Transparency is highly important to us
Telecommunications companies are required by law to assist security authorities with surveillance measures or by handing over data for law enforcement. It is very important to us that we make our activities as transparent as possible within the framework of these legal obligations. Deutsche Telekom was the first company to publish a transparency report for Germany in 2014. After an extensive analysis of the respective legal framework in each country, the first international transparency report for our international branches followed in 2016.
In our current, cross-border transparency report, we provide information on the type and scope of information provided to security authorities in 2021. On the one hand, this involves surveillance measures through which telecommunication connections can be tracked or recorded. On the other hand, the information about line owners or traffic data is quantified here. Our support services are provided exclusively based on a clear and mandatory legal basis in the respective countries. These legal bases can also be found in the report. This year, we have additionally included in the report which security authorities in each country are entitled to order surveillance measures or to demand data.
How are the figures to be understood?
In some countries, only the number of requests from public authorities are counted, not the number of surveillance measures or handed over data. On the one hand, stored traffic data can be requested (when did a communication take place? Between which ports? For how long?). On the other hand, so-called subscriber data (customer data such as name, address, and date of birth) are requested. Some information must also be provided on owners of IP addresses (subscriber data for a specific IP address).
A request can refer to several lines or data sets. In addition, it must be considered that a data set can also contain a variety of information (such as several identification features like the mobile equipment identification number IMEI and the telephone number). If only a specific customer is asked, they can have both a mobile and a fixed line number. So at least two data sets must be considered. If a mobile device is to be located at a certain time, it may be that several mobile phone cells and thus also several data sets must be considered because the location had changed from one cell to another. Information becomes very extensive if all logged-in devices in a mobile phone cell are to be listed over a certain period. Especially in large cities, this can result in tens or even hundreds of thousands of data records.
Information about Germany
In 2021, approximately 2,700 surveillance measures were implemented monthly for the authorities in the Telekom regional offices for special state requirements in Germany (ReSAs). In addition, the teams in the ReSAs provide information about traffic data – i.e., when communication took place, between which connections and for how long. In addition, there is customer data such as name, address, and date of birth. The number of traffic and customer data reports has increased compared to the previous year. The number of customer data disclosures also includes IP address information to law enforcement agencies. The number of copyright protection requests has also increased compared to the previous year.
Our experts check every request for legal conformity and pay particular attention to compliance with telecommunications secrecy and data protection. Support services for surveillance measures are provided strictly according to the four-eyes principle. This means that there are always two employees involved who check each other. Technically, a line interception means that the affected traffic is made available directly to the authority. Deutsche Telekom itself cannot take note of the content of these connections. Attention is also paid to the highest level of technical safety. The focus is always on safeguarding the rights of the individual, especially the protection of telecommunications secrecy.
Our Security Policies
All requirements for transparent and legally compliant action are bindingly anchored in our security policies for all companies of the Telekom Group and create a common framework for action.