back to article Want a customer's call records Mr Plod? No probs

Three of the UK’s four largest mobe networks run automated systems that make customers’ call records readily available to the cops without the need for any human intervention. EE, Vodafone and Three pass on customer data ‘like a cash machine”, an employee at one phone company told The Guardian. All operators must store …

  1. Anonymous Coward
    Anonymous Coward

    What Regulation of Powers?

    I always thought the RIPA name was a joke as there seems very little *regulation* of investigatory powers in the UK now - along with a disturbing tendency to ignore the tenet of *innocent until proven guilty" and even a reduction in judicial oversight generally in the UK legal system.

    The thought that random plod can stalk or spy on our comms habits without oversight and at whim is very disturbing.

    Anon - natch

    1. billse10

      Re: What Regulation of Powers?

      I always assumed it was called the Regulation of Investigatory Powers Act due to Yes Minister's Law of Inverse Relevance: get the difficult bit out of the way in the title, "it does less harm there than in the statute books".

      In other words, if you intend to be an Act to be a free pass for the police etc to do whatever the **** they want, with no consequences of any note, then say in it's title that your Act regulates them.

    2. Anonymous Coward
      Anonymous Coward

      Re: What Regulation of Powers?

      I think they would much rather this was all kept quiet.

      So to be quite clear on this:

      They do what they want, when they want without oversight and when the fancy takes them.

    3. Anonymous Coward
      Anonymous Coward

      Re: What Regulation of Powers?

      Does anyone else think it is becoming more and more difficult to breath?

      I can understand why some of those America survivalists head out to remote parts of their country to avoid crap like this. It's a shame we can't do it, the UK is just too small.

      1. Matt Bryant Silver badge
        Stop

        Re: AC Re: What Regulation of Powers?

        "....It's a shame we can't do it, the UK is just too small." Did you even try looking further than your local pub? Get off your paranoid arse and go look - there is plenty of remote countryside in the UK where you can go and get lost and not ever be found. I knew an ex-Royal Marine that went through a dodgy patch and spent two years living off the land in the Welsh forests, without the police being able to find him.

        1. Anonymous Coward
          Anonymous Coward

          Re: AC What Regulation of Powers?

          "I knew an ex-Royal Marine that went through a dodgy patch and spent two years living off the land in the Welsh forests, without the police being able to find him."

          More like not looking for him. A bit different.

          1. Matt Bryant Silver badge

            Re: AC What Regulation of Powers?

            "....More like not looking for him. A bit different." No. A few months after he went 'walkabout' his sister reported him as a missing person, even though he had told his family not to bother, and so the police and local rescue went out into the forest to look for him. Five weeks later he walked into a village pub and used their pay phone to call the police and tell them he was fine and did not need finding. After just over two years he decided he was able to deal with people again and returned to society. During his time in the woods, apart from the trip to the pub, he managed to avoid all human contact.

            1. Triggerfish

              Re: AC What Regulation of Powers?

              I think the point is we shouldn't need to have to disappear off into the countryside.

      2. steeplejack

        Re: What Regulation of Powers?

        If you were to head for any remote outpost, the noise of bloody wind turbines would drive you nuts.

    4. Matt Bryant Silver badge
      FAIL

      Re: AC Re: What Regulation of Powers?

      ".....The thought that random plod can stalk or spy on our comms habits without oversight and at whim is very....." Stupid. Any 'random plod' can't just make out a RIPA request, there is a formal process with safeguards that has to be followed. The telcos are simply saving money by automating their end as they know the Police's own system has far tighter controls than anything the telcos could put in place themselves.

      ".....Anon - natch" Not wanting to stoke your paranoid delusions, but I would suspect anyone could find you by looking for the immense tinfoil hat.

  2. Uberseehandel
    FAIL

    It appears that Ethics are not taught at either Technology Institutions or Police Colleges. It were ever thus. The police won't change, perhaps the technologists might become a little more aware. When you start supplying information about customers to the authorities in bulk - you know, or ought to know that this might be morally dubious. When you build a system to do this automatically, you KNOW what you are doing is morally dubious.

    1. ecofeco Silver badge

      Ethics? LOLZ!!!!

    2. AlbertH
      Coat

      As far as Plod's concerned, Ethics is just North-East of London.....

  3. ecofeco Silver badge

    Rights? What rights?

    Does anyone think they still have rights? I thought that went out with Punk and New Wave music. In the US it died with the War on Drugs back in the 1970s.

    I suppose you do still sort of have rights. All the rights you can afford, that is.

    1. chivo243 Silver badge

      Re: Rights? What rights?

      Right on brother, but there are still huge gaps in how info is shared, and more importantly updated. If you were busted for something in one state, and then found not guilty in court, however the next state over didn't get the update, and you looked the wrong way in that state... Johnny Plod says: Do not pass go, do not collect $200, your "Get out of Jail' card is worthless - DON'T drop the soap!

      However, I believe that this article is pertaining to IK situations. Not the USSA.

  4. dogged

    > A spokeswoman at O2 told the paper, “All O2 responses are validated by the disclosure team to ensure that each request is lawful and the data provided is commensurate with the request”.

    Well damn. So there IS a reason to stay with O2.

    1. Yet Another Anonymous coward Silver badge

      Although that just means, checking that the login was from the police - anything the police want is lawful under RIPA and the police get to decide what is commensurate

      1. Annihilator

        Reading even further between the lines, O2 haven't been arsed to build a system. Or are incapable.

  5. getHandle

    Shame their bl**dy customer service isn't so efficient

    No text/words fail me

  6. Anonymous Coward
    Anonymous Coward

    Perhaps...

    We should help crime enforcement in this country by copying the police in on all our emails. It will save them time.

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps...

      I don't know whether to salute you or call you a bastard! I can't do it now because I'll just be plagiarising you!

      Bollocks!

    2. Matt Bryant Silver badge
      Facepalm

      Re: Arnaut the Clueless Re: Perhaps...

      "We should help crime enforcement in this country by copying the police in on all our emails. It will save them time." In your case, I suggest it would save a lot of time if you just copied all your emails to these chaps (http://www.kcl.ac.uk/ioppn/index.aspx). I hear they also do research on the effects of long term drug abuse as well as clinical psychology.

      1. This post has been deleted by its author

  7. Sanctimonious Prick
    Megaphone

    Backslash, Backlash!

    Feet count.

    Any business/company that does this sort of thing deserves to go down the gurgler!

    1. badger31

      Re: Backslash, Backlash!

      Bollocks! The problem is the law, not the telcos. How are the telcos supposed to 'validate' the requests, if not automatically? Who's going to pay for it? The telcos have no power to refuse these requests, so why bother? If I were a telco, I know I'd be doing this automatically. I would also log each and every request, looking for evidence of abuse of power.

      1. Anonymous Coward
        Anonymous Coward

        Re: Backslash, Backlash!

        But that would require that there be a system, supervised by the courts, that would accept a confirmation from the telcos to validate 1) the order #, 2) the phone number, 3) the duration/ time frame.

      2. John Tserkezis

        Re: Backslash, Backlash!

        "I would also log each and every request, looking for evidence of abuse of power."

        YOU would, perhaps, but today we're talking about the telcos...

        1. JetSetJim Silver badge

          Re: Backslash, Backlash!

          >>"I would also log each and every request, looking for evidence of abuse of power."

          >YOU would, perhaps, but today we're talking about the telcos...

          If there's one thing the telco's can do properly it would be traceability of these requests. There are a lot of comments on here spouting about how anyone's data can be grabbed most easily by the plod, which is very true indeed. However, all access requests are going to be tagged via some plod_id login, and most likely referenced against IDs of whatever mandated court documents are required to initiate such a search (at least from plod, GCHQ are quite likely to not use this system). This is because, at the end of the day, these searches are likely to be used in court cases, and if the defence solicitor does a check to see if the telco didn't receive proper notification with proper authorisation, then that evidence will get chucked out. The telco's systems will need to be able to provide that, as well as demonstrating that the data associated with that request hasn't been tampered with.

      3. Lyndon Hills 1

        Re: Backslash, Backlash!

        The piece in the Guardian quoted (I think it was Vodaphone) as stating that most of the salary cost incurred handling these requests is met by government.

        1. Anonymous Coward
          Anonymous Coward

          Re: Backslash, Backlash!

          i.e. by us. Never forget we pay them to spy on us.

          I'm not addicted to the idea of small government, but when we're told there is no money for education or health, but apparently £3 billion was wasted on trying to make the NHS easier to flog off to the US, and an unknown amount is being spent on wide net spying, the priorities are clearly wrong.

          1. Matt Bryant Silver badge
            FAIL

            Re: Arnaut the Clueless Re: Backslash, Backlash!

            ".......when we're told there is no money for education or health....." Once again, you are talking complete male bovine manure, and I expect you will try excusing your failure with more desperate "I was trolling" whining. Both health and education get massively more of the budget than either defence or the tiny percentage of the budget spent on spying. Next time, please try at least the smallest bit of research before posting more of your groundless anti-'The Man' rubbish.

            http://www.ukpublicspending.co.uk/breakdown

    2. Anonymous Coward
      Anonymous Coward

      Re: Backslash, Backlash!

      And where I may ask?

      RIPA is the law of the land, all companies have to comply equally to it.

      It is funny when we reach the point when it is _MORE_ difficult to eavesdrop on a customer in what we refer to as a "dictatorship" (f.e. Russia) than in what is being trumpeted as the leader in human rights (UK).

      In any case, the fact that it is the only country who desires to join Belarussia as the pariah of Europe as a non-signatory to the Human rights convention says everything that it is to be said. The last one out, please turn off the light.

  8. FordPrefect

    Reality is various government departments have pretty much unfettered access to your calling and internet records. Three/EE/Vodaphone have opted the method with the least overhead. So O2 have a department that checks for full stops in the right places. Given that the departments concerned can have everything the automated system allows them to have what difference does it make? Have O2 given any indication of the numbers of requests they've knocked back? And even more importantly what happens next? I suspect its just a case of the relevant department correcting a few minor errors.

    The problem isnt the companies is the overly broad law with no proper oversight.

  9. returnmyjedi

    Apostrophe atrocity.

  10. Anonymous Coward
    Anonymous Coward

    Calm down girls...

    Until you've tried submitting a Cycomms form for traffic or subscriber data, you'll never know how fucking hard it is to get it approved.

    I had a form I needed to submit for someone who'd ran off with her two kids after a court said they were getting taken off her.

    Only got sent back to me SEVEN FUCKING TIMES because they weren't happy with the justifications and reasons for the request.

    Really, it's not that easy to get it approved.

    1. Anonymous Coward
      Anonymous Coward

      Re: Calm down girls...

      If you're a cop, you must have pissed someone off.

      If you are, please tell me you don't have to sumit paper forms through the mail.

    2. John Tserkezis

      Re: Calm down girls...

      "Really, it's not that easy to get it approved."

      Bollocks. If you can convince the holders of the data you have an endless supply of dump trucks full of money, they will bend over backwards to help you.

      If you're Joe Smuck off the street, no-one cares.

      1. chivo243 Silver badge
        Joke

        Re: Calm down girls...

        the accepted spelling is: Mr. Schmuck, ask any of your Jewish friends... A few other good terms, Schmendrick and Nebisch.

    3. Anonymous Coward
      Anonymous Coward

      Re: Calm down girls...

      It is not a question of is it hard or easy for it to get approved. The question is "Quis custodiet ipsos custodes?".

      1. You got someone in the same organization as you approving it. Separation of powers is a necessity - we have failed to come up with something better. Otherwise you would be wearing a helmet 24x7 and called Judge Dredd.

      2. You work for an organization whose power in all countries (UK included) has had to be reigned in repeatedly over centuries. There is a reason for some things requiring a court order and that reason is that even the most wonderful "checks and balances" procedure implemented solely by the police erodes over time. Or so the history says. In fact it has already said that in this instance - the police has used it already to erode the freedom of press and persecute whistleblowers.

      If we go back to your original example - getting that (as it is reasonable) approved by a judge and a court order issued would have been less hassle than "filling a form" 7 times. However, if you would have asked to snoop on all phone calls by a newspaper news desk, the honorable judge would have told you exactly where you can stick it and asked you to stick it there (without KY jelly).

      1. Anonymous Coward
        Anonymous Coward

        Re: Calm down girls...

        Re: 1 - No, it's an independent body that verifies and approves requests for data. Not the Police (in Scotland anyway)

    4. Anonymous Coward
      Anonymous Coward

      Re: Calm down girls...

      Well I've worked with the police in the UK and when we needed to get some details relating to the phone records for a misper it took about 30 minutes.

      Maybe it's who you know?

  11. Andrew Punch

    If the law says bend over and take it anyway...

    ...the telcos are obviously going to work toward putting in a system that costs them as little as possible.

    If you want something different - change the law!

    1. Anonymous Coward
      Anonymous Coward

      Re: If the law says bend over and take it anyway...

      *If you want something different - change the law!*

      That only happens in our *democracy* for business and well funded single interest groups who have brought enough influence under the guise of political donations.

      Joe Public only has a vote - and as such doesn't really count in terms of framing law. We have already been herded into a surveillance society, by an elitist establishment comprised of career politicians and big business. Privacy and freedom only belong to those able to pay for it - one way or another

  12. dan1980

    The problem, as I have stated elsewhere is a mindset shared amongst our western 'democracies' that 'protecting against terrorism' is sufficient justification for pretty much anything.

    It's almost a siege mentality.

    The thing is, however, we are not under siege. The world is dangerous and always will be. People will kill and people will die. There will be guns and bombs and knives and people using them to scare and murder and rob. That won't change.

    What is at risk is not our safety - because we're not safe and never will be - but our way of life, and that is being traded away with the assumption that it is less important than safety.

    1. Matt Bryant Silver badge
      Stop

      Re: dan1980

      "....What is at risk is not our safety - because we're not safe and never will be - but our way of life, and that is being traded away with the assumption that it is less important than safety." So you have some examples of how your 'way of life' (other than if you're a criminal, paedo or terrorist) is being affected one iota by these measures? Yeah, thought not.

      1. dan1980

        Re: dan1980

        @Matt

        "Way of life" means the way you live your life. It is not just confined to, say, living in a modern, technologically-advanced society with stocked supermarkets, clean water and good living conditions. That's important, but it's much, much more than that.

        It's the freedoms you have and the mental and emotional state that you have as well as the worries and concerns that afflict you.

        While you may be different, it cause me real and genuine mental anguish when I think of how much of my life is laid bare to our governments and their spy agencies and, for that matter, many government organisations that ask for (and receive) access to that data.

        While it may cause no specific, physical issues or problems, knowing that my privacy is not valued by the people with the power to deprive me of it makes me, for want of a better term, unhappy. It causes me stress and anxiety and prompts me to conduct my life differently, with one eye always on how much data I am revealing about myself.

        Even if nothing tangible comes from it, most people want to know that what they do and say and think* is reasonably private and not searchable in a big database by some government official a thousand miles away who has never met them and has no reason to suspect them of any wrong-doing or even suspicious activity.

        In a way, it's the presumption of innocence - we expect to be left to live our lives in peace and privacy without being a constant and continual person of interest to our governments and police agencies.

        Again, maybe none of this matters to you, and that is fine, but it would nearly unimaginably ignorant for you to assume that because you don't mind, no one else does or should either.

        It's also somewhat narrow to say that there won't be any future encroachments building on these intrusions that even you would have to agree constituted a change in you 'way of life'.

        AND, it's rather naive to think that the only people being affected by these regimes are 'criminals'. You definition may be so wide as to make even the smallest infraction 'criminal' but, legally, not every illegal/unlawful act is a CRIMINAL offence. My point is that if you think only CRIMINAL offences are targeted then you are poorly informed.

        Even then, many things that are criminal are hardly a national security/think-of-the-children issue, which has been - almost without exception - the justification for these intrusions, including by people like you, as evidenced by your list of people who should be worried.

        Take social security/benefit fraud, where someone dishonestly claims and receives benefits. In some countries this is actually a criminal offence, depending on the exact nature of the fraud. Now, it's certainly wrong and certainly a drain on the economy and no one wants their tax dollars going to lazy cheats. BUT, it is hardly the sort of thing that could possibly justify the mass collection, storage and analysis of any and all data by our governments.

        Likewise copyright violations. In some areas that can be a criminal offence but not in others (again. depending on exact circumstances) but these data retention and collection and access laws are most certainly used to police this.

        The point to this all is not so much that the data is collected by the government - that is a separate issue - but that this data, which was explained as necessary to 'combat terrorism' and 'keep our nation safe', is now being used for much, much less serious issues and is done so with far, far less restrictions and scrutiny that the sensitivity of that data warrants.

        * - Yes, 'think'. It has been shown through the 'big data' collections and analytics that have become almost mandatory these days that if you have enough information about people you can, within an acceptable margin of error, predict what they will do. Certainly, with simply a full Internet browsing history, you can make high-probability guesses about a number of things that many people rightly consider no one else's business - political affiliation, sexual orientation and preference, hobbies, favourite foods, where they like to go on the weekend, what type of shoes they wear, what medical conditions they have - and much, much more, both mundane and important. You can profile someone with scary accuracy with enough information, and this is, in fact, what is done.

        1. dan1980

          Re: dan1980

          @Matt

          To draw a parallel, think of someone who is subject to a 'peeping tom'. This miscreant has in no way hurt or changed the person being spied on but and so, by the kind of definition you appear to be using, this is no cause for concern or upset. It doesn't change our victim's 'way of life'.

          After all, nothing is preventing that person get undressed in a change room at a public swimming pool.

          The imposition on 'way of life' here is that people very much feel violated when their privacy is intruded upon in such fashion and are are wary about it happening again - a woman who has been spied on in a public change room might thereafter always make sure that she only gets changed using that awkward holding the towel up manoeuvre. Or perhaps she puts on her swimming costume underneath her clothes at home before she leaves and then drives home wrapped in a towel so she can change back in to normal clothes at home.

          This is the most basic way in which our 'way of life' is being affected by these spying regimes. We now have to go to - sometimes great - lengths to ensure that those things we feel private and personal are hidden from prying eyes.

          The thing is that the vast majority of people want and expect privacy in their day-to-day lives and we want some control over who we let into our lives.

          Once that expectation is shattered - such as it has been and continually is being - people will do one of two things. Either they will accept it, in which case they have lost something (privacy) that they had before and simply resolve themselves the the new reality.

          OR, they maintain that desire for privacy and take steps to maintain that privacy as best they can, which usually involves a combination of changing not only what you do but how you do it.

          This is, in every sense that matters, affecting their 'way of life'.

          That is doesn't bother you, personally is utterly irrelevant.

          1. Matt Bryant Silver badge
            Stop

            Re: dan1980 Re: dan1980

            "To draw a parallel, think of someone who is subject to a 'peeping tom'....." The difference is your 'peeping Tom' is imaginary. All you have have demonstrated is that you have convinced yourself you have something to fear, not that there is anything that you yourself need to actually fear, and shown no actual affect other than the one you are creating yourself by your paranoia.

            ".....That is doesn't bother you, personally is utterly irrelevant." The fact you cannot show how it affects you through anything other than your self-induced fears is totally relevant. You cannot show a reason why you even need to be afraid, you just want to think someone would be 'watching you'.

        2. Matt Bryant Silver badge
          FAIL

          Re: dan1980 Re: dan1980

          "....It's the freedoms you have and the mental and emotional state that you have as well as the worries and concerns that afflict you....." So no real and actual affects other than the ones you create yourself with your paranoia.

          1. dan1980

            Re: dan1980 dan1980

            @Matt Bryant

            Because the way someone feels is irrelevant to their way of life, right?

            By that logic, verbal and psychological bullying and abuse cannot be considered a legitimate cause for grievance

            Despite you posts, I simply cannot accept that you believe what you are professing to believe because if so then you are, quite simply, a person whom the rest of the world would be well served by avoiding utterly.

            Anyone who believes that the mental and emotional states of the people around them are not 'real and actual' and are not really worth considering; who believes that only physical effects are of any concern, would care nothing for upsetting and hurting the people around him because he wouldn't believe that they even were hurt.

            I don't believe that about anyone here.

            To address the 'paranoia' statement directly, you do realise that this mass surveillance is actually happening, don't you? It's not paranoid to say the our governments are collecting, storing and analysing details and records of everything we do online, every phone call we make and countless other bits of information because that really is what they are doing.

            1. Matt Bryant Silver badge
              FAIL

              Re: dan1980 Re: dan1980 dan1980

              "Because the way someone feels is irrelevant to their way of life, right?...." If someone cripples their own 'way of life' through unreasoning paranoia then that is their fault. Please do tell me why you think anyone, let alone the spooks or 'The Man', would have the slightest interest in you?

              "....By that logic, verbal and psychological bullying and abuse cannot be considered a legitimate cause for grievance...." The only bullying is being done to you by yourself! You're like a child that insists there are monsters under your bed, only when you are told 'take a look to see there are none there' you insist you are what monsters consider really, really tasty, and the very idea that a monster wouldn't want to eat you is just bullying, and besides - ALL your friends insist they have monsters under their beds....

              Your attempt to justify your paranoia by claiming anyone that doesn't think like you (i.e., have paranoid delusions) is just an uncaring monster is too funny for words! Seriously, get over yourself!

              1. dan1980

                Re: dan1980 dan1980 dan1980

                Ha!

                You don't half crack me up, Matt.

                You have actually, inadvertently, stumbled on one of the core complaints and concerns: why would my government have the slightest interest in me?

                That's the key question that so many are asking - our governments are collecting information on us all whether we should be of interest to them or not. That's not paranoia or delusional - it's actually happening.

                So, the question we are all asking is why collect info on people who should be of no interest to you? The answer is that everyone is at least potentially of interest to them. They don't know who it is they're looking for so they are gathering evidence on everyone. They might not exactly be considering everyone 'guilty' but they sure as hell aren't working under the presumption of innocence.

                And that is not the way it is supposed to be.

  13. Anonymous Coward
    Anonymous Coward

    That should dispel any lingering illusions a die hard optimist may have held that private companies were going to fight to the last crossed 't' and dotted 'i' of the law to protect users data from casual (or indeed 'official') abuse by anyone in UK government or law enforcement who fancies a peek at their privates. They may be right or wrong in the assessment that they have no choice, but one-click capitulation still just looks like "couldn't care less if it costs us to object".

    Disgusting, but entirely predictable.

  14. Jonathan Richards 1

    Quis custodiet ipsos custodes?

    This is the interesting question, of course. While you may, or may not, trust the current regime of Secretaries of State, police chiefs, and postal and telecomm operators, you can have no confidence that a future regime will not exploit the mechanisms of RIPA in ways that we, and Parliament, did not foresee. Indeed, reports are rife of local authorities abusing RIPA already.

    I just read through the RIPA chapter on "Acquisition and disclosure of communications data" [legislation.gov.uk], and nowhere does it state that the telco cannot inform their customer that their communications data has been the subject of a RIPA request. Unless the request itself comes marked with a protective security marking, I see no reason why the automated systems should not add a little paragraph to the subscriber's bill, saying "Oh, by the way, we told Chief Constable Bloggs who you have been talking to".

    PS An interesting snippet: Chapter II is explicitly not limited to telecommunications. Royal Mail, or similar fine postal operator, can be required to list all the mail dropping into your letter box, with associated postmarks, too.

  15. Otto is a bear.

    Automatic doesn't mean unregulated.

    An automatic process does not mean you can just dial up any number you want and get the information. There will be an audited process attached to this which will record the whys and wherefores.

    I suspect lawyers will have a good look at that process of obtaining phone records, and if it steps outside the provisions of the act, or any other act they'll be on it.

    Besides, obtaining your phone record from a telecoms company has always been a relatively simple process, of ringing up and asking, and stating why you want it and what authority you have. The telco then pushes a few buttons and out it comes. The DPA has always had exemptions for the investigation of crime. The police and security services really don't have the time to look at irrelevant phone data just because they feel like it.

  16. Barrie Shepherd

    Since everyone else seems able to get my metadata why can't I get a copy? Maybe I could try a request under FoI as is being attempted in Australia.

    http://www.smh.com.au/digital-life/consumer-security/spies-can-access-my-metadata-so-why-cant-i-my-15month-legal-battle-with-telstra-20141010-1146qo.html

  17. Roj Blake Silver badge

    Hypocrisy

    The interesting thing about RIPA is that the media was almost universally in favour of it until it emerged a month or two back that the police had been using it to obtain journalists' phone records (its how they traced the Plebgate leak).

    Of course, if they had a scintilla of ethical thought they would campaign for a complete overhaul, but no, they want an exemption for themselves

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019