Path Intelligence - Phorm for shopping centres ?

| | Comments (19)

Just in case you thought that Phorm was the only threat to your privacy, here is an example of similar "no opt out" snooping technology being installed in the infrastructure of a public space, a shopping centre, which secretly snoops on individuals, without their informed prior consent, in the hope that advertising and sales revenues can be maximised.

There is no way, short of switching off your mobile phone, of opting out or avoiding this snooping scheme.

The Times has a story:

From Times Online May 16, 2008

Shops secretly track customers via mobile phone

Signals given off by phones allow shopping centres to monitor how long people stay and which stores they visit

Jonathan Richards, San Francisco

Customers in shopping centres are having their every move tracked by a new type of surveillance that listens in on the whisperings of their mobile phones.

The technology can tell when people enter a shopping centre, what stores they visit, how long they remain there, and what route they take as they walked around.

All the same issues about the lack of informed, prior consent of members of the public who have been, or are now being snooped on in secret, for the commercial benefit of others, apply to Path Intelligence Ltd. (technology provider), the shopping centres (public infrastructure providers), and retailers (profit makers), just as they do to Phorm (technology provider), the Internet Service Providers (public infrastructure providers) and web advertisers (profit makers).

If you look at the demonstration (needs Flash) of the interactive mapping and reporting software which Path Intelligence seem to have developed for this snooping technology, you will see that it could also be easily applied to display and analyse inputs from other "spy on the public without their knowledge or consent" technologies which exploit things which large numbers of people might be carrying on their persons, like BlueTooth or unkilled consumer product RFID tags, or "Biometric" Passports or ID Cards.

It should be relatively simple to link such a system to the existing CCTV surveillance camera networks which modern shopping centres all employ.

Sharon Biggar, the company's chief operating officer, said that one of the stores which had already deployed the receivers did not want its name revealed for fear of alarming its customers.

Who is this snooping retailer ? Why should we not boycott them ?

The company that makes the dishes, which measure 30cm (12 inches) square and are placed on walls around the centre, said that they were useful to centres that wanted to learn more about the way their customers used the store.

A shopping mall could, for example, find out that 10,000 people were still in the store at 6pm, helping to make a case for longer opening hours, or that a majority of customers who visited Gap also went to Next, which could useful for marketing purposes.

10,000 people in a store sounds positively dangerous. Perhaps they mean within the shopping centre.

Why would large crowds of shoppers still milling around at closing time not be utterly obvious to human staff, without the need for this snooping technology ?

It has already been installed in two shopping centres, including Gunwharf Quays in Portsmouth, and three more centres will begin using it next month, Times Online has learnt.

The other shopping centre may well be newly refurbished The Cascades, also in Portsmouth - there appears to

In the case of Gunwharf Quays, managers were surprised to discover that an unusually high percentage of visitors were German - the receivers can tell in which country each phone is registered - which led to the management translating the instructions in the car park.

Why could none of the shopping centre staff or retail shop staff determine that there were lots of German speaking visitors ?

The Information Commissioner's Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset's IMEI code - a unique number given to every device so that the network can recognise it.

But an ICO spokesman said, "we would be very worried if this technology was used in connection with other systems that contain personal information, if the intention was to provide more detailed profiles about identifiable individuals and their shopping habits."

Errr... it is a shopping centre stuffed full of CCTV cameras and private security guards - who seriously believes that this FootPath(tm) snooping will never be used in conjunction with CCTV ?

Only the phone network can match a handset's IMEI number to the personal details of a customer.

Path Intelligence, the Portsmouth-based company which developed the technology, said its equipment was just a tool for market research. "There's absolutely no way we can link the information we gather back to the individual," a spokeswoman said. "There's nothing personal in the data."

Nonsense ! Path Intelligence lists a long list of possibly commercially useful benefits of their system to shopping centre operators and retailers, most of which can and should only be accomplished through the use of anonymous aggregated statistics.

However, if you read the last section of the list of claimed benefits for the FootPath(tm) product, they admit that it is capable of identifying individuals

Security:

* Identify unauthorized individuals in 'no go' areas of the centre
* Identify suspicious 'left' luggage

How is it possible to do this with truly anonymous data ? Either there is a "whitelist" of individual authorised staff phones or a "blacklist" of alleged individual "troublemaker" phones, or there is one watchlist database with different status flags.

This visualisation graphic screenshot clearly shows that shoppers can be tracked individually. The apparent "walking through walls" effect is an artifact of the path that the software uses to join the periodic data points, which are probably about 5 to 10 minutes apart, i.e. when your mobile phone makes a handshake with the network, to check signal strength with the neighbouring mobile phone cell tower base stations.

Path_Intelligence_individual_shopper_tracking_visualisation_300.jpg

See the original screenshot here.

The description of the features of the PI Explorer software which analyses the data from the snooping antennas includes:

Security alerts that send an SMS message should a security situation be identified

Just as with Phorm, it is up to Path Intelligence to prove and reassure the general public that it is impossible for their system to be abused. We will not simply take it on trust, from people with commercial or other motives for extending the surveillance capabilities of a system, which does not have any way for people to opt out of being snooped on.

Can you spot the IMEI snooping antennas ?

The Times article says that the first secret trials of this technology on the unsuspecting public are being conducted by this Portsmouth based company seem to be at the local Gunwharf Quay shopping centre, although we suspect that it may have also been tested, or is still in use, at the Cascades shopping centre, also in Portsmouth (there seems to be a Cascades demo on the Path Intelligence website, as well as a West Quay one)

We would welcome any photos and location reports from any Spy Blog readers who can spot the locations of the mobile phone signal snooping antennas - "30cm (12 inches) square ".

PathIntelligence_FootPath_IMEI_snooping_antenna.jpg

(original image from The Times article)

See the Gunwharf Quay shopping centre maps.

What is the density of the snooping antennas required in order to achieve a location accuracy of 1 to 2 metres indoors ?

The receivers together cost about £20,000 to rent per month. About 20 of the units, which are unobtrusive, cream-coloured boxes about the size of a satellite dish, would be needed to cover the Bluewater shopping centre.

Bluewater (near Dagenham in London), is a much larger shopping centre than Gunwharf Quays

Are there any Warning Signs or notices on display at these shopping centres, which warn their customers or potential customers and other members of the public that their mobile phones are being tracked ?

Can these systems also track IMEI signals from the neighbouring area outside of the shopping centre or its car parks ?

N.B. Similar location snooping results could be achieved by the Mobile Phone Networks, and their Location Based Data services, especially at, say, Airports, where there are lots of mobile phone micro-cells or pico-cells installed, to try to grab profitable business account customers and tourists with expensive call roaming charges on their network rather than on their rivals networks, when the visitors first switch on their mobile phones after landing.

Secure Web interface ?

Those Spy Blog readers who remember our criticisms of various Mobile Phone Location Based Services systems launched in recent years, will know that we are rightly sceptical when we see that such potentially sensitive data e.g. the location of your children, is not being processed and securely stored locally, but is happily being uploaded and then made available via the inherently insecure internet.

Path Intelligence Explorer is our secure, internet delivery solution. Your data can be accessed 24/7, allowing you the convenience to interrogate your information from anywhere in the world

What proof is there that such a web based system is not vulnerable to unathorised access from anywhere in the world ?

There is no indication that this data is strongly encrypted, either when it is being uploaded from the snooping antennas, nor when a customer downloads web based graphical or Excel spreadsheet reports.

Why not use it in Prisons instead ?

There is a place for this mobile phone location snooping technology, to operate without the informed consent of the people whose mobile phone locations are being tracked by the FootPath(tm) system , but that is not in any public shopping areas. It could and should be deployed in every prison, given the vast numbers of illegal mobile phones which are smuggled into British prisons every year.

See Thousands of Mobile Phones seized in UK Prisons - evidence of corruption ?

There have been attempts to use similar RFID badge based location tagging in a couple of US Prisons, so as to keep prison gang members under surveillance.

Please do not deploy such prison panopticon technology against the innocent public.

Illegal to spoof IMEI

The first reaction of some of our more technically proficient readers might be to start thinking of ways to devise IMEI (International Mobile Equipment Identifier) spoofing devices, to frustrate any such snooping system.

However, apart from probably disrupting the local mobile phone system for other users, including possible life saving calls to the Emergency Services, this would be illegal in the United Kingdom and punishable by up to 5 years in prison, a serious enough offence to invoke extradition proceedings from abroad, if necessary.
See Mobile Telephones (Re-programming) Act 2002

This badly worded Act criminalises the mere possession of equipment or software (i.e. a computer and a serial cable or BlueTooth connection) which may be used, or the actual act of changing an IMEI without the written permission of the (usually foreign) handset manufacturer (incredibly, not, the UK based mobile phone network operator),.-

This Act has been recently amended to also criminalise simply advertising or offering such an IMEI re-programming service or product.

Note that the stupid wording of this Act also criminalises any spoofing or changing of IP addresses or MAC addresses of BlueTooth or WiFi or internet data connected WAP phones, SmartPhones etc. which connect to the internet via GSM or 3G data services i.e. most modern mobile phones, PDAs and portable computers which can act as mobile telephones.

19 Comments

They are using the GNU Radio Universal Software Radio Peripheral (USRP). You can find more technical details in the following resources:

* Patent application WO2006010774 (also in EP1779133)
* The Open Source CEO: Toby Oliver, Path Intelligence (Part 12) (Toby Oliver is CEO and Co-founder, Path Intelligence)
* Comment from Toby Oliver in the Tech Crunch article.

Regarding your comment about using this kind of technology in prisons, have you seen: Intelligence gathering by capturing the social processes within prisons by Vassilis Kostakos and Panos A. Kostakos? This is based on looking at discoverable Bluetooth devices in four locations in Bath.

br -d

Which is why I have never had and never will have a mobile phone.

Remember also that virtually every out of town shopping centre has got Automatic Number Plate Recognition which interfaces with the PNC , databases on stolen credit cards, outstanding fines,DVLC etc.,

@ Edward - all payphones are also instantly traceable (from the 1980's when a few of them were used to phone in coded IRA etc. bomb warnings or hoaxes).

If you use a prepaid calling card (or a credit card. obviously) then that also leaves a trace, linking otherwise disparate calls, e.g. to your mother's home address and to your anonymous Whitehall whistleblower source etc. since each card has a unique serial number and an expiry date.

However, simple pre-paid Mobile Phones are now available from some supermarkets for only £5 or £10 each i.e. less than the average top up voucher, so there are still a few ways to confuse the snoopers.


@ David - thanks for the background research on Path Intelligence.

I did see reports of the Bath Bluetooth study, but had not realised that they are now pitching this research at the "security" funding cornucopia.

Will it be advertisers and market researchers, or the police and security agencies, or terrorists and criminals, or just hackers, artists and pranksters, who snarf, monitor record and analyse the Bluetooth emissions of, say, the visitors to the London 2012 Olympic Games ?

I see a business opportunity. Could a manufacturer assign to each of their devices a number of IMEIs, say 100, randomly from their pool of assignable IMEIs? Then, give the phone’s firmware the ability to switch between these IMEIs and put a leaflet in the box giving the user permission to change freely between these multiple, pre-assigned IMEIs.

There doesn’t appear to be a problem with the Mobile Telephones (Re-programming) Act 2002; the manufacturer has set up the multiple IMEIs and given the user permission to change between them, and the user would use that facility as a means of preserving privacy rather than acting unlawfully. The question is: Would such a device be compliant with the various mobile communication standards?

@wtwu,

I find the threat of Bluetooth snarfing overrated. This is one technology that is very much under the control of the user. Using it in paired non discoverable mode, one can even have the benefit of this technology without much of the snooping risks (at least the ones that have been publicised so far). Some more education may be needed and the default settings should be different but still the end user has control.

Unfortunately for most other technology (Ethernet, WiFi, GSM, etc.) if you want to get the benefits, you are forced to leak lots of data for the taking - and the choice is not in the hand of the end-user.

br -d

I'm not a lawyer but I believe that the Wireless Telegraph Act makes it illegal to receive radio signals that are not intended for general reception or covered by a license exemption.

Unless the Mobile phone network operator has granted permission I think this is illegal.

Addition: Or unless they have a license from OFCO to receive mobile phone signals, or there is some license exemption in place. I think either is unlikely.

The Wireless Telegraphy Act 2006 says

It is unlawful to establish or use a wireless telegraphy station, or to instal or use wireless telegraphy apparatus,
except under and in accordance with a licence

"wireless telegraphy” means the emitting or receiving [...] of energy [...] of a frequency not exceeding 3,000 gigahertz that [...] is used in connection with determining position, bearing or distance, or for gaining information as to the presence, absence, position or motion of an object or of a class of objects.

Incidentally, I wonder if this updated wireless telegraphy act outlaws the use of radar detectors which a judge found to be legal under previous acts.

How are they able to get the IMEI of the handset? Are they using their own cells?

@ Bob - Questions about the legality of the IMEI snooping scheme, under the Wireless Telegraphy Act 2006 and any Ofcom mobile phone licence regulations under the Communications Act 2003, are ones which need to be put to Path Intelligence and Ofcom and the Home Office etc. - will any investigative journalists do this, or does it have to be left to bloggers ?

In an ideal world, Ofcom would have investigated this already.

At a guess, Ofcom will, as usual, ignore any complaints from consumers, but might lurch into action if one of the Mobile Phone Networks complains that this IMEI snooping technology is infringing on their lucrative Location Based Services revenues or sales of micro or pico cells to shopping centres / airports / prisons etc.

The parallels with the Phorm affair are getting stronger - simply asking the Information Commissioner's Office for a comment is not sufficient - whilst there are obvious Prior Informed Consent issues under Data Protection Act, that is not the whole picture.

@ Dave - they do not need full base station functionality to snoop on the IMEI. This is allocated to a particular mobile handset and is transmitted to the network before any SIM card related stuff can be sent e.g. the IMSI (International Mobile Subscriber Identity), and the subsequent cryptographic handshakes etc used to protect a call over the air.

There needs to be a strong enough signal established, and a free sub-frequency / time slot allocated to the particular handset at a base station, before any of the higher level protocol handshakes can proceed.

You can take the SIM card out of most mobile phone handsets and still use them to make Emergency 999 / 112 calls.

You can also put some models of handset into engineering de-bugging mode, and watch the signal strengths of the neighbouring Base Station Cell IDs and the "colours" of the frequency /time slots, also without a SIM card.

Therefore Path Intelligence do not need to establish full micro or pico base stations linked to the network, simply to snoop on the this periodic (every 5 to 10 minutes, even when calls or SMS or data traffic are not being transmitted or received).

@ PA - that would be a legal way around such IMEI snooping, and it would also find a ready market with operators of GSM Gateways, which are legal in the UK, but disliked by the Mobile Network Operators for their effect on their revenue and on cell bandwidth hogging.

Of course using multi-user GSM Gateways, especially with overseas mobile or landline calls, also complicates Government snooping and monitoring of phone calls and SMS messages.


the most watch country in the world UK

Here's an Ofcom document:
http://www.ofcom.org.uk/static/archive/ra/publication/ra_info/ra169.htm. It's pretty clear to me that the FootPath system is illegal. The only loophole could be if they have been authorised by a GSM operator.

I think anyone in the UK who visits Gunwharf Keys or whereever should write to Ofcom.

@wtwu The concept of using a payphone in this neck of the woods is 100% theoretical, even if you could stand the smell.

Also unlikely that OBL uses them either. Apparently Easyjet flghts Liverpool - Amsterdam day returns , is the preferred route for trackie suited and booted couriers simply carrying verbal messages for Merseyside drug gangs.... which is ultimately the State's most secure system with Queen's messengers.

There are blogistes who might attract serious attention who regularly use images which it is said, have stenographic messages encoded which will yield to the snoopistes, messages such as "FO and don't be so Fing nosey" ... but this may only be a mischeivous tale.

I would like more information about the pros and cons of pre-paid as opposed to a billed subscriber. How could this help anonymity if it is the IMSI (International Mobile Subscriber Identity), and the subsequent cryptographic handshakes etc used to protect a call over the air.

@ wassim - with Path Intelligence style external surveillance, it makes no difference if you are using a pre-paid mobile or a one with a n airtime billing contract, especially if the system is integrated with CCTV surveillance cameras.

Obviously the pre-paid mobile phones are usually more anonymous, as there can be fewer traceable financial records tying your name and address to the phone.

It is easy to compromise your anonymity, even with pre-paid mobile phones, as you can register them with the network operator in exchange for a few free SMS messages or some calling credit, or you could buy calling credits with a credit card (which again usually links to your own name and address, unless you are involved in fraud). If you buy a mobile phone top credit voucher or swipe card transaction at a supermarket, this may be linked to your Nectar Card or Tesco Clubcard or other loyalty discount card, which again may be registered to your address or that of a close relative.

The TMSI is supposed to change fairly frequently at random, but Path Intelligence seem to be able to snop on the IMSI, to extract the country cf origin of foreign mobile handsets, so there is nothing that technically prevents them from storing the rest of the IMSI, for future analysis, only their word.

You have to trust them, even though they have not actually sought your informed consent to snoop on your mobile phone signals, for profit.

What utter rubbish.
IMEI is free to air, your phone broadcasts it between 30seconds and 15 minute intervals. Less if it's 3G.
You are an active broadcasting agent when you use a mobile phone, therefore anything you broadcast is free to pick up.
For those that disagree, get rid of your mobile phones, stop using GPS, GPRS and the like.

IMEI is a non identifiable number, it cannot be traced back to an individual unless that number is correlated using a phone providor. Something that is currently illegal for them to hand out.

Out of the 20-50k people in a shopping centre on any one day, do you honestly think the shopping centre owners care about John Smith? Even if they could identify him.

When Path Intelligence talks about security, it means stationary signals, such as mobile phone detonators.

Before the backlash begins, I am a privacy nut, I've opted out of society, marketing and the like. I don't like the fact I'm on CCTV, but I accept it's the price you pay. In the next few years, face recognition will hit the mainstream big time, so in comparison this will be peanuts.

@ JS - Look at the later blog post, where we publish some more details, from Path Intelligence themselves, rather than from the somewhat misleading article in The Times:

Path Intelligence FootPath(tm) mobile phone tracking - a few more details

As a general point we don't use the phones IMEI's we use the TMSI and occasionally part of the IMSI

IMEI uniquely (apart from illegally re-programmed unblocked phones, many of which share the same IMEI) identifies a handset, and if that is what Path Intelligence were using, it would be irrelevant that "it cannot be traced back to an individual unless that number is correlated using a phone providor. Something that is currently illegal for them to hand out."

It would provide a method of profiling the movements and shopping habits of a shopper nationally or internationally, wherever, say, a large chain of retailers had installed Path Intelligence style systems, and were sharing the data between shops locations.

Once the movement pattern profile is created, it is only a matter of time before iit is very likely that it can be cross referenced with credit card or loyalty card etc. use, at a particular location, at a particular time, especially in combination with CCTV images.

However, as the later article explains, they are not actually using IMEI, but the random TMSI, which is supposed to change periodically.

More worryingly, they are also reading the IMSI, which is linked to your SIM Card and phone number, and which is sent when the phone is switched on, and which the TMSI is meant to hide your phone handset from "eavesdroppers". Path Intelligence apparently parse the country code from the less frequently presented IMSI, but you have to trust them that they do not store the whole IMSI and analyse it.

Neither Path Intelligence nor Shopping Centre management should be trying to track "mobile phone detonators" themselves - that should be the Police, the Security Service and all of the Mobile Phone Networks, who may, after all, be able to track such suspect phones over a much wider area than the very local FootPath system. They make no claims whatsoever about being able to detect such "mobile phone detonators" on their website.

Facial Recognition is currently so bad as to be worse than useless for trying to identify individuals on watchlists - the rate of false positives and false negatives is far too high, and dependent on changing lighting conditions.

There is no prospect of the technology being improved to equal the current accuracy of other biometrics like fingerprints, or the more accurate iris scans, in the foreseeable future.

What is currently popular and feasible right now, is tracking human shapes by video, enhanced by clothing logo recognition - there may be thousands of people displaying, say a Nike logo, but at any one time, in any specific area, there will only be a few wearing a particular colour / logo combination who are a certain height and width etc.


Finally, your point about

You are an active broadcasting agent when you use a mobile phone, therefore anything you broadcast is free to pick up.

may be true of licence free Industrial Scientific Medical frequencies which are used by WiFi, BlueTooth, Near Field Communications, RFID tags, anti-shoplifting tags etc.

That is not true for heavily regulated mobile phone frequencies, where the monopoly licences have cost the Network Operators literally billions of pounds for their exclusive use.

As the later blog article reveals, Path Intelligence are not in partnership with any of the Mobile Phone Networks, and do not have a separate licence from Ofcom, so they potentially fall foul of the Wireless Telegraphy Act 2006.Section 116 (2) (b) which bans unlicenced passive receivers as well as transmitters.

About this blog

This United Kingdom based blog attempts to draw public attention to, and comments on, some of the current trends in ever cheaper and more widespread surveillance technology being deployed to satisfy the rapacious demand by state and corporate bureaucracies and criminals for your private details, and the technological ignorance of our politicians and civil servants who frame our legal systems.

The hope is that you the readers, will help to insist that strong safeguards for the privacy of the individual are implemented, especially in these times of increased alert over possible terrorist or criminal activity. If the systems which should help to protect us can be easily abused to supress our freedoms, then the terrorists will have won.

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.

blog@spy[dot]org[dot]uk

Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

We wiil use this verifiable public key (the ID is available on several keyservers, twitter etc.) to establish initial contact with whistleblowers and other confidential sources, but will then try to establish other secure, anonymous communications channels, as appropriate.

Current PGP Key ID: 0x122B3C4FD0BD0FB3 which will expire on 1st October 2018.

pgp-now.gif
You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG)

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Hints and Tips for Whistleblowers and Political Dissidents

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

Links

Watching Them, Watching Us

London 2600

Our UK Freedom of Information Act request tracking blog

WikiLeak.org - ethical and technical discussion about the WikiLeaks.org project for anonymous mass leaking of documents etc.

Privacy and Security

Privacy International
United Kingdom Privacy Profile (2011)

Cryptome - censored or leaked government documents etc.

Identity Project report by the London School of Economics
Surveillance & Society the fully peer-reviewed transdisciplinary online surveillance studies journal

Statewatch - monitoring the state and civil liberties in the European Union

The Policy Laundering Project - attempts by Governments to pretend their repressive surveillance systems, have to be introduced to comply with international agreements, which they themselves have pushed for in the first place

International Campaign Against Mass Surveillance

ARCH Action Rights for Children in Education - worried about the planned Children's Bill Database, Connexions Card, fingerprinting of children, CCTV spy cameras in schools etc.

Foundation for Information Policy Research
UK Crypto - UK Cryptography Policy Discussion Group email list

Technical Advisory Board on internet and telecomms interception under RIPA

European Digital Rights

Open Rights Group - a UK version of the Electronic Frontier Foundation, a clearinghouse to raise digital rights and civil liberties issues with the media and to influence Governments.

Digital Rights Ireland - legal case against mandatory EU Comms Data Retention etc.

Blindside - "What’s going to go wrong in our e-enabled world? " blog and wiki and Quarterly Report will supposedly be read by the Cabinet Office Central Sponsor for Information Assurance. Whether the rest of the Government bureaucracy and the Politicians actually listen to the CSIA, is another matter.

Biometrics in schools - 'A concerned parent who doesn't want her children to live in "1984" type society.'

Human Rights

Liberty Human Rights campaigners

British Institute of Human Rights
Amnesty International
Justice

Prevent Genocide International

asboconcern - campaign for reform of Anti-Social Behavior Orders

Front Line Defenders - Irish charity - Defenders of Human Rights Defenders

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Reporters without Borders internet section - news of internet related censorship and repression of journalists, bloggers and dissidents etc.

Judicial Links

British and Irish Legal Information Institute - publishes the full text of major case Judgments

Her Majesty's Courts Service - publishes forthcoming High Court etc. cases (but only in the next few days !)

House of Lords - The Law Lords are currently the supreme court in the UK - will be moved to the new Supreme Court in October 2009.

Information Tribunal - deals with appeals under FOIA, DPA both for and against the Information Commissioner

Investigatory Powers Tribunal - deals with complaints about interception and snooping under RIPA - has almost never ruled in favour of a complainant.

Parliamentary Opposition

The incompetent yet authoritarian Labour party have not apologised for their time in Government. They are still not providing any proper Opposition to the current Conservative - Liberal Democrat coalition government, on any freedom or civil liberties or privacy or surveillance issues.

UK Government

Home Office - "Not fit for purpose. It is inadequate in terms of its scope, it is inadequate in terms of its information technology, leadership, management systems and processes" - Home Secretary John Reid. 23rd May 2006. Not quite the fount of all evil legislation in the UK, but close.

No. 10 Downing Street Prime Minister's Official Spindoctors

Public Bills before Parliament

United Kingdom Parliament
Home Affairs Committee of the House of Commons.

House of Commons "Question Book"

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

FaxYourMP - identify and then fax your Member of Parliament
WriteToThem - identify and then contact your Local Councillors, members of devolved assemblies, Member of Parliament, Members of the European Parliament etc.
They Work For You - House of Commons Hansard made more accessible ? UK Members of the European Parliament

Read The Bills Act - USA proposal to force politicians to actually read the legislation that they are voting for, something which is badly needed in the UK Parliament.

Bichard Inquiry delving into criminal records and "soft intelligence" policies highlighted by the Soham murders. (taken offline by the Home Office)

ACPO - Association of Chief Police Officers - England, Wales and Northern Ireland
ACPOS Association of Chief Police Officers in Scotland

Online Media

Boing Boing

Need To Know [now defunct]

The Register

NewsNow Encryption and Security aggregate news feed
KableNet - UK Government IT project news
PublicTechnology.net - UK eGovernment and public sector IT news
eGov Monitor

Ideal Government - debate about UK eGovernment

NIR and ID cards

Stand - email and fax campaign on ID Cards etc. [Now defunct]. The people who supported stand.org.uk have gone on to set up other online tools like WriteToThem.com. The Government's contemptuous dismissal of over 5,000 individual responses via the stand.org website to the Home Office public consultation on Entitlement Cards is one of the factors which later led directly to the formation of the the NO2ID Campaign who have been marshalling cross party opposition to Labour's dreadful National Identity Register compulsory centralised national biometric database and ID Card plans, at the expense of simpler, cheaper, less repressive, more effective, nore secure and more privacy friendly alternative identity schemes.

NO2ID - opposition to the Home Office's Compulsory Biometric ID Card
NO2ID bulletin board discussion forum

Home Office Identity Cards website
No compulsory national Identity Cards (ID Cards) BBC iCan campaign site
UK ID Cards blog
NO2ID press clippings blog
CASNIC - Campaign to STOP the National Identity Card.
Defy-ID active meetings and protests in Glasgow
www.idcards-uk.info - New Alliance's ID Cards page
irefuse.org - total rejection of any UK ID Card

International Civil Aviation Organisation - Machine Readable Travel Documents standards for Biometric Passports etc.
Anti National ID Japan - controversial and insecure Jukinet National ID registry in Japan
UK Biometrics Working Group run by CESG/GCHQ experts etc. the UK Government on Biometrics issues feasability
Citizen Information Project feasability study population register plans by the Treasury and Office of National Statistics

CommentOnThis.com - comments and links to each paragraph of the Home Office's "Strategic Action Plan for the National Identity Scheme".

De-Materialised ID - "The voluntary alternative to material ID cards, A Proposal by David Moss of Business Consultancy Services Ltd (BCSL)" - well researched analysis of the current Home Office scheme, and a potentially viable alternative.

Surveillance Infrastructures

National Roads Telecommunications Services project - infrastruture for various mass surveillance systems, CCTV, ANPR, PMMR imaging etc.

CameraWatch - independent UK CCTV industry lobby group - like us, they also want more regulation of CCTV surveillance systems.

Every Step You Take a documentary about CCTV surveillance in the Uk by Austrian film maker Nino Leitner.

Transport for London an attempt at a technological panopticon - London Congestion Charge, London Low-Emission Zone, Automatic Number Plate Recognition cameras, tens of thousands of CCTV cameras on buses, thousands of CCTV cameras on London Underground, realtime road traffic CCTV, Iyster smart cards - all handed over to the Metropolitan Police for "national security" purposes, in real time, in bulk, without any public accountibility, for secret data mining, exempt from even the usual weak protections of the Data Protection Act 1998.

RFID Links

RFID tag privacy concerns - our own original article updated with photos

NoTags - campaign against individual item RFID tags
Position Statement on the Use of RFID on Consumer Products has been endorsed by a large number of privacy and human rights organisations.
RFID Privacy Happenings at MIT
Surpriv: RFID Surveillance and Privacy
RFID Scanner blog
RFID Gazette
The Sorting Door Project

RFIDBuzz.com blog - where we sometimes crosspost RFID articles

Genetic Links

DNA Profiles - analysis by Paul Nutteing
GeneWatch UK monitors genetic privacy and other issues
Postnote February 2006 Number 258 - National DNA Database (.pdf) - Parliamentary Office of Science and Technology

The National DNA Database Annual Report 2004/5 (.pdf) - published by the NDNAD Board and ACPO.

Eeclaim Your DNA from Britain's National DNA Database - model letters and advice on how to have your DNA samples and profiles removed from the National DNA Database,in spite of all of the nureacratic obstacles which try to prevent this, even if you are innocent.

Miscellanous Links

Michael Field - Pacific Island news - no longer a paradise
freetotravel.org - John Gilmore versus USA internal flight passports and passenger profiling etc.

The BUPA Seven - whistleblowers badly let down by the system.

Tax Credit Overpayment - the near suicidal despair inflicted on poor, vulnerable people by the then Chancellor Gordon Brown's disasterous Inland Revenue IT system.

Fassit UK - resources and help for those abused by the Social Services Childrens Care bureaucracy

Former Spies

MI6 v Tomlinson - Richard Tomlinson - still being harassed by his former employer MI6

Martin Ingram, Welcome To The Dark Side - former British Army Intelligence operative in Northern Ireland.

Operation Billiards - Mitrokhin or Oshchenko ? Michael John Smith - seeking to overturn his Official Secrets Act conviction in the GEC case.

The Dirty Secrets of MI5 & MI6 - Tony Holland, Michael John Smith and John Symond - stories and chronologies.

Naked Spygirl - Olivia Frank

Blog Links

e-nsecure.net blog - Comments on IT security and Privacy or the lack thereof.
Rat's Blog -The Reverend Rat writes about London street life and technology
Duncan Drury - wired adventures in Tanzania & London
Dr. K's blog - Hacker, Author, Musician, Philosopher

David Mery - falsely arrested on the London Tube - you could be next.

James Hammerton
White Rose - a thorn in the side of Big Brother
Big Blunkett
Into The Machine - formerly "David Blunkett is an Arse" by Charlie Williams and Scribe
infinite ideas machine - Phil Booth
Louise Ferguson - City of Bits
Chris Lightfoot
Oblomovka - Danny O'Brien

Liberty Central

dropsafe - Alec Muffett
The Identity Corner - Stefan Brands
Kim Cameron - Microsoft's Identity Architect
Schneier on Security - Bruce Schneier
Politics of Privacy Blog - Andreas Busch
solarider blog

Richard Allan - former Liberal Democrat MP for Sheffield Hallam
Boris Johnson Conservative MP for Henley
Craig Murray - former UK Ambassador to Uzbekistan, "outsourced torture" whistleblower

Howard Rheingold - SmartMobs
Global Guerrillas - John Robb
Roland Piquepaille's Technology Trends

Vmyths - debunking computer security hype

Nick Leaton - Random Ramblings
The Periscope - Companion weblog to Euro-correspondent.com journalist network.
The Practical Nomad Blog Edward Hasbrouck on Privacy and Travel
Policeman's Blog
World Weary Detective

Martin Stabe
Longrider
B2fxxx - Ray Corrigan
Matt Sellers
Grits for Breakfast - Scott Henson in Texas
The Green Ribbon - Tom Griffin
Guido Fawkes blog - Parliamentary plots, rumours and conspiracy.
The Last Ditch - Tom Paine
Murky.org
The (e)State of Tim - Tim Hicks
Ilkley Against CCTV
Tim Worstall
Bill's Comment Page - Bill Cameron
The Society of Qualified Archivists
The Streeb-Greebling Diaries - Bob Mottram

Your Right To Know - Heather Brooke - Freedom off Information campaigning journalist

Ministry of Truth _ Unity's V for Vendetta styled blog.

Bloggerheads - Tim Ireland

W. David Stephenson blogs on homeland security et al.
EUrophobia - Nosemonkey

Blogzilla - Ian Brown

BlairWatch - Chronicling the demise of the New Labour Project

dreamfish - Robert Longstaff

Informaticopia - Rod Ward

War-on-Freedom

The Musings of Harry

Chicken Yoghurt - Justin McKeating

The Red Tape Chronicles - Bob Sullivan MSNBC

Campaign Against the Legislative and Regulatory Reform Bill

Stop the Legislative and Regulatory Reform Bill

Rob Wilton's esoterica

panGloss - Innovation, Technology and the Law

Arch Rights - Action on Rights for Children blog

Database Masterclass - frequently asked questions and answers about the several centralised national databases of children in the UK.

Shaphan

Moving On

Steve Moxon blog - former Home Office whistleblower and author.

Al-Muhajabah's Sundries - anglophile blog

Architectures of Control in Design - Dan Lockton

rabenhorst - Kai Billen (mostly in German)

Nearly Perfect Privacy - Tiffany and Morpheus

Iain Dale's Diary - a popular Conservative political blog

Brit Watch - Public Surveillance in the UK - Web - Email - Databases - CCTV - Telephony - RFID - Banking - DNA

BLOGDIAL

MySecured.com - smart mobile phone forensics, information security, computer security and digital forensics by a couple of Australian researchers

Ralph Bendrath

Financial Cryptography - Ian Grigg et al.

UK Liberty - A blog on issues relating to liberty in the UK

Big Brother State - "a small act of resistance" to the "sustained and systematic attack on our personal freedom, privacy and legal system"

HosReport - "Crisis. Conspiraciones. Enigmas. Conflictos. Espionaje." - Carlos Eduardo Hos (in Spanish)

"Give 'em hell Pike!" - Frank Fisher

Corruption-free Anguilla - Good Governance and Corruption in Public Office Issues in the British Overseas Territory of Anguilla in the West Indies - Don Mitchell CBE QC

geeklawyer - intellectual property, civil liberties and the legal system

PJC Journal - I am not a number, I am a free Man - The Prisoner

Charlie's Diary - Charlie Stross

The Caucus House - blog of the Chicago International Model United Nations

Famous for 15 Megapixels

Postman Patel

The 4th Bomb: Tavistock Sq Daniel's 7:7 Revelations - Daniel Obachike

OurKingdom - part of OpenDemocracy - " will discuss Britain’s nations, institutions, constitution, administration, liberties, justice, peoples and media and their principles, identity and character"

Beau Bo D'Or blog by an increasingly famous digital political cartoonist.

Between Both Worlds - "Thoughts & Ideas that Reflect the Concerns of Our Conscious Evolution" - Kingsley Dennis

Bloggerheads: The Alisher Usmanov Affair - the rich Uzbek businessman and his shyster lawyers Schillings really made a huge counterproductive error in trying to censor the blogs of Tim Ireland, of all people.

Matt Wardman political blog analysis

Henry Porter on Liberty - a leading mainstream media commentator and opinion former who is doing more than most to help preserve our freedom and liberty.

HMRC is shite - "dedicated to the taxpayers of Britain, and the employees of the HMRC, who have to endure the monumental shambles that is Her Majesty's Revenue and Customs (HMRC)."

Head of Legal - Carl Gardner a former legal advisor to the Government

The Landed Underclass - Voice of the Banana Republic of Great Britain

Henrik Alexandersson - Swedish blogger threatened with censorship by the Försvarets Radioanstalt (FRA), the Swedish National Defence Radio Establishement, their equivalent of the UK GCHQ or the US NSA.

World's First Fascist Democracy - blog with link to a Google map - "This map is an attempt to take a UK wide, geographical view, of both the public and the personal effect of State sponsored fear and distrust as seen through the twisted technological lens of petty officials and would be bureaucrats nationwide."

Blogoir - Charles Crawford - former UK Ambassodor to Poland etc.

No CCTV - The Campaign against CCTV

Barcode Nation - keeping two eyes on the database state.

Lords of the Blog - group blog by half a dozen or so Peers sitting in the House of Lords.

notes from the ubiquitous surveillance society - blog by Dr. David Murakami Wood, editor of the online academic journal Surveillance and Society

Justin Wylie's political blog

Panopticon blog - by Timothy Pitt-Payne and Anya Proops. Timothy Pitt-Payne is probably the leading legal expert on the UK's Freedom of Information Act law, often appearing on behlaf of the Information Commissioner's Office at the Information Tribunal.

Armed and Dangerous - Sex, software, politics, and firearms. Life’s simple pleasures… - by Open Source Software advocate Eric S. Raymond.

Georgetown Security Law Brief - group blog by the Georgetown Law Center on National Security and the Law , at Georgtown University, Washington D.C, USA.

Big Brother Watch - well connected with the mainstream media, this is a campaign blog by the TaxPayersAlliance, which thankfully does not seem to have spawned Yet Another Campaign Organisation as many Civil Liberties groups had feared.

Spy on Moseley - "Sparkbrook, Springfield, Washwood Heath and Bordesley Green. An MI5 Intelligence-gathering operation to spy on Muslim communities in Birmingham is taking liberties in every sense" - about 150 ANPR CCTV cameras funded by Home Office via the secretive Terrorism and Allied Matters (TAM) section of ACPO.

FitWatch blog - keeps an eye on the activities of some of the controversial Police Forward Intelligence Teams, who supposedly only target "known troublemakers" for photo and video surveillance, at otherwise legal, peaceful protests and demonstrations.

Other Links

Spam Huntress - The Norwegian Spam Huntress - Ann Elisabeth

Fuel Crisis Blog - Petrol over £1 per litre ! Protest !
Mayor of London Blog
London Olympics 2012 - NO !!!!

Cool Britannia

NuLabour

Free Gary McKinnon - UK citizen facing extradition to the USA for "hacking" over 90 US Military computer systems.

Parliament Protest - information and discussion on peaceful resistance to the arbitrary curtailment of freedom of assembly and freedom of speech, in the excessive Serious Organised Crime and Police Act 2005 Designated Area around Parliament Square in London.

Brian Burnell's British / US nuclear weapons history at http://nuclear-weapons.info

Syndicate this site (XML):

Follow Spy Blog on Twitter

For those of you who find it convenient, there is now a Twitter feed to alert you to new Spy Blog postings.

https://twitter.com/SpyBlog

Please bear in mind the many recent, serious security vulnerabilities which have compromised the Twitter infrastructure and many user accounts, and Twitter's inevitable plans to make money out of you somehow, probably by selling your Communications Traffic Data to commercial and government interests.

https://twitter.com/SpyBlog (same window)

Recent Comments

  • wtwu: @ JS - Look at the later blog post, where read more
  • JS: What utter rubbish. IMEI is free to air, your phone read more
  • wtwu: @ wassim - with Path Intelligence style external surveillance, it read more
  • wassim: I would like more information about the pros and cons read more
  • Edward Teague: @wtwu The concept of using a payphone in this neck read more
  • Rich: Here's an Ofcom document: http://www.ofcom.org.uk/static/archive/ra/publication/ra_info/ra169.htm. It's pretty clear to me read more
  • shopping blog: the most watch country in the world UK read more
  • wtwu: @ PA - that would be a legal way around read more
  • wtwu: @ Dave - they do not need full base station read more
  • wtwu: @ Bob - Questions about the legality of the IMEI read more

Categories

Monthly Archives

October 2016

Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

UK Legislation

The United Kingdom suffers from tens of thousands of pages of complicated criminal laws, and thousands of new, often unenforceable criminal offences, which have been created as a "Pretend to be Seen to Be Doing Something" response to tabloid media hype and hysteria, and political social engineering dogmas. These overbroad, catch-all laws, which remove the scope for any judicial appeals process, have been rubber stamped, often without being read, let alone properly understood, by Members of Parliament.

The text of many of these Acts of Parliament are now online, but it is still too difficult for most people, including the police and criminal justice system, to work out the cumulative effect of all the amendments, even for the most serious offences involving national security or terrorism or serious crime.

Many MPs do not seem to bother to even to actually read the details of the legislation which they vote to inflict on us.

UK Legislation Links

UK Statute Law Database - is the official revised edition of the primary legislation of the United Kingdom made available online, but it is not yet up to date.

UK Commissioners

UK Commissioners some of whom are meant to protect your privacy and investigate abuses by the bureaucrats.

UK Intelligence Agencies

Intelligence and Security Committee - the supposedly independent Parliamentary watchdog which issues an annual, heavily censored Report every year or so. Currently chaired by the Conservative Sir Malcolm Rifkind. Why should either the intelligence agencies or the public trust this committee, when the untrustworthy ex-Labour Minister Hazel Blears is a member ?

Anti-terrorism hotline - links removed in protest at the Climate of Fear propaganda posters

MI5 Security Service
MI5 Security Service - links to encrypted reporting form removed in protest at the Climate of Fear propaganda posters

syf_logo_120.gif Secure Your Ferliliser logo
Secure Your Fertiliser - advice on ammonium nitrate and urea fertiliser security

cpni_logo_150.gif Centre for the Protection of National Infrastructure
Centre for the Protection of National Infrastructure - "CPNI provides expert advice to the critical national infrastructure on physical, personnel and information security, to protect against terrorism and other threats."

SIS MI6 careers_logo_sis.gif
Secret Intelligence Service (MI6) recruitment.

gchq_logo.gif
Government Communications Headquarters GCHQ

logo-nca.gif
National Crime Agency - the replacement for the Serious Organised Crime Agency

da_notice_system_150.gif
Defence Advisory (DA) Notice system - voluntary self censorship by the established UK press and broadcast media regarding defence and intelligence topics via the Defence, Press and Broadcasting Advisory Committee.

Foreign Spies / Intelliegence Agencies in the UK

It is not just the UK government which tries to snoop on British companies, organisations and individuals, the rest of the world is constantly trying to do the same, regardless of the mixed efforts of our own UK Intelligence Agencies who are paid to supposedly protect us from them.

For no good reason, the Foreign and Commonwealth Office only keeps the current version of the London Diplomatic List of accredited Diplomats (including some Foreign Intelligence Agency operatives) online.

Presumably every mainstream media organisation, intelligence agency, serious organised crime or terrorist gang keeps historical copies, so here are some older versions of the London Diplomatic List, for the benefit of web search engine queries, for those people who do not want their visits to appear in the FCO web server logfiles or those whose censored internet feeds block access to UK Government websites.

Campaign Button Links

Watching Them, Watching Us - UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond
Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution - Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

Icelanders_are_NOT_Terrorists_logo_150.jpg
Icelanders are NOT terrorists ! - despite Gordon Brown and Alistair Darling's use of anti-terrorism legislation to seize the assets of Icelandic banks.

nocctv.gif
No CCTV - The Campaign Against CCTV

phnat-logo-black-on-white_150.jpg

I'm a Photographer Not a Terrorist !

power2010_132.png

Power 2010 cross party, political reform campaign

Cracking_the_Black_Box_black_150.jpg

Cracking the Black Box - "aims to expose technology that is being used in inappropriate ways. We hope to bring together the insights of experts and whistleblowers to shine a light into the dark recesses of systems that are responsible for causing many of the privacy problems faced by millions of people."

surveillance_72.jpg

Open Rights Group - Petition against the renewal of the Interception Modernisation Programme

wblogocrop_150.jpg

WhistleblowersUK.org - Fighting for justice for whistleblowers