Archive for the ‘surveillance’ Category

Here’s something interesting. You may remember this story from back in November about the CIA spy network in Lebanon that met at a Pizza Hut they codenamed PIZZA, and which was rolled up by a joint Hezbollah-Lebanese military intelligence investigation. The key detail is as follows:

U.S. officials also denied the source’s allegation that the former CIA station chief dismissed an email warning that some of his Lebanese agents could be identified because they used cellphones to call only their CIA handlers and no one else.

Lebanon’s security service was able to isolate the CIA informants by analyzing cellphone company records that showed the numbers called, duration of each call and location of the phone at the time of the call, the source said.

Using billing and cell tower records for hundreds of thousands of phone numbers, software can isolate cellphones used near an embassy, or used only once, or only on quick calls. The process quickly narrows down a small group of phones that a security service can monitor.

If the top paragraph is true, it would have been catastrophically ill-advised. Even somebody special, like a CIA agent under diplomatic cover, has a relatively large number of weak ties to normal people. This is the reverse of the small-world principle, and is a consequence of the fact that the great majority of people are real human beings rather than important persons. As a result, things like STELLAR WIND, the illegal Bush-era effort to analyse the whole pile of call-detail records at AT&T and Verizon in the hope that this would find terrorists, face a sort of Bayesian doom. We’ve gone over this over and over again.

However, phone numbers that only talk to special people are obviously suspicious. Most numbers with a neighbourhood length of 1 will be things like machine-to-machine SIMs in vending machines and cash points, but once you’d filtered those out, the remaining pool of possibles would be quite small. It is intuitive to think of avoiding surveillance, or keeping a low profile, but what is required is actually camouflage rather than concealment.

There are more direct methods – which is where electronic warfare and shopping mall management intersect.

Path Intelligence, a Portsmouth-based startup, will install a network of IMSI-catchers, devices which act as a mobile base station in order to identify mobile phones nearby, in your shopping centre so as to collect really detailed footfall information.

Similarly, you could plant such a device near that Pizza Hut to capture which phones passed by and when, and which ones usually coincided. Alternatively, you could use it in a targeted mode to confirm the presence or absence of a known device. Which makes me wonder about the famous Hezbollah telecoms network, and whether it was intended at least in part to be an electronic-intelligence network – as after all, nothing would be a better cover for a huge network of fake mobile base stations than a network of real ones.

Meanwhile, this year’s CCC (like last year’s) was just stuffed with GSM exploits. It really is beginning to look a lot like “time we retired that network”.

Is there a drone bubble? It’s not clear whether this is more like the .com bubble, when a lot of useful stuff was built but a couple of years too early, or more like the housing bubble, when a lot of stuff was built in the wrong places to the wrong standards at the wrong prices and will probably never be worth much. It’s the nature of a bubble, of course, that it’s precisely at the top of the bubble that the commitment to it is greatest.

One of the things the RQ-170 incident tells us about is some of the operational limitations of the drones. Typically, they are piloted in the cruise from locations that may be a long way off, using satellite communication links, but when they land, they do so under local control via line-of-sight radio link from their base. This allows us to set some bounds on how much of a problem link latency really is, which will take us circling back to John Robb’s South Korean gamers.

Gamers are famous for being obsessed with ping-times – the measurement of round-trip latency on the Internet – because it’s really, really annoying to see the other guy on your screen, go to zap’em, and get zapped yourself because it took longer for your zap to cross the Internet than theirs. Typically you can expect 40 or so milliseconds nationally, 60-80 inter-continentally…or several hundred if a satellite or an old-school cellular operator with a hierarchical network architecture is involved. A sat hop is always clearly identifiable in traceroute output because latency goes to several hundred ms, and there’s a great RIPE NCC paper on using the variations in latency over a year to identify the satellite’s geosynchronous (rather than geostationary) orbit as the slant-range changes.

On the other hand, roundtrip latency across an airfield circuit a couple of miles wide will be negligible. So we can conclude that tolerable latency for manoeuvring, as opposed to cruising, is very little. Now, check out this post on David Cenciotti’s blog from January 2010. Some of the Israeli air force’s F-15s have received a new communications radio suite specifically for controlling UAVs.

You might now be able to guess why even drone pilots are going through basic flight training. Also, this post of Cenciotti’s describes the causes of six recent hull losses, all of which are classic airmanship accidents – the sort of thing pilot training is designed to teach you to avoid.

That said, why did all those drones get built? The original, 1980s UAV concepts were usually about the fact that there was no pilot and therefore the craft could be treated as expendable, usually in order to gain intelligence on the (presumably) Soviet enemy’s air defences by acting as a ferret aircraft, forcing them to switch on the radars so the drone could identify them. But that’s not what they’ve been doing all these years.

The main reason for using them has been that they are lightweight and have long endurance. This is obviously important from an intelligence gathering perspective, whether you’re thinking of over-watching road convoys or of assassinating suspected terrorists (and there are strong arguments against that, as Joshua Foust points out). In fact, long endurance and good sensors are so important that there are even so-called manned drones – diesel-engined, piloted light aircraft stuffed with sensors, with the special feature that they fly with intelligence specialists aboard and provide a much faster turn-around of information for the army.

Their limitations – restricted manoeuvre, limited speed and payload, and high dependence on communications infrastructure – haven’t really been important because they have been operating in places and against enemies who don’t have an air force or ground-based air defences and don’t have an electronic warfare capability either. Where the enemy have had man-portable SAMs available, as sometimes in Iraq, they have chosen to save them for transport aircraft and the chance of killing Americans, which makes sense if anti-aircraft weapons are scarce (and surely, the fact of their scarcity has to be one of the major unreported news stories of the decade).

But then, the war in Iraq is meant to be over even if the drones are still landing in Kurdistan, and the US may be on its way to a “pre-1990” military posture in the Gulf. This week’s strategic fashion is “Air-Sea Battle” and the Pacific, and nobody expects anything but the most hostile possible environment in the air and in the electromagnetic spectrum. And the RQ-170 incident is surely a straw in the wind. Also, the Bush wars were fought in an environment of huge airfields in the desert, and the ASB planners expect that the capacity of US bases in Japan and Guam and the decks of aircraft carriers will be their key logistical constraint. (The Russians aren’t betting everything on them either.)

I think, therefore, it’s fair to suggest that a lot of big drones are going to end up in the AMARC stockpile. After the Americans’ last major counter-insurgency, of course, that’s what happened. The low-tech ones are likely to keep proliferating, though, whether as part of the Royal Engineers’ route clearance system or annoying the hell out of Japanese whalers or even playing with lego.

The fact that a majority of this year’s graduates from USAF basic pilot training are assigned to drone squadrons has got quite a bit of play in the blogosphere. Here, via Jamie Kenny, John Robb (who may still be burying money for fear of Obama or may not) argues that the reason they still do an initial flight training course is so that the pilot-heavy USAF hierarchy can maintain its hold on the institution. He instead wants to recruit South Korean gamers, in his usual faintly trendy dad way. Jamie adds the snark and suggests setting up a call centre in Salford.

On the other hand, before Christmas, the Iranians caught an RQ-170 intelligence/reconnaissance drone. Although the RQ-170 is reportedly meant to be at least partly stealthy, numerous reports suggest that the CIA was using it among other things to get live video of suspected nuclear sites. This seems to be a very common use case for drones, which usually have a long endurance in the air and can be risked remaining over the target for hours on end, if the surveillance doesn’t have to be covert.

Obviously, live video means that a radio transmitter has to be active 100% of the time. It’s also been reported that one of the RQ-170’s main sensors is a synthetic-aperture radar. Just as obviously, using radar involves transmitting lots of radio energy.

It is possible to make a radio transmitter less obvious, for example by saving up information and sending it in infrequent bursts, and by making the transmissions as directional as possible, which also requires less power and reduces the zone in which it is possible to detect the transmission. However, the nature of the message governs its form. Live video can’t be burst-transmitted because it wouldn’t be live. Similarly, real-time control signalling for the drone itself has to be instant, although engineering telemetry and the like could be saved and sent later, or only sent on request. And the need to keep a directional antenna pointing precisely at the satellite sets limits on the drone’s manoeuvring. None of this really works for a mapping radar, though, which by definition needs to sweep a radio beam across its field of view.

Even if it was difficult to acquire it on radar, then, it would have been very possible to detect and track the RQ-170 passively, by listening to its radio emissions. And it would have been much easier to get a radar detection with the advantage of knowing where to look.

There has been a lot of speculation about how they then attacked it. The most likely scenario suggests that they jammed the command link, forcing the drone to follow a pre-programmed routine for what to do if the link is lost. It might, for example, be required to circle a given location and wait for instructions, or even to set a course for somewhere near home, hold, and wait for the ground station to acquire them in line-of-sight mode.

Either way, it would use GPS to find its way, and it seems likely that the Iranians broadcast a fake GPS signal for it. Clive “Scary Commenter” Robinson explains how to go about spoofing GPS in some detail in Bruce Schneier’s comments, and points out that the hardware involved is cheap and available.

Although the military version would require you to break the encryption in order to prepare your own GPS signal, it’s possible that the Iranians either jammed it and forced the drone to fall back on the civilian GPS signal, and spoofed that, or else picked up the real signal at the location they wanted to spoof and re-broadcast it somewhere else, an attack known as “meaconing” during the second world war when the RAF Y-Service did it to German radio navigation. We would now call it a replay attack with a fairly small time window. (In fact, it’s still called meaconing.) Because GPS is based on timing, there would be a limit to how far off course they could put it this way without either producing impossible data or messages that failed the crypto validation, but this is a question of degree.

It’s been suggested that Russian hackers have a valid exploit of the RSA cipher, although the credibility of this suggestion is unknown.

The last link is from Charlie Stross, who basically outlined a conceptual GPS-spoofing attack in my old Enetation comments back in 2006, as a way of subverting Alistair Darling’s national road-pricing scheme.

Anyway, whether they cracked the RSA key or forced a roll-back to the cleartext GPS signal or replayed the real GPS signal from somewhere else, I think we can all agree it was a pretty neat trick. But what is the upshot? In the next post, I’m going to have a go at that…

Well, here’s a contribution to the debate over the riots. The Thin Blue Trots’…sorry…Police Federation report has been leaked.

Among the failings highlighted by the federation, which represents 136,000 officers, were chronic problems, particularly in London with the hi-tech digital Airwave radio network. Its failings were one reason why officers were “always approximately half an hour behind the rioters”. This partly explained, it said, why officers kept arriving at areas from where the disorder had moved on.

The Airwave network was supposed to improve the way emergency services in London responded to a crisis after damning criticism for communication failures following the 7 July bombings in 2005.

It is being relied upon to ensure that police officers will be able to communicate with each other from anywhere in Britain when the Olympics come to London next summer. The federation wants a review into why the multibillion-pound system collapsed, leaving officers to rely on their own phones.

“Officers on the ground and in command resorted, in the majority, to the use of personal mobile phones to co-ordinate a response,” says the report.

It sounds like BB Messenger over UMTS beats shouting into a TETRA voice radio, as it should being about 10 years more recent. Not *this* crap again!

There’s surely an interesting story about how the UK managed to fail to procure a decent tactical radio for either its army or its civilian emergency services in the 1990s and 2000s. Both the big projects – the civilian (mostly) one that ended up as Airwave and the military one that became BOWMAN – were hideously troubled, enormously overbudget, and very, very late. Neither product has been a great success in service. And it was a bad time for slow procurement as the rapid technological progress (from 9.6Kbps circuit-switched data on GSM in 1998 to 7.2Mbps HSPA in 2008, from Ericsson T61s in 2000 to iPhones in 2008) meant that a few years would leave you far behind the curve.

And it’s the UK, for fuck’s sake. We do radio. At the same time, Vodafone and a host of M4-corridor spin-offs were radio-planning the world. Logica’s telecoms division, now Acision, did its messaging centres. ARM and CSR and Cambridge Wireless were designing the chips. Vodafone itself, of course, was a spinoff from Racal, the company that sold army radios for export because the official ones were ones nobody would import in a fit. BBC Research’s experience in making sure odd places in Yorkshire got Match of the Day all right went into it more than you might think.

Presumably that says something about our social priorities in the Major/Blair era? That at least industrially, for once we were concentrating on peaceful purposes (but also having wars all over the place)? Or that we weren’t concentrating on anything much industrially, and instead exporting services and software? Or that something went catastrophically wrong with the civil service’s procurement capability in the 1990s?

It’s the kind of story Erik Lund would spin into something convincing.

So, if you wanted really informed commentary on the Theresa May/Brodie Clark upfuck (now there’s some slash), where would you go? Wouldn’t you want to ask a distinguished civil servant? I bet you would. Specifically, a career immigration officer with 39 years in the service. Who’s just retired, and is therefore allowed to be snarky.

Now you can! Because my dad has a blog.

I’ll always remember the day he brought home the video briefcase. I think it’s safe to tell the story now.

A couple of News of the World things. Just before the Met dropped their effort to bully the Grauniad with the Official Secrets Act, they ran this story about the disastrous attempt to use a supergrass in the Daniel Morgan case. Is this a coincidence? And this quote reads like a Ballardised version of Le Carré:

One of the most “concerning” events for the judge came on 5 September 2006, a month after Eaton was recruited as a supergrass and while officers were still taking his witness statements. Eaton was taken by DCI Cook to a “covert location” near Reading, and left alone in the bedroom of a hotel. He became very distressed and broke down.

Half an hour later Cook – who had been trying to get Eaton to implicate two brothers, Glenn and Garry Vian, in the Morgan murder – sent him a text message that the officer then deleted from his mobile phone, according to the judge’s ruling.

An hour after Eaton had been put into the hotel room he changed his story and prepared a statement implicating the Vian brothers in the murder for the first time.

That’s none other than Dave Cook, the policeman who was being followed around London by the Murdochs’ private investigators in an effort to protect Alex Marunchak, on the instructions of Greg Miskiw. I wonder who else read the text message?

Also, if the police story that a junior officer on the Operation Weeting case launched the OSA effort all on his lonesome while the handover to the new chief was going on is at all true, I think we probably know who one of the moles is.

Did anyone notice that Liam Fox had an audience of Rupert Murdoch and Rebekah Brooks, or I suppose they of him although you know how these things work around here, some time this spring? It’s in the latest MOD meetings disclosure, which runs up to March 2011. MOD is probably the most assiduous department for meetings disclosure – not only do they provide lists up to March, they have yet to randomly change the file format even once, insert random foreign characters, use multiple spellings of the minister’s surname, suddenly start publishing PDF files, or indulge in any other quirks. (On the other hand, the Cabinet Office has suddenly developed an addiction to PDFs.)

However, I notice that this meeting doesn’t have a date, nor a purpose. It’s just there – Liam Fox, Rupert, and Becks. It’s possible that this is a quirk, as immediately before it there is a meeting listed with John Witherow of the Sunday Times for a “Defence Briefing” in March 2011 and perhaps they interpolated the duplicate items. (The doctrine of just war, however, does require as well as just cause and reasonable chances of success that the decision be taken by legitimate authority.)

Meanwhile, WhosLobbying.com has a problem with the Home Office, in that if you try to look up the Home Office on their website, the site chokes and returns a 500 internal server error.

I suppose it’s understandable. If you want any other shocking document release stories, the Daily Hell has plenty. I especially like the image of Blair in the den, plugging through the borrowed prose of Saif Gaddafi’s PhD thesis. Haven’t I seen this before somewhere?

The Obscurer has possibly the first intelligent article on the whole “turn off their Facebook! that’ll learn em!” furore. Notably, they interviewed one-man UK mobile industry institution Mike Short. Go, read, and up your clue. I especially liked that the piece provided some facts about the 7th July 2005 terrorist incident and the mobile networks.

There is only one reported case of a UK network being closed by police. During the 7/7 London suicide bombings, O2 phone masts in a 1km square area around Aldgate tube station were disconnected for a number of hours.

Police have an emergency power to order masts to be put out of action known as MTPAS – Mobile Telecommunication Privileged Access Scheme. The move has to be approved by Gold Command, by the officers in highest authority during a major incident, and is designed to restrict all but emergency service phones with registered sim cards from making calls. But a shutdown can have dangerous knock-on effects. Short says that phones within the Aldgate zone automatically sought a signal from live masts outside it, overloading them and causing a network failure that rippled out “like a whirlpool”.

On the day, other networks were simply overloaded as Londoners sought reassurance and information. Vodafone alone experienced a 250% increase in call volumes

MTPAS is the GSM-land equivalent of the old fixed phone Telephone Preference Scheme (not to be confused with the new one that blocks cold-callers), which permitted The Authorities to turn off between 1% and 90% of phone lines in order to let official traffic through. As far as I know, the Met never asked for it and it was City of London Police who initiated it without asking the Met or anyone else, and in fact O2 UK’s network had been keeping up with demand up to that point, before the closure caused the cascade failure Short describes.

The significance of O2 is that it used to be “Surf the Net, Surf the BT Cellnet” and some residual gaullist/spook reflex in the government tried to keep official phones on what was then one of two British-owned networks.

Anyway, this weekend seems to have the theme “The Intersection of Charlie Stross and the August 2011 Riots”. Charlie’s talk at USENIX is sensibly sceptical about some tech dreams as they apply to networking.

This leaves aside a third model, that of peer to peer mesh networks with no actual cellcos as such – just lots of folks with cheap routers. I’m going to provisionally assume that this one is hopelessly utopian, a GNU vision of telecommunications that can’t actually work on a large scale because the routing topology of such a network is going to be nightmarish unless there are some fat fibre optic cables somewhere in the picture. It’s kind of a shame – I’d love to see a future where no corporate behemoths have a choke hold on the internet – but humans aren’t evenly distributed geographically.

Especially as the theoretical maximum bandwidth of one fibre is about the same as the entire radio spectrum. And the point about routing table size and complexity is a very good one, especially as it’s assumed that the routers aren’t CRS-1s but rather Linksys fifty quidders or mobile phones.

However, one thing the liberation technologists should take away from the riots is that you shouldn’t get hung up on bandwidth. It’s great to be able to post the photos on Flickr, but it’s more useful to have your own secure voice and messaging. When the Egyptian government relented on its GSM cut-off, the Egyptian Twitter feeds lit up with calls for more people to this or that exit of Tahrir Square or medical supplies to the clinic or (and I remember this) that a lost child was waiting at the press tent.

It was what NANOG users would call operational content. There was of course no need whatsoever for it to go via a Bay Area website – all Twitter provided was the one-to-many element, very important, and the publicity on the Web. The latter is a nice-to-have feature, the former, critical. Text, or even voice, is not a high bandwidth application and doesn’t necessarily need access to the global Internet.

So yes – perhaps there is in fact quite a bit of angular momentum to be had in a mobile mesh-WLAN client as an instrument of democracy, as long as you’re willing to accept that it’s not the sort of thing that can be exclusive to people who agree with you. But then, that’s the test of whether or not you actually believe in democracy.

Something else, between Charlie’s USENIX talk and the riots. Isn’t one of the biggest disappointments, from a police point of view, the performance of CCTV? No doubt it will help put some of the rioters in jail. But it didn’t prevent the riots and neither did it seem to help quell them much. It’s possible that the whole idea that potential surveillance (like the original panopticon) is a policing influence isn’t as strong as it’s made out to be.

Another point; not all crimes are punished or even taken notice of. This is obvious. Less obvious is that the degree to which the police ignore crime is an important political fact. Is it possible that CCTV, by forcing them to make at least a token response to everything that passes in camera range, actually contributed to using up the police strength? In a riot, the police aim is to demonstrate public, mass control. They are usually willing to ignore quite a lot of individual criminality in the process. It’s possible that surveillance culture and technology are opposed to strategy.

Over at Stable & Principled, I’ve been blogging about running out of policemen and how the Prime Minister doesn’t seem to have any thoughts at all that weren’t adequate-ish newspaper columns from about 2004. But how did we get to the stage of using up the Met and most of the wider police forces’ reserves of manpower just like that? This isn’t a “What does it all mean?” post, although inevitably we’ll have one of them for you as well. It’s more like a “How does it all work?” post.

In all, 2,347 people have been arrested nationally. This is only a rough lower bound on the numbers of people involved, as obviously not everyone got caught and some of the people arrested are innocent. At an arrest rate of one in 10, that would give a total of 23,000. 51% of the arrests were in London, or to be precise the Met’s area of operations, which gives us the answer to one question at least – the police eventually quelled the riot by outnumbering the rioters, 16,000 cops versus an estimated 11,500 rioters. Obviously if you pick a different arrest rate fudge factor you’ll get a different answer, but then at least we’re using a model of sorts.

It’s certainly interesting, though, that a fairly small crowd was able to exhaust the policing resources of most of the UK. If the 23,000 rioters had shown up in central London to march on Whitehall, even assuming they were willing to be as troublesome and violent as they were elsewhere, I think the Met would have handled it without breaking sweat and certainly without needing to summon the South Wales force as mutual aid. Even the most hayseed British police forces deal with crowds of 23,000 young men reputed to be ready for violence, every weekend, quite commonly several at the same time, without very much happening. They are lower division football matches. And to be frank, a 23,000 strong national demo is disappointing.

So what’s up? One point is dispersion vs. concentration. Demonstrators want to occupy symbolic space and show their organisation by the very fact they could concentrate all these people. Casuals want to duff up the other mob. Therefore, the police problem is to either prevent them from getting to Parliament Square or the match, or else keep them segregated from other people while they are there. The police are on the tactical defensive, but the strategic offensive – if they stick it out they win.

Obviously, the demonstrators (or thugs) can’t counter this by dispersing because that would defeat the point. They have to come to the Bill, and the Bill can then canalise them. Kettling is the ultimate expression of this thinking.

If the police have to look for the crowd, though, this is obviously going to be a much more labour-intensive exercise. You can’t kettle several dozen groups of ten or so people spread over a dozen streets – the idea is absurd. You have to go looking for them. That in turn conditions what the crowd can do – it can’t stage a classic mass demonstration – and favours people who are willing to just randomly destroy stuff that happens to be undefended, while the traditional mass demo favours a show of what you might call subversive respectability. The slow march of the Zulus, if you like.

Another important point was that there was no key identity-group here – it wasn’t aligned with any one ethnic or religious group or geography and wasn’t even totally young, and it didn’t explicitly identify with a class either. Therefore, anyone who felt like it could join in, and did. This obviously helped it go national and also made a traditional (since the 80s) police tactic more difficult. How do you call community leaders to ask everyone to go home if you can’t identify the community? From the other direction, how do you negotiate with authority if you can’t identify a community?

(This is of course the final problem with the Big Society – its only organising principle is that it’s a society and apparently it’s big.)

I wonder if a lot of the violence was driven by the fact anyone could turn up, and therefore the only way to demonstrate that you really were one of the gang rather than a do-gooder or a fink or just some random spectator was to do something obviously illegal.

Also, did this kind of riot drop in between the classic modes of British policing? If someone commits a crime, there’s investigative policing, if it’s the right kind of crime and the right kind of victim. If the Chartists are marching on Westminster, line up on Westminster Bridge with shields and big sticks. And of course there’s community policing if there’s time between the other two for some cups of tea and old ladies, etc.

Investigation was rather irrelevant while it was going on, although of course it’s not any more. And the heavy mob couldn’t draw a shield wall around every shop in London. Neither could they find enough bodies to kettle every group of rioters, or find enough rioters in one place to kettle. It does look like the December 2010 student riots were a tactical learning-experience for a lot of people.

Finally, those BlackBerries. Not much to say here, except that the most important feature involved seems to have been the fact that BBM is multicast. You can message groups rather than only individuals. There are apps that let you emulate this with SMS, although the reply will only go to you.

As a general rule, BlackBerry Enterprise Server traffic should be hard to do anything to as the server, typically hosted by an organisation for its own purposes, generates its encryption keys when it’s set up. It’s not anything RIM or your operator has to know about. But this is of limited relevance – plenty of people run their own mail servers, but I’ve never heard of anyone who self hosts BlackBerry. The BlackBerry Internet Service, which is hosted by operators, certainly can be monitored by the operator as they own the server. UK operators would be covered by the Regulation of Investigatory Powers Act and might have to hand over logs from the BIS servers.

I don’t know, however, if the BIS machine archives the content of what passes through it (which isn’t required by RIPA anyway). Obviously, the traffic-analysis data of who messages who and when is potentially revealing.

From a network point of view, though, I doubt if snooping on the traffic in transit would be very useful. You’d know that someone was using a BlackBerry, as it would be opening Packet Data Profile connections through the network and querying the BlackBerry network DNS. But as they monitor messaging all the time, that isn’t very useful information. Certainly nothing as useful as the BIS server log.

Ah! Found it: although Yates told the House he had the mobile operators inform the hacked, and named Vodafone and Orange, he didn’t. Specifically, Orange identified about 45 victims but didn’t tell anyone. Vodafone identified 40 and only told a few who were considered VIPs. T-Mobile UK claims not to have found any. 3UK isn’t mentioned. Only O2 is known to have informed all of theirs without waiting to be asked. I therefore presume that the operator that has logged all the lawful intercept requests back to 2009 is O2, although I don’t have any further evidence for this deduction.