A London court on Friday ruled that a British tabloid newspaper hacked Prince Harry’s phone while reporting on the royal family.
In a 386-page ruling, the judge overseeing the case said there was “extensive and habitual” phone hacking by reporters working for Mirror Group Newspapers, which owns several U.K-based newspapers, between 1999-2006, and which continued through 2011. The unlawful news gathering took place in concert with numerous paid private investigators, the judge said, and, as a result, Prince Harry’s phone may have been hacked “to a modest extent.”
During that period of time, cellular technology advanced quite dramatically from the largely unsecure years of the 1980s and ’90s, to the slightly more fortified but still vulnerable early 2000s, says Aanjhan Ranganathan, an assistant professor at Khoury College of Computer Sciences.
The forms of hacking commonly associated with cell phones include everything from eavesdropping on calls, to accessing voicemails, text messages and other proprietary user data by, for example, building false base stations to intercept communications, he says.
“If we go back to the first generation of cellular networks, it was all purely analog, meaning there was virtually no security,” Ranganathan says. “By security I mean confidentiality and integrity.”
But Christo Wilson, associate professor of computer sciences, says that the “phone hacking” described in the suit is something of a misnomer. It’s likely, Wilson says, that the remote services associated with Prince Harry’s phone were compromised — not the physical device itself.
“Reading the story, there are strong indications that this data was somehow stolen,” Wilson says.
It’s not the first proven instance of phone hacking on the part of the British press. Rupert Murdoch’s now-defunct News of the World, along with other British newspapers, engaged in hacking, among other practices, in pursuit of information about celebrities, politicians and the royal family in the 2000s and beyond.
As hacking becomes more sophisticated, Ranganathan suspects that more and more organizations with the technical knowhow may be dipping their toes in the world of hacking.
“There have been public documents that have indicated that news organizations and other big corporate companies have leveraged, for example, ‘zero-click attacks’ for purposes of corporate espionage,” he says.
A zero-click attack is one way someone can gain access to a smart device without requiring that its user do anything at all — once the malicious package is sent, the person can access device data, Ranganathan says.
“Phone hacking remained an important tool for the kind of journalism that was being practiced at the Mirror, the Sunday Mirror and The People from 2006 up to 2011,” the judge wrote. “It was fed by extensive unlawful information gathering. The phone hacking was still extensive during those years, but it was done in a more controlled way, and not done as habitually as before August 2006.”
Prince Harry, who has stepped back as a working member of the royal family, was awarded $180,000 in the suit. Harry and roughly 100 others had sued Mirror Group Newspapers, publisher of the Daily Mirror, the Sunday Mirror and the Sunday People tabloids, alleging an “industrial-scale” effort to hack the phones of prominent people dating back to 1991, and that the executives and senior editors signed off on the scheme.
In his ruling, the judge also noted that the British press’ “oppressive behavior” toward Prince Harry, the Duke of Sussex, did not always cross into unlawful territory.
“I recognize that Mirror Group was not responsible for all the unlawful activity that was directed at the Duke, and that a good deal of the oppressive behavior of the Press towards the Duke over the years was not unlawful at all,” he wrote. “Mirror Group therefore only played a small part in everything that the Duke suffered and the award of damages on this ground is therefore modest.”