Feel free to fire me your questions – the theme for the debate is going to the Future of Communications Security, which gives rise to the hashtag for this debate: #comsecfuture
Tag Archive for: twitter
I was browsing twitter this evening when I came across the following tweet, published by an agency that I have a lot of respect for, the National Crime Agency. They’ve been doing some work with Channel 4 and are publicising an upcoming documentary. Part of that campaign seems to have led to this tweet:
I had to read this infographic more than once – it’s so misleading that I had to check how many different problems there were with it. Although I replied to the NCA, 140 characters is a bit limiting for a response, so let me respond, in my professional opinion as a communications industry expert and with over a decade of experience in helping the Police with missing persons cases through Mountain Rescue.
So the infographic starts with a story about Amy, a missing 14 year old girl whose parents are unable to reach her because her phone is switched off. Let’s skip over the fact that this is not a surprising situation for a teenage girl, and suppose that there is something untold in the situation that places Amy in the “high risk” category that requires immediate investigation to prevent her from coming to harm.
At this point, the police request call data records from her mobile phone provider, but “…Amy uses online applications on her smart phone to make calls and send instant messages so no useful data is returned.” I’ll come back to this, but let’s take that at face value for the moment.
The police request that her mobile operator then provides communications data (presumably what the Investigatory Powers Bill is referring to as “Internet Connection Records”), but as they don’t store it, they can’t provide it. The police are stumped and can’t help Amy. Poor Amy.
The infographic then goes on to say how access to those records could help provided “key investigative leads” to trace Amy and reach her before she’s harmed.
Seems reasonable, right? Well, no.
First of all, Mobile Network Operators (MNOs) don’t just store call data records – they store a whole host of useful operational information on your mobile including information about the cell that you are or were connected to. This is useful operational information for the MNO, but is also useful for the security and law enforcement agencies (let’s just call them Law Enforcement Agencies, or LEAs for now). As a result, I wouldn’t be at all surprised if this information was not already the subject of an Order for retention under the current regime on all of the MNOs – however, that information is Classified Information, so we can only make educated guesses. That would give the police a good idea where the phone was (with a resolution of anywhere down to a few hundred metres normally) when it was turned off – in some cases, they could even ask the MNO to “ping” the phone from multiple cells to get a very accurate picture of where the handset is – but let’s assume the battery’s been taken out or the mobile destroyed. What else?
Sticking with communications data for a moment, what could that data have revealed if the MNO had been keeping it? Well, it could have told the police that Amy went to Google. She also used WhatsApp, twitter, Google Hangouts, Facebook, Hotmail and a whole host of other random websites.
That data’s limited to what service she was using and when – so for example, you can’t tell if she looked up the number of a local taxi company or searched for a bus timetable on Google. You can’t tell if she sent a message on WhatsApp, twitter, Hangouts or Facebook – because those apps maintain connections with their services on a semi-permanent basis to receive notifications of new messages. My twitter feed for example gets updated on my phone even when I’m not using it. What could the police do with this data? Well, they could approach a Judge and ask for warrants of intercept for each and every one of those services in case she uses them again – none of those are UK based, so they wouldn’t be subject to this new law. Whether the Judge would want more than just “she used them” to get a warrant is a good question. Or perhaps they could check those services and see if she posted anything publicly. Great, so this data was useful, right?
Well, sort of – asking Amy’s mum whether she used facebook reveals that yes, she’s always on it talking to her BFF, Brenda. A quick chat with Brenda, where the police explain the urgency here, and Brenda tells them all about Amy’s new boyfriend who she met online and was going to meet this morning. Or perhaps Brenda tells them about the album that Amy’s favourite band have just released and that she’s gone to buy it in defiance of her mum’s instructions. Or maybe Brenda doesn’t know anything, but she can at least tell the Police what services she uses to communicate with Amy, because Email is just soooo last year, everyone’s using Facebook Messenger at the moment…
“Human intelligence”, or information gathered directly from people rather than their communications has always been favoured by the LEAs and security services for many reasons – it brings along with it a wealth of useful and sometimes unintentional information. Brenda here was a much better source of information than Amy’s MNO because Brenda can provide context and information that isn’t transmitted by any communications services. Moreover, the MNO has given police a long list of service providers who they need to contact and the majority of those are outside the UK making warrants to get access to that data lengthy, time-consuming affairs.
So far then, the communications data hasn’t been as useful as what is occasionally referred to as “good, old-fashioned policing” – talking to relatives, friends and other people who are connected to this individual.
And this brings me neatly to my last point – that the NCA seems to think that there’s nothing else that the police can do. Now, I’ve been involved in dozens of missing persons (MisPer) investigations for high-risk MisPers and the communications data is a minuscule part of the investigation. CCTV cameras, taxi company bookings, conversations with family, friends, neighbours, bank records, credit card records – all of these can help track our activity. More than that, however they can provide insights into the one thing that the communications data can’t – our reason for doing something and our state of mind. A new boyfriend. An anniversary of the death of a loved one. A pending bankruptcy. An argument with a parent. All of these are hugely important in building up a profile of the missing person and will tell police where they’re likely to be. Unsurprisingly, this is well documented procedure in the Police Search Manual published by the College of Policing and that, together with the data from the Centre for Search Research, such as the UK Missing Persons Behaviour Study can be incredibly accurate and useful in guiding the next steps. To suggest then, that the police are stumped because they can’t get access to the communications data is so misleading as to be almost lying to the public and is doing an enormous disservice to the difficult and complex work that Police Search Advisors undertake as part of a search for a vulnerable missing person.
I’ve been watching the progress of this bill with interest and far better people than I have commented already – but this bit of poorly written and sensationalist misinformation from the National Crime Agency angered me – not only because it’s trying to influence the direction of a political bill through tugging on heartstrings using information that’s just plain wrong, but that it diminishes the skills and efforts of those teams of people whose job it is to find these vulnerable missing persons.
Hopefully, someone from the National Crime Agency will read this and reply as to why they thought this was acceptable, but I’m not holding my breath.
This post has been edited to correct the title of the bill, which I originally referred to as the Communications Data Bill – this was the original Snooper’s Charter in 2012, and not the new Investigatory Powers Bill which is currently being proposed.