK's medieval system that allows government ministers to sign off warrants. It is impractical for Teresa May and William Hague to make judgments about the validity of requests to access private data; we need proper judicial oversight that is considered, transparent and accountable."