Confirmed: UK police forces own IMSI grabbers, but keeping schtum on use
CCDC is for 'Covert Communications Data Capture'
Despite a nationally observed policy where they neither confirm nor denying using them, British police forces' widespread ownership of IMSI grabbers was confirmed today.
An investigation by indie journalism outfit the Bristol Cable has has revealed that five forces, including Avon and Somerset Constabulary, have been purchasing the eavesdropping equipment, often billing their purchases under the acronym CCDC.
While these purchases have been on public record for a while, it was not known what the acronym stood for until now. Unredacted minutes [PDF] of a meeting this May between West Mercia and Warwickshire police, which the Cable obtained and published, let slip the meaning of the acronym with a subheading titled “Covert Communications Data Capture (CCDC)”.
The minutes continued to state that “West Midlands and Staffordshire Police have recently purchased and operated 4G-compatible CCDC equipment”. The Cable reported that police and crime commissioners from the forces subsequently approved a decision to replace their existing equipment and purchase new CCDC technology.
Further evidence of the purchases was revealed in a South Yorkshire Police report, in which a budget item titled IMSI Covert Communications was given the identical spend on another item for CCDC: £144,000. South Yorkshire police confirmed that the CCDC and IMSI Covert Communications items were in fact the same budget item.
Privacy International's Matthew Rice told the Cable that “the findings – by revealing the codename – show that many police forces in the UK have invested in covert communications surveillance technology, yet the secrecy around them does not inspire confidence that the police are willing to be subjected to the level of scrutiny these powerful capabilities ought to attract.”
According to research by Privacy International, cops are purchasing the eavesdropping devices from British business Cellxion. According to the Cable: "Cellxion focuses on mobile networks in two capacities. One is the facilitation of communications through mobile networks for law enforcement. The company’s other main product is IMSI-catchers."
According to public purchase data, Avon and Somerset Police paid Cellxion £169,575.00 for “CCDC equipment" as well as other “communications and computing equipment”, while London's Metropolitan Police Service also awarded Cellxion a contract worth over £1,000,000 for CCDC in 2015.
It is not known which manufacturer produced the equipment that South Yorkshire, Warwickshire and West Mercia police forces were seeking to replace, although the documents obtained by the Cable confirm that such equipment had been purchased.
The Register contacted the police forces; however, neither would confirm nor deny whether they held any information regarding our requests.
Warwickshire Police and West Mercia Police Temporary Assistant Chief Constable Stephen Cullen eventually told us: "Our main priority is to protect the public from harm and we achieve this by utilising a number of techniques, some of them covert in nature. To retain their effectiveness we are not able to openly discuss these methods."
What's the fuss?
While the use of IMSI grabbers has never been confirmed by a British police force, an investigation conducted by Privacy International and Vice, broadcast in a documentary titled Phone Hackers: Britain's Secret Surveillance, spoke of their "widespread deployment" around London.
How do they work?
The devices exploit a long-known security shortcoming in the Global System for Mobile Communications (GSM) standards.
While GSM was developed by the European Telecommunications Standards Institute (ETSI) as a secure means of wireless communication, the specifications require the mobile device to authenticate itself to the network using its IMSI (International Mobile Subscriber Identity) – but do not require the network to authenticate itself to the mobile device.
This vulnerability makes it very difficult for mobile device users to defend against malicious actors who seek to spoof the network itself. because of this, many critics say that if the State is seeking to exploit this vulnerability rather than attempting to see it patched, it is a failure in its duty of care.
While earlier this year the Interception of Communication Commissioner's Office (IOCCO) was informally told it was going to be asked to look into the use of IMSI grabbers in prisons, the use of the devices by the police would remain outside of the remit of the most transparent of the oversight bodies.
Police use of the devices is permitted under Part II of the Regulation of Investigatory Powers Act 2000, which covers covert surveillance, and as such is overseen by the Office for Surveillance Commissioners, which provides oversight of covert operations conducted under Part II of RIPA and the Police Act 1997 (in a similarly covert manner). ®