Using Mobile Phones and Wireless PDAs

Mobile Phones and Wireless PDAs

  1. Do not use your normal mobile phone to contact a journalist or blogger from your Home Office location, or from home.

    The Cell ID of your mobile phone will pinpoint your location in Marsham Street and the time and date of your call.

    This works identically for Short Message Service text messages as well as for Voice calls.

    Such Communications Traffic Data does not require that a warrant be signed by the Home Secretary, a much more junior official has the power to do this, e.g. the Home Office Departmental Security Unit headed by Jacqueline Sharland (probably someone else nowadays, given the staff turnover within the civil service) or any middle ranking Police officer at the Superintendent level or above.


  2. Do not store any friends or family or other business phone numbers on this disposable phone - only press or broadcast media or blogger contacts.

  3. Do store the 24 hour contact phone numbers of some firms of solicitors experienced in human rights law - these will be useful id / when you are stopped and searched or harassed or arrested by the Police e.g.


    Kaim Todner Solicitors LLP
    City of London Offices:
    5 St. Bride Street
    LONDON
    EC4A 4AS
    Tel: 020 7353 6660 (24 hours)
    Fax: 020 7353 6661
    DX: 265 LONDON CHANCERY LANE
    www.kaimtodner.com

    Bindmans LLP
    275 Gray's Inn Road
    London
    WC1X 8QB
    DX: 37904 King's Cross
    Tel: +44 (0)20 7833 4433
    Fax: +44 (0)20 7837 9792
    Email: info@bindmans.com
    Web: www.bindmans.com

  4. Set a power on PIN and a Security PIN code on the phone - this may be enough to stop a Police Constable or Police Community Support Officer from rifling through your phone contacts and SMS messages illegally without a warrant, when they stop and search you, without reasonable cause under section 44 of the Terrorism Act 2000.

  5. Make a note of the phone handset's International Mobile Equipment Identifier (IMEI), which can help you to get the phone disabled if it is lost or stolen. Most handsets will display this if the *#06# command is entered, and the number is on a label visible when the battery is removed.

  6. For no good reason, It is often unclear what your actual phone number is when you buy a new pre-paid mobile phone or use a new SIM card. Some networks e.g. Vodafone display the phone handset number when you make a call to *#100#.

  7. This Home Office Crime Reduction page lists the Mobile Phone Company numbers to report your stolen handset to, so that it can be quickly disabled. You do not want a thief or someone who finds your lost phone ringing up or sending or reading SMS messages from your confidential contacts on your stolen or lost mobile phone.

  8. Physically destroy the phone and the Subscriber Identity Module (SIM) card once you have done your whistleblowing. Remember that your DNA and fingerprints will be on this mobile phone handset.

  9. Do not be tempted to re-use the SIM in another phone or to put a fresh SIM in the old phone, unless you are confident about your ability to illegally re-program the International Mobile Equipment Electronic Identity (IMEI). It is possible to re-program the IMEI on many phones, often as trivially as with a Hayes AT modem style command to change a hardware register setting on a serial modem. The The Mobile Telephones (Re-programming) Act 2002 , and subsequent amendments, carry a penalty of up to 5 years in prison, for doing this (without the written permission of the Mobile Phone Handset Manufacturer, not the permission of the Mobile Phone Network Operator), or for possessing equipment and software to do this (i.e. any terminal / terminal emulation software and a serial computer to phone cable), or even to advertise doing this as a service.

  10. Switch off BlueTooth wireless networking on your mobile phone. At the very least the device identifier can be used to remotely track your presence at a particular location. At worst, the many insecure versions of BlueTooth implementations allow a snooper to remotely look through and copy your stored contacts and photos, and perhaps even to initiate an outgoing call or a silent incoming one, thereby turning your phone into a bugging device.

  11. What applies to BlueTooth, also applies to WiFi wireless connectivity, which is just starting to appear in some phones now - switch it off !.

  12. A recent Court case on the USA, where the FBI bugged the mobile phone of a Mafia suspect, has re-opened the debate on whether or not some models of mobile phone e.g. the newer, more powerful ones with embedded programming languages, can be secretly turned into bugging device by the Network Operator / Law Enforcement / Intelligence agencies. Apart from the BlueTooth exploits alluded to above, this may well be true for some models of phone.

    Many modern mobile phone handsets do not really switch off when you press the "power off button". You can confirm this by setting an alarm, and then switching the handset off - many phones will "wake up" and emit an audible alarm and power up the display etc. at the programmed time. In principle, any software with access to low level functions of the phone could do this, and more, without the user being aware of it.

  13. A typical bit of commercial mobile phone spyware is FlexiSpy, which can send copies of SMS messages to another phone. Supposedly, you are meant to inform the person whose phone is being bugged in this way, but since it is aimed at the jealous control freak market, this is unlikely.


    Presumably this, or customised versions of similar software, is available to the police and intelligence agencies for use in Intrusive Surveillance, when state authorised burglary of private homes or vehicles, or the use of undercover agents and infiltrators is in effect.

    However, from a whistleblower / journalist / blogger point of view, if you have already been identified to the level required to be put under this sort of surveillance, then the cat is already out of the bag, and you have been discovered.

  14. You can make use of a novelty toy "flashing aerial" or other similar devices (essentially a tuned aerial coil and an LED) which light up an LED when a mobile phone is active nearby. If you have apparently switched off your phone, and the LED still flashes, or the battery gets warm, then perhaps your phone has been secretly switched on,but it is unlikely.

    If you are feeling paranoid, then either

    • Use a novelty LED mobile phone signal detector toy (might not work on all frequencies of a 3 or 4 band mobile phone or on 3G / GSM combined handsets)
    • Keep your mobile phone in an aluminium foil or other radio frequency shielded bag or container.
    • Remove the battery from your phone
    • Invest in £££ anti-bugging equipment

  15. All of the above also applies to Mobile Phone SmartPhones and Personal Digital Assistants, like Blackberry or Ipaq devices.

Make sure that anyone you are meeting face to face, also obeys these tips about mobile phones.

Just in case you think this is excessive paranoia, it recently emerged that journalists in the USA and in Germany and the Netherlands, were having their phones monitored, by their national intelligence agencies, precisely to try to track down their "anonymous sources".

Why would this not happen here in the UK ?

See Computer Encryption and Mobile Phone evidence and the alleged justification for 90 days Detention Without Charge - Home Affairs Select Committee Oral Evidence 14th February 2006


Cellcrypt Tips to Stop Mobile Phone Tapping

CellCrypt, a company with a vested commercial interest in selling you some mobile phone encryption software, has nevertheless published some sensible tips aimed at businessmen:

Top Tips

Cellcrypt Tips to Stop Mobile Phone Tapping

* Never assume that voice calls are confidential (like fax or email), especially when calling internationally where some countries' phone operators have no encryption security in place at all. Check your signal, calls on 3G are more secure than 2G but often falls back to 2G when 3G is unavailable.

* Keep your phone safe and do not leave it lying around. Skilled attackers can take just a few moments to install a malicious program, compromise the security of the SIM card or install a special battery with a bug in it, all of which can later be used to help intercept calls.

* Use and protect your phone and voicemail PINs in the same way as your bankcard PIN. Never leave confidential messages in voicemails or send confidential texts. Texts in particular are easy to read on the phone and mobile phone voicemails can often be accessed from any phone with the PIN.

* Be vigilant to prevent malicious software on your phone. Be wary of texts, system messages or events on your phone that you did not ask for, initiate or expect. Turn off Bluetooth if you are not using it. Consider anti-virus / anti-malware software, and if you strongly suspect your calls are being listened to then turn off the phone when you don't need it and remove the battery as an extreme precaution.

* Use voice call encryption software on your phone to secure your sensitive calls that works worldwide and is as easy to use as making a normal phone call.

* If you have no alternative (such as using encryption software) and urgently need to discuss confidential matters over a mobile phone:

* cover your mouth so you can't be lip-read
* choose a location where you can't be overheard
* talk quietly and be brief
* use code words
* split information across different channels (e.g. refer to emails or send texts etc so information is incomplete and meaningless on its own)


About this blog

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Some of these people will, in the public interest, act as whistleblowers, and may try to leak documents or information to the mainstream media, or to political blog websites etc.

Here are some Spy Blog "Hints and Tips", giving some basic preecautions, and some more obscure technical tips, which both whistleblowers, journalists, and bloggers need to be aware of, in order to help preserve the anonymity of whisteleblowing or other journalistic sources, especially in the United Kingdom, but applicable in other countries as well.

Whistleblower anonymity may not always be possible, or even necessary, forever into the future, but it is usuially crucial during at least the early stages of a "leak", whilst it is being evaluated by others, to see if it merits wider publication and publicity.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.

blog@spy[dot]org[dot]uk

Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

Current PGP Key ID: 0xA165A29480CFAA4C which will expire on 6th September 2014

pgp-now.gif
You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG).

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Pages

Tag Cloud

Syndicate this site (XML):

Categories

Tor Hidden Service

In order to make censorship a little more difficult, a copy of this Hints and Tips for Whistleblowers guide is also being published as a Tor Hidden Service.

You will need to have installed the Tor software and established a working Tor connection, and then you will be able access this copy via end to end encryption and a high degree of anonymity through the Tor cloud:

http://r3lb3r3an7uj7bos.onion/

If you do not have Tor installed, you can still access this Hidden Service via the tor2web.org proxy: https://r3lb3r3an7uj7bos.tor2web.org/ still with encryption, but without as much anonymity.

Convention on Modern Liberty - 28th Feb 2009

Convention on Modern Liberty - 28th Feb 2009
Convention on Modern Liberty - 28th Feb 2009

The Convention is being held in the Logan Hall and adjoining rooms at the Institute of Education in Bloomsbury, central London.

Address:

The Institute of Education
20 Bedford Way
London
WC1H 0AL

There are video linked screenings or other parallel meetings being held across the UK in Belfast. Bristol, Cambridge, Cardiff and Manchester.

Convention on Modern Liberty blog

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com- - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Open_Rights_Group.png
Open Rights Group

renew for freedom - renew your passport in 2006
Renew For Freedom - renew your Passport in the Summer Autumn of 2006.

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

public_concern_at_work.gif
Public Concern at Work - "(PCaW) is the independent authority on public interest whistleblowing. Established as a charity in 1993 following a series of scandals and disasters, PCaW has played a leading role in putting whistleblowing on the governance agenda and in developing legislation in the UK and abroad. All our work is informed by the free advice we offer to people with whistleblowing dilemmas and the professional support we provide to enlightened organisations."