It emerged this weekend that UK police have bought a system for covert surveillance of mobile phone users. The system, supplied by Datong plc, acts as a fake cell tower, both passively tracking the movements of nearby phones and actively intercepting their calls, texts, and data.

The journalists who broke the story, Ryan Gallagher and Rajeev Syal, imply that similar systems are in use by the U.S. Secret Service and "regimes in the Middle East."

The Datong system seems to be a type of man in the middle (MITM) device. Pretending to be a cell tower, it can record the IMEI (the phone's identifier) and the IMSI (the user's identifier); both identifiers are supposed to be unique, but IMEIs can be cloned. It can also intercept calls, SMS, and data.

Naturally, this is all being justified on the grounds of fighting terrorism -- specifically, preventing bombs being triggered by an text-message received by a disposable mobile phone. We're also "assured" that use of such equipment for interception requires government authorization.

Naturally, if you're not doing anything wrong, you have nothing to worry about. But, as Aleksandr Solzhenitsyn said, "Everyone is guilty of something or has something to conceal. All one has to do is look hard enough to find what it is." Or what if you innocently happen to be walking near a violent demonstration? Is it reasonable that your IMEI and IMSI get added to an official list of "possible troublemakers"?

If you don't want to be tracked or have your communications intercepted, there are various things you can do to avoid being recorded by the MITM devices; or, at least, reduce the likelihood:

1. Turn off your phone: not very practical, though.
2. Use "burner" phones: also impractical, and may make you feel like a drug dealer.
3. Use burner SIM cards, change your phone's IMEI often: less impractical (but changing your IMEI may be illegal in your jurisdiction.
4. Configure your phone to ignore 2G GSM networks: MITM devices can only intercept GSM communications, because 3G UTMS enforces authentication of the cell tower (but the exact Datong capabilities are secret, so this advice may not apply in this case)
5. Make sure that all communication is encrypted: e.g., by only connecting to HTTPS websites (but keeping track of what applications do in the background may be challenging).
    

Richi Jennings is an independent analyst, specializing in blogging, email, spam, security, and other technology topics. His writing has won American Society of Business Publication Editors and Jesse H. Neal awards. You can encircle him at +richi, follow him as @richi on Twitter, pretend to be his friend at Facebook.com/richij or just use boring old email: io@richij.com.