Deutsche Telekom Secretly Tracked Phone Calls

Dekortage writes "German telephone giant Deutsche Telekom has admitted to secretly tracking the phone calls between board members and journalists, in an effort to identify media leaks about internal affairs. As noted by the German Journalists' Association, 'This company has special access to the records of its customers.... That means it has a special obligation to be trustworthy.' DT denies having eavesdropped; it merely tracked the calls dialed."

The President's Analyst

[goombah99]

Best line in that movie. "Who could possibly bug every phone in the united states?" TPC

Re:

[goombah99]

Other great lines from the president's analyst:

V.I. Kydor Kropotkin:
Are you trying to tell me every phone in the country is tapped?

Don Masters, CEA Agent:
That's what's in my head.

V.I. Kydor Kropotkin:
Don, this is America, not Russia.
WHo could possibly tap every phone in the US?

---------------

dad to son: "Don't you ever bring that gun in the house!"
pause then "That's my car gun. My house gun is already in the house, so please

Links

[goombah99]

The President's Analyst [youtube.com]

Not clear if customer records are affected

[Florian Weimer]

Deutsche Telekom might just have screened call data records on company phones (provided to employees and board members for company purposes). In this case, it's very difficult to say if this practice was illegal -- or even morally wrong.

Re:

[jeiler]

Morally questionable, at best. Business records are to be used for business purposes: here in America, there is an expectation of privacy that extends even to internal data usage at a company. Only the billing department should know about my call history, and then they only need to know the minimum information required to correctly calculate my bill. Who I call is no one's business--including the telco.

Re:Not clear if customer records are affected

[snowraver1]

Funny you mention that, when just the other day there was an article on /. that indicated that almost 50% of US companies routinely monitor outgoing email to make sure that there are no information leaks.

I think that if the company owns the phone, and the employee (by paying them) then all communications are fair game for monitoring.

Now if they were snooping on customers, that would be a WHOLE different story...

Re:

[jeiler]

You're quite correct: I should have been more specific. I was referring to the telco monitoring my home or business account.

If this was monitoring calls placed within the telco to (whatever outside source), then the grounds for moral objection become a lot less clear. I had understood the article talking about board members calling people from their homes.

Re:

[jellie]

From my understanding, they were monitoring the calls of journalists and their contacts -- which may or may not have included board members. Here's the quote from my other post in this thread:

The goal of the "Clipper" and "Rheingold" surveillance programs, as well as other "secondary projects," the fax makes clear, was to "analyze several hundred thousand landline and mobile connection data sets of key German journalists reporting on Telekom and their private contacts."

Furthermore, this is a telecommunications company that (presumably) has the calling logs of its customers. Sure, it's not like they hacked another company's data, but it's still an incredible abuse of power. There's also a limit to the "fair game for monitoring." Deutsche Telekom may own the central infrastructure (or

Re:

[CowTipperGore]

I think that if the company owns the phone, and the employee (by paying them) then all communications are fair game for monitoring.

Now if they were snooping on customers, that would be a WHOLE different story...

According to the article linked to in TFA, they were snooping on customers:

The goal of the "Clipper" and "Rheingold" surveillance programs, as well as other "secondary projects," the fax makes clear, was to "analyze several hundred thousand landline and mobile connection data sets of key German journalists reporting on Telekom and their private contacts."

Other spying campaigns had already been "specifically planned and assigned," including "the surveillance of one of your shareholders, a company headqu

Re:

[LilGuy]

Well if that's truly the case then system, network, and security administrators hold the keys and no one is exempt. That means these guys have access to all the communications across the whole network and that includes communications between the uppers. I'm willing to bet those guys wouldn't be so keen on having other people privy to their communications. Somehow I'd imagine you're arguing that it's only okay to snoop on the peon communications.

Re:

[Tom]

Now if they were snooping on customers, that would be a WHOLE different story...

They were, that's why it is. :-)

Re:

[ronocdh]

Business records are to be used for business purposes

An interesting tactic you've employed there. Wouldn't it be rather trivial (at least in the States), to defend a business doing this? I mean, they're just trying to manage PR. That's a business purpose, isn't it?

I'm referring completely to casual conversation logic, not what would hold up in the courtroom. Although perhaps that's unreasonably optimistic of me.

Re:

[jeiler]

Wouldn't it be rather trivial (at least in the States), to defend a business doing this? I mean, they're just trying to manage PR. That's a business purpose, isn't it?

An interesting analogy. :D

PR is, indeed, a "business purpose." But in the States, the business is restricted by privacy rules in all of their dealings. If said business abuses the privacy of its customers--for any purpose, with a very few clearly delineated exceptions--they've violated the law.

Now, that doesn't mean it doesn't happen. Fo

Re:

[SpectreBlofeld]

How do you feel about network admins monitoring traffic on the company network?

Re:

[jellie]

Good point. The article isn't very clear what type of spying was used, but the other article [spiegel.de] linked in the story does mention some of the tactics:

The goal of the "Clipper" and "Rheingold" surveillance programs, as well as other "secondary projects," the fax makes clear, was to "analyze several hundred thousand landline and mobile connection data sets of key German journalists reporting on Telekom and their private contacts."

It seems very similar to the HP scandal, which also involved boardroom leaks and spying on telephone records. Of course, HP is not a telecommunications company, unlike Deutsche Telekom. The article continues, ominously:

Moreover, the letter continues, the office of an "important business journalist," had been infiltrated by a mole who had reported "directly to corporate security" at Telekom for several months.

It's actually kind of amusing (or sad) how the scandal erupted. The outside "consultant" hired to do the spying sent an angry fax, demanding to b

Re:

[Florian Weimer]

Der Spiegel has a tendency to exaggerate news stories as soon as journalists are affected. Typically, journalists are portrayed as primary targets, despite their actual involvement. So this part should be taken with a grain of salt, like when bloggers are writing about other bloggers.

And you're right about paying. Actually, I think you should that kind of stuff in the family, without relying on outside parties.

Re:

[hughk]

It wasn't just Der Spiegel - all the German newspapers took a dislike to this (even Bild). Monitoring employees has to be done very carefully to be within German law.

Re:

[MadMidnightBomber]

I worked briefly as a summer student at British Telecom - this was expressly illegal there and that was back in '97. We had to sign a couple of documents about it even though we were nothing to do with phones.
I can't believe the UK privacy laws are better than the German ones, so odds on are it's illegal.

The Solution

[imyy4u3]

"Hello."
"Hey, what's up?"
"Well, I'm a board member, and they're tracking our calls now, so I can't call you at (insert newspaper name here)'s HQ from the office anymore, and that's why I'm calling you from a pay phone."
"OK, just meet me at the coffee shop at 7pm tonight."
"Sure."

Problem solved. Idiots.

Re:

[Yvanhoe]

This implies that you knew the calls were tracked

Re:

[Lilith's Heart-shape]

It also implies that you can find a working pay phone. Good luck doing that in America.

Re:

[trybywrench]

It also implies that you can find a working pay phone. Good luck doing that in America.

German telephone giant Deutsche Telekom ;p

Re:

[owlnation]

German telephone giant Deutsche Telekom ;p

Yes... but before you get all patronizing... you might want to note that Deutsche Telkom also is T-Mobile, which is an international company. Are you sure they only did this in Germany? Because I seriously doubt they restricted this immoral action to the borders of Germany.

Re:

[Poorcku]

All the reports seem to be indicating that it happened in Germany and not in the US. So arguably one should discuss it in a german context and not in an american one. Moreover, just because you doubt it doesn't mean it happened.

Re:

[Jesus_666]

However, the basic point still holds - pay phones have become a rarity over here, as well. Mobile phones have displaced them. However, the German mobile phone market is fiercely competitive and it's easy to pick up a new SIM card for your mobile and use a competitor's network. Or, if you're less cautious, just get yourself a second SIM card from T-Mobile and don't tell your bosses about it.

It's not as if it'd actually cost you real money. In that regard Germany is different from the States.

Re:

[Lilith's Heart-shape]

Yeah, I saw that. I wasn't going to assume, however, that it was as hard to find a working pay phone in Germany as it is here in the People's Christian Republic of Amerika.

Re:

[Poorcku]

The action takes place in Germany. Not everything happens in the US, you know.

Re:

[QuantumRiff]

Right, but guess who owns T-Mobile, a large, US wireless company? (They were called Voicestream wireless before they got bought by Deutsche Telekom, along with a dozen small cell companies, to form one big one.)

Re:

[rodrigoandrade]

> Problem solved. Idiots

Yeah, until men in black suits show up at said coffee shop.

Re:

[maxume]

It's always the men in suits that ruin the atmosphere.

Re:

[Opportunist]

Indeed. I think we should ban politicians, hot air simply has to add to global warming!

Re:The Solution

[oodaloop]

Having done phone call analysis for the government, this is hardly a viable solution. Multiple calls from a pay phone would stick out like a sore thumb in this day and age.

Re:The Solution

[Mark Trade]

Actually, if you know that you are subject of surveillance, you have a whole arsenal of methods to evade from it. It you aren't, and that's the sneaky little problem with it, you are an open book.

Oh, and they did not only monitor outgoing calls in the company HQ. They tracked all phone calls they were servicing in the whole country and then ran searches against business and private phone numbers of known journalists and employees. So not even at home you were secure.

Re:

[edelholz]

Mod parent up! They didn't just track employees and board members, they tracked hundred thousands of customers, monitoring many journalists that happened to have a T-Mobile phone.

Re:

[Jesus_666]

Man, suddenly I'm very happy to be on the E network... (The German mobile networks have letter designations; The A, B and C networks were anlog and have been shut down; T-Mobile is present in the D network (900 MHz) and only slightly in the E network (1800 MHz). Anyhow, my prepaid card is not from T-Mobile and that's good.)

Re:

[Mark Trade]

The data retention law in Germany has been in effect since the beginning of 2008 with a phase-in until 2009 when non-compliance becomes punishable. So the self-organized (shall we call it "grass roots"?) data retention of the Telekom was unlawful. In fact, there were privacy laws that outlawed such a thing explicitly.

The spying does not only come from logging (which is bad enough without it being prohibited) but from using the data at all. Bonus points for using it against their own board.

Re:

[Timosch]

Plus even under new laws, they only have to store the data, but may not access it without the permission of a judge, and only in cases of danger to life or the constitution (as to an injunction by the Federal Constitutional Court, the trial about the constitutionality of this law is still pending...)

Re:

[RomulusNR]

Duh, they *have* to keep the CDRs for numerous reasons, not the least of which is billing.

And they also review CDRs to identify network problems. I've personally worked on data mining software that used CDRs to identify device problems, and other esoterics.

People will complain "oh, they're keeping records of my calls." Then they will complain "how do they not know their towers are faulty, can't the tell by the records of people's calls?"

This just in!

[Ngarrang]

A major corporation providing a necessary public service mis-uses those records for personal reasons! Film at 11!

Okay, is anyone else not surprised to read this? Do any you have actually think that your local telecom ACTUALLY respects your privacy and doesn't do funny things with your data?

Sure, this was only on its own executives. But doing this to faceless subscribers is not a far leap of the imagination.

Re:

[ms1234]

This was the case with the Finnish telecom Sonera which also tracked calls to find out who was leaking information in the company.

Re:This just in!

[Tom]

Yes, I think that. Mostly because I work at the local telecom company. :-)

The people in our company who handle this data are very aware of what they're handling, and in addition to their contract had to sign numerous papers saying they'll never break those laws, not even under a direct order from a superior. We have not one but two departments handling regulation and compliance.

That is why this is such a big scandal in Germany right now: Pulling this stunt off means that there is massive corruption at all levels within T-Com.

Re:

[hughk]

That is why this is such a big scandal in Germany right now: Pulling this stunt off means that there is massive corruption at all levels within T-Com.

Oh, I am shocked, quite shocked that there is corruption within Telekom.

Remembers back to the time when a firm I worked for reputedly had to pay Telekom employees a fortune in back-handersto get some lines moved quickly

Summary incorrect

[Denial93]

The company's internal security didn't just track the phone calls between board members and journalists. Obviously, they "had to" check for journalists' number in board members' connection lists. But they also checked for board members' numbers in the connection lists of journalists who wrote particularly much about the company. So hundreds of thousands of connections between journalists and informants, friends etc. were monitored.

I don't think Germany even has laws that are adequate for crimes of this scale. After all, data is knowledge, knowledge is power, power is abusable. More data means more knowledge means more abuse. It is time for lawmakers to react.

Re:

[Archangel Michael]

1) I'm not worried
2) Even if I was worried, there is nothing I can do about it
3) It is going to happen more and more
4) No law is going to prevent people from doing immoral or unethical things.
5) People who think laws will protect them are fools. Only You can protect yourself.

You see, man can't rule himself, let alone others. There was this guy some 2000 years ago, who by most accounts did absolutely nothing wrong, and they (man, men, govnmt etc) had him executed.

If they could kill him, then they can kill an

Re:

[QuantumPete]

Indeed, Germany's postal secrets act stems right from the constitution and like in America that's pretty serious stuff. Monitoring of phone calls is illegal, unless you have a warrant. Monitoring who places calls where isn't, since you didn't glean insight into the contents of the message. It's like a postman looking at the addressee and sender information on a letter.

Re:Summary incorrect

[Tom]

I don't think Germany even has laws that are adequate for crimes of this scale. After all, data is knowledge, knowledge is power, power is abusable. More data means more knowledge means more abuse. It is time for lawmakers to react.

Knowing beats thinking. :-)

Germany has several laws against this, in fact. At least three were very obviously breached, and criminal proceeds are very likely to be initiated very soon.

Source: I work at a german telecommunications company (not T-Com). Due to my position I had to sign extensive paperwork about all the laws I have to know and follow when I started working there.

Re:

[mxs]

Source: I work at a german telecommunications company (not T-Com). Due to my position I had to sign extensive paperwork about all the laws I have to know and follow when I started working there.

And never in a million years would anybody who ever signed any papers that are required to be signed to start work breach that agreement when ordered to do so by a superior (or when assuming that you'll never get caught). He signed a paper, for chrissakes ! It cannot be !

There are plenty of honorable people in the business, but there are also plenty of opportunistic bastards who will sign these things and never give them a second thought.

Re:

[Tom]

Wrong place to put that argument. :-)

GP said: "there ought to be a law". I said: "there already is, dumbo". Your argument misses the point.

Re:

[mxs]

Wrong place to put that argument. :-)

GP said: "there ought to be a law". I said: "there already is, dumbo". Your argument misses the point.

From your argument it read as if you were holding up the "we all sign it, so we could never do such a thing !"-card as well, though. Sure, there is a law -- in some industries, the law gets broken without missing a beat, as a matter of course -- and it is never prosecuted. Take, for instance, again the Deutsche Telekom AG. They, as a matter of course, have breached existing law for years by saving call data at variance with the BDSG and TMG -- of course now they are required to do so by law (even though th

Re:

[Denial93]

I said for crimes of this scale. In German law, sentences for multiple crimes of the same severity don't stack - i.e. for a crime that gets you up to five years in prison, doing it twice will still only get you up to five years in prison.

This is why for some crimes, there are several variants depending on the scale of the crime - possession of five grams of marihuana isn't the same crime as possessing five tons of it. Of course Germany has laws against breach of telecommunication privacy, but the sentences

Re:

[Jesus_666]

I don't think Germany even has laws that are adequate for crimes of this scale.

Don't worry, those responsible will receive the harshest punishment known to the German legal system: They will be forced to learn the entire German tax law and all associated fluff by heart. That's about ten years of their lives right down the drain, not to mention mental scarring, burnout etc.

The bigger news story from now on

[iminplaya]

will be when you find out your line is not being tapped. At this point, it's best to assume the worst and work as though everything you do is being broadcast on the TV.

Oblig....

[heyetv]

Deutsche Bags

*ducks*

In related news

[Bovius]

Comcast admits to keeping a list of users that access porn sites and using it for targeted ads, claims they aren't checking which pictures they're looking at so it's not a violation of privacy.

Blame America.

[Gnodab]

I'm sure that some how this will end up being America's fault. Just waiting for it.

Nah - self inflicted..

[Anonymous Coward]

The slide started when they went after tax dodgers using stolen data. At that point the situation became SIMILAR to the US (there, I mentioned the US, happy now?) in that some are above the law provided they find a cute enough excuse:

- "He's a terrorist so we can torture him as long as he's not in the US"/"We can lock up anyone without due process or fair hearing as long as it's not on US soil" (US, Guantanamo Bay - the original reaction was understandable, the continuation of a clear wrong isn't)
- "Oops"

Actually...

[Grashnak]

The question isn't whether or not this is wrong; the question is who on earth is stupid enough to use a phone company's own system to leak secret information about that phone company....

Re:

[Anonymous Coward]

The question isn't whether or not this is wrong; the question is who on earth is stupid enough to use a phone company's own system to leak secret information about that phone company....

Lots of people, since everyone knows that the evil Bush/Cheney/Haliburton/Rove conspiracy has been demolishing privacy rights in the USA while progressive Europeans are protected by their benevolent governments.

There was a case a few years back when a bunch of senior people at Canadian investment bank were planning to jump s

I find this hard to believe.

[Anonymous Coward]

Twelve years ago, Deutsche Telekom handed my account over to a collection agency after they were unable to produce records of calls they asserted I made, nor were they capable of tracking payments for which I sent copies of the transfer statements. The collection agent who called me barely even tried to get the money. Her attitude was more along the lines of "I know, they really do suck." So now we expect them to be able to track their own phone usage? I doubt it.

Re:

[Hal_Porter]

Twelve years ago, Deutsche Telekom handed my account over to a collection agency after they were unable to produce records of calls they asserted I made, nor were they capable of tracking payments for which I sent copies of the transfer statements.

The collection agent who called me barely even tried to get the money. Her attitude was more along the lines of "I know, they really do suck."

So now we expect them to be able to track their own phone usage? I doubt it.

When I was leaving Germany I was in during the day, packing my stuff up.

The doorbell rang, and there was a delivery guy with a box for the apartment upstairs. He rung several times - he needed a signature. Being a good neighbour I signed for it and put a note in the letterbox for the upstairs apartment - "I have a parcel for you, please come down and pick it up".

A harried looking young German woman arrived in the evening and said (and I quote) "It was good of you to pick it up but you really shouldn't have

Germany?

[Nathrael]

Invoke Godwin's Law in 3...2...1...

Re:

[jeiler]

Actually, that's one that's been missed.

So far.

...waits for the other shoe....

Re:

[Opportunist]

Funny enough, the Gestapo wasn't really known for phone tapping. Sure, they did it, but it was anything but their primary source of information. They relied on anonymous informants more than on surveillance hardware.

Well, they failed because they thought that the majority of people support them. Our leaders today won't repeat that mistake.

T mobile

[kondor6c]

Correct me if I'm wrong, but isn't T mobile a division of Deutsche Telekom?

Re:

[Stonent1]

Korrect.

Re:

[dbcad7]

Yep, way back when there was a lot of fuss about a foreign company owning a telephone utility in the US. (back when they were starting to buy voicestream). The reason I remember this is because voicestream at the time was about the only GSM provider in the US.. and as all of Europe (an most of the world) is GSM it made sense that DT would look at them.. And they have done a lot with the company that became T-Mobile.

I am not a mobile "power user".. but I am a customer, and I have not had any problems with t

It's not just listening in that's the problem

[hyades1]

This isn't about eavesdropping, it's about getting information you have no right to possess. If my girlfriend steals my cell phone and finds out that I've been calling Wendy's House of Spanking Ecstasy on the same days as I subsequently say I was working late, she doesn't need the contents of the call to get seriously pissed off and do some major damage to my professional life.

This is exactly the same kind of thing. The telcom has no right to use its special situation to assume police-like powers and check up on people.

And my mention of Wendy's was just an example, OK? I don't know of any such place and I don't know if it even exists and I've never been there if it does. OK? Got it?

Re:

[MadMidnightBomber]

But they are not allowed to break the law to do so - which they almost certainly have done.