Feeds

Flexispy release causes legality debate

Trojan row

Using blade systems to cut costs and sharpen efficiencies

A piece of software which allows a user to track another person's mobile phone use would be almost impossible to use in the UK without breaking the law, according to a surveillance law expert.

Flexispy is the controversial software being sold by Thailand and UK-based Vervata. Vervata's Flexispy.com site says that it is the "world's most powerful spy software for mobile phones".

The software's next release, due on 7 September, will allow users to switch on the microphone of a telephone and listen in to the handset's surroundings, Vervata's managing director told OUT-LAW. He was speaking in today's edition of OUT-LAW Radio, the weekly technology podcast.

Use of the software is almost certain to involve the committing of a criminal act which breaks the Regulation of Investigatory Powers Act (RIPA), according to Sue Cullen, an expert in surveillance law at Pinsent Masons, the law firm behind OUT-LAW.

"[According to] the definitions in RIPA on what amounts to intercepting a communication in the course of its transmission, in this case by a public telephone system, the answer is that it's a wide definition, they take a crowbar to it and expand it a bit," said Cullen.

"Putting software on someone else's machine to allow you to listen in, that's open and shut, isn't it? In this Flexispy business what you're doing is you're bugging people's phones. That's not even marginal. It's not even on the fringes, or a grey area. That's a criminal offence if you do it with intention and without lawful authority."

Cullen said that even receiving the permission of the phone's owner would not be enough to avoid breaking the law.

"If you look at what constitutes lawful authority both the sender and the recipient have to have consented. That can't possibly be the case," she said. "You might be able to argue that the wife knew I was putting something on her phone so she consented. That would be a bit feeble but you could raise the argument but it doesn't account for all the people phoning her up, including her lover."

Though Cullen's view is that it would be almost impossible to use the software legally in the UK, it appears that there is no law making the sale of the software illegal in Britain.

Vervata managing director Atir Raihan told OUT-LAW that the technology does have legal uses. "We suggest many other uses such as cost monitoring, theft recovery, SMS archiving, child abuse prevention," he said. "The onus on the legality is from the person who installs it. There are many products which are sold and can be used for legal and illegal purposes and the manufacturer of the product is not liable."

The Home Office confirmed that Vervata was not committing an offence under RIPA.

"Vervata are a completely legitimate and law abiding company, and we will never do anything that breaks any law," said Raihan. "If we are credibly advised that we are directly breaking any law, we will immediately take the appropriate action to comply."

The software has been designated as a virus by anti-virus firm F-Secure. "When Flexispy.A is installed on the phone it will hide from [operating system] Symbian's built in process menu and it does not have any visible user interface or icon," said an anti-virus warning from the firm. "After installation the application will immediately go into hiding and locks its files so that the application uninstaller cannot remove it."

"There is absolutely no way that someone could install this without knowing what it is," said Raihan. "We also make it very difficult to send the software by Bluetooth or Infra Red. Because of this, Flexispy is not a virus nor trojan horse."

See: OUT-LAW Radio

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Boost IT visibility and business value

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.