German telecommunications company Deutsche Telekom and its subsidiary company T-Mobile USA committed themselves to make communication data and contents available to American authorities. This agreement is part of a contract with the FBI and Department of Justice from 2001, which we hereby publish. Telekom comments that it of course cooperates with security services – also in other countries.
This is an English translation of the original German post.
Two weeks ago Deutsche Telekom CEO René Obermann was totally surprised by the mass-surveillance of western intelligence agencies. Yesterday, David Scharven reported on WAZ.de about an “surveillance contract of Deutsche Telekom with US authorities”.
Commitment to Electronic Communications SurveillanceThe contract is between Deutsche Telekom AG and VoiceStream Wireless (which became T-Mobile USA in 2002) on one side and the Federal Bureau of Investigation and the US Department of Justice on the other. The 27 page document was signed in December 2000 and January 2001 – before 9/11.
After recitals and definitions, Article 2 of the contract describes “Facilities, Information Storage and Access”. T-Mobile USA commits to operate its infrastructure for “all Domestic Communications” “in the United States”. The communication has to flow through a facility in the US “from which Electronic Surveillance can be conducted”. Deutsche Telekom further commits to “provide technical or other assistance to facilitate such Electronic Surveillance”.
Access to this data is granted on the basis of “Lawful U.S. Process”, “orders of the President in exercise of bis/her authority under § 706 of the Communications Act of 1934″ or “National Security and Emergency Preparedness rules”.
Any Wire Communications or Electronic Communications
The types of data to be stored are “stored Domestic Communications”, “any Wire Communications or Electronic Communications”, “Transactional Data and Call Associated Data”, “Subscriber Information” and “billing records”. These data must be “stored in a manner not subject to mandatory destruction under any foreign laws”. Billing records shall be stored “for at least two years”. Other legal obligations for data retention remain unaffected by this contract.
We include the full article 2 at the bottom of this post. Further articles commit Deutsche Telekom/T-Mobile USA to security instructions. They shall not disclose this data to foreign parties, especially foreign governments. Every three months Deutsche Telekom “shall notify DOJ in writing of legal process or requests by foreign non governmental entities”. Furthermore FBI and DOJ insist on 24/7 “designate points of contact” “to conduct Electronic Surveillance”.
On FBI or DOJ demand, Deutsche Telekom “shall provide access to Information concerning technical, physical, management, or other security measures and other reasonably available information”. The institutions can, “upon a reasonable notice and during reasonable hours”, visit and inspect any part of Deutsche Telekoms “Domestic Communications infrastructure and security offices”. Further Deutsche Telekom is committed to “submit to the FBI and the DOJ a report assessing DT compliance with the terms of this Agreement” every year.
United States would suffer irreparable injuryLast but not least “Deutsche Telekom AG agrees that the United States would suffer irreparable injury if for any reason DT failed to perform any of its significant obligations under this Agreement”.
The contract was signed in December 2000 and January 2001 by Hans-Willi Hefekäuser (Deutsche Telekom AG), John W. Stanton (VoiceStream Wireless), Larry R. Parkinson (FBI) and Eric Holder (DOJ).
Questions to Deutsche Telekom
This revelation raises multiple questions, which we have asked Deutsche Telekom:
- Is this contract still in force? Was the contract changed since 2001?
- How much data was transferred to US authorities by this or other contracts?
- Did CEO René Obermann know about this contract, when he said two weaks ago: “We are not cooperating with foreign intelligence services”?
Which other countries with such contracts?
Deutsche Telekom AG is active in dozens of countries, including China and Russia. Did Telekom sign surveillance contracts in these states as well?
A spokesman of Deutsche Telekom explained, such surveillance contracts with foreign intelligence services are also in place “in other countries”. Telekom could not say in which countries surveillance duties are regulated by such contracts. It will be checked, they said.
A spokesman of Deutsche Telekom commented to netzpolitik.org:
This contract essentially says that the American subsidiary of Deutsche Telekom AG abides American law.
Of course Deutsche Telekom cooperates with intelligence services, when obliged by law to do so.
Frank Rieger, a spokesperson of Chaos Computer Club told netzpolitik.org:
Deutsche Telekom, as well as any other telecommunications companies, must reveal all secret agreements with domestic and foreign intelligence services. These providers have to decide where to put their loyalty: their customers or the intelligence services.
Here is the full paragraph 2 of the contract:
ARTICLE 2: FACILITIES, INFORMATION STORAGE AND ACCESS
2.1 Except (to the extend and under conditions concurred in by the FBI and the DOJ in writing:
(a) all Domestic Communications Infrastructure that is owned, operated, or controlled by VoiceStream shall at all times be located in the United States and will be directed, controlled, supervised and managed by VoiceStream; and
(b) all Domestic Communications Infrastructure not covered by Section 2.1(a) shall at all times be located in the United States and shall be directed, controlled, supervised and managed by a U.S. Subsidiary, except strictly for bona fide commercial reasons;
(c) all Domestic Communications that are carried by or through, in whole or in part, the Domestic Communications Infrastructure shall pass through a facility under the control of a US, Subsidiary and physically located in the United States, from which Electronic Surveillance can be conducted pursuant to Lawful U.S. Process. DT will provide technical or other assistance 1o facilitate such Electronic Surveillance.
2.2 DT shall take all practicable steps to configure its Domestic Communications Infrastructure to be capable of complying, and DT’s employees in the United States will have unconstrained authority to comply, in an effective, efficient, and unimpeded fashion, with:
(a) Lawful U.S. Process,
(b) the orders of the President in exercise of bis/her authority under § 706 of the Communications Act of 1934, as amended, (47 U.S.C. § 606), and under § 302(e) of the Aviation Act of 1958 (49 U.S.C. § 40107(b)) and Executive Order 11161 (as amended by Executive Order 11382), and
(c) National Security and Emergency Preparedness rules, regulations and orders issued pursuant to the Communications Act of 1934, as amended (47 U.S.C. § 151 et seq.)
2.3 U.S. Subsidiaries shall make available in the United States the following:
(a) stored Domestic Communications, if such communications are stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason;
(b) any Wire Communications or Electronic Communications (including any other type of wire, voice er electronic Communication not covered by the definitions of Wire Communication or Electronic Communication) received by, intended to be received by, or stored in the account of a customer or subscriber of a U.S. Subsidiary, if such communications are stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason;
(c) Transactional Data and Call Associated Data relating to Domestic Communications, if such data are stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason;
(d) Subscriber Information concerning customers or subscribers of a U.S. Subsidiary, if such information are stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason; and
(e) billing records relating to customers and subscribers of a U.S. Subsidiary for so long as such records are kept and at a minimum for as long as such records and required to be kept pursuant to applicable U.S. law or this Agreement.
2.4 U.S. Subsidiaries shall ensure that the data and communications described in Section 2.3(a) – (e) of this Agreement are stored in a manner not subject to mandatory destruction under any foreign laws, if such data and communications an: stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason. U.S. Subsidiaries shall ensure that the data and communications described in Section 2.3(a) – (e) of this Agreement shall not be stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contacted with or made other arrangements for data or communications processing or storage) outside of the United Stales unless such storage is strictly for bona fide commercial reasons weighing in favor of storage outside the United Stales.
2.5 DT shall store for at least two years all billing records maintained by U.S. Subsidiaries for their customers and subscribers.
2.6 Upon a request made pursuant to 18 U.S.C. § 2703(f) by a governmental entity within the United States to preserve any information in the possession, custody, or control of DT (hat relates to (a) a customer or subscriber of a U.S. Subsidiary, or (b) any communication of such customer or subscriber described in (a) above, or (c) any Domestic Communication, DT shall store such preserved records or other evidence in the United States.
2.7 Nothing in this Agreement shall excuse DT from any obligation it may have to comply with U.S. legal requirements for the retention, preservation, or production of such information or data.
2.8 Except strictly for bona fide commercial reasons, DT shall not route a Domestic Communication outside the United States.
2.9 DT shall comply, with respect to Domestic Communications, with all applicable FCC rules and regulations governing access to and storage of Customer Proprietary Network Information (“CPNI”), as defined in 47 U.S.C. § 222(f)(1).