Meet the UK's PRISM program

British police can access millions of UK mobile customers' data without a warrant.

SAM_1150
Image: ZDNet/CBS Interactive

British police have access to an automated data demand system, which is regularly used to acquire data belonging to customers of three of the four major UK mobile networks.

Read this

Meet the shadowy tech brokers that deliver your data to the NSA

These so-called "trusted third-parties" may be the most important tech companies you've never heard of. ZDNet reveals how these companies work as middlemen or "brokers" of customer data between ISPs and phone companies, and the U.S. government.

Read More

According to a report first published on Friday by The Guardian, customer data is handed over "like a cash machine" to British police, in many cases automatically and without the direct consent each time of the phone companies.

EE, the company behind T-Mobile and Orange, along with Vodafone and Three give police "click of a mouse" access to tens of millions of UK mobile customers.

A fourth operator, O2, is the only major phone network requiring staff to review police requests, the newspaper cited the company as saying. 

Although the system "mirrors" the US PRISM program, the name of the UK program is not known.

For more than a decade, every single mobile, cellular, and landline operator in the UK has been obligated under British law, specifically the Regulation of Investigatory Powers Act (RIPA), to store communications data for up to two years. That includes calls made, when, for how long, and to whom. 

RIPA was introduced in 2000, pre-dating a mass surveillance effort in the US following the September 11 attacks a year later. It acts as the US' equivalent of the Patriot Act and the Foreign Intelligence Surveillance Act (FISA), which can force a company to hand over data — often in secret  — without public judicial oversight.

Read this

Vodafone: Here's how (and where) governments are spying on your calls

Mobile operator reveals scale of government surveillance, and says that speaking out is "not without risk"

Read More

Such laws have been the basis of the modern-day UK-USA agreement, which has been used to conduct surveillance on a massive scale — not just on citizens but also governments, politicians, private companies, and journalists.

There is little oversight for RIPA, either. A senior police officer must give the authority to access the UK's PRISM system, but in many cases these can be conducted without any significant checks and balances from the British courts.

But to date, it's believed that not a single UK mobile operator has released figures showing how many data demands they are served each year under British surveillance laws, either through RIPA, or through warrants or court orders.

Vodafone, however, became the first UK operator to disclose that in some countries law enforcement has "direct access" to its networks . Thanks to the new report by The Guardian, that also includes the UK.

Earlier this year, the European Court of Justice  struck down a crucial data retention law  that forced phone networks to store communications data, ruling it unlawful. The data retention laws were critical for British police and intelligence agencies to acquire this data. It took a matter of weeks for the British parliament to  create its own emergency data retention laws  to allow the UK's PRISM program to continue.

Read this

Feds only have themselves to blame for Apple and Google's smartphone encryption efforts

The U.S. government is crying foul over Apple and Google's efforts to bolster smartphone encryption. Because accusations that they're going "beyond the law" goes both ways.

Read More

"Without these capabilities we run the risk that murderers will not get caught, terrorist plots will go undetected, drug traffickers will go unchallenged, child abusers will not be stopped, and slave drivers will continue in the appalling trade in human beings," UK Home Secretary Theresa May said at the time.

One of the more recent concerns with US surveillance laws was the allegation that there were "two versions" of the Patriot Act: one that was written in the public law books, and a secret interpretation  developed and used by the US Justice Department.

However, by contrast, RIPA is relatively straightforward and lays out much of what British police and intelligence agencies can do. 

The UK has been working to expand its snooping powers during the Cameron-Clegg coalition administration, but failed due to strong opposition. But in the Queen's Speech in 2013, the proposals to widen the tracking of people's internet and phone activities were rekindled.

These proposals, although still in Home Office development, remain vastly under wraps.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All