Feeds

Mobile networks: the state's new bloodhounds?

Dial L for location

Eight steps to building an HP BladeSystem

And what about the handset?

If the handset is a smartphone, it could be using GPS to record your location, along with the time, and sending it off to who-knows-where over a data connection without the network operator, or you, being any the wiser.

Of course, getting the GPS to work when the phone is in your pocket won't be easy, so that's not a big concern unless your phone is labelled i-Kids in large friendly letters.

The handset does know the name of the local cell tower, which in Germany is usefully set to the tower's longitude and latitude (at least on O2's network), but elsewhere the spy will need to convert tower name to location , though that's not difficult.

A smartphone application which logs cell towers and sends that data over the mobile network wouldn't be too hard to write, and could easily be invisible to the user once installed.

Turning the handset off will prevent any information being created or logged, assuming the handset isn't just pretending to be turned off. Such handsets are available from various spy supply stores. Though these are generally used for recording and transmitting voice, they would work equally well tracking people.

The art of tracking

All network operators store where you've been for at least 12 months, but getting at that information costs money.

If you fall into the master criminal category a police officer might want to know if you really were in that club at that time, and can make a request to his SPOC (Single Point Of Contact, nothing to do with rubber ears or silly accents) to get the data out of your service provider.

The SPOC is responsible for dealing with all aspects of the RIPA, but location requests on mobile phones are pretty commonplace, with a large force handling hundreds a day. This number has been going up over the last couple of years as coppers get familiar with what they can, and can't, find out.

The requests are supposed to be pretty detailed: "Where was this phone at this time", rather than "What were the movements of this person over the period of a month or two", and it's up to the SPOC to ensure requests are necessary, proportionate, and lawful (as specified by RIPA). Any additional information that turns up, outside what was requested, is supposed to be discarded.

This isn't to say that any copper can just call up the SPOC when they feel like it. A typical request must be authorised by an inspector and will take a couple of days to complete. When the data is needed urgently, such as tracking an at-risk missing person, a Superintendent can give verbal permission and the data turns up faster, but that costs a lot more.

Mobile operators are only supposed to charge enough to cover their expenses, but as each network has different systems they all charge different amounts and have different ideas about how important the information is. Certainly, they charge enough to make police think twice before making an information request, which is no bad thing, but some operators also refuse to provide data they can't deliver within a few days - so you might get lucky if you choose a network operator with particularly errant computer systems.

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
GoTenna: How does this 'magic' work?
An ideal product if you believe the Earth is flat
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.