FCC Chairman Tom Wheeler stated this was “a huge victory for Internet consumers and innovators. Starting Friday, there will be a referee on the field to keep the Internet fast, fair and open”. Then added “Blocking, throttling, pay-for-priority fast lanes and other efforts to come between consumers and the Internet are now things of the past. The rules also give broadband providers the certainty and economic incentive to build fast and competitive broadband networks.”
On this side of the pond however things are looking less ‘rosy’. More revelations about the Security services and Police monitoring our phones calls, came to light with articles in several national papers and Sky News, about the use of IMSI catchers.
In short, an IMSI catcher is like a fake Mobile Phone cell. Now these come in various sizes from ‘normal cell tower’ size to small wearable devices.
These devices take seconds to capture IMEI (international mobile equipment identity) and/or IMSI (international mobile subscriber identity) of people around them. Now in the old days of the analogue phones, you could ‘listen in’ to the call via just a RF receiver. During the switch to Digital GSM the standard was to then encrypt calls with an encryption standard called A5/1. However, even a decade ago there were known weaknesses to this and back in 2011 GammaGroup who make the IMSI devices managed a “fully passive system with real-time decryption”. Today that extends to the portable version of the IMSI, so that person listening to music on the park bench/ on the train where ever might actually be listening in on peoples calls.
On the other hand the visible larger versions of these IMSI devices, have a much larger range. As such and due to the placement, thousands of people’s phones can be ‘listened into’ when they are placed in urban areas. These are not strategic devices to target an individual, more of a blanket catch-all.
These devices are not state secrets, and haven’t been for a while. Back in 2008/2009 it was known the Metropolitan police purchased some, and that’s some 5 years after they appeared in the US on the open market under the trade name ‘StingRay’. So, why shine the light on these devices now? It boils down to the Sky News investigation using software from GMSK Cryptophone software to search for Stingray units, which uncovered 20 instances of the technology in London alone. So they seem to be even less of a targeted approach than expected.
In the US the FCC have now stepped in and are to convene a task force to review “the illicit and unauthorized” deployment of the technology.
In Germany they have a Parliamentary Control Panel which reports to the Bundestag. Every six months the German intelligence agencies have to report to the Control Panel.
Meanwhile on the UK, the official response seems to be more like “IMSI devices, what IMSI devices”. When Sky News questioned the Metropolitan Police commissioner, Bernard Hogan-Howe, his response was: “We’re not going to talk about it, because the only people who benefit are the other side, and I see no reason in giving away that sort of thing.”
Repost from June 12th 2015