A British user of GSM gateways – also known as simboxes – has blasted Surrey Police and Vodafone UK for the way they pursued a prosecution for seven years, only for the case to end without a conviction. As recently reported in both The Register and The Times, Daniel Mahony was arrested in 2010, then later charged with fraud and with operating an unlicensed gateway in contravention of the Wireless Telegraphy Act. Mahony was acquitted of the fraud charge after a trial in 2014, but the Crown Prosecution Service (CPS) continued to pursue the simbox charge until it was dropped in September of this year. Amongst Mahony’s complaints were that Vodafone had given free forensic assistance to the police, even though they had a “vested interest” in denting Mahony’s business, because he helped customers to obtain cheaper call rates. Mahony also implied that Vodafone had deleted messages that showed he was not guilty of fraud, and which were only made available at his trial because they had been saved by another defendant.
Vodafone sought to justify their role in the case, stating:
Surrey Police brought the case against Mr Mahony – not Vodafone. It was Surrey Police and the Crown Prosecution Service who decided that the case against Mr Mahony was in the public interest. We acted solely on the instruction of Surrey Police throughout the case, as we are obliged to do so by law. Surrey Police directed us to conduct the digital forensic examinations of the items that they had seized. The police kept the original exhibits and the master copy of these items at all times; we only ever examined copies under the direct instruction of Surrey Police. We strongly deny any implied allegation that Vodafone altered or tampered with any evidence: doing so would be a criminal offence.
The police gave a similar explanation for seeking help from Vodafone.
Outsourcing to external forensic examiners or technical experts is not unusual in cases where there are large quantities of equipment or data to examine. Advice was sought on this matter, specifically in relation to Vodafone, from the CPS who raised no objections. A strict protocol and non-disclosure agreement was put in place between the examiners at Vodafone and the Force, agreed by the CPS, to ensure that the forensic examination of computers was transparent, which was robustly managed. Vodafone was given supervised access to the devices, while they remained in the possession of Surrey Police. The access they were given was to image the computers, the originals remained in the possession of Surrey Police.
Nevertheless, Times journalist Fiona Hamilton was sharply critical when reporting the case.
…Surrey Police’s decision to allow the company such extensive involvement in its investigations raises serious questions, not least one of independence.
While Vodafone was not paid for its work, its involvement meant that Surrey did not have to find resources for the forensic examinations.
Vodafone claimed that the activities of Mr Mahony and his associates had cost the company more than one million pounds…
…When forces have stopped investigating crimes such as burglaries because of budget cuts, police and prosecutors dedicated vast resource to a case where the judge had raised serious doubts. This zealous pursuit deserves further examination.
I believe this case tells us more about the failures of the British legal and regulatory system than it does about the abuse of power.
When Mahony was arrested in 2010, his business was unquestionably exploiting an arbitrage opportunity created by the differences between wholesale and retail telephone charges. Telcos should have the right to set different prices for different customers, especially when they distinguish between the man in the street and another communications provider. However, such distinctions may have been inadequately expressed in the contracts with customers. The UK’s communications regulator tried to address this fundamentally commercial issue by trying to transform it into a matter of technical compliance: they pretended the problem involved licensing radio devices when the substantial difference between a GSM gateway and an ordinary phone rests in the purposes they are used for, not the radio signals they send and receive.
Vodafone were exploited by a chancer who must have understood that putting Vodafone SIMs into his simboxes would likely lead to a dispute with the network. However, a lax legal and regulatory framework made it difficult to stop Mahony, who could reasonably argue that his business was legal by some interpretations of the rules. Meanwhile, many simboxers also engage in a miscellany of frauds, but that does not prove that Mahony was a fraudster. Changes in prices meant Mahoney’s arbitrage opportunity had dissipated over the seven years that law enforcement spent pursuing his prosecution, leading the judge to question the reasons to punish Mahoney. The process of enforcing the law was so slow that the police and prosecutors were stuck trying to punish Mahoney for a crime long after they needed to deter anyone from committing it again. However, the prosecution only came to a close because another ‘technical’ ruling by the communications regulator effectively recognized there was no good reason to demand licenses for simboxes like those operated by Mahony.
This leads me to question not the goals of Vodafone, who had straightforward reasons for wanting to prevent Mahony from abusing their retail offerings, but those of the police, prosecutor, and regulator. To what extent do they serve the public by taking so very long to fail to secure a conviction for somebody who may or may not have broken a badly-worded rule? And why do law enforcement agencies routinely demand free assistance from businesses, to the point where we must question if they would bother to uphold the law unless those businesses are willing to subsidize their efforts? Corporations pay tax too, so why should police and prosecutors have the freedom to ignore corporate crime unless they can find a company willing to bankroll their work?
The rise of the internet and mobile phones has resulted in many of the burdens of crimefighting being transferred to the private sector. In effect, phone and internet users are carrying the cost of every police demand for records that show who spoke to whom, and where they were at the time. But whilst telcos are covering that cost for society, it seems they also have to pay again if they want public servants to identify and catch white collar organized criminals.
I highlighted the inconsistency recently when commenting on a UK report about video streaming piracy that was authored by some relatively well-funded private sector lobbyists. The report features some seriously misleading statistics, but that did not stop the Head of the UK’s Police Intellectual Property Crime Unit, Detective Chief Inspector Pete Ratcliffe, from lending his name to it. Ratcliffe ominously claimed that piracy is linked to “other serious crimes”. That may be so, but this officer works for the same police force that effectively tells telcos they will not address other kinds of electronic communication fraud unless the telcos pay them to do so, on the basis that the police has no budget for such matters. Are the gangsters who engage in traditional phone frauds not connected to other serious crimes? They are, but that is not the point. The police and their budgetary masters have no interest in making connections when they highlight the cost to society of crimes they can studiously neglect because the impact is not so visible to ordinary members of the public.
Times journalist Fiona Hamilton had good reason to question the way Daniel Mahoney’s case was pursued, but her emphasis lay in the wrong place. The Mahoney case does not show how an innocent man can be put at risk because he has become the enemy of a big business that possesses the resources to influence his prosecution. His case reveals that white collar organized telecom scams never get to court unless a telco is carrying the cost for police and prosecutors. Even then, the British legal system is so ineffective that the case may drag on for years, although the essential matters of fact – who called whom, and where they were at the time – are no more complicated than those which lead the police to demand phone company records all the time. It seems that in the UK at least, justice is not just blind, but also deaf to the ringing of telephones by organized criminals.
You can read more about the Mahony case from The Register.
Where do I start? GSM gateways are a complicated legal and regulatory area and people writing about them really ought to make sure they understand the subject first, so when I read Fiona Hamilton’s article I emailed her because I felt her coverage was one-sided and needed a more balanced view. She didn’t reply, so I decided to ‘balance’ her view when I saw Eric’s piece on this story.
In the interests of transparency, I will declare upfront that I worked for Vodafone for 20 years and was aware of this case although not involved in it. I first dealt with GSM gateways whilst working for Vodafone UK in 2002.
Let’s start with Fiona’s headline, “Vodafone worked with police on its own case”. No shit, Sherlock – have you ever tried getting the police to investigate a telecoms fraud? Unless you’ve already identified the suspects and gathered evidence you’ll find yourself on the ‘too difficult’ pile; corporate crime doesn’t appear in the Chief Constable’s KPI’s, so it doesn’t get actioned unless you do the bulk of the work.
I also want to make some fundamental corrections. Fiona Hamilton states early in her article that, “Vodafone accused Mr Mahony of helping it’s customers to obtain cheap mobile phone rates”. The reality is that Vodafone identified Mr Mahony’s gateway company, Route 365, because of its investigation into credit card fraud of approximately GBP 60,000 per week and it was this which formed the basis of its criminal complaint; the GSM gateway issue was secondary. And Mr Mahony was helping Vodafone customers get cheap mobile phone rates? I don’t think so. Anyone who knows anything about GSM gateways can tell you that they are used to terminate traffic TO mobile phones, for which the called party pays nothing.
For many years, gateway operators have attempted to justify themselves because they claim to provide lower costs to the consumer, but nobody has produced any supporting evidence and Ofcom didn’t swallow that baloney either, stating in its first consultation paper in June 2005, that it was “doubtful whether changing the legislation on commercial use of gateways would by itself result in significant consumer benefits.” The consumer ends up paying the same price and the cost savings are shared as profit between the carriers and gateway operators – if you know different, then please share the evidence.
And then there’s the information that Fiona omitted from her article. She questioned why the CPS continued to pursue an “obscure telecommunications offence”, but maybe it would have changed your view of the CPS action had she mentioned that the accused had admitted operating gateways and that his business partner had already pleaded guilty? Neither did she report that after Ofcom legalised commercial gateways in July, the Home Office re-criminalised them in September on grounds of national security.
GSM gateways are a parasitic and (in many countries) illegal enterprise which by-pass legitimate, mobile operators and their licensed and regulated activities. GSM gateways don’t deliver a consumer benefit, they may or may not represent a threat to national security, but most of all, they’re complicated …