Feeds

Flexispy release causes legality debate

Trojan row

SANS - Survey on application security programs

A piece of software which allows a user to track another person's mobile phone use would be almost impossible to use in the UK without breaking the law, according to a surveillance law expert.

Flexispy is the controversial software being sold by Thailand and UK-based Vervata. Vervata's Flexispy.com site says that it is the "world's most powerful spy software for mobile phones".

The software's next release, due on 7 September, will allow users to switch on the microphone of a telephone and listen in to the handset's surroundings, Vervata's managing director told OUT-LAW. He was speaking in today's edition of OUT-LAW Radio, the weekly technology podcast.

Use of the software is almost certain to involve the committing of a criminal act which breaks the Regulation of Investigatory Powers Act (RIPA), according to Sue Cullen, an expert in surveillance law at Pinsent Masons, the law firm behind OUT-LAW.

"[According to] the definitions in RIPA on what amounts to intercepting a communication in the course of its transmission, in this case by a public telephone system, the answer is that it's a wide definition, they take a crowbar to it and expand it a bit," said Cullen.

"Putting software on someone else's machine to allow you to listen in, that's open and shut, isn't it? In this Flexispy business what you're doing is you're bugging people's phones. That's not even marginal. It's not even on the fringes, or a grey area. That's a criminal offence if you do it with intention and without lawful authority."

Cullen said that even receiving the permission of the phone's owner would not be enough to avoid breaking the law.

"If you look at what constitutes lawful authority both the sender and the recipient have to have consented. That can't possibly be the case," she said. "You might be able to argue that the wife knew I was putting something on her phone so she consented. That would be a bit feeble but you could raise the argument but it doesn't account for all the people phoning her up, including her lover."

Though Cullen's view is that it would be almost impossible to use the software legally in the UK, it appears that there is no law making the sale of the software illegal in Britain.

Vervata managing director Atir Raihan told OUT-LAW that the technology does have legal uses. "We suggest many other uses such as cost monitoring, theft recovery, SMS archiving, child abuse prevention," he said. "The onus on the legality is from the person who installs it. There are many products which are sold and can be used for legal and illegal purposes and the manufacturer of the product is not liable."

The Home Office confirmed that Vervata was not committing an offence under RIPA.

"Vervata are a completely legitimate and law abiding company, and we will never do anything that breaks any law," said Raihan. "If we are credibly advised that we are directly breaking any law, we will immediately take the appropriate action to comply."

The software has been designated as a virus by anti-virus firm F-Secure. "When Flexispy.A is installed on the phone it will hide from [operating system] Symbian's built in process menu and it does not have any visible user interface or icon," said an anti-virus warning from the firm. "After installation the application will immediately go into hiding and locks its files so that the application uninstaller cannot remove it."

"There is absolutely no way that someone could install this without knowing what it is," said Raihan. "We also make it very difficult to send the software by Bluetooth or Infra Red. Because of this, Flexispy is not a virus nor trojan horse."

See: OUT-LAW Radio

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.