The operators of all four major mobile phone networks have been criticised after documents obtained by The Ferret reveal that they have been secretly working with the government to implement mobile phone interception technology.

After The Ferret revealed recently that the Scottish Prison Service had been trialling the use of mobile phone interception technology devices called IMSI catchers in prisons, privacy campaigners raised concerns that more widespread use of the technology could result in the phones of members of the public being affected.

An IMSI catcher is a telephone eavesdropping gadget used for blocking or intercepting mobile phone traffic. Law enforcement agencies and security services in a number of countries are already known to use the devices.

But IMSI catchers have the potential to prevent people making 999 calls, and they could disrupt or intercept people’s business and personal calls.

Now, new documents obtained from Ofcom show that the communications regulator has been working with other government agencies and mobile phone network operators O2, EE, Vodafone and Hutchison, to monitor the public impact of IMSI catchers deployed in prisons.

As recently as January this year, O2, told Vice News journalists that it “has no agreements in place with government or security services for the deployment of IMSI catchers”.

However, emails show that Ofcom has been in communication with all four mobile network operators about government use of IMSI catchers since at least the start of 2014.

The regulator acted as a broker, putting together two Memorandum of Understanding agreements (MoUs) that have been signed by the mobile phone network operators and the prison authorities.

One agreement covers the devices operated in Scotland and used by the Scottish Prison Service.

A second virtually identical agreement covers hitherto undisclosed devices that are operated by the National Offender Management Service (NOMS) under the auspices of the Ministry of Justice in prisons in England and Wales.

The Ofcom agreements explicitly acknowledge risks previously voiced in public by privacy campaigners.

Both agreements say: “The equipment has the potential to cause harmful interference to the Operators’ customers who are legitimately using their mobile devices in the vicinity of prisons and/or the network equipment of the Operators.

“Not only could this be extremely inconvenient to Operators’ customers, disrupting their personal and business activities, but interference could also put people at risk by preventing access to services such as 999 emergency services from affected mobile phones.”

The agreement also sets out the type of equipment that is to be used, a complaints process, and a mechanism for Ofcom and the network operators to monitor the installations to identify whether networks are being affected by the government IMSI catchers.

O2 denied that it had ever needed to make use of the complaints procedure.

A spokesperson said: “The MoU seeks to ensure that appropriate procedures are put in place and followed should interference arise beyond the prison perimeter which may be attributable to equipment deployed by prison authorities.

“While we haven’t detected such interference, this is a sensible precaution to the benefit of our customers. To be clear, any such equipment is deployed by the prison – this MoU is not an agreement for us to deploy equipment on behalf of the authorities.”

O2 insisted that the firm had no choice but to work with the government.

“Like all communications companies we are required by law to help law enforcement agencies and security services on matters of crime and national security. Any requests are authorised in line with the rules laid out in Acts of Parliament such as Regulation of Investigatory Powers Act (RIPA),” the O2 spokesperson said.

“We do actively monitor our networks for a variety of threats, interference and disruption. Any suspicious activity would be investigated and followed up as appropriate.”

EE responded to our emails, but declined to provide a comment. Network operator Hutchison had not responded to multiple requests for comment at the time of publication.

Vodafone did not say whether it had raised complaints through the Ofcom agreement, but a spokesperson for the firm said in a statement: “We have strict governance controls and technology systems that protect our customers’ data and communications. We do not allow access to any customer data by authorities unless we are legally obliged to do so.

“We insist that that all agencies and authorities comply with the law.”

The responses of the companies to this exposure is wholly inadequate and is an insult to the customers who entrust them with their personal data and communications. Dr Richard Tynan, Privacy International

But Privacy International technologist Dr Richard Tynan described the response from the network operators as “wholly inadequate”, adding that the documents were “yet another example of the existence of mass surveillance capabilities being denied in public, while simultaneously being known to and used by law enforcement in secret”.

He also said that “the revelation of the involvement of telecommunications companies in the deployment of IMSI catchers in the UK is entirely new”, and called on the phone companies to do more to stop government agencies exploiting weaknesses in their networks.

“IMSI catchers exploit vulnerabilities inherent in our critical infrastructure. Exploiting such vulnerabilities threatens the security of everyone’s devices, and instead of facilitating such activity, companies should work to build safe and secure systems that do not betray the trust of their customers .

“The responses of the companies to this exposure is wholly inadequate and is an insult to the customers who entrust them with their personal data and communications.”

Ofcom has so far refused to provide further information on how many times complaints or ‘queries’ have been raised by the network operators, and whether any compensation has been paid by prison managers to mobile phone companies after interference was detected.

Tynan was also critical of Ofcom involvement. He said: “The complicity of Ofcom in the deployment of IMSI catchers and that the agency gave advice on technical, coordination, and interference issues is entirely inappropriate.

“Ofcom should not shield government agencies from proper scrutiny and transparency provided for in law where they go beyond what’s authorised, such as interference outside the approved geographic scope.”

But Ofcom argued that the body had an “important role” to play in cutting the risks of interference to public mobile networks.

An Ofcom spokesperson said: “The blocking of mobile phones in prisons is a matter for the Government.

“However, as the spectrum regulator, Ofcom has an important role to protect consumers from any harmful interference. So we have rightly been working with operators and the Government to minimise the risk of effects outside prisons.”

More than ‘blocking?’

Although prison officials often describe the technology used as mobile phone “blockers”, documents previously published by The Ferret show that the technology installed in some prisons is doing more than simply blocking mobile phone signals.

In the Scottish prison trial officials admitted they were also recording the unique identity numbers of every phone that is intercepted.

Experts say these numbers can easily be matched up to the phone numbers that are associated with the handsets.

The SPS use the IMSI Catcher to record IMEI and IMSI numbers for every device that is intercepted. These can be matched to specific phone numbers.

Precise details of the equipment being used in UK prisons has been redacted from all the released documents.

But examples from commercial product catalogues show that there are devices available that can do far more than simply jamming mobile signals and recording the details of the phones.

Manufacturers, such as Neosoft and Ability, claim to be able to supply devices that can record calls, intercept text messages and locate phones, all without the user knowing.

Some products can even mimic the user’s phone and make fake phone calls by making a virtual “clone” of a detected device. They can intercept phones over distances of up to one kilometre.

Manufacturers Neosoft claim one of their devices can detect the public numbers of the phone signals it intercepts. They even say they can "clone" a target phone and send SMS or make calls "on behalf of the target."

Privacy campaigners say that this could mean innocent members of the public are unwittingly having details from their phones recorded.

Jim Killock, executive director of Open Rights Group, said: “We need transparency about the use of IMSI catchers in prisons , particularly as it is likely that members of the public who happen to live or work near a prison could be adversely affected.

“We also need greater clarity about what IMSI catchers are being used for – while it may be acceptable to block phones in prisons, we know that they can also gather data and push malware to phones.”

We have a range of measures in place to detect and block mobiles in our prisons, including signal-denying technology Ministry of Justice

A Ministry of Justice spokesperson confirmed that mobile phone interception technology is not just being deployed in Scotland, although they would not disclose where else in the UK the equipment was installed, or whether any complaints had been received from the network operators.

They said: “We have a range of measures in place to detect and block mobiles in our prisons, including signal-denying technology, cell searches and body-scanners.”

This latest admission makes the Ministry of Justice only the second UK public agency, after the Scottish Prison Service, to admit to using the controversial technology.

The ministry spokesperson did not comment further on the potential impact of IMSI catchers on the wider public, but added: “More must be done to tackle the violence, bullying and drug-taking facilitated by mobiles in our prisons.

“That is why legislation is being introduced allowing us to apply for a court order to compel network operators to disconnect mobile phones, so we can clamp down on illicit behaviour and keep the public safe.”

In the UK there is no official information on the extent of IMSI catcher use by government agencies, but campaigners say they have found evidence of IMSI catchers being deployed outwith prisons in the UK. They have also demonstrated that the technology could be obtained by private individuals too.

Given this, The Ferret has sought to use Freedom of Information legislation to identify other public bodies that may be aware of IMSI catcher activity.

Both Highlands and Islands Airports Ltd and Prestwick Airport have said they have no access to, or knowledge of, IMSI catchers being deployed on their property. Similar responses have been received from the City of Edinburgh Council and Glasgow Community Safety Services.

Scottish Government officials say they have not supplied funding to any public body “specifically for the purposes” of maintaining or purchasing IMSI catcher devices.

However, both Network Rail and Police Scotland continue to issue “Neither Confirm Nor Deny” responses to requests for information on their knowledge of IMSI catchers.



This post was updated at 15.34pm on 27/06/2016 to include an extra response from Ofcom.

Be the first to comment at community.theferret.scot

Comments

  1. Not news but well written.
    It was all down to that Paul Boetage that went to South Africa and our own “Dr John Reid.
    I don’t think the Tories have done anything to improved NOMS.
    I got into a few interesting discussions I should look up because the non entities claiming to be in AA will probably be still there.
    It is worse if you add in the NHS IT.
    Still we are out of the EU and with no more foreign trips being paid by the taxpayer there are real improvement to be expected

Leave a Reply

Your email address will not be published. Required fields are marked *