ITU-T SG 11 Workshop Global Approaches on Combating Counterfeiting and Stolen ICT Devices

Transcription

1 ITU-T SG 11 Workshop Global Approaches on Combating Counterfeiting and Stolen ICT Devices ITU-T SG 11 Meeting, July rd July, 2018

2 CONTROL SYSTEM IN COLOMBIA FOR STOLEN MOBILE DEVICES OR WITH ALTERED/DUPLICATE IMEI Communications Regulation Commission Hugo Romero Adviser

3 AGENDA COMPREHENSIVE SET OF MEASURES IMEI BASED CONTROL SYSTEM DUPLICATED IMEI DETECTION AND CONTROL REGIONAL BLOCKING OF STOLEN IMEI RESULTS MAIN CHALLENGES

4 COMPREHENSIVE SET OF MEASURES ICT SECTOR Legal Framework use through Databases Regional Black Listing Not Reg IMEI Malformed IMEI Duplicated IMEI Control of sales Invalid IMEI Not Approved ME

5 COMPREHENSIVE SET OF MEASURES ICT SECTOR JUSTICE & DEFENSE Penalization of the IMEI tampering Domain extintion of ilegal POS Legal Framework use through Databases Regional Black Listing Not Reg IMEI Malformed IMEI Duplicated IMEI Law Enforcement Special Task Force Control of sales International operations & Border Controls Invalid IMEI New Police Code Not Approved ME

6 COMPREHENSIVE SET OF MEASURES ICT SECTOR JUSTICE & DEFENSE COMMERCE & CUSTOMS Penalization of the IMEI tampering Importations Domain extintion of ilegal POS Legal Framework use through Databases Regional Black Listing Not Reg IMEI Malformed IMEI Duplicated IMEI Law Enforcement Special Task Force Control of sales Exportations International operations & Border Controls Invalid IMEI New Police Code Not Approved ME

7 IMEI BASED CONTROL SYSTEM - LAW ENFORCEMENT TAC TYPE APPROVED POS User MOBILE OPERATORS + - IMEI (+) IMEI (-) NATIONAL DB + - IMEI (+/-) CUSTOMS Importer CDRs DETECTION INVALID NON- TYPE APPROVED NOT-REGISTERED CLONED (DUPLICATED) (+) Positive List + - (-) Negative List TAC TYPE APPROVED

8 ICT MEASURES FOCUS Each user is responsable of his device procedence Legal Device Registry POSITIVE DATA BASE Make lost/stolen device useless Blocking in mobile networks NEGATIVE DATA BASE Detect and control Altered/duplicated devices DAILY CONTROL OF IMEIS WITH ACTIVITY IN MOBILE NETWORKS

9 IMEI ACTIVITY CONTROL: DEPLOYMENT PROCESS oct 2015 mar 2016 jul 2016 sep 2016 oct 2016 mar 2017 may 2017 sep 2017 mar 2018 Invalids Not Type Approved Duplicated Transition periods (amnesties for existing devices)

10 PURPOSE OF MEASURES & IMEI CONTROL PROCESS Type Approval Importation of Approved and not reported devices Detect&Control Altered stolen devices Register of legally imported in DB + Make Stolen Device useless

11 INITIAL DIAGNOSTIC 47 M OF POPULATION WITH 57 M OF ACTIVE LINES 42 M OF IMEI WITH ACTIVITY IN MOBILE NETWORKS 7,1 M : Non Type Approved 1,8 M : Invalids 9,5 M : Not Registered 6,8 M Potential duplicated (Same IMEI seen with 3+ SIMs) March % of Irregular IMEIs

12 DAILY DETECTION&CONTROL PROCESS MOBILE NETWORK 24 H IMEI TAC DBs CROSS CHECKS

13 CONTROLS AND USER s OPTIONS IMEI TYPE DEFINITION CONTROL USER s OPTION Malformed (with no standard format) Invalid Non-type approved Not Registered Duplicated Less than 14 dígit or With alphabetic characters Not in GSMA TAC DB Not in CRC TAC DB Not in CRC TAC DB (Not homologated) Not in Positive DB (Unknown user/origin) Same IMEI in different devices No network access Blocked in 48 hr Blocked in 45 Days Blocked in 20 Days Blocked in 30 Days Control IMSI-IMEI Claim to vendor Definitive blocking Claim to vendor Claim to vendor Or proceed to homologate in CRC Proceed to register & Unblock Restricted use with one or more lines

14 CONTROLS AND USER s OPTIONS IMEI TYPE DEFINITION CONTROL USER s OPTION Malformed (with no standard format) Invalid Non-type approved Not Registered Duplicated Less than 14 dígit or With alphabetic characters Not in GSMA TAC DB Not in CRC TAC DB Not in CRC TAC DB (Not homologated) Not in Positive DB (Unknown user/origin) Same IMEI in different devices SOURCES OF ALTERED DEVICES No network access Blocked in 48 hr Blocked in 45 Days Blocked in 20 Days Blocked in 30 Days Control IMSI-IMEI Claim to vendor Definitive blocking Claim to vendor Claim to vendor Or proceed to homologate in CRC Proceed to register & Unblock Restricted use with one or more lines

15 DUPLICATED IMEI DETECTION 1. Same IMEI with different SIM making calls at the same time 2. Or within not posible time and distance frames

16 GENUINE VS ALTERED MEs VALUE CHAIN OF GENUINE DEVICES OEM TAC MANUFACT IMPORTER VENDOR OPERATOR USER GENUINE ME VALUE CHAIN OF ALTERED DEVICES GENUINE ME STOLE RECEIVING IMEI ALTERATION ILLEGAL RE SALE USER OPERATOR ALTERED ME

17 GENUINE VS ALTERED MEs VALUE CHAIN OF GENUINE DEVICES OEM TAC MANUFACT IMPORTER VENDOR OPERATOR USER GENUINE ME IMPACT VALUE CHAIN OF ALTERED DEVICES GENUINE ME STOLE RECEIVING IMEI ALTERATION ILLEGAL RE SALE USER OPERATOR ALTERED ME

18 GENUINE VS ALTERED MEs Match of TAC, Brand and Model Internal IMEI = external IMEI Original Label Importation papers Authorized vendors (Big surfaces/operator) Invoice consistency (value, IMEI, etc) IMEI history associated with a subscription data TAC, Brand, Model don t Match Internal IMEI different from external IMEI Fake label Case Brand and Model are different from the TAC No importation papers Invoice inconsistencys (value, IMEI, etc.) No IMEI history associated to a subscription IMEI technical diagnostic required (Case manufacturer) STAKEHOLDERS DON T HAVE CHANCE TO PREVENT DUPLICATION IN OTHER ME ME ALLOWS IMEI TAMPERING TO USE OTHER s GENUINE ME IMEI

19 Duplicated IMEI Control

20 REGIONAL BLOCKING OF STOLEN IMEI SOURCE: GSMA LATIN AMERICA OTHER REGIONS CONNECTIONS TO GSMA IMEI DB (# of Countries) EUROPE: 39% ASIA: 5% AFRICA: 4% OCEANIA: 7%

21 RESULTS Controlled Irregular IMEIs Invalid Not registered Duplicated Not-Type approved Unformatted 5,28 M 3,16 M 6,44 M 2,67M 1,15 M 2,65 M No network access 2,6 M 11,15 M 17,55 M Registered in Positive Database 85,6 M 31,1 M 13,8 M 8,0 M 142,8 M

22 THOUSANDS THOUSANDS THOUSANDS THOUSANDS RESULTS Trends of Irregular IMEI presence INVALID NOT HOMOLOGATED NOT REGISTERED DUPLICATED

23 MILLION RESULTS Year Lost + Stolen.vs. Users ,7% 44,48 3,4% 46,20 3,7% 3,9% 55,33 49,07 50,30 3,1% 62,22 58,68 57,33 3,2% 3,0% 2,9% 4,5% 4,0% 3,5% 3,0% 2,5% 30 2,0% ,67 1,57 1,83 1,95 1,70 1,70 1,89 1, ,5% 1,0% 0,5% 0,0% Lost+Stolen Active Users

24 MAIN CHALLENGES - GOVERNMENT Challenge Active role by different goverment entities Attack criminal economy Follow up of the problem trends Impacts on stakeholders How to built the positive and negative data bases Enforcement of ICT measures Device repair technicians Black market of device parts Treatment Leadership from the top of the government Legal framework & revisions All law enforcement involvement International scope Police findings & statistics Multisector f.u. Meetings Dialog focused on solving public safety issue By law, is a financial/operational responsabiltiy of operators Per law is ict ministry function Educate them in ethics in front of alteration Police controls on points of sale

25 MAIN CHALLENGES -REGULATOR Challenge Empowerment to regulate Know how of the problem Dynamics of the problem Volume and types of IMEI to control Not registered devices Blocking of not homologated devices duplicated IMEIs Law issued by congress Decree issued by ict ministry Treatment Experienced team profile Exchange of experiences with other countries Technical follow up commitees Continuos regulation adjustments pashed deployment priorization per imei type transition periods for each type of existing imeis gov&operators public campaigns start blocking of not registered imeis Re engineering of homologation process (on-line, for any person) Search of technology to control duplicates Adoption of 2 criteria to define genuine devices: 1. The ones owned by registered user in db+ 2. The one who proves having genuine device

26 MAIN CHALLENGES - OPERATORS CHALLENGE Operate national DBs Consistency & Concilliation of DBs Block rigth IMEI of stolen devices Volumes of IMEI to block Centralized + Distributed DBs Protocols Automatization TREATMENT Daily treatment of error messaging Take IMEI from netowork activity Upgrade EIR Keep entries on EIR for a limit of time Add new IMEIs to blacklists deleting earliest entries malformed IMEIs not homologated devices Detection of duplicated IMEI Apply changes on Radio acces and core networks Daily CRC homologated TAC list Agree on duplicated IMEI definition Agree on criteria and algorithms to detect duplicates Given time to develop, test and opérate algotihms

27 MAIN CHALLENGES - OPERATORS CHALLENGE Detect both intra network and inter network duplicates (with activity in different mobile operators) Volume of data to analyze in the process of duplicates detection Protection of personal data contained in CDRs duplicated IMEIs Identify genuine devices from several with same IMEI Rotation of devices with irregular IMEIs TREATMENT Split processes, one for intranetwork detection and other for inter network detection by a third party thac collects information and apply defined criteria and algorithms Only Voice CDR is taken to analysis Use of minimun fields of CDRs to analyze in the detection For inter network detection, use only data related to those IMEI with activity in more than one network for a month period. Only using fields that are not personal data by itself (or alone) Sending only fields required for analysis to the third party in charge of inter network detection of duplicates. Upgrading EIR to IMSI-IMEI check functionality Updating of CRM to EIR provisioning process Establishing customer care processes Agree on criteria of genuine devices with the regulator. Using general criteria to let the operator take decision based in each case, proves and the devices involved. Reduction on bllocking times

28 MAIN CHALLENGES LAW ENFORCEMENT CHALLENGE Better and on line information of stolen devices Low technical know how on mobile theft Increase Street surveillance Control to Points of Sale of mobile devices Judicialization of people that alter IMEI Impact all links in to the criminal chain Very low denounce levels of stolen devices from users Access to centralized DB TREATMENT ICT Ministry and Regulator training Georeference of hot spots with centralized DB info Device Sale Authorization Regime by ICT Ministry On line information system of authorized POS Legal framework (closings + Domain extintion) Proposal for law revision to pass in the congress New Police Code (mobile device contraventions) Legal framework & revisions Create several interinstitutional groups (intelligence/operations) Actions with international scope Change presencial process to virtual denounces Public campaings

29 Findings and Recommendations Reach global exchange and blocking of IMEI reported as stolen/lost Complement black lists with national detection / control of altered devices Detect and control all IMEI types that identify posible altered devices: Malformed (Unformatted) Invalid Not homologated (Not-Type approved) No Registered in positive/white data bases Duplicated Thieves act and adapt rapidly. Continuos follow up of the application of measures. Key success factor: Reference Data Base with unique regular identifiers of legally imported and acquired devices Mid Term process (~3 year). Phased deployment recommended: Diagnostic Design Implementation Operation Transition (amnesty) periods to existing devices User processes

30 REFERENCES 1. GSMA and ETSI standards (ETSI 3GPP TS v ( ), 3GPP TS ) 2. GSMA TS.06 IMEI Allocation and Approval Process 3. GSMA Latin America quarterly reports of GSMA IMEI DB to CITEL Permanent Consultive Committee I 4. IDC Consulting Latin America: Using IMEI Control Systems to combat stolen, fraudulent and counterfeit mobile phones: A Colombia case study. March, English: Español:

31 ITU-T SG 11 Workshop Global Approaches on Combating Counterfeiting and Stolen ICT Devices THANKS HUGO ROMERO ITU-T SG 11 Meeting, July rd July, 2018