Ian - stock.adobe.com

Police secrecy over ‘IMSI-catcher’ mass surveillance of mobile phones

Following a tribunal ruling, constabularies in England and Wales can refuse to confirm or deny whether they use mass surveillance devices, known as IMSI-catchers to monitor people’s location, phone calls and text messages

Police forces in England and Wales will able to refuse to say whether they use surveillance equipment – known as IMSI-catchers -- that are capable of monitoring thousands of mobile phones, following a ruling by a freedom of information tribunal.

Privacy campaigners said this week that they would not challenge the tribunal’s decision to permit police forces in England and Wales to "neither confirm nor deny" they are using IMSI-catchers to track mobile phones in response to requests under the Freedom of Information Act.

IMSI-catchers, also known as Stingrays, allow police forces to track mobile phones and intercept text messages, calls and other data within their radius in real time. The devices can capture the private data and phone calls of anyone who happens to be in range, whether they are a suspect or not.

Police forces may use the devices at football matches, political demonstrations, attach them to planes to target individuals or to gather private data of hundreds of people, the majority of whom are not suspects of any crime.

Although police forces in the US and Germany are open about their use of fake cell towers, police in England and Wales have declined to confirm or deny their use of IMSI-catchers for mobile phone surveillance.

The National Police Chief's Council declined to say last night what the legal basis is for police use of IMSI-Catchers is or to answer a series of questions about the technology from Computer Weekly.

A spokesman said that the only response he could give was, "we can neither confirm nor deny that police use IMSI-catchers".

Disguised purchases

An investigation by the Bristol Cable in 2016 found police forces had each spent hundreds of thousand of pounds on the surveillance devices but were using the acronym CCDC (covert communications and data capture) to disguise their purchases in published spending data.

Following the report, more than 30 police forces temporarily stopped publishing monthly spending data despite legal requirements for them to do so, and revised what information they published, to prevent further disclosures on their acquisition of IMSI-catchers.

In December last year, a tribunal brought by Privacy International under the Freedom of Information Act, found that police forces were entitled for national security reasons to "neither confirm nor deny (NCDC)" whether they had bought the technology.

Privacy International said an appeal risked setting a negative precedent for others attempting using the Freedom of Information Act to shed light on how police use IMSI-catchers and other intrusive and potentially rights-infringing technologies.

Ilia Siatitsa, legal officer and programme director, said that the organisation would continue to challenge their use.

"The intrusive and unregulated use of IMSI-catchers not only creates a chilling effect on civic society, but also infringes on our right to privacy, our freedom of expression and our freedom of assembly and association," she said. "Yet they are often deployed in secret, without a clear legal basis, and without the safeguards and oversight mechanisms applied to other surveillance technologies under international human rights law."

The secrecy surrounding IMSI-catchers in the UK, contrasts with police forces in the USA, which according to the American Civil Liberties Union (ACLU) have been open about their use.

Nathan Wessler, attorney at the ACLU said in written evidence to the tribunal that US police forces "overwhelmingly responded to freedom of information requests seeking information about purchase and use of IMSI-catchers".

German police are required to disclose their use of IMSI-catchers as a matter of law, according to evidence from Ulf Buermeyer a judge at the Regional Court of Berlin, and co- founder of the Society for Civil Rights (GFF).

Under German law, people who have been targeted by an IMSI-catcher in criminal proceedings must be notified as soon as possible once the investigation is complete.

German federal intelligence agencies are required to notify Germany's parliamentary control panel, which regularly publishes reports about the use of IMSI-catchers by intelligence agencies. The German parliament also discloses details of IMSI-catchers in parliamentary questions.

In England and Wales, where police forces are adopting a blanket secrecy approach to IMSI-catchers, they argue that if the public knew a police force was in possession of the technology, criminal investigations and national security could be jeopardised.

Senior police officers told the information tribunal last year that their use of IMSI-catchers fell under national security exemptions of the Freedom of Information Act. They claimed that national security also includes threats from terrorism and from serious organised crime.

Detective superintendent Steve Williams, head of the Technical Surveillance Unit at the Metropolitan Police Service, said in a witness statement: "If criminals or terrorists know about the capabilities of covert technology, they will adjust their behaviour accordingly."

IMSI-catchers "breach human rights law"

In a report published this week, Privacy International raised questions about the legal basis for indiscriminate mobile phone surveillance using the technology.

"Indiscriminate surveillance of non-suspects is a contravention of rights and a failure of the rule of law. As with other forms of secret mass surveillance, it is impossible for states to carry out an individualised assessment of necessity and proportionality, which is not permissible under international human rights law," it said.

IMSI-catchers are able to track the movements of individuals to an accuracy of 10 feet, but police have the capability to gain more precise location information by moving the IMSI-catcher and measuring signal strength from different locations.

They pose a particular problem for journalists by undermining well established rules regarding the importance of journalists protecting journalistic communications and sources, the report said.

According to the Article 29 Data Protection Working Party, mobile phone tracking can allow observers to build an intimate overview of the habits and patterns of a phone owner, including sensitive data such as visits to hospitals, religious sites, and political demonstrations.

Silkie Holtmanns, an expert in mobile communications security said in written evidence that once an organisation had obtained an IMSI, it could continue to monitor that individual.

"If the police were to use an IMSI-catcher within the vicinity of a government building, the IMSI-catcher might collect the IMSI data of all of the people working in that building, potentially including politicians and high-level officials," she said. "That IMSI data could be misused by the government itself or by a third party to track those individuals or to facilitate other surveillance against them for a long time."

The not-so-secret history of police IMSI-catchers

Despite police forces' reluctance to disclose information, there has been widespread reporting of police use of IMSI-catchers in recent years based on publicly disclosed documents.

Reports of police spending on IMSI-catchers have been published in The Guardian and The Times, based on public documents.

In January 2016 Vice news published an investigation revealing that IMSI-catchers were present at UK Parliament, an anti-austerity protest, and the Ecuadorian Embassy.

The Bristol Cable reported in 2016, based on public records, that IMSI-catchers were used by Avon&Somerset Police, the Metropolitan Police Service, South Yorkshire Police, Staffordshire Police, Warwickshire Police, West Mercia Police and West Midlands Police.

Their purchases were documented in the minutes of an Alliance Governance Group meeting held on 26 May 2016, originally published on Warwickshire Police's website.

In 2017 Motherboard reported that Essex Police had allocated £145,000 to IMSI-catchers, based on information published on the force's website.

How IMSI-catchers enable indiscriminate surveillance

IMSI-catchers are mass surveillance tools that allow police to track mobile phone locations and identities in real time and to intercept text messages and calls across large areas.

The devices can be used by law enforcement organisations to identify, for example, people attending football matches, political rallies or who are in the vicinity of government buildings.

According to some manufacturers' catalogues, IMSI-catchers can hack up to 1,500 handsets per minute across five networks within 8km2 of their deployment.

The surveillance devices mimic a mobile phone base station, and by presenting a stronger signal than other base stations in the area. They are able to force any mobile phone in range to connect to them by executing a "man-in-the-middle" attack.

Police are able to identify individuals by harvesting a unique code number, known as the International Mobile Phone Subscriber Identity (IMSI) found on mobile phone SIM cards, from any phone within range.

The devices also harvest the International Mobile Equipment Identity (IMEI) of each phone, a number that uniquely identifies the phone handset and identifies the type of phone and its serial number.

IMSI-catchers can be used to monitor calls and text messages from phones, including any internet searches, map searches, or financial transactions through banking apps, and to track the location and movements of individuals.

Some IMSI-catchers can also change the content of messages or data or prevent them from being transmitted to the real phone network.

The devices also have the capability to jam real mobile phone networks in an area to ensure that a mobile phone does not accidentally connect to real network.

This can prevent people, for example, accessing normal telephone services, including making calls to the emergency services.

IMSI-catchers can also be used to intercept devices connected to the internet of things. This could include, health monitoring devices disclosing personal medical data, internet connected video cameras or devices in cars.

Next Steps

Hacker makes short work of Apple AirTag jailbreak

Read more on IT legislation and regulation

Data Center
Data Management