‘We used to say a man’s home is his castle. Today, a man’s phone is his castle’, Edward Snowden
Many of us carry around smartphones which we use to connect with one another, store vast amounts of personal information and explore the internet. Ofcom has described the UK as a ‘smartphone society’, estimating around 66% of people possessed one as of 2015. Among 16-24-year-olds the rate of ownership is 90%, and ownership among 55-64-year-olds increased from 19% to 50% since 2012. There is a clear trend towards the use of smartphones in the UK and the devices are enabling a great deal of connectivity among people. Yet in order to embrace the convenience that this sort of technology offers we must also confront a growing encroachment on our individual privacy.
Mobile phones do not communicate directly with one another as isolated objects, they need to be in the range of a mobile phone mast. When you make a call or send a message from your phone the signal is detected by the nearest mast. From here the signal gets passed on to a base station which ultimately connects you to the target device. This communications network facilitates a growing demand for mobile connectivity across the country. However, the journey of our data through this network is not as safe as you might expect.
IMSI catchers, or ‘Stingrays’ as they have become known, are relatively cheap and portable tools that intercept information sent between mobile phones. They do so by presenting themselves as the strongest base station in an area and indiscriminately pull in all of the nearest phone signals. When a phone signal passes through a Stingray it collects any data travelling on that signal. Traditionally these machines were only capable of collecting ‘metadata’ sent from the SIM card, which is very basic details such as who sent the information, where it was sent from, who received it and when etc. But new advances in technology allows Stingrays to access both voice recordings and messages sent between mobile devices.
A Sky News investigation in 2015 found indications of at least twenty active Stingrays in London. Of course, there is no way to know who is operating those devices since they can be sourced by members of the public. However, it is worth noting that The Guardian reported about how the Metropolitan Police invested £143,455 on Stingray technology between 2008 and 2009. Police have neither confirmed nor denied the use of Stingrays for surveillance purposes. When questioned by Sky News on the matter, director-general of the National Crime Agency, Keith Bristow explained that ‘some of what we need to do is intrusive, it is uncomfortable, and the important thing is we set that out openly and recognise there are difficult choices to be made’.
Difficult choices indeed, because if Police in the UK are using Stingrays to collect massive amounts of data from members of the public then serious questions are raised as to the interpretation of law. According to the Regulation of Investigatory Powers Act (2000), any interception of private communication requires a warrant. Such warrants are limited to cases which are in the interests of national security, prevention or detection of a serious crime or the safeguarding UK economic wellbeing. Since Stingrays do not discriminate between phone signals, their interception capabilities are not limited to those restrictions and would, therefore, seem to be out with the legal parameters of Police powers.
That being said, I would like to believe it is unlikely for law enforcement agencies to operate a Stingray in order to sift through data from all signals in a given area. Rather, Police may employ the technology as a convenient method to action a warrant against a particular individual by targeting and monitoring their distinct information. But the inadvertent interception of all other mobile phones would still be unlawful. Moreover, there are alternative and far more direct means to track the mobile phone activity of someone against whom a warrant has been issued. So even with the best intentions, Stingrays are both unsuitable and ineffective for carrying out lawful surveillance in accordance with specific warrants.
A typical contradiction of these concerns could be that you have nothing to worry about if you are doing nothing wrong. We obviously want Police to protect us from crime and in some cases, we may even be willing to exchange a degree of privacy for improved security. For those who accept this logic, I wonder where they draw the line between privacy and security. That attitude does not seem to resonate when applied to the idea of Police spying on activity within our private homes, so why should it apply to surveillance of the activity on our private electronic devices, particularly when the technology is becoming increasingly important to our daily lives.
Perhaps there is a growing need for current attitudes about individual privacy to be reconsidered in light of technological progress and greater connectivity. As we welcome further advances in electronic convenience there will be significant challenges posed to how we perceive conventional notions of private life. While it may be reasonable and fair to discuss the implications of Stingray systems for law enforcement, the fact remains that these devices are available to anyone with the means to obtain one and regardless of their intentions. The likelihood is it will become easier to circumvent Stingrays, but so long as people choose to share so much of their private life through electronic communications there will be new methods devised to access it.