back to article Rights groups challenge UK cops over refusal to hand over info on IMSI catchers

British cops' efforts to keep schtum about their use of IMSI grabbers to snoop on people's mobile phones is to be challenged in court. Five UK police forces are known to have purchased the equipment – which mimics mobile phone towers to connect with devices – but groups seeking further details have hit a brick wall, as cops …

  1. Simon Rockman

    I'd rather the police didn't tip off the crooks about what tools they were using. I value my personal freedom not to be robbed by the kind of cook the police are out to catch than any idea that the police might be grabbing one of my IMSIs.

    They already have legal intercept and the ability to scan MAC addresses - TfL have show that they regularly track the movements of people by following phones wifi.

    Just because IMSI snatching is hard it shouldn't be in a special category,

  2. Anonymous Coward
    Anonymous Coward

    What makes you believe it's hard? The technology has been used by spammers too.

    I'm not sure about the don't "tip off the crooks about what tools they were using". Do you mean the police should operate in secrecy to achieve better efficiency? But then, how do you even know it's efficient? Just because they tell you so?

  3. Anonymous Coward
    Anonymous Coward

    So the Police should be able to gather evidence that you are not allowed to see, hear or even be aware of? What if they gather a piece of evidence proving your innocence but keep it secret to convict you?

  4. ckm5

    To quote Benjamin Franklin "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

    The fact is that the crooks that you should worry about are well aware of IMSI devices and either use burner phones, land lines or have bought/downloaded IMSI spoof detectors (like this https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector).

    The public has a right to know about who has devices that can be mis-used for political or personal purposes so they can watch the watchers.

  5. Alan Brown Silver badge

    "What if they gather a piece of evidence proving your innocence but keep it secret to convict you?"

    What if several years after bring convicted, sentenced and jailed, it comes to light this is exactly what happened?

    Actually you don't need a 'what if', because this has happened on multiple occasions.

    Police corruption isn't just taking a backhander or letting some influential person (or their kids) off on serious charges because it might embarrass the establishment. Nor is it framing up some innocent person because they embarrassed the hell out of a racist senior inspector.

    The most common type of corruption in policing - which also happens to be the most corrosively dangerous kind of corruption for society as a whole - is "noble cause" corruption, where the people concerned are convinced of their righteousness often feel they're "on a mission" and feel they have to break the rules for the greater good. It used to be summarised as "He's a bad man and he's done lots of bad things we can't put him away for, we need to make this one stick no matter what"

    It's the kind of thing which resulted in miscarriages of justice like the Guildford Four and the Birmingham Six, amongst many others.

    https://en.wikipedia.org/wiki/Noble_cause_corruption makes pretty interesting reading: Perhaps you can recognise people in your local county LEO from these descriptions.

  6. Commswonk Silver badge

    An AC wrote: What if they gather a piece of evidence proving your innocence but keep it secret to convict you?

    Alan Brown then wrote: Actually you don't need a 'what if', because this has happened on multiple occasions and cited several "historical" instances.

    Think about more recent news, reporting numerous trials (mainly for rape IIRC) that have collapsed with "Not Guilty" being awarded by the Judge because the Prosecution (as embodied by both the Police and the CPS) have failed to follow the required Advanced Disclosure procedures; not just "failing" but wilfully (it would seem) sidestepping them and denying the existence of any undisclosed material when challenged, right up to the point where the Defence has managed to track down the existence and substance of undisclosed material while a trial is actually in progress. Whether that counts as Noble Cause Corruption or not is neither here nor there.

    At the same time it is reported that detection and conviction rates are falling to a dismally low percentage, and I very much doubt if that situation would be improved even if every police officer had his own personal IMSI catcher to play with.

  7. Basic

    You assume they're only using them to target criminals. Considering how often we've seen abuses of power, I'm struggling to understand what are you basing that assumption on?

  8. Pascal Monett Silver badge

    Re: They already have legal intercept

    Yes they do, with a warrant, and I highly doubt anyone is up in arms about that.

    It's the notion of intercept, scanning and surveillance without a warrant that people do not like.

  9. Herring`

    Where I live (just inside the M25) if I started getting good reception and a 4G signal, I'd immediately become suspicious.

  10. Ledswinger Silver badge

    IIRC, because of the authentication of 3G and above, IMSI has to operate as 2G. So if you get a decent 4G signal, you can be sure you're not subject to IMSI monitoring. However, if your phone drops back to 2G in a location where you'd not expect that, that is the time to be suspicious. It may even be possible to set your phone to not connect to a 2G signal, in which case Plod would be stuffed.

    I'd guess the serious criminals already know this stuff.

  11. Anonymous Coward
    Anonymous Coward

    "IIRC, because of the authentication of 3G and above, IMSI has to operate as 2G."

    Upvoted you, but wondering. That's definitely true for the run-of-the-mill spammer IMSI catcher. Could it be possible one of the reason the police is not keen on providing information is that they got something better nowadays? Some arrangement with the telcos to be able to do the needed authentication?

  12. katrinab Silver badge

    What happens if your phone is with Three who don't offer a 2G service?

  13. Jeyell

    Three?

    How does this work on Three who have no fallback from 3G to anything lower?

  14. Lee D Silver badge

    You really need to change your network then. Are we talking top half or bottom half?

    Also live "just inside the M25", and can go anywhere in the North part of London and always get 4G, indoors, outdoors, miles from the nearest town, or otherwise.

    Hell, it's only giffgaff, which is an O2 backend I believe. But also a 4G Three SIM in an Huawei box that is my entire Internet connection (no landline, etc.). And I have taken that box everywhere too.

  15. Loyal Commenter Silver badge

    It may even be possible to set your phone to not connect to a 2G signal, in which case Plod would be stuffed.

    That's probably not the case, as your phone would still be communicating with what it thinks is a cell-tower to negotiate the access speed. This would include the identification information from your phone and SIM, which the tower needs to know in order to decide whether you can use it. If the towers didn't do this, we'd all have domestic cross-network roaming and much better service and coverage. The telcos couldn't allow us to have that!

  16. CommanderGalaxian

    Re: Three?

    Yeah but if your your phone isn't locked to Three (mine isn't) then it can fallback to 2G if there is no (or weaker) Three 3G signal.

  17. katrinab Silver badge

    Re: Three?

    A phone with a Three sim in it isn't going to connect to a Vodafone tower if it can't find a Three tower.

  18. Daniel 18

    Re: Three?

    I suspect it will connect to another network's tower, in order to provide SIM free access to emergency numbers.

    It just won't make ordinary connections for you.

  19. phuzz Silver badge
    Facepalm

    Re: Three?

    A phone with a Three sim in it isn't going to connect to a Vodafone tower if it can't find a Three tower.

    Unless you've turned Network Roaming on in your phone's settings, because that's exactly what roaming entails.

    (I assume most phone allow the user to change this, but I don't know for sure)

  20. Tom Paine Silver badge

    Also live "just inside the M25", and can go anywhere in the North part of London and always get 4G, indoors, outdoors, miles from the nearest town, or otherwise.

    You've never travelled on Thameslink, then. There are multiple signal blackspots all the way through north London, and no I dojn;'t mean the tunnel sections. It's patchy at best at Kentish Town, starts to pick up just north of West Hampstead, drops out again a bit further on... rinse and repeat. (I shudder to think what it's like south of City Thameslink, fortunately I've never had occasion to find out ;) )

  21. DJV Silver badge
    Meh

    Accountability...

    British police neither confirm nor deny they've heard of it..

  22. steelpillow Silver badge
    Headmaster

    "ISMI is or ISMI ain't fake access?" (with apologies to an ancient TV advert)

    Edit > Find > [clicketty:] ISMI > replace > [clicketty:] IMSI [Return]

  23. steelpillow Silver badge

    Re: "ISMI is or ISMI ain't fake access?" (with apologies to an ancient TV advert)

    How sad, the typo has now disappeared.

  24. Justin Case
    Happy

    Re: "ISMI is or ISMI ain't fake access?" (with apologies to an ancient TV advert)

    Got the tune running through my head right now together with fragments of crustacean based frustration. Such is the power of advertising.

  25. phuzz Silver badge

    Re: "ISMI is or ISMI ain't fake access?" (with apologies to an ancient TV advert)

    In my head I just get "Is You Is or Is You Ain't My Baby" as sung by Dinah Washington.

  26. Anonymous Coward
    Anonymous Coward

    Circumstantial evidence as to their widespread use...

    I believe that my phone inadvertently connects to an IMSI catcher at least three times a week based on how many times I either send a text message that is never received or fail to receive one despite being in an area with an apparently good phone signal*.

    * Or it could just be that the phone network is cr*p or congested with people watching cat videos.

  27. caffeine addict Silver badge

    Plod does love hiding from FOI requests.

    I once asked how many people got speeding tickets, per month, along the length of the Cambridge A14 in a given year. Not where on the road. Not how fast. Not "camera, averaging, or plod". Just how many in each month.

    Guess what their answer was?

  28. Anonymous Coward
    Anonymous Coward

    forces have refused every category of follow-up FoI requests

    this itself is quite revealing :/

  29. heyrick Silver badge

    they can "neither confirm nor deny" they hold any information

    So...can we use this excuse if plod wants our passwords?

  30. H in The Hague Silver badge

    Policing by consent

    As I've mentioned before I'm a techie not a constitutional lawyer. However, I was rather under the impression that the UK has a system of "policing by consent".

    https://www.gov.uk/government/publications/policing-by-consent/definition-of-policing-by-consent

    "... a philosophy of policing ‘unique in history and throughout the world because it derived not from fear but almost exclusively from public co-operation with the police, induced by them designedly by behaviour which secures and maintains for them the approval, respect and affection of the public".

    How can the public consent to a policing tool if they are denied information about it? But perhaps I'm quaintly old-fashioned about British constitutional affairs.

  31. Barrie Shepherd

    Most units are probably supplied under strong "Non Disclosure" contract terms. Some information here;

    https://www.muckrock.com/news/archives/2016/dec/07/rochester-police-release-unredacted-list-harris-co/

    and some other info here;

    https://theintercept.com/surveillance-catalogue/stingray-iii/

  32. Anonymous Coward
    Anonymous Coward

    > Most units are probably supplied under strong "Non Disclosure" contract terms.

    If anything, that would be a private contract matter between the seller and the plod, but neither of them can subtract themselves from compliance with the law based on the T&Cs of a private agreement.

  33. Barrie Shepherd

    "If anything, that would be a private contract matter between the seller and the plod, but neither of them can subtract themselves from compliance with the law ,,,,,,,,,,"

    I appreciate this, but non-disclosure agreements may explain why the plods are not easily revealing anything and are stalling. They are no doubt hoping that the matter will never get to a Court with the power to force them to disclose the information.

    This is just another example of the police (or at least their senior staff) believing they are above accountability to the people they serve and who pay their salaries. Facial recognition is another example. Technology is advancing so fast that the law is out of date or never catches up, and when attempts to catch up are made it's too late - the cat being out of the bag.

  34. Pedigree-Pete Bronze badge
    Headmaster

    Cat out of bag...

    ...unfortunate choice. I understood this phrase to mean a secret is now generally known. Perhaps "closing the stable door after the horse has bolted" may be more accurate. PP

  35. An nonymous Cowerd

    my friends work at DATONG who have/do supply lots of IMSI's in the past according to both the Guardian and the NYT. When I called to ask my mate for a pricelist, he agreed to meet next time I'm in Leeds for a beer, but he refused completely to even tell me what items were on their 'for sale' catalog. I havent dared go and have the beer, in case he has to file a 'contact report' or some such twaddle.

    I have a budget, and a valid use for IMSI's at work, but there is rather a lot of secrecy - hence suspicion!

    I suppose UK plod, the one's who are left after the cuts, don't wish to own up to "parallel construction" and "database policing" - tho' they have referred to "intelligence led policing" when they actually shoot the right/wrong target.

  36. Barrie Shepherd

    "I have a budget, and a valid use for IMSI's at work,"

    Try some Googling - GSM in a box IMSI sniffer.

  37. Alan Brown Silver badge

    " They are no doubt hoping that the matter will never get to a Court with the power to force them to disclose the information."

    What's been happening in the USA is that as soon as it looks likely that a court would order such a thing, they've dropped the cases in question.

    Of course a judge whose interest has been piqued may not _allow_ them to walk away like that.

  38. Anonymous Coward
    Anonymous Coward

    Oh yes they can

    > Cops simply fall back on the position that they can "neither confirm nor deny" they hold any information on them.

    And Mr / Ms MI5 Wannabee is about to receive a lesson from the judges on the finer points of public service accountability.

  39. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    2FA

    IMSI + 2FA = Compromised Bank/Email/Other Account

  40. Tom Paine Silver badge

    Re: 2FA

    Only for SMS-based 2fa. This may have been what happened with the recent Reddit compromise - they aren't going into details beyond "SMS interception". (Or it may have been a simple SIM / number takeover.)

  41. This post has been deleted by its author

  42. This post has been deleted by its author

  43. Anonymous Coward
    Anonymous Coward

    Tranismiting on licensed frequencies

    Hey, I thought it was illegal for an entity to transmit of frequencies they didn't hold a license for? I'm guessing I was mistaken. Time to unbox the bladeRF and pretend to be a cell tower outside the local police station :)

    But of cause I can neither confirm nor deny any involvement with said practices.

  44. JaitcH Silver badge
    Happy

    Re: Tranismiting on licensed frequencies

    TETRA (Plod Radio) is easily cracked using SDR and appropriate software.

  45. dave 81

    Government Thugs in uniform

    Until the police are properly accountable for their actions, then they are nothing more than thugs and bullies in government issued uniforms. Don't believe me, try stand up for your rights (particularly the right to remain silent) next time you have an encounter with them, go on, and enjoy the jail time.

  46. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    I knew a cop, saw him degrade from a normal (albeit odd) human into a coke snorting, prostitute using, violent mad dog. The training course is all it took, just a couple of years. His total descent down Jacobs Ladder was sad to watch, he lost his old friends but undoubtedby made a lot of new ones who shared his passions. They are a strange bunch of people. People are right to be suspicious of their growing informatics power.

  47. Anonymous Coward
    Anonymous Coward

    I'm more than a little concerned by the competence of our senior police.

    I would have expected senior police officers to be fully aware of the technology being used by their force.

    To be in such a uninformed position that you cannot confirm stingray type equipment is in use is, to my mind, a serious deficiency in, what should be, your corporate knowledge bank.

    Equally to be unable to deny that particular equipment is in use just confirms my concern. Presumably the Chief Constables cannot tell us it is in use, because they don't know, and they cannot tell us it is not in use for fear of being called liars.

    A very unsatisfactory position and the Home Office should start finding out what else Chief Constables "don't know"

    Meanwhile Joe public must assume that all manner of snooping equipment is in use and act accordingly.

    Another mystery is - assuming this equipment is in use - and we have no reason to suspect it is not - why is it not used near HM Prisons to capture the apparently rampant use of illegal mobiles. Or is that the quandary - use it to control illegal mobiles in prisons and you put in the public arena that the equipment exists and is used.

  48. This post has been deleted by its author

  49. JaitcH Silver badge
    Happy

    Metro Plod Have IMSI Catchers in Every One of Their Spy Aircraft Based at Northolt Airport

    The Met has a flight of aircraft of fixed and rotary (helicopters) wing based at Northolt Airport - which is also used by The Queens Flight, US Embassy, CIA (Rendition) and many other dodgy outfits.

    The fixed wing are used over the motorways - right up to Scotland.

    One day even criminals will figure out if they are up to no good not to use cell handsets AND TO TURN THEM OFF! They should use CB (Citizen Band) radio (see: https://www.ofcom.org.uk/__data/assets/pdf_file/0022/84406/citizens-band.pdf). 4 Watts should be sufficient for the baddies to coordinate their activities.

    The best is MESH radio - for short-range communication.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018