back to article Radio nerd who sipped NHS pager messages then streamed them via webcam may have committed a crime

A radio electronics geek has been caught eavesdropping on NHS medics' pager messages, translating the signals into text while broadcasting them on the internet via a publicly available webcam stream – possibly committing a crime in the process. Security researcher Daley Borda said he found the video stream by chance. The …

  1. Blockchain commentard Silver badge

    If you know the patient's address, surely putting 1 and 1 together adds up to that region's NHS Trust?

    1. Halfmad Silver badge

      Usually, but not always. People get treatment out of trust area pretty frequently. Think about those who work away from home, even a couple of miles can land you in another trust area or the nearest hospital may simply be closer than your "home" trust.

      1. katrinab Silver badge

        Sure, but plot all the patients on a map, and it should cover all of the trust's area, plus some of the surrounding area. That should tell you which trust it is.

        1. John Brown (no body) Silver badge

          Trusts are not always geographically contiguous and often overlap and/or interleave, but yes, plotting the known data is very likely to point to a specific hospital and therefore the trust name.

  2. Phil O'Sophical Silver badge

    Ham?

    I don't see anything in this or the original article to say why you assume it's a radio ham (i.e. a qualified, licensed user), and not just someone listening on a scanner. Without the user's callsign, if (s)he has one, the RSGB certainly isn't going to be able to comment.

    1. nigel watkinson

      Re: Ham?

      I was going to say the same thing. There's no indication that this was done by a licensed amateur and my bet would be that it wasn't. Licences can get revoked for things like this, so it's a bit risky.

      It's unfortunate that anyone who isn't just a consumer of standard UK broadcast media is invariably labelled a "ham" by the technically incompetent press.

      I expect better from The Reg though.......

      1. Anonymous Coward
        Anonymous Coward

        Re: Ham?

        Theres no way it was a ham, have you heard how they moan about digital modes?

        1. werdsmith Silver badge

          Re: Ham?

          Haha, digital modes like Morse?

          Amateurs were building and operating TNCs for packet since the mid 80s.

          But it's true that the Icom D-Star and the digital side of the Yaesu Fusion repeaters are not that popular. What would be the point?

          1. Phil O'Sophical Silver badge
            Happy

            Re: Ham?

            Amateurs were building and operating TNCs for packet since the mid 80s.

            I still have one in a dusty cupboard somewhere, complete with KA9Q software burnt into an EPROM. Fun to work on AX.25 at the same time I was doing X.25 professionally.

  3. deive

    If you leave your house unlocked, you're insurance won't pay out...

    Even if it is illegal to do, do you think someone can be prosecuted for recieving non-encryted info sent out over the air?

    1. Doctor Syntax Silver badge

      Yes. Read the article. Note the bit about the Wireless Telegraphy Act 2006. If it's illegal you can be prosecuted.

      1. deive

        Because of the specific details it may not come to prosuction if it is not in the public interest. The fact it is unencrypted and easy for the public to access could well mean that they have a strong defnse.

    2. rg287 Silver badge

      Wireless Telegraphy Act 2006

      48 Interception and disclosure of messages

      (1) A person commits an offence if, without lawful authority-

      (a) he uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of a message (whether sent by means of wireless telegraphy or not) of which neither he nor a person on whose behalf he is acting is an intended recipient, or

      (b) he discloses information as to the contents, sender or addressee of such a message.

      So both counts - not only was he snooping, but broadcasting on the web to boot. Entirely illegal and a prosecution would inevitably succeed short of some epic incompetence on the part of the Police or Prosecution to throw the case.

      Whether a prosecution would be brought is another matter. There's a pretty limited public interest case here (the CPS prosecutes if such action is in the public interest AND is likely to succeed) and as the ABC trials showed, one should not expect that publicly-available information be ignored "because anything else just isn't cricket".

      If a greyhat can do it, a blackhat can. The scope potentially includes - say - terrorists monitoring transmissions to plan/target attacks. A prosecution of this guy won't stop that. In the absence of demonstrated harm there is no public interest in a prosecution - only in securing the insecure systems.

      1. NotBob
        FAIL

        It was effectively a public broadcast, as many places would acknowledge emergency dispatches are. Part a falls apart like a toilet paper bikini in a wave pool.

        Part b effectively requires that the broadcast was private to begin with, so it falls apart like a poorly designed flaming marshmallow sculpture on a windy day.

        Hopefully, stupidity will not prevail and there will be no prosecution.

        1. DCFusor Silver badge

          Upvoted for the humor alone. What's wrong with people here?

          Do you LIKE your UK surveillance state? Wow.

          At least the last time I checked, listening to anything tossed out into the airwaves was legal in the US.

          As if anyone could tell you were!

          Sharing is another story - that might actually affect something ever so slightly. But just listening? Who said you could bombard me with your nasty RF photons anyway?

          1. Barrie Shepherd

            At least the last time I checked, listening to anything tossed out into the airwaves was legal in the US.

            Not true for many years it was, and probably still is, illegal to monitor cellular radio transmissions.

            Importing equipment capable of tuning the cellular bands was illegal and suppliers had to block those frequencies on 'worldwide' equipment.

            1. Michael Wojcik Silver badge

              Not true for many years it was, and probably still is, illegal to monitor cellular radio transmissions.

              Since 1986. That was when it first became illegal to receive any type of wireless transmission in the US.

              Importing equipment capable of tuning the cellular bands was illegal

              That came later, in 1993, per the same source.

              Of course, tu quoque, this does not make the UK situation any better.

          2. iron Silver badge

            You have your fingerprints taken at every US airport whether you're a criminal or not.

            How do you like your Land-Of-The-Free now?

            1. Anonymous Coward
              Anonymous Coward

              Crossing the road is apparently a crime called "jay walking" wtf? How can it be illegal to just cross a road?

              And the irony of calling the country with the highest prison population in the world the "land of the free", is apparently lost on them.

              1. Androgynous Cupboard Silver badge

                Even the chickens don't do it/ They have been chlorinated into submission.

            2. PacketPusher
              Megaphone

              The US is certainly not as free as it used to be, but I have never had to get finger printed at the airport. As I recall, I never had to submit finger prints for my passport either. I did have to submit a thumb print for my driver's license.

        2. This post has been deleted by its author

      2. dfsmith

        According to part (1)(a), it would be illegal to take a photo[1] with your phone[2] if it includes a license plate[3].

        [1] Recording of photons that travel without wires.

        [2] Wireless telegraphy apparatus. (Definition of "telegraphy" notwithstanding.)

        [3] Unless that license plate was there specifically for him, or the person on whose behalf he is acting.

        1. HorseflySteve

          wireless telegraphy act does not apply...

          ...to visible spectrum since you don't need a special receiver, just eyeballs. Also, the main local broadcaster is too big & far away to prosecute for transmitting without a licence...

    3. Paul Stimpson

      "

      If you leave your house unlocked, you're insurance won't pay out...

      Even if it is illegal to do, do you think someone can be prosecuted for receiving non-encrypted info sent out over the air?"

      If you leave your door unlocked and someone enters and removes your property without your permission then they can still be prosecuted for theft. Your failure to secure your property doesn't constitute permission.

      Under the UK Wireless Telegraphy Act, unless you are a person with permission from the government, like an Ofcom employee whose job it is to monitor radio compliance or you have permission from the radio transmission license holder you may only receive transmissions intended for general reception (licensed broadcast stations), weather broadcasts, CB or amateur radio. A side effect of this is that it is actually a crime to listen to a pirate radio station because they don't have a license and are therefore not covered by the broadcast exemption.

      There is an Ofcom document that sets out what it is legal to use a radio receiver for.

      Someone can absolutely be prosecuted under the Wireless Telegraphy Act for receiving something they shouldn't that was unencrypted and it has happened. An offence under the Regulation of Investigatory Powers Act has probably also been committed if someone knowingly intercepts private messages intended for someone else without their permission. Add on a Data Protection Act charge too if the signal contained personal information because it was sent by a computer and miscreant in this case used a computer to convert it back into text.

      That this person had an Amateur Radio License is an aggravating factor as they have done radio training, should know better and can't claim they bought a scanner off Amazon and nobody told them what they shouldn't do with it. They are in a load of trouble and, if prosecuted under the Wireless Telegraphy Act will be disqualified from holding an Amateur radio license or working for any broadcast station for 5 years.

      +10 stupidity points for also putting it unsecured on the Internet so they got caught.

      1. Rasslin ' in the mud
        FAIL

        That this person had an Amateur Radio License ...

        Downvote for making an assertion as fact about an assumption.

      2. John Brown (no body) Silver badge

        "Someone can absolutely be prosecuted under the Wireless Telegraphy Act for receiving something they shouldn't that was unencrypted and it has happened. An offence under the Regulation of Investigatory Powers Act has probably also been committed if someone knowingly intercepts private messages intended for someone else without their permission. "

        Anyone remember the days when the Police radios used VHF/FM and were broadcasting just above the frequencies allocated to public broadcasting? Quite a few commercial radio receivers would tune just far enough out of band that you could hear the Police. Not that I ever did, of course, no sir, not me.

        1. Martin an gof Silver badge

          I used to work at a radio station which had a "high band" frequency allocated to one of its transmitters just as the police were vacating. For a while - before I started there - this particular radio station used the slogan "on the right side of the law" - i.e. keep turning your dial to the right.

          When I was working there (after the police had left broadcast VHF), we had two transmitters, one above 100MHz, one below. The news editor - who lived within the footprint of the higher-frequency transmitter - brought be a lovely old valve radio to fix one day. It wouldn't tune above 100MHz (ish) so he couldn't listen (on that radio) to the output of his own radio station. I think he saw that as a bonus :-)

          M.

    4. Andy Tunnah

      If you leave your house unlocked and someone burgles you, it's still a crime, you walnut.

  4. nichomach
    Big Brother

    Surprise surprise...

    Not that I don't think this pillock should be prosecuted, I certainly do, but the contrast between their lightning-swift reaction to one guy on his own breaching RIPA as opposed to their glacial pace and unwillingness to act against a couple of big companies like, say, oh, BT and Phorm is somewhat noticeable.

    1. Cederic Silver badge

      Re: Surprise surprise...

      I disagree that this pillock should be prosecuted. While he probably was breaking the law, an appropriate response is a stern telling off and a suggestion he's a bit more sensible in the future.

      The law needs a sense of proportion and discretion.

      1. phuzz Silver badge

        Re: Surprise surprise...

        Worth noting that so far no one has been charged, let alone prosecuted.

      2. Anonymous Coward
        Anonymous Coward

        Re: Surprise surprise...

        > an appropriate response is ...

        Encrypting sensitive information instead of broadcasting it in cleartext?

        1. John Brown (no body) Silver badge

          Re: Surprise surprise...

          This is hospital pagers. The NHS are about the only people still using pagers. I doubt anyone is thinking i investing in upgrading the system. (Yes, I am aware the NHS *love* their pagers because they work reliably in places mobile phones can't reach)

  5. TrevorH

    > to make the content of the communication available to someone who is neither sender nor recipient"

    Under that clause, is it not the responsibility of the NHS trust in question since it is them that are making the content of the communication system available by broadcasting it in plain text in the first place?

    1. rg287 Silver badge

      Ethically, certainly.

      I suppose a broad interpretation might hold that by broadcasting it the NHS Trust themselves had breached that clause, though I doubt a court would go for that other than to say "upgrade post haste". They certainly wouldn't convict anyone. One might also question whether the information is sufficiently specific that GDPR is applicable... unencrypted broadcast of identifiable medical information opens a whole different can of worms which could hold a lot more pain for the Trust.

    2. Jason Bloomberg Silver badge
      Childcatcher

      It has been a long time since I've had anything to do with POCSAG or pagers but I thought there was encryption available which was used by all the Foreign Exchange and City folk.

      It's long been known that pager messages - "everything, from anyone" - can be pulled off-air and easily decoded by anyone with a passing interest in electronics and microcontrollers. A Raspberry Pi is probably perfect for the job.

      For some people, watching pager messages go by is a hobby as much as listening to the police broadcasts was. This guy's mistake was letting people know he was doing that, disseminating the info he lifted out of the air.

      I had wondered what was going to happen to NHS pagers when it was announced "the pager network has closed down", as they have always been big users. I presumed it would only be in-hospital set-ups left running because they relied upon them so much. I would guess he's near a hospital, only picking up limited data.

      I'd like to know more about what he was actually receiving before I passed judgement on how bad his offence has been.

    3. agurney

      Under that clause, is it not the responsibility of the NHS trust in question since it is them that are making the content of the communication system available by broadcasting it in plain text in the first place?

      Why should the NHS spend a fortune upgrading their systems just because some scrote has a cheap SDR dongle and chooses to broadcast their pager messages? It may be old technology, but it has wider coverage than mobile telephony.

      This is the same as intercepting ambulance, police, fire, coastguard, aircraft etc. radio conversations in the clear .. listening in is illegal but unlikely to lead to prosecution, however acting on those messages or re-transmitting them is the bigger problem.

      1. Anonymous Coward
        Anonymous Coward

        Why should the NHS spend a fortune upgrading their systems just because some scrote has a cheap SDR dongle and chooses to broadcast their pager messages? It may be old technology, but it has wider coverage than mobile telephony.

        ...because they have a duty of care under the data protection act and medical confidentiality regulations to protect confidential patient information from unauthorised disclosure and it's not hard to argue that transmitting this kind of information over an unencrypted radio link breaches this duty of care because it is known such scrotes exist and may well be listening.

        Companies have been prosecuted for leaving open databases of customer data on the Internet to be snafled

        1. werdsmith Silver badge

          NHS started a project to get rid of outdated pagers at the beginning of this year.

          1. stiine Silver badge
            Facepalm

            What other kind of pagers are there?

            1. Anonymous Coward
              Anonymous Coward

              What other kind of pagers are there?

              Admittedly this is a UK site, but pagers still have quite a following in the US where you can be several hours from a 2G signal (let alone 3/4G). Presumably other geographically-challenging terrains will also have a need for the foreseeable future ?

              Which makes me wonder if pager-insistent US software is the reason they are still in use in the UK ? Like websites that only have "Canada" as an option in the "country" field, and refer to zip code.

              1. AndyFl

                Re: What other kind of pagers are there?

                They could use TETRA pagers on the Airwave public safety network. The Airwave network has extremely good coverage and is encrypted. Ambulances and other emergency service vehicles are already using the Airwave system so there would be no problem getting permission to use it.

            2. katrinab Silver badge

              A mobile phone that supports text messages. Anything produced in about the last 20 years should work.

          2. TomPhan

            So the ones which aren't outdated can be retained? There's plenty of places in hospitals where the only working alternative to a pager is someone running into every room looking for someone and telling them the message.

            1. doublelayer Silver badge

              Just give the pager a very basic microprocessor capable of performing encryption and decryption. They have them all over the place, and they're quite cheap and run with little power requirements. You can still use the same frequency. Given the privacy requirements of some of this data, that would seem to be a sane precaution.

      2. Loyal Commenter Silver badge

        Why should the NHS spend a fortune upgrading their systems just because some scrote has a cheap SDR dongle and chooses to broadcast their pager messages?

        The same reason that they shouldn't be putting confidential patient files in a dumpster without shredding them. IIRC, trusts can, and have, been fined for doing exactly that.

    4. Cav

      No, "who is neither sender" The NHS is the sender.

  6. Dwarf Silver badge

    Dear government...

    If you don’t want someone else to read it, then go and learn about encryption algorithms.

    Sending things in clear text over open communication channels means that anyone can read it.

    You are sending post cards, it makes no difference that you are using an out dated technology, it’s still your fault, not the guy who found it.

    1. d3vy Silver badge

      Re: Dear government...

      "You are sending post cards, it makes no difference that you are using an out dated technology, it’s still your fault, not the guy who found it"

      This argument is flawed. Because in the context of the article the person who found the post card then took a picture of it and put it online - knowing that it contained personal information of strangers.

      1. Anonymous Coward
        Anonymous Coward

        Re: Dear government...

        Well in this context they are mailing the same postcard with someone's medical details to everyone in the city, and you're supposed to throw it away without reading it if it's not for you.

    2. Pete4000uk

      Re: Dear government...

      The funny thin is there are quite a few encrypted pager messages down on 138/139 Mhz.

  7. Dr.Flay

    Lesson learned

    I happen to know the nerd in question. Oh how pleased they are going to be about being a news story.....*cough*

    The individual in question is not a HAM operator but uses SDR kit to listen to interesting radio streams, such as air traffic control, passing satellites and apparently the local football stadium.

    Publicly available software is used to listen to the same stuff you or I can tune in to any time we want.

    The webcam feed was not intended for the public. It is not on a web domain, is not linked or shared on any web sites, and cannot be found with normal search engines.

    You have to know the IP address to find the landing page for the home web-hub.

    Apparently most of the time the camera shows flashing disco lights, oscilloscope visuals, or whatever retro project is in progress that needs monitoring.

    This was part of his raspberry pi powered home entertainment system.

    The "general public" would never have seen it even if they tried looking, however shodan users can find it which is why it took a security bod to actually find it.

    I suggested that the person limit IP access or use a password in future.

    As touched on in the article we should however be using this incident to highlight the state of affairs concerning the UK tech infrastructure.

    As already noted, you or I can access the same info without any restriction.

    The term Ambulance-chasers was coined a long time ago because of journalists and creeps that monitor the emergency channels so they can beat others to a story or make money from misery.

    This is still a thing.

    1. d3vy Silver badge

      Re: Lesson learned

      "The "general public" would never have seen it even if they tried looking, however shodan users can find it which is why it took a security bod to actually find it."

      Just a small point - its not just "Security Bods" who use shodan... So more nefarious people could (and probably did) find it quite easily

    2. John Brown (no body) Silver badge

      Re: Lesson learned

      "As already noted, you or I can access the same info without any restriction."

      Whilst I agree with you in principle, there is a law against accessing it. Just as there are laws against picking up a piece of fruit from a display, on the public footpath outside a shop in a fully publicly accessible place, and walking off with it.

      Not all laws are enforceable in practice but can be used against you as a last resort once you draw attention to yourself. A bit like the catch-all "wire fraud" we often see bandied about in US cases.

  8. matt 83

    3 2 1 ...

    And Daley Borda gets arrested under the computer misuse act for illegally hacking into the public webcam stream by opening it in a browser.

    Also, wouldn't broadcasting personal info over an unencrypted radio link be a gdpr violation?

  9. FlippingGerman

    Ofcom says nothing -

    good. They have better things to do.

    And someone get the NHS to update their tech.

  10. streaky Silver badge

    Humbug

    It's trivial to gulp down pager messages, the encoding on them stands up to no scrutiny at all and in theory doing so isn't a problem. Asking people not to look at what's passing through the air is like doing semaphore and asking people to look the other way - AFAIK merely listening has never been tested in court and it wouldn't survive if it was. HOWEVER - then distributing the data you collect has always been a no-no, predating RIPA.

    TBH I'd say prosecute the hospitals that are passing messages around effectively unencrypted. Seems like a job for the ICO.

    1. nichomach
      Unhappy

      Re: Humbug

      That presumes that the ICO's role is to protect citizens' data. Observation would indicate that in most cases it's to explain that they're not going to.

  11. Chronos Silver badge

    The RSGB and other inaccuracies

    The RSGB represent themselves and their own agenda. No more, no less. Ask the Milton Keynes Amateur Radio Society about how many fucks the RSGB give about important historic radio sites, for example.

    This is highly unlikely to be a licensed amateur anyway. More likely it's someone who stumbled upon an RTL-SDR and went looking for something interesting to do with it. The beeps and boops filling the VHF/UHF spectrum seem mysterious and interesting but, as this so eloquently shows, there's bugger all content in most of it. You'd have to be really bored to find this interesting. AIS broadcasts are much more fun for about ten minutes.

    As for prosecuting for passing unencrypted data about, paging a doctor is hardly more than "ring the ICU at your earliest" at its best and only exists because wandering around a multiple acre hospital site looking for the bugger is too time consuming. No patient data was harmed in this entry level geekery and old school pagers are being turned off fairly soon anyway. This person's prosecutable mistake was making what he or she received available to a third party.

    Since most hospitals now have WiFi discos volante in the ceiling tiles, I can think of an emerging application for ESP32s and OLED displays that replicate the whole thing securely, Star Trek commbadge-esque. Well, as securely as WiFi can possibly be, at any rate.

    "Alexa, where is Doctor Majengwe?"

    "Doctor Majengwe is asleep in the autoclave room after a 45 hour shift on shit pay. Do you wish to deprive her of any more sleep?"

  12. Barrie Shepherd

    So, along with a few thousand others, am I going to be prosecuted for using a SDR dongle and Raspberry Pi to monitor transmissions on 1090 MHz and sharing the content with a number of world wide networks distributing the information that I receive on very public web sites?

    The law should be put back to where it used to be. Legal to listen to off air signals, illegal to rebroadcast or otherwise distribute the content, illegal to break encryption.

    1. HorseflySteve

      wait for the knock on your door...

      UK law has ALWAYS been that it is illegal to receive any wireless message or transmission that you were not intended to receive. The Wireless Telegraphy Act was first made law in 1904 and has been updated a few times since then but that has remained constant.

      If I were you, I'd stop doing it or keep quiet...

    2. jeffdyer

      You ask whether you will be prosecuted for "sharing the content with a number of world wide networks distributing the information that I receive"

      While stating "Legal to listen to off air signals, illegal to rebroadcast or otherwise distribute the content"

      Answered your own question really.

  13. big_D Silver badge

    No encryption...

    exploiting the fact that the antiquated technology behind the UK's remaining pager deployments sends messages without any encryption at all.

    So, he is picking up unencrypted messages on the public airwaves? I think it is the NHS Trust that should be in hot water! It isn't too bright of the radio operator to stream the results, but it is clearly the Trust that is at fault here.

    It is, however, a criminal offence under both the Wireless Telegraphy Act 2006 and the Snoopers' Charter (aka the Investigatory Powers Act 2016, or IPA) to eavesdrop on messages that are not intended either for the public or for you personally.

    As they are unencrypted, it could be argued that the messages are being broadcast in the public domain and he is simply a listener. If they weren't meant to be evesdropped by the public, they would be encrypted.

    The webcam side is another matter, of course.

    1. HorseflySteve

      Re: No encryption...

      "As they are unencrypted, it could be argued that the messages are being broadcast in the public domain and he is simply a listener."

      The definition of a 'broadcast' has a strict definition in the Wireless Telegraphy Act. A broadcast is intended to be received by the general public and the Broadcaster's license will state what they may and may not broadcast. A pager transmission is NOT intended to be received by the general public but by the holder of a pager and so is a private transmission not a broadcast under the definition of the Act. It doesn't matter whether it's encrypted or not, the offence is committed by the act of DELIBERATELY receiving the transmission when not authorised to do so by the pager service under the terms of its licence. The relaying of the information unintentionally or illegally received is a further, separate offence under the Act.

      Bear in mind the the Wireless Telegraphy Act has a long history and most of it was written long before real-time signal encryption existed. The only method to protect private signals was to transmit on frequencies that were not receivable on publicly available receivers for which, I should add, you needed a license. The non-disclosure rule was added to cover home made hobbyist sets that might pick up the signals accidentally.

  14. Chris the bean counter

    Is NHS breaking the law

    Not encoding the messages

    1. d3vy Silver badge

      Re: Is NHS breaking the law

      * Encrypting

    2. HorseflySteve

      Re: Is NHS breaking the law

      No. The NHS is using a paging service which is operating legally under the terms of its licence.

      The only law-breaking in this case is the person deliberately receiving the pager signals and compounding it by passing the information received on to other unauthorised persons.

  15. Anonymous Coward
    Anonymous Coward

    Did IQs just fall suddenly around here?

    It's not so much that he was listening in as he converted the pager messages to text and then streamed them on an open-to-all webcam feed.

    This wasn't some random list of people's shopping, or the results of last week's football matches, it was information about people's accidents and injuries, their addresses, and all sorts of other stuff that really should not be shared to those who do not need to know.

    Regardless of how you feel about freedom of information, people's right to access unencrypted messages etc, it is not acceptable to broadcast that sort of information "just because you can".

  16. Roger Mew

    Ha ha ha thing is its not illegal in another country to put up the UK's rubbish, so for example a "D" notice means nothing in France and posting anything from another country in ones country of visitation also means nothing.

    1. David Shaw
      Black Helicopters

      no "DSMA" Notice?

      you mean I can link to https://wikispooks.com/wiki/Pablo_Miller

      without the sound of helicopters.....

  17. Anonymous Coward
    Anonymous Coward

    Sir, can you fill this for me?

    Yes nurse, but not from here.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019