Mobile phones outnumber land-lines massively. In the UK, there are 82.7m mobile subscriptions in the UK; compare that to 24.4m home landlines and a total of 33.1m fixed landlines (including landlines used for broadband connections). In the UK, 15% of people live in mobile-only households. And that’s the UK, a developed world nation where substantial land-line infrastructure already exists. Think about developing world countries where low rural population concentration and large distances make mobile networks a necessity. An awful lot of business is being carried out on these mobile networks: both private and commercial, on phones or online. You’d think all this communication would be protected by law, right? Duh! wrong answer. According to The Guardian:
Three of the UK’s four big mobile phone networks have made customers’ call records available at the click of a mouse to police forces through automated systems, a Guardian investigation has revealed.
EE, Vodafone and Three operate automated systems that hand over customer data “like a cash machine”,as one phone company employee described it.
Of the 4 big mobile networks, only O2 manually reviews Ripa requests (Ripa is the Regulation of Investigatory Powers Act, which governs who can access systems like the phone networks). EE (the UK’s largest network, consisting of Orange and T-Mobile), Vodafone, and 3, all use systems that largely bypass any need for human intervention, basically meaning that access to these sensitive records is automated. With no manual oversight, mistakes or loopholes in the automated systems will not be detected, and can be misused deliberately.
Privacy advocates are also concerned that the staff within phone companies who deal with Ripa and other requests are often in effect paid by the Home Office – a fact confirmed by several networks – and so may, in turn, be less willing to challenge use of surveillance powers.
According to the Guardian article:
Several mobile phone networks confirmed the bulk of their queries were handled without human intervention. “We do have an automated system,” said a spokesman for EE, the UK’s largest network, which also operates Orange and T-Mobile. “[T]he vast majority of Ripa requests are handled through the automated system.” The spokesman added the system was subject to oversight, with monthly reports being sent to the law enforcement agency requesting the data, and annual reports going to the interception commissioner and the Home Office.
A spokesman for Vodafone said the company processed requests in a similar way. “The overwhelming majority of the Ripa notices we receive are processed automatically in accordance with the strict framework set out by Ripa and underpinned by the code of practice,” he said. “Even with a manual process, we cannot look behind the demand to determine whether it is properly authorised.”
A spokesman for Three, which is also understood to use a largely automated system, said the company was simply complying with legal requirements. “We take both our legal obligations and customer privacy seriously,” he said. “Three works with the government and does no more or less than is required or allowed under the established legal framework.
Only O2 said it manually reviews all of its Ripa requests. “We have a request management system with which the law enforcement agencies can make their requests to us,” said the O2 spokeswoman. “All O2 responses are validated by the disclosure team to ensure that each request is lawful and the data provided is commensurate with the request.”
Mike Harris, director of the Don’t Spy On Us campaign, said the automated systems posed a serious threat to UK freedom of expression. “How do we know that the police through new Home Office systems aren’t making automated requests that reveal journalist’s sources or even the private contacts of politicians?” he said.
“Edward Snowden showed that both the NSA and GCHQ had backdoor access to our private information stored on servers. Now potentially the police have access too, when will Parliament stand up and protect our fundamental civil liberties?”
So much information goes over mobile networks nowadays. Not just phone calls and text messages – there’s also the high volume of data transfer over mobile broadband systems. All this information is available to “investigators” who can interrogate the computer systems directly, with no need to go through a middle-man.
If you use a trustworthy VPN service, and encryption, you may be able to keep the data traffic somewhat more private. But the very action of encrypting your traffic attracts investigators’ attention. And voice and text message data does not even have that limited protection.
A solution, so far as computer and smart phone data is concerned, is available, at least in theory. If we all opted for mobile mesh networking, we could cut out the mobile networks entirely. And it wouldn’t be hard to include traditional speech (and sms) in such a system. And the software is already out there – for example Open Garden. These enmeshed systems are probably the future of mobile connectivity. The only question is: when will mobile users take to it by default? Most people don’t think the government snooping into our communications is a major problem (The “if you’ve done nothing wrong you have nothing to worry about” min-set). Will this apathy win out? I hope not. When I use a 3G modem or tethered smartphone I generally use a VPN. But I haven’t fully checked out the various solutions available – or their pitfalls. And I’m more aware of these issues than average. There’s a good chance we’re trying to tackle a problem that’s already out of control. Do yourself – andf everyone else – a favour. Do a web search for “mesh networks” and the other subjects I’ve mentioned here. Did you know that when you send an email, the message is only as secure as what you might write on a postcard? And things can only get worse.