FYI.

This story is over 5 years old.

Tech

UK Police Won't Admit They're Tracking People's Phone Calls

We know their secret "Listed X" program intercepts communications with a tool that masquerades as a cell tower, but that's about it.
Image: Shutterstock

You've maybe heard a bit about Stingray. Over the past couple of years, it has emerged that police forces in the US have been using the  powerful surveillance tool, which tricks phones into connecting to a dragnet, to track mobile devices, and intercept calls and text messages.

Meanwhile, the London Metropolitan Police Service (MPS) continue to remain tight lipped about their use of the technology, leaving citizens in the dark on what privacy protections, if any, are in place for those who may get swept up by the broad surveillance techniques.

Advertisement

Back in 2011, the MPS bought a new piece of equipment that can,  as reported by the Guardian, "masquerade as a mobile phone network, transmitting a signal that allows authorities to shut off phones remotely, intercept communications and gather data about thousands of users in a targeted area." The protocol under which the classified hardware is used goes by the name of "Listed X," the Guardian noted.

This sort of capability sounds very similar to the StingRay, a brand name for a technology used by dozens of law enforcement agencies in the US. Although the suitcase-sized Stingray units are designed to counter terrorism, they have been deployed on normal criminal investigations by the LAPD,  according to LA Weekly.

Internal emails obtained by the American Civil Liberties Union in June show how local police push to keep the use of StingRay out of court documents. "Concealing the use of stingrays deprives defendants of their right to challenge unconstitutional surveillance and keeps the public in the dark about invasive monitoring by local police,"  the ACLU's Maria Kayanan wrote.

When I asked Dr. Richard Tynan, a technologist at  Privacy International, whether the comparison of the UK's Listed X to StingRay in the US was fair, he said, simply: "They're identical."

As mentioned, these devices rely on vulnerabilities in the physical infrastructure necessary to route your phone calls and texts. Every few seconds, your mobile phone sends signals out in the hope of finding a nearby cell tower to connect to. This happens even when you're not making a call yourself, so any incoming messages can be directed to the phone. Part of this signal is an IMSI number—a phone subscriber's unique code, which is used by network operators, such as Vodafone, to log your usage and charge a bill accordingly.

Advertisement

But that IMSI number can also be used by law enforcement to track the movement of your phone and SIM card as it connects between different towers, and—if you keep it your pocket, like most people—your physical location.

Tynan explained how that data could be of use to the MPS. "If it's at a protest, they can map it," he said. "They can put [Listed X] in 'Protest A', get the list of IMSIs at that; put it in 'Protest B', get the list of the IMSIs at that, and then correlate them, and see who was at both protests."

Some of the devices used to do this, appropriately named 'IMSI catchers' by the tech community, are also capable of intercepting phone calls and text messages. The tools can either sit passively, and sweep up any data being sent to a specific tower, or, in active mode, emulate the digital characteristics of a cell tower, tricking any nearby phones into connecting to it.

From here, it routes communications just like the normal network, except they are able to be intercepted by law enforcement. They can also be used to send false messages to users en masse,  which happened during the January protests in Kiev.

We do know that the UK's Listed X does intercept communications, but due to the level of secrecy around it, we do not know whether it does this in an active or passion fashion. Regardless, "Even if you are looking for an individual, you hoover up everybody's information in a given area, indiscriminately," Tynan said.

Advertisement

You hoover up everybody's information in a given area, indiscriminately.

According to  the Guardian report, Listed X can emit a signal of 10 kilometers squared, collecting the data of anyone in that proximity, irrespective of whether you are a suspect or not. "There's no real way to limit it," Tynan pointed out. "Your ability to hoover up uniquely identifying information is quite easy with this stuff."

I asked the MPS in a Freedom of Information request how many times Listed X has been deployed; on what specific dates and at what events it had been used (such as protests); how much has been spent on the system, and what privacy protections have been put in place for those who are at risk of being inadvertently surveilled.

The MPS declined to answer any of my questions, and wouldn't even acknowledge that they possess Listed X in the first place. "The MPS can neither confirm nor deny that it holds the information your requested," the Service told me.

In sum, the justification for the response was: "[T]he request would adversely [sic] affect national security because criminals would be able to know and counteract technolgy [sic] that the MPS may or may not be using to deter the threat of criminal and terrorist activity."

Considering that we already know that the Metropolitan Police already owns Listed X, Tynan didn't agree. "Knowing that they have IMSI catchers I fail to see how that is something that would, in any way, impact national security," he told me.

It's the last question—what policies are in place to protect the privacy of those that are inevitably swept up by the use of Listed X—that needs to be answered by the Metropolitan Police. What happens to the movement of data and communications of people that are collected when Listed X is deployed?

"It's brings into question data protection, and what they do with this information; how do they destroy it, do they destroy it?" Tynan asked.

Getting a satisfactory response to this, however, will not be easy. To hear Tynan tell it, "When you can't get a confirmation, or even a denial that they're not using this technology, it's very difficult to then progress it to see if the data protection principles have actually been followed."

When police have access to powerful surveillance technology that doesn't just affect criminal suspects but also innocent citizens, how it is used and regulated is a debate that needs to be made in public by law enforcement, politicians and experts. If that debate is going to take place, the MPS will need to be more transparent with their use of Listed X.