This New York Times article alleges that the News of the World had access to mobile phone Location Data from the police for "nearly $500" a time.
This is yet another reason why access to Communications Data must no longer be allowed to be self authorised by the Police or Intelligence Agencies or other public bodies - there must be independent judicial permission on an individual case by case basis.
A censored Annual Report by the Interception of Communications Commissioner does not provide any reassurance to the public about the system of Communications Data Retention and snooping.
New York Times
Murdoch Tabloids' Targets Included Downing Street and the Crown
By JOHN F. BURNS and JO BECKER
Published: July 11, 2011
(Page 2 of 2)
[...]
Separately, an inquiry by The New York Times, which included interviews with two former journalists at The News of the World, has revealed the workings of the illicit cellphone-tracking, which the former tabloid staffers said was known in the newsroom as "pinging." Under British law, the technology involved is restricted to law enforcement and security officials, requires case-by-case authorization, and is used mainly for high-profile criminal cases and terrorism investigations, according to a former senior Scotland Yard official who requested anonymity so as to be able to speak candidly.According to Oliver Crofton, a cybersecurity specialist who works to protect high-profile clients from such invasive tactics, cellphones are constantly pinging off relay towers as they search for a network, enabling an individual's location to be located within yards by checking the strength of the signal at three different towers. But the former Scotland Yard official who discussed the matter said that any officer who agreed to use the technique to assist a newspaper would be crossing a red line.
"That would be a massive breach," he said.
A former show-business reporter for The News of the World, Sean Hoare, who was fired in 2005, said that when he worked there, pinging cost the paper nearly $500 on each occasion. He first found out how the practice worked, he said, when he was scrambling to find someone and was told that one of the news desk editors, Greg Miskiw, could help. Mr. Miskiw asked for the person's cellphone number, and returned later with information showing the person's precise location in Scotland, Mr. Hoare said. Mr. Miskiw, who faces questioning by police on a separate matter, did not return calls for comment.
A former Scotland Yard officer said the individual who provided the information could have been one of a small group entitled to authorize pinging requests, or a lower-level officer who duped his superiors into thinking that the request was related to a criminal case. Mr. Hoare said the fact that it was a police officer was clear from his exchange with Mr. Miskiw.
"I thought it was remarkable and asked him how he did it, and he said, 'It's the Old Bill, isn't it?' " he recalled, noting that the term is common slang in Britain for the police. "At that point, you don't ask questions," he said.
A second former editor at the paper backed Mr. Hoare's account. "I knew it could be done and that it was done," he said. Speaking on condition that his name be withheld, he said that another way of tracking people was to hack into their credit card details and determine where the last charge was made. He said this tactic yielded at least one major scoop, when The News of the World tracked down James Hewitt, a former army officer and lover of Princess Diana's, who had fled to Spain amid the media firestorm that followed the publication of his book about the affair.
Does the "Single Point of Contact" system for accessing Communications Data have a sufficiently robust audit trail to cross check when, where and by whom each of the thousands of mobile and landline phone numbers in Glen Mulcaire's (and other private investigators) already seized notes have been subjected to Communication Data demands ?
If the Rt Hon Sir Paul Kennedy, the Interception of Communications Commissioner does not investigate this scandal, he should resign, as there can be no public confidence in the office, whatsoever.
See RIPA: 2010 annual report of the Interception of Communications Commissioner, which like all the previous reports, is oblivious of any wrongdoing regarding Communications Data.
In order to try to restore public confidence , the Regulation of Investigatory Powers Act should be amended with criminal penalties to discourage the abuse of Communications Data by individuals and organisations who have access to it.
First of all there are people within the mobile phone operators who can 'ping' a phone, what level of authority does a technician need? Somehow I think none.
Secondly the mobile phone operators charge the UK police for a 'ping'.
Third in an emergency the operators will repeatedly 'ping' a phone to assist in locating it and the paperwork comes later.
Note in the USA far more mobiles are GPS enabled, which gives a far more precise location; which begs the question have NoTW etc asked to 'pin' UK GPS enabled mobiles? One hopes that question is being included in the MPS investigation.
It’s logical to conclude that if Jon Rees had really been involved in hacking, then Sir Ian Blair being in charge of CIB3 and John Yates working in the secret unit would have known about the hacking as there’s evidence that an informer working on behalf of CIB3 had become Ree’s trusted confidant.
http://www.independent.co.uk/news/uk/crime/met-chiefs-secret-squad-used-illegal-informant-847471.html 15 June 2008
‘The Criminal Cases Review Commission (CCRC) and the Independent Police Complaints Commission (IPCC) are investigating the latest case. It centres on an informant active from 1998 to 2007 who used the pseudonym “Joe Poulton”. He is said to be a retired Scotland Yard detective recruited by the Complaints Investigation Branch (CIB3), a secret unit investigating one of the Met’s most notorious unsolved cases – the 1987 axe murder of Daniel Morgan, a private detective, in south London. Detectives now admit that Morgan was about to “blow the whistle” on police involvement in drug trafficking.
CIB3 bugged the offices of the prime suspect in the murder conspiracy, another private detective, who cannot be named for legal reasons. There was insufficient evidence to prosecute him for murder but the man was jailed in 2000 for unrelated offences of conspiring to plant drugs on a client’s wife.
Poulton became his trusted confidant, making prison visits and working on an unsuccessful appeal. The informant was also introduced to another inmate appealing his 2001 conviction for a major VAT fraud. Poulton worked on that case, too, which the Court of Appeal also rejected.’
The case against Rees collapsed this year. Supergrass deals offered reductions in sentences in return for evidence and the offer of rewards. ‘Underworld figures and their associates had volunteered to give evidence after a £50,000 reward was offered. One had a lengthy prison term reduced after agreeing to be a prosecution witness.’ The Independent 11 March 2011
The other person who Poulton allegedly had involvement with was Barry Beardall, who I understand, worked with the Sunday Times for 5 years and who I believe knows some things that are highly sensitive.
Beardall was convicted of conspiracy to contravene Section 170(2) of the Customs and Excise Management Act 1979 in 2001. Beardall claimed entrapment in his trial. During both his trial and appeal there were serious failures by the prosecution to make disclosure particularly in relation to the principal of the fraud, who was described in the Costello Affidavit as working for the National Investigation Service of Customs & Excise. During Beardall’s appeal the investigation into the Affidavit by the Metropolitan Police was flawed. Moreover, the investigation into the Affidavit on behalf of Beardall’s defence team was allegedly conducted by an informant using the pseudonym “Joe Poulton”, who is said to be a retired Scotland Yard detective recruited by the Complaints Investigation Branch (CIB3).
Beardall has suffered repeated threats and intimidation, burglaries and even theft of his car during which pertinent documents from unused trial evidence and documents found subsequent to his appeal were removed
@ Old Bill -
There are far fewer people within mobile phone operators who can do this, compared to the thousands of Police officers with the rank of Inspector or above, who can legally authorise the demand for for Communications Data.
Location Based Services requests are sold to third party web map phone tracking companies for a few pence above the price of an SMS text message, so if the Police are being charged much more, than that is itself, a different scandal.
The important point about this is that even for a few pennies, there is a financial audit trail both at the Police force and at the the Mobile Phone Network, which can be investigated.
The demand by Jim Gamble, the power hungry former head of the Child Exploitation and Online Protection Centre, for free access to Communications Data has thankfully been resisted, as this would have destroyed these financial audit checks and balances and would have lead to a vast increase in Communications Data speculative trawling and snooping, which would have been even more open to abuse than the present system.
But there should still be multiple financial audit and computer system log files of each event.
N.B. When the original "Royal voicemail hacking" incidents occurred, there were virtually no such GPS enabled phones in the UK - 5 years ago is a very long time in the rapidly changing for mobile phone market place.
For the purposes of a News of the World / paparazzi stalker tip offs, just knowing the approximate location of a phone could be enough e.g. is the target at their London home or at their second holiday home or abroad.
The UK has a much denser road network and a higher concentration of Mobile Phone cell towers than most of the USA, so there is not that much difference between the accuracy of Location Based Services which do not use built in GPS on the phone handset for position fixes here in the UK.
The various inquiries should find out about the abuse of GPS enabled phones today by the News of the World and by other mainstream media or other Police forces, Intelligence Agencies and public authorities.
They should also publish much more detailed figures about Communications Data demands than the wretched Interception of Communications Commissioner's Annual Report bothers to do.
This BBC News piece gives some context: http://www.bbc.co.uk/news/technology-14141809
Within is this passage that suggests a problem with any audit of the process: "You are generally dealing with people that are experienced in using and deploying covert policing techniques and therefore their tradecraft equips them particularly well to minimise the risk of detection" citing solicitor advocate Simon McKay, author of Covert Policing: Law and Practice.
He also comments on the Interception Commissioner: "The resources of the commissioner empowered by statute to review it are fairly restrictive, so circumstances dictate that a tiny proportion of authorisations obtained will ever be reviewed meaningfully or critically by the commissioner".
@ Ruth - some similarities with the recent case of Ian Puddick
http://www.policeexpenses.co.uk
who also alleges the burglary of his home and the theft of documents which were part of his preparation for the court case.
This also smacks of the Sally Murrer journalist / Mark Kearney police electronic surveillance offficer case (he "bugged" MP Sadiq Khan and his constituent Babar Ahmad in prison still awaiting extradition to the USA, but not facing any charges whatsoever in the UK, but then regretted his actions)
http://www.pressgazette.co.uk/story.asp?storycode=40165
Even after their revelations and identities have become public, Whistleblowers need to take computer and physical security precautions and have multiple backup copies of their evidence and notes available in securely encrypted multiple locations.
See this Spy Blog project site:
http://ht4w.co.uk
Technical Hints and Tips for protecting the anonymity of sources for
Whistleblowers, Investigative Journalists,
Campaign Activists and Political Bloggers etc.
@ Old Bill - this blog has been critical of the system of RIPA Commissioners and their censored Annual Reports, with no budget or legal sanctions to investigate and prosecute cases which breach even the weak safeguards against abuse by authorised insiders under this law.
Sean Hoare, the whistleblower mentioned above is now dead:
http://www.guardian.co.uk/media/2011/jul/18/sean-hoare-news-of-the-world
This UK-written link has some excellent links around the subject of 'Phone hacking, technology and policy': http://www.lightbluetouchpaper.org/2011/07/16/phone-hacking-technology-and-policy/
The pointer to the NHS 'Population Demographics Service' is worth a browse, even though very long and includes guidance on how to reduce individual vulnerability. Strange I'm sure it is called something else within la enforcement.
Pointer to the article came via: http://www.schneier.com/blog/archives/2011/07/british_phone_h.html#comments
The NHS 'Population Demographics Service" Summary Care Record opt out link mentioned in Professor Ross Anderson's blog article above is:
http://www.neilb.demon.co.uk/optout-main1.htm#pds