The "why is he still in a job" Home Office Minister Tony McNulty has put his fist to Statutory Instrument 2007 No. 858(C. 35) The Violent Crime Reduction Act 2006 (Commencement No. 2) Order 2007
Amongst other things, this commences i.e. brings into force, on 6th April 2007, the Violent Crime Reduction Act 2006 Section 62
62 Offering or agreeing to re-programme a mobile telephone In section 1(1) of the Mobile Telephones (Re-programming) Act 2002 (c. 31) (offence of re-programming mobile telephone etc.), omit "or" at the end of paragraph (a) and after paragraph (b) insert- "(c) he offers or agrees to change, or interfere with the operation of, a unique device identifier, or
(d) he offers or agrees to arrange for another person to change, or interfere with the operation of, a unique device identifier."
This further broadens the scope of one of the most badly written bits of New Labour legislation dealing with technology and crime, which criminalises the new sector of WiFi enabled mobile phones, with a penalty of up to 5 years in prison.
Like most of New Labour's "must be seen to be doing something" legislation, it has not actually done anything about the social problem it was meant to fix- see our previous blog article "Stolen mobile phone blocking hype - this was all allegedly in place back in 2002"
Firstly there is the evil criminalisation of the mere possession of "dual use" equipment i.e. a computer, a serial cable or infrared IRDA or BlueTooth connection (e.g. a second mobile phone or a Personal Digital Assistant handheld device) and some software which could be used to re-programme a mobile telephone.
Then, there is the deliberate use of the the over broad and vague "unique device identifier".
Even when this wretched legislation was just a Bill, we pointed out that if they really meant the International Mobile Electronic Identity (IMEI) then they should have said so specifically.
The specious argument put forward in the Explanatory Notes to the Bill was that somehow the technology might change and that this wording would obviate the need for further legislation in the future. This is, of course, rubbish, since world wide international telecommunications standards are not agreed without plenty of warning, whilst portmanteau criminal legislation oozes out of the Home Office every year.
A short section in one of these annual Bills, (i.e. exactly what was done with the Violent Crime Reduction Act 2006) or even a Schedule of "Unique Identifiers" covered by the legislation, amendable by Statutory Instrument, is the proper way to cope with fast moving technology.
(2) A unique device identifier is an electronic equipment identifier which is unique to a mobile wireless communications device.
We would like to see someone dare to attempt to argue that the term "unique device identifier" does not also include the IP Address of the mobile device.
We also think that "unique device identifier" must also apply to any cryptographic keys used to secure any WAP or WTLS or SSL or TLS etc. encrypted sessions via such mobile telephones.
Even in 2002 there were already plenty of data enabled mobile phones, using WAP Wireless Access protocol, or providing other Internet data connections and services, alll through the IP Address allocated to the mobile phone.
Now in 2007 we see the likes of British Telecom promoting their BT Fusion service, which uses commercial, business and private home based WiFi / ADSL routers to allow Voice over IP mobile phone calls.
BT Fusion currently offers handsets such as the Samsung P200, Nokia 6136 and the Motorola A910. We cannot see , in any of the Terms and Conditions, any mention of the Mobile Telephones (Re-programming) Act 2002, especially Section 1 (3)
(3) But a person does not commit an offence under this section if- (a) he is the manufacturer of the device, or (b) he does the act mentioned in subsection (1) with the written consent of the manufacturer of the device.
Note how there is no mention whatsoever of any permission to be sought from or granted by any Mobile Phone Network Operators, e.g. Vodafone, Orange, T-Mobile, Three, etc.
Therefore, unless you have "the written consent of the manufacturer of the device." e.g. Motorola. Nokia, Samsung etc. specifically allowing you to change your IP Address e.g. as usually happens automatically through Dynamic Host Configuration Protocol (DHCP) with a WiFi ADSL router, then you will have committed a criminal offence, punishable by up to 5 years in prison.
(4) A person guilty of an offence under this section is liable- (a) on summary conviction, to imprisonment for a term not exceeding 6 months or to a fine not exceeding the statutory maximum or to both, or
(b) on conviction on indictment, to imprisonment for a term not exceeding 5 years or to a fine or to both.
Why did the 2002 Act place this permission to re-programme solely in the hands of foreign mobile phone handset manufacturers, rather than the heavily regulated United Kingdom based Mobile Phone Network Operators ?
Neither Mobile Network Operators nor Mobile Phone Handset Manufacturers should have any say whatsoever over the re-programming of "unique device identifiers" like cryptographic keys used to secure "m-commerce" financial transactions or Virtual Private Network sessions or webmail logins etc. over the mobile telephone devices.
The new amendments brought in by the Violent Crime Reduction Act Section 62 and Statutory Instrument 898, mean that this also applies to the commercial operators of any WiFi hotspots (like BT Openzone, enabled coffee shops, cafés, airports, railway stations etc), or to Corporate or Domestic customers of say BT Fusion or other such WiFi and / or VoIP mobile telephony services, including Skype which is available via, say the Three 3GPP network.