Tag Archive for: opinion

Police misleading the public to pass the Investigatory Powers Bill?

07 Dec
December 7, 2015

I was browsing twitter this evening when I came across the following tweet, published by an agency that I have a lot of respect for, the National Crime Agency. They’ve been doing some work with Channel 4 and are publicising an upcoming documentary. Part of that campaign seems to have led to this tweet:

The link in their email points to an infographic:
Misleading NCA infographic about the use of comms data in a missing person case

I had to read this infographic more than once – it’s so misleading that I had to check how many different problems there were with it. Although I replied to the NCA, 140 characters is a bit limiting for a response, so let me respond, in my professional opinion as a communications industry expert and with over a decade of experience in helping the Police with missing persons cases through Mountain Rescue.

So the infographic starts with a story about Amy, a missing 14 year old girl whose parents are unable to reach her because her phone is switched off. Let’s skip over the fact that this is not a surprising situation for a teenage girl, and suppose that there is something untold in the situation that places Amy in the “high risk” category that requires immediate investigation to prevent her from coming to harm.

At this point, the police request call data records from her mobile phone provider, but “…Amy uses online applications on her smart phone to make calls and send instant messages so no useful data is returned.” I’ll come back to this, but let’s take that at face value for the moment.

The police request that her mobile operator then provides communications data (presumably what the Investigatory Powers Bill is referring to as “Internet Connection Records”), but as they don’t store it, they can’t provide it. The police are stumped and can’t help Amy. Poor Amy.

The infographic then goes on to say how access to those records could help provided “key investigative leads” to trace Amy and reach her before she’s harmed.

Seems reasonable, right? Well, no.

First of all, Mobile Network Operators (MNOs) don’t just store call data records – they store a whole host of useful operational information on your mobile including information about the cell that you are or were connected to. This is useful operational information for the MNO, but is also useful for the security and law enforcement agencies (let’s just call them Law Enforcement Agencies, or LEAs for now). As a result, I wouldn’t be at all surprised if this information was not already the subject of an Order for retention under the current regime on all of the MNOs – however, that information is Classified Information, so we can only make educated guesses. That would give the police a good idea where the phone was (with a resolution of anywhere down to a few hundred metres normally) when it was turned off – in some cases, they could even ask the MNO to “ping” the phone from multiple cells to get a very accurate picture of where the handset is – but let’s assume the battery’s been taken out or the mobile destroyed. What else?

Sticking with communications data for a moment, what could that data have revealed if the MNO had been keeping it? Well, it could have told the police that Amy went to Google. She also used WhatsApp, twitter, Google Hangouts, Facebook, Hotmail and a whole host of other random websites.

That data’s limited to what service she was using and when – so for example, you can’t tell if she looked up the number of a local taxi company or searched for a bus timetable on Google. You can’t tell if she sent a message on WhatsApp, twitter, Hangouts or Facebook – because those apps maintain connections with their services on a semi-permanent basis to receive notifications of new messages. My twitter feed for example gets updated on my phone even when I’m not using it. What could the police do with this data? Well, they could approach a Judge and ask for warrants of intercept for each and every one of those services in case she uses them again – none of those are UK based, so they wouldn’t be subject to this new law. Whether the Judge would want more than just “she used them” to get a warrant is a good question. Or perhaps they could check those services and see if she posted anything publicly. Great, so this data was useful, right?

Well, sort of – asking Amy’s mum whether she used facebook reveals that yes, she’s always on it talking to her BFF, Brenda. A quick chat with Brenda, where the police explain the urgency here, and Brenda tells them all about Amy’s new boyfriend who she met online and was going to meet this morning. Or perhaps Brenda tells them about the album that Amy’s favourite band have just released and that she’s gone to buy it in defiance of her mum’s instructions. Or maybe Brenda doesn’t know anything, but she can at least tell the Police what services she uses to communicate with Amy, because Email is just soooo last year, everyone’s using Facebook Messenger at the moment…

“Human intelligence”, or information gathered directly from people rather than their communications has always been favoured by the LEAs and security services for many reasons – it brings along with it a wealth of useful and sometimes unintentional information. Brenda here was a much better source of information than Amy’s MNO because Brenda can provide context and information that isn’t transmitted by any communications services. Moreover, the MNO has given police a long list of service providers who they need to contact and the majority of those are outside the UK making warrants to get access to that data lengthy, time-consuming affairs.

So far then, the communications data hasn’t been as useful as what is occasionally referred to as “good, old-fashioned policing” – talking to relatives, friends and other people who are connected to this individual.

And this brings me neatly to my last point – that the NCA seems to think that there’s nothing else that the police can do. Now, I’ve been involved in dozens of missing persons (MisPer) investigations for high-risk MisPers and the communications data is a minuscule part of the investigation. CCTV cameras, taxi company bookings, conversations with family, friends, neighbours, bank records, credit card records – all of these can help track our activity. More than that, however they can provide insights into the one thing that the communications data can’t – our reason for doing something and our state of mind. A new boyfriend. An anniversary of the death of a loved one. A pending bankruptcy. An argument with a parent. All of these are hugely important in building up a profile of the missing person and will tell police where they’re likely to be. Unsurprisingly, this is well documented procedure in the Police Search Manual published by the College of Policing and that, together with the data from the Centre for Search Research, such as the UK Missing Persons Behaviour Study can be incredibly accurate and useful in guiding the next steps. To suggest then, that the police are stumped because they can’t get access to the communications data is so misleading as to be almost lying to the public and is doing an enormous disservice to the difficult and complex work that Police Search Advisors undertake as part of a search for a vulnerable missing person.

I’ve been watching the progress of this bill with interest and far better people than I have commented already – but this bit of poorly written and sensationalist misinformation from the National Crime Agency angered me – not only because it’s trying to influence the direction of a political bill through tugging on heartstrings using information that’s just plain wrong, but that it diminishes the skills and efforts of those teams of people whose job it is to find these vulnerable missing persons.

Hopefully, someone from the National Crime Agency will read this and reply as to why they thought this was acceptable, but I’m not holding my breath.

This post has been edited to correct the title of the bill, which I originally referred to as the Communications Data Bill – this was the original Snooper’s Charter in 2012, and not the new Investigatory Powers Bill which is currently being proposed.

Specialist operational teams: a thing of the past?

07 Oct
October 7, 2015

Almost two and a half years ago I wrote an article about the changing face of recruiting engineers and how vendors were talking about automating the configuration of networks. I had some doubts at the time but things have moved on from there.

This week I’ve been attending the Oracle Communications Customer Advisory Board in Paris. Quite apart from the usefulness of the sessions and availability and access to a variety of people from engineering through to PLM, it’s been an interesting insight into the future direction that Oracle is taking and what Tier 1 communications providers are talking about. In particular, the things I spoke about in my original article now have a name – Network Function Virtualisation, or NFV. Oracle have been clear in this conference that NFV is coming and that they want to have all of their products in an NFV architecture. A lot of people will have a knee-jerk reaction to this and say that it’s impossible – that there components which have to stay as hardware or purpose-built systems. Equally, I’m seeing people take the exact opposite position – everything will have to be software, there will no longer be any purpose-built hardware. Oracle however, is clear that there is room for both – a good example is an SBC. AcmePacket systems were always purpose-built hardware to provide acceleration in silicon. Although that hasn’t changed with the acquisition by Oracle, there is equally a commitment to provide a virtualised SBC alongside the purpose-built hardware. The point that’s clear here is that NFV doesn’t exclude purpose-built hardware, or at least it mustn’t if it is to succeed. There is room for a hybrid approach from an architectural point of view as well as from a commercial migration point of view.

One question in this morning’s session caught my attention though. The question was asked “Who is going to manage your NVF architecture?” A number of options were proposed from splitting the stack to horizontal components much as it is now, or having a specific team manage the whole stack.  The discussion was varied and there was some brief discussion about whether the IT team or the Application team should be responsible for the stack.

The conversation sadly missed the point entirely – the technology that is being proposed is fundamentally different to anything that’s in place today. As a result, we have to approach this in a different way.

First of all, to have multiple teams managing the NFV stack isn’t useful – as a systems integrator we see too many problems categorised as “grey” problems – issues with integration which two vendors will point at each other and both say “It’s their fault”. This is one of the benefits of getting support from SIPHON on multiple products – by supporting the solution as a whole, we accept responsibility for the grey problems and manage the vendors appropriately. In an NFV architecture where the stack is potentially fully automated with multiple vendors, this will happen more frequently. So it’s critical that companies look to provide a single team that manages if not all then a significant majority of the stack. Who then?

The team that manages your NFV stack will work best if you have a team of generalists or a multi-discipline team. With this approach, every individual should have a good working knowledge of every part of the system right up to and including the application. NFV means that you’re providing a framework that places multiple components in close proximity and with complex systems of this type, you’re going to have elements that impact other elements – the system is inter-dependent to some degree and decisions you make will need to take into consideration the whole system.

That’s not to say that you don’t need specialists – I think it’s likely that what we’ll see is multi-disciplined teams of generalists who can either draw on specialist teams or who each have one or more specialist areas. It’s also possible that the team will depend on an outsourced specialist team much like some of our customers do already with SIPHON’s engineering team.

This new architecture is a fundamental change in how the stack works so we need a fundamental change in the operational model to support it and it’s time that operators realise this and look forward to a positive change.

Moving forward at the speed of technology

24 Sep
September 24, 2014

When companies I buy a service from send newsletters out they occasionally have some interesting tidbits and so I saw today’s newsletter from EE telling me that I could now make journeys through public transport in London by paying with my phone. I was a part of the recent TFL trial using contactless payment cards, so this was interesting for me – solving one of the problems I saw with the contactless system (waving your credit card around in public is surely just asking to be mugged).

Screenshot of the EE newsletter detailing the announcement that EE are working with TFL to roll out NFC payments from mobiles across the TFL network.

So I follow the instructions and check the list of handsets supported for NFC payment (EE branded as “Cash on Tap”) – surprisingly my fairly new HTC One M8 isn’t on there – what gives? It’s certainly got NFC capabilities. A quick google shows something interesting – Only recently has the HTC One M7 been added – that handset was released almost 18 months ago. I couldn’t understand what was going on until I spotted the fine print – “These devices have been securely tested by EE and MasterCard®.”

Now, I know what’s involved in protecting credit card transactions and rightly so – fraud is a multi-billion dollar industry funding all manner of criminal enterprises. However, if you’re telling me that EE is taking 18 months to test new handsets (NFC payments have been out on EE for quite some time), then they really need to review the process. Those people with the highest amounts of disposable income are likely to be the same people who renew their handset every 2 years on a new contract, so an 18 month delay in rolling things out to the customers most likely to make use of this isn’t really on.

Sadly, it’s a trend we see across the industry. My inbox is full of promising new technologies (including a fair amount of vapourware) which larger providers are unable or unwilling to roll out to customers rapidly – and this really is where the smaller ITSP can make a difference. By reacting quickly to customer demand and new technology, they can deliver on these new technologies whilst the large Tier 1’s are still scoping out the deployment project. It’s a pattern I see every day and our customers lean on us to bring the experience of rolling these kinds of features out to the table so help them succeed in delivering. Unfortunately, the mobile industry isn’t really geared for small providers so the large carriers end up stifling the very innovation that they need.

What’s the answer? I really don’t know here – a different regulatory framework might work, perhaps one that splits the network from the handset in much the same way as OpenReach provides the network that thousands of smaller ITSPs use. It may be that LTE will enable a better way of working between the network providers and the service providers, allowing service providers to treat the RAN like a simple access network. We may even find one of the MNO’s suddenly gets off their proverbials and starts reacting better to the technology and userabase. I’m not even sure, given the progress of that industry whether anything will change without a regulatory shakeup, but what I do know is that the customer experience is suffering. The current system doesn’t promote innovation – something needs to change.