CREDO steals telcos’ thunder with new transparency report

After years of public calls for telco transparency, today marks a historic moment: the release of the first-ever telco transparency report. We applaud CREDO Mobile for being the first telco in the world to issue such a report, detailing their responses to law enforcement requests for user data.

A relatively small, California-based ‘virtual mobile network operator,’ CREDO’s unexpected release steals the thunder of industry giants AT&T and Verizon, the two largest U.S.-based telcos, which recently made their own transparency report promises. CREDO has said it will continue issuing the data quarterly.

CREDO’s report mostly aligns with the WeNeedToKnow Coalition’s model for transparency reports – it provides the number of users affected by the requests, the authority issuing the request, as well as the number of requests complied with. It does not specify under which laws the requests were issued, the last of the major WeNeedToKnow asks.


A push for surveillance reform

In addition to publishing its raw numbers, CREDO took the opportunity of its report to push for reforms to US surveillance laws. This should be unsurprising, as CREDO Mobile is a company with a progressive mission and a history of defending civil liberties: They’re on record supporting the repeal of the USA PATRIOT Act and the FISA Amendments Act; opposing Sen. Feinstein’s recent intelligence bill (the so-called “FISA Improvements Act”); and endorsing the USA FREEDOM Act and the Amash-Conyers Amendment. CREDO often is a joint signatory alongside Access in coalitions, campaigns, and other advocacy efforts.


What the numbers say

According to its report, CREDO received only 16 requests in 2013: 15 were non-emergency requests that came in the form of subpoenas and summonses, of which CREDO complied with 14 (including some instances of compliance in which CREDO had no information to give). These 14 instances of compliance affected 15 users/accounts. The report also specifies CREDO only received 1 request in an emergency situation, and the company checked the relevant law (18 USC 2702(c)(4) and/or (b)(8)) before complying.

The report breaks down each request received by type, revealing a fascinatingly diverse set of legal orders, including grand jury subpoenas, summons to produce documents, subpoenas duces tecum (commanding witnesses to bring documents to court), and more. These requests were issued by sheriffs, state and county courts, the FBI, and various other agencies.The myriad sources of the government requests is an indication of the scope of the challenge faced by privacy reform advocates in the United States. Unlike in countries or regions that have a unified data protection regulation, there is no uniformity in the U.S.: Many branches and levels of government have the capability of using these types of requests to access user data.

Unfortunately, CREDO’s report does not disclose national security requests. The report states that “it may not be possible for CREDO or any telecom carrier to release to the public a full transparency report,” due to US laws preventing disclosure of these orders. CREDO may be uniquely well positioned to know: they’re reported to be the possible plaintiff in a recent case on National Security Letters filed by the EFF. This case is currently being appealed by the U.S. Government to the Court of Appeals for the Ninth Circuit in California. Access has joined coalitions calling for more transparency from the government, and allowing more disclosures by companies on national security matters.

Access welcomes this release of data, and CREDO’s commitment to transparency and reform of surveillance laws, as a strong basis for more innovation in reporting and pushback by the telecom sector. So, kudos to CREDO: AT&T, Verizon, and others are certainly watching.