Met Police Acquires Mobile Phone Monitoring Kit

The Met Police will not confirm reports that it has acquired technology to monitor mobile phone calls

Privacy concerns have been raised after it emerged that the Met Police may have acquired mobile phone monitoring software.

The London Metropolitan Police Service (MPS) has reportedly acquired surveillance technology that can masquerade as a mobile phone cell tower. This, according to the Guardian newspaper, has given the police the ability to intercept mobile phone calls and gather data about users.

The newspaper said that the police acquired the technology from a Leeds-based company called Datong plc, whose customers apparently include the MoD and the US Secret Service.

Met Police Statement

The newspaper said that the surveillance technology is strictly classified under Government protocol as “Listed X”, and can emit a signal over an area of up to an estimated 10 square kilometres, capturing the unique identity codes of each mobile phone, and also tracking their location.

Speaking to eWEEK Europe UK, the Met would not confirm whether it specifically has the technology, because of its covert nature.

“The MPS may employ surveillance technology as part of our continuing efforts to ensure the safety of Londoners and detect criminality,” the Met said in an emailed statement. “It can be a vital and highly effective investigative tool.”

“Although we do not discus specific technology or tactics, we can re-assure those who live and work in London that any activity we undertake is in compliance with legislation and codes of practice,” it added.

Not Just Location Tracking

But according to privacy campaigners such as Privacy International, these so called “IMSI catchers” go beyond just location mapping, and present a more serious privacy invasion.

“In reality the police in the UK have been using these IMSI catchers for the last five years now at least,” said Eric King, the human rights and technology advisor at Privacy International, speaking to eWEEK Europe UK.

“What has changed is that these image catchers have become smaller and cheaper, and we are unclear on the legal justification for using them, as they do a lot more than location finding,” explained King.

Image courtsey of Privacy International

He said these IMSI catchers used to the size of a small van, but are now the size of mobile phones. He even provided the following picture of an actual IMSI catcher.

“They can also turn off the GSM encryption, so that actual calls on that mobile can be monitored,” said King. “The kit initiates a cell tower, and it does this in order to get subscriber numbers on the SIM card, so the police can tell who is calling who in one particular locality. Essentially it can turn off the GSM encryption.”

It is well known that GSM phone calls are vulnerable to hacking. In December 2010 security researchers showed how they could eavesdrop on any calls and text messages made on a GSM network. Prior to that they had cracked and published that encryption code, but the Global System for Mobile Communications Association (GSMA) downplayed any concerns over the security of mobile phone calls.

But in January 2010, the researchers also cracked the 768-bit RSA encryption, used for protecting sensitive data in transit. And in August 2010 fresh concerns were raised after security specialists uncovered a flaw that could turn the mobile phone into a listening device that could literally bug its owners (i.e. listen in on their conversation).

Call Monitoring

“Nowadays it is far worse,” explained King of Privacy International. “Now the A51 encryption can be broken in real time. I have many brochures from companies saying they can break the A51 encryption. Some say they can break 30 different streams (i.e. 30 different calls) in real-time figures,” said King.

In May this year the Met Police also faced privacy concerns after its purchase of GeoTime tracking software.

Civil liberties groups complained that new software used by the Metropolitan Police to track individuals online, could invade the privacy of innocent people.

This came after it was revealed that the Met is using GeoTime, data harvesting software from Oculus Info, that gathers information from social media sites, GPS, IP addresses and mobile phone data, presenting the results in 3D visual form. The software is used by the US military and police forces, and Geotime claims it can reveal previously unknown connections between individuals