Mobile Phones | CC | Jon Fingas | https://flic.kr/p/goVRFZ

Prisoners outwit £1.2m mobile phone blocking technology

A £1.2m pilot project that tried to stop prisoners using mobile phones in jail is unlikely to be extended across Scotland after inmates worked out how to beat the system.

A heavily redacted report produced by the Scottish Prison Service (SPS) and obtained by The Ferret has revealed that a trial in two Scottish prisons involving high-tech mobile phone blockers, known as IMSI-catchers, was beset by multiple problems.

The project made use of technology, described by privacy campaigners as “disturbing”, that exploits a security weakness in the design of UK mobile phones.

All mobiles will automatically connect to the nearest mobile phone mast or base-station, but the phone doesn’t check whether the base-station is genuine.

By mimicking a base-station an IMSI catcher or “grabber” can persuade every nearby mobile phone to connect to it, and then it can obtain details about each handset.

The IMSI catcher can be set to block calls, or it can log details of calls whilst forwarding the call onto a genuine mobile phone mast.

Civil liberties groups say The Scottish Prison Service is the first UK public agency to admit using an IMSI catcher to collect details of mobile phones.

One group is so concerned over the privacy implications that they have pledged to refer the SPS to the Data Commissioner for investigation.

The SPS was using the devices to try prevent prisoners using mobile phones in two jails: HMP Shotts in North Lanarkshire and HMP Glenochil near Alloa.

Despite spending more than £1.2m on the phone blocking equipment, the report complains of “resilience issues,” during the pilot and a “lack of intelligence provided by the system.”

The project did not lead to a reduction in the numbers of mobile phones being used in the pilot prisons because prisoners developed what officials described as “innovative countermeasures” to circumvent the phone block.

Precise details of how they outwitted the high-tech system have been redacted from the report released under freedom of information law to The Ferret.

During the trial the number of smart phones in the pilot project jails actually increased, as prisoners learned that they could use the more sophisticated phones to get around the blocking technology.

In turn, officials suggested that this lead to “debt and bullying amongst prisoner groups” as “the business of renting out these handsets to a number of prisoners appears to be increasing.”

The report also explains that the technology could not be used in prisons in urban areas with better mobile phone networks and more members of the public living nearby.

Officials originally intended to trial the phone blocker technology at HMP Edinburgh, but the risk that people passing close to the prison would also have their phone signals blocked by the system was deemed a “high risk” early on in the project.

The system was also only commissioned to block 2G and 3G mobile signals, but a 4G signal was already available in Edinburgh at the start of the trial.

To mitigate this risk, the pilot was conducted in two more rural prisons, HMP Glenochil and HMP Shotts, instead. But despite the move, the report notes that 4G services increasingly became available throughout Scotland during the trial, including at the two final pilot prisons.

This gave prisoners another means of circumventing the phone blocking technology and communicating illegally with the outside world.

Although annual checks from Ofcom and mobile phone operators were conducted to make sure the IMSI catchers were not intercepting the calls of innocent neighbours, and no complaints were received from members of the public living near the prisons, SPS officials conclude the report by recommending that no further roll out of the controversial technology is undertaken until all the problems have been resolved.

The Ferret understands that there is only one device now in operation, and this is at HMP Shotts.

The SPS has spent £32,827 on maintaining this device in the last 24 months alone.

As a consequence of the trial an SPS spokesperson confirmed to The Ferret that the SPS is now considering moving to using mobile IMSI catcher devices, rather than ones that remain in a fixed location. It was not clear how the SPS would be able to ensure that mobile IMSI catchers would not have an impact outside the prison walls.

The service has no data retention policy that relates specifically to the IMSI catchers, and said that data obtained by the devices is held for a month before it is discarded.

Calls for Data Commissioner to investigate

Dr Richard Tynan, Technologist with Privacy International, a group that campaigns for greater transparency on the use of these devices, confirmed to The Ferret that the Scottish Prison Service was the first UK public agency to admit to using an IMSI catcher.

Other public agencies in the UK have long been suspected of using IMSI catchers but routinely operate a policy of neither confirming, nor denying, their use.

Dr Tynan said of the SPS admission: “While it is a positive beginning to transparency around these mass surveillance devices in the UK, much more information is required from the authorities and regulators about when they can be deployed and what safeguards are in place.

“This precedent must now be followed by other UK agencies and they must come clean about their use of these devices and how many innocent people have had their privacy invaded without any suspicion or hint of wrongdoing.”

The SPS can legally deploy the devices within prisons using powers in the Prisons (Interference with Wireless Telegraphy) Bill.

But Dr Tynan went on to suggest that the Scottish Prison Service had failed to fully consider the privacy implications of their IMSI catchers, for both prisoners and members of the public passing near the jails, and pledged that he would ask the Data Protection Commissioner to investigate.

Pointing out inconsistencies in the responses received by the Ferret he said: “Firstly, the SPS confirm the purchase and operation of an IMSI grabber device in “deny” mode only.”

“This would indicate that it was being used as a rudimentary jammer rather than a mass surveillance system.

“However, the subsequent admission that they collect both IMEI and IMSI numbers shows that the device is not just jamming but intentionally collecting and decoding information on any mobile phone subscriber within the area that connects to it. Most devices of this type entice as many phones as possible to connect to it and the user has no way to prevent this.

“Secondly, they claim to be able to limit the range of the devices impact to the specific perimeter of the prison but had to move the trial to a more rural area than the city of Edinburgh. This was due to the risk of leakage beyond the prison and therefore claims about their ability to not impact on innocent passers-by are dubious at best.

Tynan added: “Finally, they admit that there is no data retention policy in place at all. They hold on to the personal data obtained using this device for an entire month without any apparent regard to the necessity and proportionality of such data retention.”

“It would now seem appropriate for the Data Protection Commissioner to review the deployment and operation of this device, the long retention practices and the security measures in place for such sensitive data and how many innocent people have had their private data collected, decoded and stored unlawfully.”

Jim Killock, Executive Director of another civil liberties campaign, the Open Rights Group, also called for full transparency from the SPS about their use of IMSI catchers, and called for the rules around their use to be toughened up.

“IMSI catchers may not only affect the mobile phones of prisoners, staff and visitors but other people living nearby. If their use is rolled out to other prisons in urban areas, many more people could be affected,” he said.

“While the Scottish Prison Service is purportedly using the catchers to block mobile signals, we know that they can be used for other purposes, including installing malware.”

“As such, we need full transparency about how this technology is being used.”

Liam McArthur, a Scottish Liberal Democrat MSP, said that there should be no further deployment of the devices until the problems identified in the report had been addressed.

He said: “Reports that the SPS has spent more than £1m on a system that has been so easily circumvented and could impact on mobile phone users outside of prisons is a real concern. Part of the reason for pilot projects is to help identify problems and it seems clear that this effort to cut mobile phone use in prisons has failed.”

He concluded: “There should be no question of these technologies being rolled out into other prisons on the strength of this report.”

A spokesperson for the Scottish Prison Service said: “In Scotland section 41ZA of the Prisons (Scotland) Act 1989 provides that it is an offence to possess, or give to a prisoner in prison, or use, without authorisation or outside of the designated area of the prison, a personal communication device such as a mobile telephone or any other portable electronic device capable of transmitting or receiving a communication.

“The Scottish Prison Service gathers evidence to aid the detection of any crime that may have been committed. Going forward, we are taking forward regulations to allow the disconnection of mobile phones.”

In detail

First freedom of information response

Second freedom of information response

Photo credit: Mobile Phones | CC | Jon Fingas | https://flic.kr/p/goVRFZ

Leave a Reply

Your email address will not be published. Required fields are marked *

Hi! You can login using the form below.
Not registered yet?
Having trouble logging in? Try here.