London's Metropolitan Police are using fake base stations to intercept mobile-phone calls, not to mention running a covert air wing, according to reports over the weekend. The base stations come from Leeds-based Datong plc, and can blanket a 10km2 area within which every mobile phone is tracked and monitored, according to the …
Datong Detong, Detong Datong, let's call the whole thing off.
hold on, hold on
" even spooks would be impressed to see the police running a 14-seater Cessna registered to a shell company consisting of nothing more than a rented post-office box."
With my (dusty, not recently used) fraud investigator hat on, I'd be be bloody suspicious of having millions of pounds of my employer's budget flowing through a foreign or non-existent company* that appears to be non-transparently** controlled by an employee and when that company did not go through a transparent tendering process. And that would go double if I knew my employer had proven to be pretty inept at finance management in the past.***
* No record of Nor Leasing at Companies House.
** Met Police Authority didn't supervise
*** Tony Williams
Does this still work if you turn off roaming and lock your mobile to your network?
Well, if all you're tracking is phones asking for authentication from their home network, then no, you don't need them to /want/ to connect to you.
If you are intercepting calls then you'll have to pretend to be from the same company as the target phones contact -but that isn't what is being suggested here
I believe it does
from my knowledge there is no authentication from the base station to your phone so if this cell was broadcasting/advertising as if it was from your operator there is no real way to know otherwise, and if its offering the strongest signal your phone will latch on over the real base stations in the area, all without you knowing.
there are some very nice talks on this from the ccc (c3) events over the last 2~3 years so might be worth checking out
"The same information can be obtained from the mobile network operators, but that takes time and costs money with the two vectors being directly related."
It also takes a specific court order listing the person or persons to be intercepted. Something I am sure the Met had before switching on their snooping gear and hoovering up all that yummy data.
It also takes a specific court order
No it does not! just like ANPR does not need a court order. All that "Yummy Data" is just phones squaking their ID' s and asking for service. It only requires a court order if that Data is on someone else's database, ie a data protection issue. Real-time collection is not subject to this problem.
"...privacy implications disappear ... "
Do they? The TIMSI on its own tells them nothing about who is being tracked, but it would be naive to assume that's OK. I imagine it would be fairly easy to determine a target's TIMSI and thence to be able to track them specifically. The only case where there are no privacy implications is where the trackers do not have the power to demand the TIMSI-IMSI link. If they subsequently join the two together, then doesn't that make the tracking data an invasion of privacy and, since the data was obtained without an appropriate court order/warrant, wouldn't the evidence be inadmissible in court?
This is the UK, not the USA
The UK doesn't do "inadmissible evidence" like that. There's only evidence, if that was obtained illegally, then go sue the person who obtained it illegally. Makes no difference to the trial you're in!
I think you'll find that
The UK courts can, and do, either disallow or direct juries to ignore certain evidence that's gathered illegally.
Yes, but usually if the illegally obtained evidence is unreliable.
If there is no proper audit trail then illegally obtained evidence is likely, but not necessarily, dubious.
I would argue that privacy issues remain even "where the trackers do not have the power to demand the TIMSI-IMSI link": for example, merely observing that a TIMSI was at a certain places at certain times (e.g. a home address every day between 22:00 and 06:00 hours, and a work address every day between 10:00 and 16:00) would provide the trackers with a pretty solid idea of to whom it belongs.
Personally, I think that any form of mass surveillance is dangerous—anonymous or otherwise.
...unlike the US system where ALL evidence which derives from unlawfully obtained evidence is in fact admissable.
Fruits of the Poisonous Tree is the US legal term. No such provisos exist in the UK, indeed they have been eroded significantly since 2003.
" evidence etc."
Interesting (from the above comments) that the only defence we have against abuse in evidence gathering is that the court -may- be inclined to throw it out. But if that is so, why are the police not merrily listening in on all our landline calls just on the off-chance that they may find something juicy? Something stops them, doesn't it?
On that score, this activity seems to constitute 'interception of communications' and so it should be subject to the RIPA. How are they authorised to intercept the traffic (bearing in mind that it is not targeted but is a general trawl of communications)?
It's just going to go which ever way suits the prosecution. Both posts are correct.
Because they are the police. There are different laws for different people.
Not only is making the link a potential invasion of privacy, the mere evisaged use of the means to do so brings it squarely within the provisions of the UK Data Protection Act. This covers information that identifies a living person and information that would do so if combined with other information that might come into the Data Controller's possession. If an established mechanism is in place for obtaining the further information, it's a cut and dried case - except if there are exemptions for law enforecement. There might be via other legislation.
Used to identify phones that may be in possession of a suspect.
The police use these to follow suspects and try to link the TIMSI to a handset so that they can later request call logs under lawful intercept processes in order to build up a picture of criminal networks.
Many criminals use pay as you go SIM's and change them regularly, the police follow a suspect using a vehicle containing the equipment and then capture all of the TIMSI's in an area, they then follow the suspect to another area and take another capture of the TIMSI's. They look for TIMSI's that are in both data captures (sometimes they do further captures to further reduce the number of false positives) and attempt to tie the handsets down to the suspect or individuals that may be travelling alongside the suspect (i.e. shadowing them but not making contact with them).
Some criminal networks also use this technique and the same (or similar) equipment to try to identify if officers are following them, since the equipment is all commercially available.
The equipment is not capable of intercepting or otherwise recording communications to or from handsets within the area and only acquires a connection to a handsets for a very short time, takes the TIMSI and then immediately drops the connection following acquisition, the base station has no connection to any phone network and it would disrupt the functionality of phones if it maintained a connection persistently.
Anon for obvious reasons.
Erm... but all they would know...
...was that a phone was within the nearest 10km^2 of the base.
It wouldn't give them triangulation (well I guess if they used three of them it would).
And JustaKOS is right, the recent DPA case reported by El Reg makes it clear that this falls under the DPA as personal data if the organisation concerned has the ability to link identifying data to non-identifying data.
Good job that thieves would never use a stolen phone then
And it's a bit strange that they can track innocent members of the public's phones 24x7 but can't do anything to locate them when they are stolen.
How would that be unhelpful to the public if the police went round recovering lost and stolen phones? The police are not there to assist people, they are there to make life hard for you.
Visit places that you have no interest in. Speak to people that you don't really like. Live a completely false life to maintain the ultimate privacy of your true interests.
Switch off your phone?
you don't want to be tracked?
Take the battery out. That's the only way to stop this nonsense.
You have to eat the sim card apparently
Take the battery out ?
Dont forget to buy a lead lined wallet for your shortrange RFID tracker, sorry contactless payment card, silly me.
Whats the range on an Oyster card these days ?
I wonder if any crims have thought of not carrying a mobile phone.
Re Crazy thought
It was reported that the organisers of certain anti-runway protests went one better, and passed their phone and oyster card off to friends, whilst they went to their protest planning meetings.
and yes it did apprently cause the relevant police team some confusion, whilst they went following the "suspects" all over london.
point of origin of a signal source does not equal location of person of interest.
I'm sure some nice barrister will point it out to the cps and met if they try to use it in court
RedPhone 0.4 - Encrypted voice for Android.
TextSecure 0.5 - Encrypted texts for Android.
There are other interesting products available there as well.
Granted it wont stop location tracking but its a start.
Here's the registration numbers for the planes, if you want to search for pictures of them:
Took 5 mins to find them when you know the owners name. In pictures it shows that the older one has only front passanger windows blocked by a rack, but in the newer one also the rear windows are blocked too.
In 1997 the door almost fell off one of them:
Someone sold the Met a turkey...
What's sauce for the goose ...
The police mess with cell systems, then someone might be tempted to mess with TETRA, a glorified trunked radio system.
Trunked systems use control channels and a jammed control channel sort of spoils their game. They could switch to DMO (Direct Mobile) mode but range and traffic capacity is limited.
Some protesters have resorted to having a few WiFi base stations (TP Link is best as you can reprogram their power output) working from batteries all carried in backpacks. These mobile WiFi carriers don't have to be in with the crowd, just nearby at a highish location.
Power to the people!
No it ain't
I'm all for the police using whatever technology is available in order to combat serious crime and terrorism, as long as it is used proportionately and in accordance with the relevant laws - that's the essence of my above posts. What you are advocating is direct interference in their operations and, as you seem to know TETRA, in the operations of other emergency services. Anyone taking you up on it should quite rightly end up in the slammer.
I for one welcome our omniscient, boob-headed, flat-footed overlords. Anything that means we can continue to rely on them to solve almost 100% of crimes is fine with me.
Jeez does anyone really care?
Does me in all of this whining "what about my privacy" crap. If you want a secure channel, whisper in someone's goddam ear and stop complaining. If I use my moby to connect to someone else's infrastructure (O2 in my case), to communicate with someone else - somewhere else, I'm grateful for the convenience, and not concerned that someone might be listening into my domestic with the wife.
People need to stop living in a world where they believe that it is OK to hide things and walk around anonymously. Stop reading this, disconnect from the internet immediately (someone might be spying on you) throw away all technology and go live in a cave.
Anonymous for dramatic effect
Go into an area with no reception. Pull out battery. Bye-bye.
- Review Apple iPhone 6: Looking good, slim. How about... oh, your battery died
- 'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
- +Comment EMC, HP blockbuster 'merger' shocker comes a cropper
- Moon landing was real and WE CAN PROVE IT, says Nvidia
- Apple's iPhone 6 first-day sales are MEANINGLESS, mutters analyst