Professional Documents
Culture Documents
Policy Framework and Recommendations To Minimize The Usage of Stolen and Counterfeit or Substandard Mobile Communication Devices
Policy Framework and Recommendations To Minimize The Usage of Stolen and Counterfeit or Substandard Mobile Communication Devices
Abstract—Telecommunication sector is one of the Mobile Manufacturers’ Forum (MMF). This shows that Asia
technologically advanced sectors, globally. The mobile device Pacific region is responsible for 50% of the proliferation of
market is always growing and it is very competitive. Counterfeit these handsets [3].
and substandard devices are collectively known as black market
devices. Availability of black market and stolen mobile devices
is a global issue. When buying a mobile device, most of the
people focus on cost, brand and model. The important factors
that represent the standard of mobile devices such as validity of
International Mobile Equipment Identity (IMEI) and the
Specific Absorption Rate (SAR) value are neglected. It is
important to adhere to a proper policy framework and
introduce systems such as Equipment Identity Registers (EIRs)
to minimize the usage of black market and stolen mobile
communication devices. Mobile device blocking and regulation
have become difficult tasks due to the unavailability of proper
systems and policies. This has allowed stolen and black market
mobile device usage. As per the user survey conclusions, it was
identified that user behavior patterns, limitations of existing
Fig.1. Proliferation of black market handsets
EIR and prevailing policies should be changed to address the
issue. A policy framework that includes the steps of increasing Black market mobile devices have two subsets namely
user awareness, establishing a proper blocking mechanism and counterfeit and substandard. A counterfeit mobile device is an
adding reforms to regulations is recommended as a solution. identical copy of the original brand or similar to the original
brand where as a substandard mobile device resembles an
Keywords— Mobile Communication Devices, International original brand but different enough so it doesn’t explicitly
Mobile Equipment Identity, Equipment Identity Register, counterfeit a legitimate brand [3].
Counterfeit, Substandard
The Organization for Economic Co-operation and
I. INTRODUCTION Development (OECD) predicts that nearly one in five mobile
A. Background and Motivation phones is fake [5].
The mobile industry worldwide is serving over 5 billion Sri Lanka is situated in the Asia Pacific region and
unique mobile subscribers, according to the data from the telecommunication industry is on a par with the rest of the
Global System for Mobile communications Association world. Therefore, Sri Lanka is an ideal candidate to analyze
(GSMA) Intelligence [1]. So, the telecommunication the issue and identify a suitable policy framework and
ecosystem which includes the subscribers, operators and recommendations to minimize the usage of black market and
communication device manufacturers is critical to the world stolen mobile communication devices [6].
as it serves more than two third of the world’s population. B. Contributions and the Organization of the Paper
The problem of manufacture, distribution and sale of black A literature survey was done to identify the negative
market mobile phones has created significant negative impacts faced by government, industry, users and operators
impacts to governments, industry, users and operators [2]. due to black market and stolen device usage. Next, another
Further, the usage of stolen mobile devices has been a societal literature survey was done to identify the solutions that have
problem in all countries of the world and it is ranked as one of been implemented and suggested by various countries and
the top five crimes committed in any given country [3]. Hence, organizations. Then, we conducted three user surveys to
it is essential to regulate the mobile devices available in the identify the user behaviors related concerns, the issues faced
market and minimize the black market and stolen mobile by operators and concerns of Telecommunication Regulatory
communication device usage [4]. Commission of Sri Lanka(TRCSL).
Mobile phones/handsets, dongles, tabs etc. are considered Further, we analyzed the prevailing issues and available
as mobile devices/mobile communication devices, as they are solutions that have been suggested and implemented by
portable and used for communication purposes. Fig. 1 shows various organizations and countries. Finally, a suitable policy
an analysis which was included in a report published by framework and recommendations were provided to minimize
292
b) IMEI network blocking solution: This is a standard information identifying the stolen handsets should be
solution used by most of the countries to block devices based transferred to other mobile operators to enable blocking.
on IMEI. There are two approaches. One is maintaining a 7) Turkey: A CEIR has been established to register the
whitelist (allowed) of IMEIs by referring to GSMA IMEI legally imported devices and disconnect the black market and
database. In the case of identifying an invalid or fake IMEI, stolen handsets from operator networks. The Information and
they should be blocked. The other method is maintaining a Communication Technologies Authority in Turkey has
whitelist as well as a black list (stolen devices and devices established a call center to obtain information regarding
without regulatory approval etc.) of IMEIs. Then cross check handsets related concerns and the processes have been
in both the lists and block the devices accordingly [9]. automated to make them effective, accurate and quick [10].
c) Development of a comprehensive plan: Customer 8) United Kingdom: A database has been established by
awareness regarding the negative impacts should be retailers and network providers to block stolen phones. Re-
increased. Legislative and regulatory reforms are required programming of IMEI is an offence punishable by law as per
and a comprehensive plan is required with increased the legislation. Consumers can search online databases and
enforcement of relevant authorities. verify the authenticity of mobile devices [10].
2) ITU: ITU proposes to implement a program to avoid
illegal device import, cross check with GSMA IMEI database In summary, the usage of stolen, counterfeit and
to check the validity of IMEIs during device approval process, substandard mobile devices is a global issue which has created
maintain all legal device IMEIs in a central database and bar negative impacts to overall telecommunication eco system.
operators from providing services to black market or stolen The organizations such as MMF and ITU have been
mobile phones [2]. suggesting solutions for this issue. Various countries have
3) Australia: Customer can report to their service implemented suitable mobile device policy frameworks to
tackle this issue after an in-depth problem identification phase.
provider regarding a lost or stolen mobile device to bar the
SIM card and block the handset from further use across all III. PROBLEM IDENTIFICATION
networks (emergency calls are allowed). Customer
verification procedure to ensure that the correct handset is A. User Survey among Consumers
blocked and to prevent fraudulent blocking of other peoples’ A user survey was conducted among a selected sample of
handsets is done by the service provider. Australian Mobile Sri Lankans to identify the common user behavior related
Telecommunications Association has allowed the customers issues. The hypotheses tested under the survey included,
almost all the people use mobile phones, people don’t consider
to verify whether the IMEI number has been blocked through
the standard of the device when buying, people are not able to
a website [10]. find lost mobile devices by following the existing processes
4) France: France regulator has reinforced anti-theft and the existing processes to find a lost mobile device are
measures for improved effectiveness. A centralized database unsatisfactory.
for identifying terminals that have been declared stolen is
available. Operators in metropolitan France were requested to A sample questionnaire was prepared based on above
hypotheses and an initial user survey was conducted among
put the IMEI numbers in centralized database and the 50 participants. After analyzing the responses provided for the
terminals are blocked whenever required [10]. pilot survey, the questionnaire was modified by including
5) Pakistan: The Pakistan Telecommunication Authority multiple sections based on different hypotheses, number of
(PTA) has placed a technical system to stop mobile phone questions were reduced and wordings were changed for user
theft. The system consists of cellular mobile operators, city convenience and to avoid any biased answers. Later, the final
police liaison committee, federal and provincial police user survey was conducted based on the improved
departments and other government functionaries. EIRs have questionnaire.
been installed by operators to block devices based on IMEI The survey participant sample was chosen randomly. The
when the theft is reported by the customer. A standard standard sample size calculation formula (1) was considered.
operating procedure to be followed by all concerned parties As per (1), 273 samples are required and we collected
including the mobile phone operators has been developed by information from 375 samples during the user survey.
PTA to streamline the reporting of stolen or snatched handsets
(1)
[10].
Further, PTA has also launched awareness campaigns to
educate the users regarding the reporting of stolen mobile
phones. Once the handset owner is verified, the system will
block the handset by updating their database of stolen handsets Where,
which will be shared with all provinces. • z = Z-score of the relevant confidence level = 1.65
6) Poland : Operators need to comply with the obligation (90% confidence),
to block IMEI numbers of stolen handsets through cooperation
• p = expected response distribution = 0.5 (Random
among themselves. The law imposes obligations on mobile
sample),
operators including legitimacy of the blocking request of
handsets should be thoroughly verified, the use of stolen • e = percentage of margin error = 5% and
mobile handsets in their networks should be prevented and the • N = Population size = 21 million (population of Sri
Lanka).
293
Fig. 2 suggests that all most all the users i.e. 99.7% in the generated from MSC during IMSI attached process. IMSI
sample were using a mobile phone and some were using tabs attach process includes following scenarios
and dongles also. Fig. 3 summarizes the selection criteria • Turn off and on a mobile device
considered by the users when choosing a mobile phone. • Turning on a new device for the first time
• Changing the mobile device that has already been
used.
Fig. 2. The types of mobile devices used
294
their networks. If the lost device is available in an operator TRCSL - the operator dependency to
network, the police will be informed by TRCSL. This is a implement a proper blocking
time-consuming process. Hence, we can conclude that, mechanism and the unavailability of an
• If a mobile device is lost, the service provider can automated and centralized system.
block the IMEI of that device in its own network.
But if the SIM card is changed, the mobile device 3. Adding Consumers - user behavior related
will be latched to a different network. reforms to concerns and inefficient processes in the
• There is no proper process to block stolen and regulations country.
black market mobile devices. Operators – availability of black market
• TRCSL requires a more efficient and centralized and stolen devices in operator networks.
system to minimize the usage of black market and TRCSL – manual process of acquiring
stolen mobile devices. information regarding lost devices
295
database to identify valid IMEIs. The IMEIs in the central increasing user awareness, establishing an IMEI based
database should be cross checked for invalid IMEIs. blocking mechanism and adding reforms to regulations are
Invalid and fake IMEIs should be maintained in a black suggested to minimize the usage of black market and stolen
list database. The cloned IMEIs should be updated in the mobile communication devices.
same black list. TRCSL should add the IMEIs of stolen
ACKNOWLEDGMENT
handsets to the same black list. This blacklist database should
be pushed to individual operators. Then, the operators can use Department of Electronic and Telecommunication
this database to cross check the IMEIs of the mobile devices Engineering of University of Moratuwa provided necessary
guidelines to conduct this research. Ms. Tharalika Livera,
and identify the blacklisted devices via the EIR systems that
Deputy Director for Compliance of the TRCSL provided
the operators have already established. information regarding the existing regulations and issues.
3) User warning: Initially a warning message should be
sent to black market device users. Later, as the final step such REFERENCES
devices should be blocked from using the network. [1] S. Waterfield, "Number of Mobile Subscribers Worldwide Hits 5
Billion – Newsroom," Newsroom, 2019. [Online]. Available:
C. Adding Reforms to Existing Policy Framework https://www.gsma.com/newsroom/press-release/number-mobile-
As per Table 1, all user surveys have suggested the subscribers-worldwide-hits-5-billion/. [Accessed: 04- Oct- 2018].
requirement for regulatory reforms. Current practices of [2] D. Protsenko, "Regulatory procedures and solutions for protecting the
market against counterfeit/substandard terminal equipment in
different countries mentioned in Section II of this research Ukraine," Geneva, Switzerland, 2014.
paper can be considered as guidelines for adding necessary [3] International Telecommunication Union (ITU),
reforms to existing policies of Sri Lanka. “Counterfeit/Substandard Mobile Phones – A User Guide to
Governments,” 2014. [Online]. Available: https://www.itu.int/en/ITU-
1) Stolen handsets: T/C-I/Documents/WSHP_counterfeit/Contributions/Contribution-
• An online GUI should be established to inform 001-MMF.pdf. [Accessed: 04-Oct-2018].
[4] International Telecommunication Union (ITU), “Industry Cooperation
lost mobile phone details to police. to Tackle Counterfeiting in Mobile Communications,” 2016. [Online].
• Once validated by police, TRCSL should be Available: https://www.itu.int/en/ITU-T/Workshops-and-
notified via the same platform without any Seminars/20160628/Documents/PPT/S2P3_Thomas_Barmueller.pdf.
[Accessed: 15-Oct-2018].
involvement from users. [5] D. Kopf, "One in five mobile phones sold across borders is a
• The stolen device details should be added to a fake," Quartz, 2019. [Online]. Available: https://qz.com/946304/20-of-
black list database maintained at TRCSL. all-mobile-phones-shipped-across-borders-are-fake/. [Accessed: 26-
Jun- 2019].
• Police should be informed with the new user [6] Telecommunication Regulatory Commission of Sri Lanka, “Statistics
details of the stolen device to obtain further - telecommunications regulatory commission of Sri Lanka,”
actions and recover the mobile device. 2018.[Online].Available:http://www.trc.gov.lk/images/pdf/statis_q1_
2) Black market handsets: 2018.pdf. [Accessed: 25-Nov-2018].
[7] A. J. Figueiredo Loureiro, D. Gallegos and G. Caldwell, "Substandard
• Black marked device users should be warned by cell phones: impact on network quality and a new method to identify
TRCSL. an unlicensed IMEI in the network," in IEEE Communications
• A policy should be implemented to block these Magazine, vol. 52, no. 3, pp. 90-96, March 2014.
[8] J. O’brien and K. Lehtonen, "Counterfeit mobile devices - the duck
devices after a concession period. test," 2015 10th International Conference on Malicious and Unwanted
Software (MALWARE), Fajardo, 2015, pp. 144-151.
The order of implementation of above policy framework [9] D. Hui and H. Lei, "EIR Based Mobile Communication Network
will vary depending on the country. But, the steps will not Security Technology," 2011 Third International Conference on
Multimedia Information Networking and Security, Shanghai, 2011, pp.
change. Also, it’s strongly recommended to do a problem 477-479.
identification (Refer Section III) and analyze the existing [10] J.S.Saarma, “Consultation Paper on Issues relating to blocking of IMEI
issues before implementing this policy framework in another for lost /stolen mobile handsets,” Telecom Regulatory Authority of
country. India, India, 2010. [Online]. Available:
https://www.trai.gov.in/sites/default/files/consultationpaper.pdf
V. CONCLUSION [Accessed: 04-Dec-2018]
[11] International Mobile Station Equipment Identities (IMEI) by 3rd
Generation Partnership Project, 3GPP Technical Specification TS
In this paper, we have identified the issues faced by users, 22.016, January 2016. [Online]. Available:
operators, government and industry due to the black market https://www.arib.or.jp/english/html/overview/doc/STD-
(counterfeit and substandard) and stolen mobile devices T63V12_30/5_Appendix/Rel13/22/22016-d00.pdf
usage. Also, we have suggested a suitable policy framework [12] Tekelec, Feature Manual - Equipment Identity Register, (2010).
[online]Available:
and recommendation to minimize the usage of black market https://docs.oracle.com/cd/E52521_01/doc.420/910-5910-
and stolen mobile devices. Firstly, we have conducted two 001_rev_a.pdf. [Accessed: 05-Jan-2019].
literature surveys to identify the negative impacts of black [13] I. Gepko, "General requirements and security architecture for mobile
phone anti-cloning measures," IEEE EUROCON 2015 - International
market and stolen mobile devices and the solutions suggested Conference on Computer as a Tool (EUROCON), Salamanca, 2015,
by various organizations and countries. Then, three user pp. 1-6.
surveys were conducted among the users, operators and [14] S. P. Rao, S. Holtmanns, I. Oliver and T. Aura, "Unblocking Stolen
TRCSL to identify the prevailing issues in Sri Lanka. As per Mobile Devices Using SS7-MAP Vulnerabilities: Exploiting the
Relationship between IMEI and IMSI for EIR Access," 2015 IEEE
the user survey conclusions, it was identified that user Trustcom/BigDataSE/ISPA, Helsinki, 2015, pp. 1171-1176.
behavior patterns, limitations of existing EIR systems and the [15] Prof.Yatin Jog, Pushpendra Thenuan, Dhruv Khanna and Ashlesha
outdated policies should be changed to address the issue of Chavan, "Analysing Central Equipment Identity Register (CEIR)
black market and stolen mobile devices usage. A policy Model for Mobile Handset Tracking in India," in International Journal
of Scientific Research, vol. 5, no. 4, pp. 188–193, April 2016.
framework and recommendations that include the steps of
296