On 06.25.2013 8:08 PM, Mats Palmgren wrote:
>> On Monday, June 24, 2013 6:36:52 AM UTC-7,
teliasone...@teliasonera.com
>> wrote:
>> > TeliaSonera does not agree with the posted allegations,
>> > we have not committed bad acts and have not abused trust.
>
> TeliaSonera facilitates unlimited mass-surveillance in several
> dictatorship countries, where people have been imprisoned, tortured,
> or killed because of their political views.
>
http://vimeo.com/41248885
I agree. There is no question that TeliaSonera facilitated the
surveillance of citizens in former Soviet republics. There really is no
way to conclude otherwise.
What I find so breathtakingly disingenuous, however, is that the
TeliaSonera response does not acknowledge the recent actions of the
company's board of directors. See reference [RFERL] for the full
details, but what has happened is that an independent review was
conducted regarding the business in Uzbekistan. Based on that report,
the board of directors itself decided the allegations were serious
enough that they forced the resignation of the CEO. Quoting from [RFERL]:
"Announcing his resignation, Nyberg said he was informed by the
TeliaSonera board that there would be 'significant changes to the
composition of the board' after it received the report, and that he
longer had the board's support."
Whether there is legal culpability and liability is an entirely
different question, but for Mozilla's purposes here I think a claim of
"bad acts and abuse of trust" is warranted and justifiable.
...snip...
> As far as I know, none of the allegations has been refuted.
> In fact, the official TeliaSonera response "we're just following
> the law in the countries that we operate" has been repeated on
> multiple occasions in news media.
I agree with Mats: the "just following the law" argument does appear
frequently in the media reports. I even found a TeliaSonera press
release [TS-FB] which announced it was blocking all access to Facebook
for citizens of Tajikistan. The press release says:
"We have a clear policy in place to ensure that all requests are
handled in a legally correct way...."
There is, of course, a big difference between being legally correct and
being an arbiter of trust. The [EFF] article makes this very point:
"Authoritarian regimes can interpret the law in ways that justify
unlimited spying on journalists and political dissidents. Or...the
laws on the books are not enforced—unrestricted surveillance is the
order of the day. If tech companies want to avoid being
repression’s little helper, they must know their customer and
refrain from cooperating with governments that they believe will use
their technology to facilitate human rights violations."
>> > There have been media reports in which TeliaSonera is used
>> > as a tool to drive home the point that some governments
>> > allegedly use the tools for monitoring telecommunications,
>> > that all countries reserve for national security, in a
>> > negative way.
Concerns about tools and government surveillance and national security
are all distractions to the primary issue facing the Mozilla community:
trust and perception.
Rather than speak of media reports in the abstract, I compiled a list of
reports that people have shared in this forum. The complete list is at
the bottom of this email but I will provide a quick summary here:
[BB-UG] and [BB-VID] is the initial investigative report by Swedish
public television into the allegations that TeliaSonera worked in
partnership with corrupt peoples and governments, and that those
partnerships resulted in losses of privacy and in some cases abuse
of human rights. To be clear, the abuse of rights and of privacy is
not at the hands of TeliaSonera itself—it is the governments who did
that—but TeliaSonera at best allowed privacy to be violated and at
worst invited the privacy loss in order to secure business in the
former Soviet republics. I personally can't tell where that line
should be drawn but the allegations are nonetheless serious, and it
is this report that first documents and presents the information in
order for people to evaluate it and draw their own conclusions.
[SLATE] and [EFF] provide English-language accounts of the TV report
in [BB-VID] and provide examples of the privacy losses and human
rights abuse. (Since the video is an hour long it is faster to
review these articles!)
[EURA] provides further information and analysis into the
investigation between TeliaSonera and specific people whose
reputation is, at best, "questionable" or, at worst, "heavy-handed
and corrupt". In particular, the report brings up Gulnara Karimova
who is described as "the single most hated person in Uzbekistan".
The [EURA] article in particular shows how the taint of distrust begins
in Uzbekistan: the people do not trust Gulnara Karimova and her
father's government in Uzbekistan; ergo, the people do not trust
companies that are do business with her and the government; ergo, the
people do not trust TeliaSonera; ergo, the people do not trust the CA
roots issued by TeliaSonera. I'm sure similar links could be made in
other former Soviet republics, too.
Like it or not the taint of distrust is on the TeliaSonera company (and
brand), and it seems the taint was invited upon the company itself out
of a eagerness to business in the former Soviet republics.
...snip...
>> > TeliaSonera’ s CA business is separated from our telecommunications
>> > operator business organization wise, and is not under any influence
>> > of the rules that apply to our operator business.
TeliaSonera's claim can not possibly be verified and contradicts its
press release on blocking Facebook access [TS-FB]. If a legal request
comes in from Tajikistan for a MITM certificate, is TeliaSonera's CA
operation not obligated to comply?
The claims of separation and "legality" also call into question the
value of restricting business to just Europe (as the official response
from TeliaSonera mentioned). Basicially, such restrictions are of
limited comfort. If someone in Tajikistan wishes to access a web site
in Europe and TeliaSonera has provided a MITM certificate to the
Tajikistan government regulators, based on a "legal request", the
outcome is the same: loss of privacy.
Exactly how separate the CA business would be is ultimately irrelevant,
because once the taint of distrust reaches the TeliaSonera company, the
CA business is equally tainted.
> A leadership that has demonstrated that it's oblivious to the human
> rights violations in these countries as long as it's good for business.
>
> That leadership could also use its CA business to do bad things if they
> think it's good for business.
I agree with Mats. TeliaSonera has announced a new CEO [TS-CEO] but he
won't begin until September 2013. That announcement also mentions a
desire for the company to have a fresh start, but we won't know for some
time if TeliaSonera could once again be trusted.
Good link, Mats (added it to the list below)! To use my taint of
distrust metaphor: Right now TeliaSonera is soaking in it, and if
people use a Mozilla product and see the TeliaSonera name, Mozilla will
be soaking in the taint, too. Mozilla can not allow that to happen.
Mozilla must deny TeliaSonera's request to add a third root certificate.
-----
Below are all the references I was able to cull from this forum that
seem relevant to TeliaSonera's request.
[BB-UG] --
http://www.svt.se/ug/video-the-black-boxes-3
This is the main page for the Swedish TV program "Uppdrag
Granskning" and their investigative report titled "The Black
Boxes". The report aired on or around April 26, 2012. [The page is
in Swedish.]
[BB-VID] --
http://vimeo.com/41248885
This is a direct link to the "Black Boxes" video. The video is in
Swedish (and Russian?) but has English subtitles.
[EFF] --
https://www.eff.org/deeplinks/2012/05/swedish-telcom-giant-teliasonera-caught-helping-authoritarian-regimes-spy-its
This is an English-language report by the Electronic Frontier
Foundation on May 18, 2012 on the "Black Boxes" video [BB-VID].
This report does mention legal aspects and the difference between
knowing the law and knowing how the law will be followed (or not).
[EURA] --
http://www.eurasianet.org/node/66375
This report by EurasiaNet.org on January 9, 2013 again references
the "Black Boxes" video [BB-VID] but goes on to document newer
evidence about the connections between TeliaSonera and corrupt (or
at least corruptible) persons.
[MOZREP] --
https://blog.mozilla.org/blog/2013/01/28/privacy-day-2013/
Blog post from January 28, 2013 where Mozilla is recognized as the
"Most Trusted Company for Privacy in 2012".
[RFERL] --
http://www.rferl.org/content/uzbekistan-teliasonera-ceo-quits/24890276.html
This is a report by Radio Free Europe/Radio Liberty on February 1,
2013 on the resignation of TeliaSonera CEO Lars Nyberg following an
independent investigation into business dealings in Uzbekistan. The
report indicates that criminal and other investigations continue.
[SLATE] --
http://www.slate.com/blogs/future_tense/2012/04/30/black_box_surveillance_of_phones_email_in_former_soviet_republics_.html
This is an English-language report by Slate on April 30, 2012 on the
"Black Boxes" video [BB-VID]. It describes the use of black boxes
for government surveillance and subsequent privacy losses and human
rights abuses by those governments.
[TS-FB] --
http://www.teliasonera.com/en/newsroom/news/2012/tcell-restricts-access-to-facebook-after-legal-request/
This is a press release from TeliaSonera on November 27, 2012
announces that Tcell, a TeliaSonera company, has restricted access
to Facebook at the request of the country of Tajikistan. The
request is reported as being legal.
[TS-CEO] --
http://www.teliasonera.com/en/newsroom/press-releases/2013/6/johan-dennelind-appointed-president-and-ceo-of-teliasonera/
This is another press release from TeliaSonera on June 16, 2013 on
the announcement of the new CEO. It says he will take over as CEO
on September 1, 2013 at which time he will begin to take the company
in a new direction. The chairman of the board is quoted as saying
the new CEO will "provide a fresh start" for the company.