#Vodafone #EE and 3 (#ThreeUK) give police mobile call records at click of a mouse

10/10/2014
Shush!  They can hear you!

Shush! They can hear you!

Mobile phones outnumber land-lines massively. In the UK, there are 82.7m mobile subscriptions in the UK; compare that to 24.4m home landlines and a total of 33.1m fixed landlines (including landlines used for broadband connections). In the UK, 15% of people live in mobile-only households. And that’s the UK, a developed world nation where substantial land-line infrastructure already exists. Think about developing world countries where low rural population concentration and large distances make mobile networks a necessity. An awful lot of business is being carried out on these mobile networks: both private and commercial, on phones or online. You’d think all this communication would be protected by law, right? Duh! wrong answer. According to The Guardian:

Three of the UK’s four big mobile phone networks have made customers’ call records available at the click of a mouse to police forces through automated systems, a Guardian investigation has revealed.

EE, Vodafone and Three operate automated systems that hand over customer data “like a cash machine”,as one phone company employee described it.

Of the 4 big mobile networks, only O2 manually reviews Ripa requests (Ripa is the Regulation of Investigatory Powers Act, which governs who can access systems like the phone networks). EE (the UK’s largest network, consisting of Orange and T-Mobile), Vodafone, and 3, all use systems that largely bypass any need for human intervention, basically meaning that access to these sensitive records is automated. With no manual oversight, mistakes or loopholes in the automated systems will not be detected, and can be misused deliberately.

Privacy advocates are also concerned that the staff within phone companies who deal with Ripa and other requests are often in effect paid by the Home Office – a fact confirmed by several networks – and so may, in turn, be less willing to challenge use of surveillance powers.

According to the Guardian article:

Several mobile phone networks confirmed the bulk of their queries were handled without human intervention. “We do have an automated system,” said a spokesman for EE, the UK’s largest network, which also operates Orange and T-Mobile. “[T]he vast majority of Ripa requests are handled through the automated system.” The spokesman added the system was subject to oversight, with monthly reports being sent to the law enforcement agency requesting the data, and annual reports going to the interception commissioner and the Home Office.

A spokesman for Vodafone said the company processed requests in a similar way. “The overwhelming majority of the Ripa notices we receive are processed automatically in accordance with the strict framework set out by Ripa and underpinned by the code of practice,” he said. “Even with a manual process, we cannot look behind the demand to determine whether it is properly authorised.”

A spokesman for Three, which is also understood to use a largely automated system, said the company was simply complying with legal requirements. “We take both our legal obligations and customer privacy seriously,” he said. “Three works with the government and does no more or less than is required or allowed under the established legal framework.

Only O2 said it manually reviews all of its Ripa requests. “We have a request management system with which the law enforcement agencies can make their requests to us,” said the O2 spokeswoman. “All O2 responses are validated by the disclosure team to ensure that each request is lawful and the data provided is commensurate with the request.”

Mike Harris, director of the Don’t Spy On Us campaign, said the automated systems posed a serious threat to UK freedom of expression. “How do we know that the police through new Home Office systems aren’t making automated requests that reveal journalist’s sources or even the private contacts of politicians?” he said.

“Edward Snowden showed that both the NSA and GCHQ had backdoor access to our private information stored on servers. Now potentially the police have access too, when will Parliament stand up and protect our fundamental civil liberties?”

So much information goes over mobile networks nowadays. Not just phone calls and text messages – there’s also the high volume of data transfer over mobile broadband systems. All this information is available to “investigators” who can interrogate the computer systems directly, with no need to go through a middle-man.

If you use a trustworthy VPN service, and encryption, you may be able to keep the data traffic somewhat more private. But the very action of encrypting your traffic attracts investigators’ attention. And voice and text message data does not even have that limited protection.

A solution, so far as computer and smart phone data is concerned, is available, at least in theory. If we all opted for mobile mesh networking, we could cut out the mobile networks entirely. And it wouldn’t be hard to include traditional speech (and sms) in such a system. And the software is already out there – for example Open Garden. These enmeshed systems are probably the future of mobile connectivity. The only question is: when will mobile users take to it by default? Most people don’t think the government snooping into our communications is a major problem (The “if you’ve done nothing wrong you have nothing to worry about” min-set). Will this apathy win out? I hope not. When I use a 3G modem or tethered smartphone I generally use a VPN. But I haven’t fully checked out the various solutions available – or their pitfalls. And I’m more aware of these issues than average. There’s a good chance we’re trying to tackle a problem that’s already out of control. Do yourself – andf everyone else – a favour. Do a web search for “mesh networks” and the other subjects I’ve mentioned here. Did you know that when you send an email, the message is only as secure as what you might write on a postcard? And things can only get worse.

Locations of visitors to this page


free web stat


Bloody mobile broadband dongles! I hate them!

27/03/2014

I’ve been using mobile broadband for some time. I live in the UK. First of all I used Vodafone’s network, but soon got rid of that as Vodafone charged £10 per GB of data transferred (note: that’s per GB transferred, not per GB downloaded)… it worked out as very expensive. Eventually I switched to 3 (another UK mobile phone/mobile broadband service provider) that charged £15 per GB transferred. Still pricey, but a lot cheaper than Vodafone.

Problem with the dongles is, they are plastic sticks that stick some 7cm out the side of your laptop, and are held in place by the vulnerable USB plug. Laptops are portable devices, often moved around etc, and if the dongle hits something that vulnerable USB plug can easily break. A while ago I suggested to 3’s Twitter account (@ThreeUKSupport) that they should use a different design; eg. a “L” shaped dongle that wouldn’t involve 7cm of plastic sticking out the side of a device putting undue stress on the USB plug (after all the USB plug is designed as a plug, not a strong physical connection). But 3 weren’t at all helpful on this, stating that they had no plans to use a redesigned dongle. Of course, 3 aren’t the only culprits – as far as I can tell all the mobile broadband providers use the stupid vulnerable design. But does that make it right? Of course not! (There are less vulnerable devices available, such as the MiFi routers, but they are not so mainstream and are more expensive than the dongles.)

Anyway, my 3 dongle got damaged – it hit something, the weak USB plug got bent, and now the dongle doesn’t work. I have prepaid credit on the dongle which I can’t use! What to do? I’ve got in touch with 3 on Twitter again, and am still waiting for a response. And what are they going to do? I hate to think. It’d be nice if they gave me a new dongle, maybe with extra credit to make up for my trouble (after all I did warn them about this possibility). But what do you think? Will @ThreeUKSupport be nice? Or will it be a case of TSB (Tough Sh*t Baby)? I hope for the best but expect the worst.

So, what should you do if you need mobile broadband? One solution is to wirelessly tether a smartphone (or tether by wire a 3G “dumbphone”, something I did for a while when I owned a 3G dumbphone). But to tether a smartphone you have to jail-break it. Which voids warranties. Or buy a MiFi router… not as affordable as a dongle. You could creep about with your laptop, taking extra care not to knock the dongle into anything… but is that paranoia how you want to live? No, me neither.  And now they’re rolling out 4G mobile internet devices, they have to take care of their customers better.

We all need to contact our service providers, demanding redesigned, possibly L-shaped dongles (I did that, but my lone voice had no effect… maybe if we all hassled them, maybe they would do something). 3’s Twitter account for customer services is @ThreeUKSupport. Get onto them! We need redesigned dongles or more affordable MiFis. Come on, let’s tell ’em what we think! Surely I’m not the only user to have accidentally trashed his dongle. Am I?

UPDATE 18:37 UST: Well whaddaya know! I was right to expect the worst!  Customer goodwill is worthless as far as 3 are concerned.  I broke their idiotically-designed dongle, with £15 credit on it.  Their answer? “Tough Sh*t Baby”.  They want me to buy a new one!  Bastards…

Locations of visitors to this page


free web stat


%d bloggers like this: