Friday, July 08, 2011

Hacked?

Your humble Devil is having a nice holiday in Edinburgh at present but I thought I'd pass some comment on this phone hacking lark.

Others have made this point, but I think it's important to remember, amidst all of the furore and moral outrage, that the state doesn't need to hack your phone—they can simply demand that your supplier hand over all of their records.

And your mobile supplier, and your Internet service provider (ISP), keep extensive records of everything that you do—because the state demands that they do so.

So, if some tabloid arsehole wanted to get details of your conversations, or your browsing habits, or your emails they would be far better off simply paying a public servant to get them instead.

And with over 900 police officers and staff were disciplined for breaching the Data Protection Act between 2007 and 2010, I wouldn't imagine that such a person would be so terribly hard to find...

Strangely, I've not noticed that nice Mr Cameron announcing a "probe" into those figures...


10 comments:

john b said...

To a point, Lord Copper (or Sir Rupert, in the context).

If you wanted to get my mobile phone records via the state, you'd need to bribe a senior police officer to formally request them from my mobile phone company, leaving a formal trail that the request was made.

(you also wouldn't be able to get my voicemails or phone calls themselves - just a list of the numbers I'd called and call times).

If I wanted the list of who you'd called, then I'd bribe someone at Vodafone, not someone who worked for the state: much more scope to cover it up and pretend it never happened.

Michael Fowke said...

As John b says, they don't get the content - or do they?

Anonymous said...

In my experience phone data was only available for investgating crime or other genuine incidents for example a high risk missing person. The data was the calls not the content of the calls.

Urgent requests had to be authorised by an Insp, routine requests by a Supt. All requests were routed through a force liason officer. There was a paper trail for all requests.

Not saying it can't happen but most cops would not be able to access phone data unless it was for genuine reasons. Even then it is difficult sometimes.

Most data protection prosecutions are for misuse of other police computer systems like the PNC, crime management, or the command and control system which cops have necessary access to as part of the job.

Roger Thornhill said...

Someone needs to find out how many "hacks" involved using the default passcode on the voicemails.

I mean, it is not "hacking" to chance "1234". Intrusion, yes, but it is a bit like reading confidential documents left on a desk by an open window visible from the street.

Anonymous said...

Well, at least those 900 coppers are getting disciplined, slighly better than getting away.

john b said...

Michael: they definitely don't.

Anon: thanks for that. If the central database of ISP records that the last govt mooted and rejected had been built, it'd be open to those risks. Thanks to both logistical near-impossibility and excellent groups like No2ID, it wasn't.

Roger: yes actually, it is. Trying to access someone's private data by guessing their password is illegal under Computer Misuse and RIP Acts, even if their password is stupidly easy to crack. That's why Gary McKinnon's in jail. See: someone who burgles your house when you've left the front door unlocked.

Anonymous said...

More anti-public service rubbish. No civil servant can do this. It's hard enough for the police to do it - certainly absolutely impossible without a big audit trail.

Now, if you bribed a private sector employee of a mobile phone company......

Wearysider said...

Missed the ball here DK, as has been pointed out content isn't stored, would take some might huge backup facilities only the headers

Blue Eyes said...

Plus although the state definitely has far too much power to intrude, it can only do so with due process being followed. No council officer or policeman can ask my ISP for a list of the dodgy sites I visit without reason or a paper trail. The likes of Vodafone would have to have fairly robust systems to prevent the leakage of the information that was sought. See the data protection scandals that have affected the reputations of major media companies recently...

Anonymous said...

Johnb: Roger: yes actually, it is. Trying to access someone's private data by guessing their password is illegal under Computer Misuse and RIP Acts, even if their password is stupidly easy to crack. That's why Gary McKinnon's in jail. See: someone who burgles your house when you've left the front door unlocked.

Actually this is a question of semantics. Legally it may be so but traditionally 'hacking' required a bit more nous...

A lot of what is being talked about today is more social engineering which is a kind of hacking.

Z.