![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
ABSTRACT
Recent years have seen a new and welcome transparency as to the legal framework governing many of the state’s surveillance activities in the United Kingdom. The decline of secrecy as to law, however, is only one side of the coin. There remains a significant secrecy as to fact: not only when and where the state’s capacities are deployed, but also what those capacities are. Taking as an example the situation of ‘IMSI catchers’ – devices which permit the detection of mobile phones and interception of its communications – this contribution suggest that this degree of factual secrecy makes it difficult (perhaps impossible) to secure accountability for the conduct of state surveillance, notwithstanding the new era of legal clarity in which we find ourselves.
KEYWORDS:
Disclosure statement
No potential conflict of interest was reported by the author.
Notes
1. StringRays are manufactured by the Harris Corporation of Melbourne, Florida, and were introduced in 2001 and later succeeded later by the StingRay II. A number of other devices are also manufactured by the same firm. One of these, the Triggerfish, predates the StingRay, and was famously used to locate wanted hacker Kevin Mitnick in 1995 (Hardina Citation2018). A more advanced version of the StingRay, known as HailStorm, now also exists and appears to be oriented towards the Long-Term Evolution (LTE) standard for wireless communication which has been progressively introduced in the last decade and which complicates the use of IMSI catchers due to its superior security protocols. In discussing ‘IMSI catchers’ I refer to the entire range of devices with equivalent functionality.
2. The key part of the debate is as follows:
As the House knows, the Security Services Act legalised burglary through a warrant signed by the Secretary of State. That was highly contentious legislation, opposed by many and severely criticised by all parties … Until the Minister spoke in Committee there was no sign that the warrant could authorise MI5 staff to hack into any computer whenever they wanted, without committing this Bill’s proposed offence of unauthorised access. That power to give a warrant to legalise computer hacking was not discussed in debates on the Security Services Act. The way in which the matter is being pushed through means that the House is being deceived because we are not having a proper debate, and those powers are not being properly restrained and decided on. HC Deb 4 May 1990, vol 171 col 1300 (Harry Cohen)
3. The patent in question, European Patent (UK) No. 1 051 053, has the following abstract:
A virtual base station (VBTS) with a test mobile telephone (Test-MS) connected to it operates in close range to a mobile telephone (MS). This test telephone detects a list of all base stations near the location by enquiring through the network base station (BTS(Netz)) with the highest power assigned to the selected location. A base station is then selected that is close to t base station with the highest power assigned to the selected location.
4. The content/metadata distinction has long stood at the centre of the law of surveillance, with all of the relevant law giving effect to the assumption that the content of a communication is more intrusive than is its metadata: to make the point in relation to a telephone call, knowing what was said is more of an invasion of privacy (or whatever other interest) than is knowing what number was called, at what time, and for how long the call lasted. Though nothing here turns on it, much of the contemporary literature contests this assumption and, indeed, it is easy to see how the presence in one’s pocket in a device capable of registering one’s location (location data being a form of metadata) represents a threat to privacy which is – considered in the round – greater than that associated with access to the content of particular communications (Wicker Citation2013).
5. Though it should be noted that the Investigatory Powers Act seems to foresee that interception authorised thereunder might be carried out either by a telecommunication provider or the entity to whom a warrant has been granted itself: see, e.g. Investigatory Powers Act 2016, s 41(2) and (3):
In giving effect to a warrant to which this section applies, the person to whom it is addressed … may (in addition to acting alone) act through, or together with, such other persons as the intercepting authority may require … to provide the authority with assistance in giving effect to the warrant.
This raises the possibility that in fact some of the interceptions which count towards the publicly available figures were in fact examples of unmediated surveillance, rather than the mediated surveillance with which the statutory powers seem usually to be associated. If this is the case, there would seem to be no way of knowing how many fall into each category.
6. See, e.g. Freedom of Information Act 2000 (FOIA) Decision notice FS50660527 (8 June 2017) relating to an FOIA claim made to the Office of the Police & Crime Commissioner for Avon & Somerset, in which the Information Commissioner held that the OPCC was ‘not obliged to confirm or deny whether the requested information was held’. In 2018, Privacy International, the NGO which has pursued a range of surveillance-related campaigns, reported that the Information Commissioner had held that the various police forces were not permitted to offer an NCND response to FOI requests relating to various categories of material – amongst them ‘Marketing or promotional materials received by the police forces relating to IMSI catchers’, legislation, and Codes of Practice’ – but could continue to decline either to confirm or deny possessing other categories of material relating to the purchase and use of the devices (Privacy International Citation2018). Even in relation to material the possession of which must be either confirmed or denied, of course, refusal to disclose might be justified on one of the usual grounds.
7. The Prison Rules provide that ‘a prisoner shall not be permitted to communicate with any person outside the prison, or such person with him, except with the leave of the Secretary of State or as a privilege under’ those Rules: Prison Rules 1999 (SI 1999/728), rule 34(1). A communication includes ‘any communication from a prisoner to any other person transmitted by means of a telecommunications system’; a telecommunication system is ‘any system (including the apparatus comprised in it) which exists for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy’. Prison Rules 1999 (SI 1999/728), rule 2(1).
8. Amongst the safeguards included in the 2012 Act are that details of the authorisation, and of the interferences which take place thereunder, are provided periodically to Ofcom: Prisons (Interference with Wireless Telegraphy) Act 2012, s 2. Memoranda of understanding between the relevant authorities (in England and Wales on one hand and Scotland on the other), Ofcom, and a number of mobile phone operators obtained by journalists using the Freedom of Information Act show a detailed agreement regarding the use of relevant equipment. Ofcom, according to one MoD
will give advice to [the National Offender Management Service] on technical, coordination and interference issues [and] facilitate a dialogue between NOMS and the Mobile Network Operators … designed to ensure that appropriate procedures are put in place and followed, in the event of interference arising beyond the prison perimeter that may be attributable to the use of the Equipment, in line with its statutory duties to manage the radio spectrum. (Ministry of Justice et al. Citationn.d., [5])
9. Serious Crime Act 2015, s 80. Amongst other things, regulations so made must, the Act provides, specify ‘who may apply for telecommunications restriction orders’, ‘make provision conferring rights on persons to make representations’, ‘specify the matters about which the court must be satisfied if it is to make an order’ and ‘make provision about the duration of orders’.
10. If this conclusion is wrong, then one question will be whether any interference grounded upon the relevant provisions of the Police Act 1997 can be ‘in accordance with the law’ given that such provision does not – for reasons given above – seem capable of permitting ‘thematic’ warrants, and so such use cannot, by definition, be ‘in accordance with the law’.