What are the implications of the Madrid phone bombs for the balance of UK anti-terrorist and privacy measures ?
Banning or jamming mobile phones overground is simply not feasible, as we speculated during the visit of President Bush to London.
However, should Transport for London be made to abandon its commercial plans to extend the number of Underground Tube stations and lines fitted with "leaky feeder" aerials and micro-cells to provide Mobile Phone reception deep underground ?
How much protection, if any, would a filter or firewall which would block incoming Mobile Phone calls to such a controlled micro-cell environment in railway stations or airports, but still allow outgoing calls, especially to emergency services ?
Obviously the call set up and cell handover handshakes would still have to work in both directions regardless, which would still be a mechanism for bomb detonation, but which would be much more complicated for a terrorist to achieve, requiring customised integrated microelectronic chip circuitry, or modified firmware, rather than just starting the electrical detonation chain from the phone's loudspeaker or screen display circuit outputs.
There has been a debate over the UK Government's plans for Data Retention as opposed to Data Preservation of mobile phone and other electronic Communications Data.
The Voluntary Code of Practice under the controversial Anti-terrorism, Crime and Security Act 2001, shows that the UK authorities want to retain all the mobile phone communications data, all of the time, not just in response to a terrorist attack like in Madrid, and not just for the purposes of catching or preventing terrorists.
Since this Voluntary scheme is not working, due to the lack of sincere consultation and willingness to pay money for data staorage and retrieval for which there is, by definition, no business case, will the Home Secretary now bring forward an urgent re-consultation exercise, or will he use the legal powers he already has to force this inadequate Data Retention scheme to become mandatory ?
This would also be an opportunity to tackle the neglected issue of Regulation of CCTV surveillance cameras so that licensed cameras meet minimum standards of Privacy, proper Maintenance and Data Retention policies.
If CCTV is to be a proper anti-terrorist protection, rather than a political sop to be seen to be doing something about crime, there is simply no point in wasting more millions of pounds on CCTV cameras in the unregulated and unplanned way that successive Governments have done so.
Mobile Phone intercepts seem likely, according to Government and Opposition MPs, to be admitted as "evidence" in future terrorism and probably serious crime court cases as well, despite the problems of proving it has not been faked electronically.
The amount and type of Communications Data which the Government already intends to try to retain (some of which is already admissable in court) from the overwhelming majority of innocent people includes:
"APPENDIX A
Data retention: expansion of data categories
SUBSCRIBER INFORMATION 12 months
(From end of subscription/last change)
Subscriber details relating to the person
e.g. Name, date of birth, installation and billing address, payment methods,
account/credit card details
Contact information (information held about the subscriber but not verified
by the CSP)
e.g. Telephone number, email address
Identity of services subscribed to (information determined by the
communication service provider)
e.g. Customer reference/account number, list of services subscribed to
Telephony: telephone number(s), IMEI, IMSI(s)
Email: email address(es), IP at registration
Instant messaging: Internet Message Handle, IP at registration
ISP - dial-in: Log-in, CLI at registration (if kept)
ISP - always-on: Unique identifiers, MAC address (if kept), ADSL end points,
IP tunnel address
TELEPHONY DATA 12 months
e.g. All numbers (or other identifiers e.g. name@bt) associated with call (e.g.
physical/presentational/network assigned CLI, DNI, IMSI, IMEI, exchange/divert
numbers)
Date and time of start of call
Duration of call/date and time of end of call
Type of call (if available)
Location data at start and/or end of call, in form of lat/long reference.
Cell site data from time cell ceases to be used.
IMSI/MSISDN/IMEI mappings.
For GPRS & 3G, date and time of connection, IMSI, IP address assigned.
Mobile data exchanged with foreign operators; IMSI & MSISDN, sets of GSM
triples, sets of 3G quintuples, global titles of equipment communicating with or about the subscriber.
SMS, EMS and MMS DATA 6 months
e.g. Calling number, IMEI
Called number, IMEI
Date and time of sending
Delivery receipt - if available
Location data when messages sent and received, in form of lat/long reference."
Some of this, especially the sets of GSM
triples, sets of 3G quintuples i.e. the cryptographic keys which also protect the confidentiality of the conversations or data messages over the air, goes well beyond the equivalent landline telephone itemised billing, and should not be retained or accessed under this legislation, which does not provide for any safeguards such requiring a court order.
The UK already has controversial and poorly worded legislation, the Mobile Telephones (Re-programming) Act 2002 which punishes Mobile Phone "unblocking" by re-programming the mobile phone handset's International Mobile Equipment Identifier (IMEI) with up to 5 years in jail, but which has had no discernable effect on street robberies and muggings which is what is was supposed to address, by clamping down on the market for stolen mobile phones.
"15. The Mobile Telephones (Re-programming) Act 2002 came into force on October 4 2002 and makes offences of: changing, without the authorisation of the manufacturer, the unique identifying characteristic of a mobile phone ? the IMEI number; and possessing, supplying or offering to supply the necessary equipment with the intent to use it for re-programming mobile phones.
16. Performance with regards to street crime offences involving only mobile phones for the performance year to date compared with the corresponding period of the previous year shows a slight reduction of 0.6%. This is very close to the overall 1.4% reduction and therefore the introduction of this legislation cannot be shown to have impacted on street crime levels"
Therefore the unscrupulous mobile phone dealers are still in existance, and it is still easy to change the IMEI if you so wish, although , it is just as easy to buy an unregistered mobile phone and SIM for cash.
How about a possible privacy protective measure? If we can be tracked at all times, even when we aren't using our phones, clear down to our real-time location, then why not have the ability to decide when we will allow our phones to be visible and when not?
I came up with a solution to the delimma...it consists of a cell phone transit bag specially made to close securely. The inside of the bag is treaded with a patented formula that effectively shields the cell phone. This shielding is so effective that even with the phone turned on, incoming signals are blocked and outgoing signals are trapped. The end result? A user who can decide when and where they will allow themselves to be seen in the wireless monitored world. If you check out the site www.e2xgear.com , I would love to hear any comments, ideas or suggestions about the concept. Everyone is welcome to email me directly at jschweitzer@e2xgear.com . Thanks for the input!
Jeffrey Schweitzer
Isn't such a shielded bag which blocks incoming and outgoing signals equivalent to turning off the mobile phone ?
Thermally shielded shopping bags lined with mylar type layers are available for carrying frozen foods, and might be of use for RFID tag shielding.
We already line our Oyster Card wallet with aluminium foil:
http://www.spy.org.uk/spyblog/archives/000198.html
Actually it is not that simple. Tracking can still occur even when the phone is turned off. But that isn't the only benefit...you don't have to turn your phone off (or remember to turn it back on) anymore with this bag. You can also ensure that it will not ring in a place where you absolutely don't want it to. In addition, with the phone in the bag, bluesnarfing, as well as any other bluetooth based exploit becomes impossible to conduct.
As far as the Oystercards go, perhaps a slimline retractable holder would be more appealing than simply lining ones wallet with aluminum foil? The shielding characteristics of foil aren't reliable enough to be consistent protection (especially if you look at it in a laboratory to know the performance differences) Just some thoughts for discussion, though.
"Tracking can still occur even when the phone is turned off" - how exactly can this work ?