Feeds

Flexispy release causes legality debate

Trojan row

5 things you didn’t know about cloud backup

A piece of software which allows a user to track another person's mobile phone use would be almost impossible to use in the UK without breaking the law, according to a surveillance law expert.

Flexispy is the controversial software being sold by Thailand and UK-based Vervata. Vervata's Flexispy.com site says that it is the "world's most powerful spy software for mobile phones".

The software's next release, due on 7 September, will allow users to switch on the microphone of a telephone and listen in to the handset's surroundings, Vervata's managing director told OUT-LAW. He was speaking in today's edition of OUT-LAW Radio, the weekly technology podcast.

Use of the software is almost certain to involve the committing of a criminal act which breaks the Regulation of Investigatory Powers Act (RIPA), according to Sue Cullen, an expert in surveillance law at Pinsent Masons, the law firm behind OUT-LAW.

"[According to] the definitions in RIPA on what amounts to intercepting a communication in the course of its transmission, in this case by a public telephone system, the answer is that it's a wide definition, they take a crowbar to it and expand it a bit," said Cullen.

"Putting software on someone else's machine to allow you to listen in, that's open and shut, isn't it? In this Flexispy business what you're doing is you're bugging people's phones. That's not even marginal. It's not even on the fringes, or a grey area. That's a criminal offence if you do it with intention and without lawful authority."

Cullen said that even receiving the permission of the phone's owner would not be enough to avoid breaking the law.

"If you look at what constitutes lawful authority both the sender and the recipient have to have consented. That can't possibly be the case," she said. "You might be able to argue that the wife knew I was putting something on her phone so she consented. That would be a bit feeble but you could raise the argument but it doesn't account for all the people phoning her up, including her lover."

Though Cullen's view is that it would be almost impossible to use the software legally in the UK, it appears that there is no law making the sale of the software illegal in Britain.

Vervata managing director Atir Raihan told OUT-LAW that the technology does have legal uses. "We suggest many other uses such as cost monitoring, theft recovery, SMS archiving, child abuse prevention," he said. "The onus on the legality is from the person who installs it. There are many products which are sold and can be used for legal and illegal purposes and the manufacturer of the product is not liable."

The Home Office confirmed that Vervata was not committing an offence under RIPA.

"Vervata are a completely legitimate and law abiding company, and we will never do anything that breaks any law," said Raihan. "If we are credibly advised that we are directly breaking any law, we will immediately take the appropriate action to comply."

The software has been designated as a virus by anti-virus firm F-Secure. "When Flexispy.A is installed on the phone it will hide from [operating system] Symbian's built in process menu and it does not have any visible user interface or icon," said an anti-virus warning from the firm. "After installation the application will immediately go into hiding and locks its files so that the application uninstaller cannot remove it."

"There is absolutely no way that someone could install this without knowing what it is," said Raihan. "We also make it very difficult to send the software by Bluetooth or Infra Red. Because of this, Flexispy is not a virus nor trojan horse."

See: OUT-LAW Radio

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.