A Typo in the Constitution

Greg Callus' musings on law, politics, media, culture, and life

Phone-hacking: more ‘pinging’ still government policy

There are skeptics who don’t think much will come out of the Leveson Inquiry. Guido Fawkes told Leveson LJ that the true test would be prosecutions arising out of Operation Motorman, and Hugh Grant will seemingly not be satisfied until there’s a statutory regime for regulating Twitter. Everyone has their own wishlist, items of which would horrify other Core Participants. 

I am more optimistic, and have just one, uncontroversial aspiration of the Leveson Inquiry: that its findings will kill-before-birth the abhorrent General Surveillance Policy which is being floated in the press today (and which is apparently not an April Fool). When the dust has settled on blagging and listening to the occasional voicemail, the most staggering revelations of Leveson will likely surround the practice of ‘Pinging’, the corruption that enabled it, and the regulatory failure that allowed it to happen right  under the nose of the State.


Anticipating the policy bun-fight to come, already the soothing voices of authoritarianism at the Home Office are assuring us that:

"We need to take action to maintain the continued availability of communications data as technology changes. Communications data includes time, duration and dialling numbers of a phone call, or an email address. It does not include the content of any phone call or email and it is not the intention of government to make changes to the existing legal basis for the interception of communications.”

Let’s pick apart that Home Office quote.

The State does already have the power to intercept the content of emails and phone calls, but it needs a warrant from a Warrant Issuing Department such as SOCA or the UK Border Agency. This happens several hundred times a year, and is done mostly for the purposes of anti-terrorist operations. For those who are interested, this power is to be found in Part I, Chapter I of “RIPA” - the Regulation of Investigatory Powers Act of 2000

But there is a less well-known part of RIPA - Part I, Chapter II which came into force in early 2004, and allows any police force, local council, and a whole host of other public sector organisations to effectively self-certify authorisation to compel telephone companies and ISPs to hand-over access to Communications Data - not the content of phone calls and emails, but traffic data such as the identity of parties, the IP addresses/telephone numbers, and the locations of the parties at the time of a communication.

In the case of mobile phones, the providers are able to triangulate the position of any mobile phone by ‘pinging’ it and seeing to which telephone masts it responds and the strength of signal at each. The particular signature communicated as a phone is being turned off was a key piece of evidence - likely critical in fact - in convicting Ian Huntley of the deaths of Holly Wells and Jessica Chapman.

Thanks to Sean Hoare’s interview with the New York Times shortly before he died, we already know that tabloids used this method to identify the whereabouts of certain celebrities. From the NYT article from 11 July 2011:

A former show-business reporter for The News of the World, Sean Hoare, who was fired in 2005, said that when he worked there, pinging cost the paper nearly $500 on each occasion. He first found out how the practice worked, he said, when he was scrambling to find someone and was told that one of the news desk editors, ——- ———, could help. Mr. ——- asked for the person’s cellphone number, and returned later with information showing the person’s precise location in Scotland, Mr. Hoare said. Mr. ———, who faces questioning by police on a separate matter, did not return calls for comment.

The article also remarks on the regime that supposedly regulated this accessing of private Communications Data, noting that authorisation is required on a case-by-case basis. When any of the public bodies to whom RIPA applies decides that it has an instance (maybe a fiendish villain sending their kids to the right school) where it needs to check someone’s location, or with whom they are communicating, there is a procedure for communicating that to the ISP/Telephone company (generically referred to as Communications Service Providers, or CSPs).


Within each public authority, a Designated Person (DP) objectively assesses the request of the police officer (or whomsoever is asking for the data), and if they agree they refer it to the RIPA Single Point of Contact (SPoC) who refers it to the CSP. The SPoC has a Personal Identification Number (PIN) which accompanies the notification to the CSP, to authenticate that it is a genuine RIPA notification to provide Communications Data. The integrity of the entire process is the responsibility of the Senior Responsible Officer (SRO). Every public authority should have a DP, a SPoC, and an SRO.

This whole system is overseen by the Interception of Communications Commissioner (the ICC is usually a retired judge from the Court of Appeal -  Sir Paul Kennedy handed over to Sir Mark Waller in January 2011), who is ably assisted by a Chief Inspector and 5 Inspectors, who visit the various public bodies who use their RIPA powers and check their processes work.

The IPC also reviews a significant sample of the  Part I, Chapter I interceptions, which are police/security services interceptions that also include the content of communications, as well as interceptions of communications in and out of prisons. There are a few hundred Chapter I interceptions each year and every mistake or error (transposed digits in a telephone number being the most common) is recorded and explained to the IPC. The system seems to work well - there, I think, is adequate oversight when SOCA/MI5/MI6 or other Warrent Issuing Departments (WIDs) want to listen to your phone conversations. Each WID is inspected twice annually.

But the Chapter II interceptions, of just Communications Data, like the result of Pinging to locate a data subject, are not as thoroughly externally monitored. This is because there are over half a million such interceptions each year - around 550,000 last year and growing at 5% per annum. These are instances of police officers, or council officials, or someone working for the Royal Mail, or the OFT, or the Health & Safety Executive, seeking to ascertain who owns a mobile phone, or where the owner was a certain time, or who they called on Monday morning. Around 650 errors are recorded each year. There are hundreds of public authorities who have this power, although the majority do not make much use of them, and thousands of people who have the power to request access to your Communications Data.

Sometimes, there isn’t time for a written request because of an imminent threat to life and limb, and so the Urgent Oral procedure kicks in - the SPoC will normally be rudely awoken by a police officer explaining they have (eg) an urgent terrorism/kidnapping situation, and they need a notification to be sent to the CSP urgently. This happened over 31,000 times last year, up from around 21,000 times the year before, and around 87% of police forces were good or satisfactory in their post-haste record keeping which is a statutory requirement if there isn’t paperwork at the time. 

How many of these tens of thousands of urgent oral requests went unrecorded? I can’t tell you, because the very presence of an oral procedure with a less-than-perfect score for record-keeping means that there could be any number of applications for private Communications Data that have never been logged.

How can the oral authorisation of interception (without warrant) on this sort of scale possibly be within the intention of Parliament? 

Perhaps we could rely on the CSPs like Vodafone, or O2, or EverythingEverywhere to tell us exactly how many requests came through to them for Communications Data under Chapter II. Because they would definitely know, given that under RIPA s24, the CSPs can and do charge public authorities that make such requests. It’s a burden on them, and they are compensated by the public purse. I’m sure the illicit ‘pings’ ordered by news editors would have looked entirely innocent to the CSPs, and probably would have been billed back to the police force, or the Secretary of State in the normal way.

The irony of the News of the World phone-hacking scandal is that if you’re a taxpayer, you probably helped pay for those exclusives.


I make no criticism of the ICC, or the Investigatory Powers Tribunal, or the Inspectors who I’m sure do an excellent job at guarding the guards. But it is clear that the 94 organisations inspected for Chapter II interceptions last year are capable of making more requests for Communications data than could ever be scrutinised by any inspectorate this small. A sensible approach has been taken to conduct sampling, but when each an every breach is the State prying into the intimate details of its citizens lives, I think a more robust system is necessary.

There are accusations from ITV, from Panorama, from the Guardian, from the New York Times, that journalists and private investigators have enjoyed relationships with corrupt police officers to obtain private information. Part of this information has included the whereabouts of celebrities, or witnesses. Whilst some mention has been made of attempts to blag information from phone companies in the Operation Motorman era (pre-2003), since 2004 there has been a way of getting Communications Data from CSPs without having to mislead them, or rely on failures in their processes. 

How was this done? Was a DP bribed or duped by a requesting officer? Was a SPoC bribed, or duped by a DP? Was a SPoCs PIN (for CSPs to authenticate the notifications) leaked? Why did the various SROs fail to spot requests for data that could not possibly be linked to any serious crimes? And is there anything that the ICC or the IPT could have done to regulate illicit data requests?

Pinging will be the next major phase of this scandal - if listening to celebrity voicemails is a distasteful invasion of privacy, having journalists bribe police officers to obtain their real-time location (presumably so the paparazzi could be sent round…?) is far more sinister. I have a million thoughts on the rights and wrongs of statutory regulation of the Press, but it just doesn’t matter when compared to the power of surveillance already given to every council, police force and public authority who might want it, without any sufficient oversight.

If Lord Justice Leveson’s Inquiry is to do anything constructive, it should highlight how widely government has already distributed the power to spy on our Communications Data, how little it has managed to safeguard us against misuse of those powers to date, and to make us think twice before we give the State any more power to monitor our thoughts, expressions and movement.

Send me tips and feedback via Twitter: I’m @Greg_Callus

  • 1 April 2012
  • 9