Signal-Power Corruption Networks
Interactive analysis of spyware, telecom signalling risks, data-broker exposure, and platform governance in the UK — plus immediate levers aligned to UK law.
🎯 Mercenary & State Spyware
Citizen Lab reported Pegasus infections within UK government networks (including 10 Downing Street and the FCO/FCDO) in 2020–2021; ongoing policy debate centres on investigatory powers and vendor controls.
📡 Telecom Signalling Exploits (SS7/Global Titles)
UK regulator action highlights risks from SS7 and global-title abuse. Ofcom’s 2025 statement cites investigations into UK-issued global titles being used for location tracking abroad and reiterates signalling-layer threats.
📱 Cell-Site Simulators (IMSI-catchers)
Use by UK police forces remains obscured by “neither confirm nor deny” policies. FOI history and watchdogs continue to push for transparency, minimization, and warrant standards.
🗂️ Data-Broker & Adtech Exposure
ICO enforcement against large data brokers has been contested. The Experian case (direct-marketing data) saw mixed tribunal outcomes; ICO’s 2024 statement notes its appeal was dismissed in part.
📺 Platform Governance — Online Safety Act
The Online Safety Act regime is live, with Ofcom codes now in force for illegal content and children’s protections. Enforcement windows and risk-assessment deadlines run through 2025.
⚖️ Oversight & European Court Findings
In Big Brother Watch v. UK the Strasbourg court scrutinized bulk interception and intelligence-sharing. The ruling imposed safeguards but did not ban bulk powers per se, informing UK oversight design.
🕸️ Corruption Network Visualization (UK)
Relationships between spyware vendors, data brokers, telecoms, platforms, and UK authorities. Drag nodes to explore.
🔗 Key Relationships (UK)
Spyware incidents & powers
Core: UK gov compromise reports ↔ IPA 2016 (as amended 2024) oversight; vendor procurement controls.
Telecom signalling
Core: Operators ↔ Ofcom/NCSC on SS7/GT remediation; roaming/interconnect edges.
Data-broker & platform loop
Flow: Consumer data → brokers/CRAs → marketers/public sector; regulatory guardrails via UK GDPR/PECR + Ofcom/ICO roles.
📅 Signal-Power Evolution Timeline (UK)
2016: IPA enacted
Establishes UK investigatory powers framework and oversight structures.
2018–2021: ECHR litigation
Big Brother Watch scrutinizes bulk powers; safeguards strengthened.
2020–2021: Pegasus incidents
Citizen Lab notifies UK of suspected infections in official networks.
Apr 2025: Ofcom GT/SS7 statement
Regulatory focus on global-title abuse and signalling security.
Mar–Jul 2025: OSA code milestones
Illegal content and children’s codes take effect; enforcement windows open.
⚡ Immediate Stop-Gap Actions (UK-aligned)
Dovetails with UK IPA, Ofcom codes, and ICO expectations. Drafted to be mirror-safe for councils, PCCs, and devolved bodies.
🛡️ Spyware/High-Risk Tools
- Judicial authorization + necessity/proportionality for invasive tools (ODIT/spyware).
- Public DPIA within 30 days of program start; quarterly aggregate reporting (vendor, legal basis, categories).
- Vendor NDAs unenforceable against courts/IPC/ICO disclosure.
📡 Signalling/Interconnect Hardening
- Carrier attestations on SS7/GT defences and roaming-edge audits; annual third-party testing with public summaries.
- Incident statistics and corrective action logs; publishable without compromising active ops.
🗂️ Data-Broker Containment
- No acquisition of location/behavioural datasets absent lawful basis and minimization plan.
- Public broker relationship log; deletion audits; PECR direct-marketing conformance.
📱 IMSI-catcher Governance
- Warrant standard; purge attestations for non-targets; capability summaries and annual oversight review.
📺 Platform Governance (OSA)
- Maintain DSR-style (documented systemic risk) logs; “no informal pressure” policy with audit trails.
- Track Ofcom deadlines and implement risk assessments/design-accountability measures.
📋 Implementation Toolkit (Model Resolution / By-law)
Edit inline; then copy or download. Language aligns with IPA/OSA/ICO references.