national mobile device registration
DESCRIPTION
A flagship CTO event, this has grown into a platform for knowledge-sharing among peer groups steering ICT projects in e-delivery of health care, education and governance. This Forum echoes the Commonwealth's 2013 theme: The Road Ahead for Africa.TRANSCRIPT
1
National Mobile Device Registration: Issues, Strategies and Solutions
Timothy Jasionowski
Vice President,
Product Management
+1 781 775 3080
2
Device Identification by IMEI International Mobile Equipment Identity
GSM 03.03 standardized the IMEI format to 15 digits
Each TAC range should represent a globally unique device and configuration
Identifies the device throughout the supply chain and in network deployment
2
3
The Traditional C-EIR
4
National IMEI Registries No Longer Deter Mobile Theft
“Police forces in England, Wales and Scotland have dealt with 230,000 street crimes
where a mobile phone was stolen since 2010, but recovered just 1pc of those stolen.
The true scale of the crime may be far higher than the official figures, as many thefts are
not reported.
LV= estimates that the overall number of stolen mobiles is more likely to be 400,000 for
this period, as four in ten mobile theft victims say they never reported the crime to the
police.”
5
Traditional C-EIR Solutions are Ineffective Deterrent Use Case: Sample Theft Reporting Scheme v. Theft Scenario
Existing reactive centralized
solutions are too slow to deter theft
Illegal processes move faster than legal
ones
Ownership of device established after
need, not before
Block doesn’t impact the original thief,
only intermediaries and additional victims
Relies on consistent timeline for
enforcement on individual operators
6
Smartphone Self-Recovery: a Bright and Dark Side
7
Sometimes It’s Not About Terminal Theft
Increasing use of SIM cards in
M2M applications lead to crime
and fraud in unanticipated ways
Illegitimate reporting can be used
to undermine these applications
with little paper trail and little
reprecussion
8
Two Years Ago: 2G Knockoffs of Modern Devices
Nokia E71
Symbian 3.1
Single SIM
3G/2G
801.11b/g
Symbian Browser
Mail for Exchange
2012 Street Price: $260
Chang Jiang E71
Touch Screen
Java Phone
Dual SIM
2G
802.11b/g
Opera Browser
Analog TV
2012 Street Price: $40-60
9
Sony Experia S: Modern 2012 Android Devices
Released February 2012
Aka Sony LT26i
Qualcomm MSM8260 Snapdragon
Dual-core 1.5 GHz
Single SIM
GSM:850/900/1800/1900 MHz
WCDMA:850/900/1900/2100 MHz
Android 2.3 upgradable to 4.x
GMSA TAC Assignment
Type Allocation Code: 35171005
Sony Ericsson
IMEIs Pass Luhn Check
Amazon Price: US$450
10
Star X26i: Modern 2012 Android Counterfeit
Purchased August 2012
Sold as Star X26i
MediaTek MT6575 1Ghz Chipset
Dual SIM
GSM:850/900/1800/1900 MHz
WCDMA:900/2100 MHz
Android 4.0.3 (Ice Cream Sandwich)
Duplicates a Legitimate Device IMEI Claimed Type Allocation Code: 35626003
Cheng Uwei Precision Industry
Model OX-11
GMS:900/1800 MHz
IMEIs Pass Luhn Check
Market Price in Hong Kong: US$150
Wholesale Price: <$115 (estimated)
11
IMEI-only Blocking Can Have Consequences Use Case Example: Theft Involving Phone with Replicated IMEI
12
Recent Experiences in Other Countries
Mexico Law passed in 2009 requiring all handsets to register with operator
Intent was to deter drug-related crimes, kidnapping
After one year, only an estimated 60-70% of phones had registered
Rather than shut off 40% of domestic mobile devices, law rescinded in May 2011
India Invalid IMEI devices prohibited from network in early 2010 in wake of 2008 Mumbai
attacks
15-20M handsets turned off by government in June 2010
Additional IMEI ranges banned after non-compliant handsets reprogrammed to use
other ranges
Automated central registry now in late planning phase
13
Mobile Devices Increasingly Play in National Policies
Theft Smuggling
Rising mobile devices average selling prices, social pressures and fluid resale markets driving device theft and, in many cases, injury or death associated with the act
Greymarket importation of mobile devices, underground market channels undermining government collection of import duties and GST/VAT
Terrorism and Organized Crime Uncertified Devices
Mobile phones increasingly used in the planning and execution of terrorist and criminal acts, including kidnapping, money laundering and improvised explosive device (IED) triggering
Uncertified mobile devices displace legitimate manufacturers, undermine existing network countermeasures, disrupt national industrial policies, and impact overall mobile network performance
14
Best Practice: Proactively Deter, Detect Illicit Behavior Make theft, counterfeiting, smuggling less lucrative by accerating action
Automate blocking of device rather than waiting for expensive
manual processes
Look for evidence of reprogramming, duplicate IMEIs and other
negative factors in operating device stock and use this knowledge
to better manage restrictions consistently across all national mobile
networks
Provide real-time theft data to law enforcement, customs to track
down, prosecute thieves and smugglers
15
Best Practice: Automate Data Collection, Enforcement Use Existing Industry and Operator Data Sources to Make Better Decisions
Broaden the data set by leveraging data already available or collected by device manufacturers, operators, government and industry consortiums
Reduce Overall Burden on Operators, Manufacturers and Point of Sale
Eliminate human factors in data collection, when possible
16
Best Practice: Move Beyond Device Blacklists Compel Action through Messaging, Eoonomic Penalties and Timers
For devices sharing the same IMEI range or other illicit behaviors,
immediately blocking can be counterproductive
Industry needs to create broader economic disincentives for use of
illicit mobile devices
17
iconectiv’s Device Registry
A unified, national infrastructure for management of mobile equipment Applies a new economic operating model over a nation’s mobile equipment ecosystem
Cross-operator scheme to collect, analyze and act against a variety of mobile network-based threats
Focuses on tracking, modifying and managing consumer behavior over time
Implements a common, automated data collection scheme across operators
Enables cross-Operator analytics and reporting while maintaining structural separation of data
A flexible platform that adapts to new and changing threats Tracks and correlates devices, subscribers and roaming mobiles across all mobile
networks on a common timeline
Provides a common enforcement regime to detect, react and discourage theft, smuggling and counterfeiting
A source of new data to combat terrorism, espionage and organized crime
Adapts and evolves over time to address ongoing and emerging threats
18
Lifecycle Management of the Mobile Device Ecosystem Manage, Analyze and Enforce National Policy in a Single Framework
19
Lifecycle of the Mobile Device from Entry to Exit Use Case: Tracking the Mobile Device IMEI-IMSI-MSISDN Triplet
20
Learn from Each Use while Enforcing Policy
21
Active Management of Corrupted IMEI Range Use Case Example: Cloned Device Transfer Restriction
22
Real Time Device Theft Prevention Use Case: Blocking Stolen Devices
23
Key Factors for Success in Market
• Consistent data collection, policy enforcement within all operators
• Sharing of domestic data generated and collected by device manufacturers,
operators, government, industry consortiums, other industry actors
• Flexible to Market-Specific Law Enforcement, National Security, Finance
Ministry needs
• Public Education
• Minimized Burden on Operators and Point of Sale
• Device Registries must be able to adapt to changing threats
24
National Mobile Device Registration: Issues, Strategies and Solutions
Timothy Jasionowski
Vice President,
Product Management
+1 781 775 3080