Feeds

Flexispy release causes legality debate

Trojan row

Internet Security Threat Report 2014

A piece of software which allows a user to track another person's mobile phone use would be almost impossible to use in the UK without breaking the law, according to a surveillance law expert.

Flexispy is the controversial software being sold by Thailand and UK-based Vervata. Vervata's Flexispy.com site says that it is the "world's most powerful spy software for mobile phones".

The software's next release, due on 7 September, will allow users to switch on the microphone of a telephone and listen in to the handset's surroundings, Vervata's managing director told OUT-LAW. He was speaking in today's edition of OUT-LAW Radio, the weekly technology podcast.

Use of the software is almost certain to involve the committing of a criminal act which breaks the Regulation of Investigatory Powers Act (RIPA), according to Sue Cullen, an expert in surveillance law at Pinsent Masons, the law firm behind OUT-LAW.

"[According to] the definitions in RIPA on what amounts to intercepting a communication in the course of its transmission, in this case by a public telephone system, the answer is that it's a wide definition, they take a crowbar to it and expand it a bit," said Cullen.

"Putting software on someone else's machine to allow you to listen in, that's open and shut, isn't it? In this Flexispy business what you're doing is you're bugging people's phones. That's not even marginal. It's not even on the fringes, or a grey area. That's a criminal offence if you do it with intention and without lawful authority."

Cullen said that even receiving the permission of the phone's owner would not be enough to avoid breaking the law.

"If you look at what constitutes lawful authority both the sender and the recipient have to have consented. That can't possibly be the case," she said. "You might be able to argue that the wife knew I was putting something on her phone so she consented. That would be a bit feeble but you could raise the argument but it doesn't account for all the people phoning her up, including her lover."

Though Cullen's view is that it would be almost impossible to use the software legally in the UK, it appears that there is no law making the sale of the software illegal in Britain.

Vervata managing director Atir Raihan told OUT-LAW that the technology does have legal uses. "We suggest many other uses such as cost monitoring, theft recovery, SMS archiving, child abuse prevention," he said. "The onus on the legality is from the person who installs it. There are many products which are sold and can be used for legal and illegal purposes and the manufacturer of the product is not liable."

The Home Office confirmed that Vervata was not committing an offence under RIPA.

"Vervata are a completely legitimate and law abiding company, and we will never do anything that breaks any law," said Raihan. "If we are credibly advised that we are directly breaking any law, we will immediately take the appropriate action to comply."

The software has been designated as a virus by anti-virus firm F-Secure. "When Flexispy.A is installed on the phone it will hide from [operating system] Symbian's built in process menu and it does not have any visible user interface or icon," said an anti-virus warning from the firm. "After installation the application will immediately go into hiding and locks its files so that the application uninstaller cannot remove it."

"There is absolutely no way that someone could install this without knowing what it is," said Raihan. "We also make it very difficult to send the software by Bluetooth or Infra Red. Because of this, Flexispy is not a virus nor trojan horse."

See: OUT-LAW Radio

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.