IMEI Number No More Unique: Regulator Lost Control

Uniqueness of the IMEI number is one of its main characteristic which is well recognized  on the basis of which so many processes are  implemented  by the regulator not only in the telecom industry but used by various  Law Enforcement Agencies  and being relied upon by the Court as an evidence. In the last two decades, hardly there would be any single case of terrorism or bomb blast or murder /decoties where the IMEI number have not been used to connect the offender with the offence or offender with the place of scene of crime or to prove the identity of the criminal during trial. In fact, the evidence in the form of IMEI number of the mobile number has been relied upon by the court in various cases and it has become the basis of conviction or acquittal. Recently, in the large number of cases in court, the applications are being filed by the defence as well to preserve the mobile detail of the police party to harness the power of the technology  in arriving at truth which itself rely upon the distinctiveness  of IMEI number. The law enforcement agencies has even implemented the mechanism to recover the stolen or lost mobile on the basis of this IMEI number.

What if the IMEI number is no more unique?

The treacherous impact of the same would not only that  the government is going to lose the control over the identity of mobile devices which is one of the nodes on the internet and can be used to commit any crime but also the entire machinery implemented in the telecom industry to regulate the mobile communication would jeopardized .  It becomes more hazardous particularly when the prerequisite of Aadhaar number has been vanished consequent to the recent judgement of the Supreme Court in the matter of Justice K.S. Puttaswamy and Ors. vs. Union of India (UOI) and Ors.

In the broader prospective, we need to understand that the losing the distinctiveness of the IMEI number means the government losing the power to implement the law. Infact, in the new dimension of cyber space, the code is law. Here I would like to refer to the theory of Cyber Jurisprudence propounded by Prof Lawrence Lessig   in 1999, “Code is law”. He stated that the code is the building block and architecture of all internet protocols.  If you want to control the cyberspace, you can control is by controlling the code. In the time to come, the governments would try to control the cyber space by controlling the code.

So the government was controlling the cyberspace of mobile network by implementing the controls using the distinctiveness of the IMEI number and in absence of its essential characteristic of uniqueness, this cannot be controlled. As already, the government regulation in the cyber space is working through the techno- legal methods such as blocking of the website through code implemented by ISP is quite effective and similarly, the framework of ICANN in regulating the internet domain rendered prolific results. Similarly, the code in the form of digital signature is being used to protect the integrity, encryption to protect confidentiality, digital certificate to protect from phishing etc. and these code when integrated   with law and regulatory framework are providing effective and measurable outcome.

Now you have the full right to ask what is IMEI? and How does it affect me and my mobile phone? So here is some information:-

An IMEI is the 15digit numeric number which is used to uniquely identify the mobile phone which you use with Jio, Airtel or BSNL connection. The IMEI number is used by the police and CBI to track down your loved ones in case if they go missing or if they are involved in an accident. The same IMEI number is also used by the security forces to track down the criminals and terrorists if they attack our country or they try to do bad illegal activities. So basically, it is important to have the IMEI number unique so as not to have a copy of your device identity floating around. The IMEI number is the one which is embedded by the manufacturers in your mobile phone.The bottom line is that the IMEI numbers have to be unique. one phone one unique IMEI. Now if its dual sim then dual IMEI but both of them have to be unique.

It is similar to the uniqueness of your car or scooter license / registration plate which is unique and no two are the same in the country or similar to your mobile number which is also unique at all times.

Recently, it was revealed that more than 200 plus mobile phone models which are copy-cat mobile phones mimicking the TAC/IMEI numbers of genuine mobiles. This tip of an iceberg is way deeper than what may have stumbled upon is harvesting 200 TAC can lead up to 200 million mobile phones. The figure of 200 million copy-cat phones out there in the telecom ecosystem duplicating IMEI numbers is a big shock and setback to the Digital India.

Now that you have mastered the IMEI mystery, then let’s talk about TAC. The TAC is the first eight digit of the 15 digit IMEI number. Now the 15digit IMEI number takes its identification of the mobile phone from the first 8digit TAC and the remaining numbers are 6digit which is the quantity of the mobile phones that are produced by the manufacturer for a particular model totaling up to one million phones which is the maximum number generated using the six digit combination (000000 to 999999)

One more question arises is that who gives the TAC or the IMEI numbers to the manufacturers, and the answer is that there is a body called GSMA Association which is a non-profit body, they have a subsidiary called GSMA Limited which is a for profit body. They give out the TACS and they control it across the world. They have one reporting body company in India called MSAI and one in China called TAF and one in UK called TUV SUD BABT. The Indian RBC or the Reporting Body Company MSAI gives TAC/IMEI numbers in India and so does the other entities which work with the manufacturers of the mobile phones.

Now the shocking stuff:

What we have unearthed are the copy mobile phones mimicking the TAC/IMEI of the genuine mobiles.

This is absolutely shocking cause as it means that there are more duplicate or copy-cat IMEI numbers in the mobile markets of India, than ever before. One particular thing came out of the duplicate mobile phones is that , 100% of the copied TAC/IMEI numbers were coming from overseas, i.e the non-Indian RBC namely TAF in China and RBC TUV SUD BABT in UK. This means that the NON-INDIAN FATHER or NON-INDIAN TACs of the IMEI numbers are copied briskly and sold to the unsuspected mobile phone users. The practice of copying the Non-Indian TAC is so rampant that multiple millions subscriber’s mobile phones are at a major risk. This activity is so wide spread now that it is multiplying at a large scale (in millions) every month.

The Non-Indian TACs are being copied onto multiple brands/models and then one million IMEI numbers can be created using these compromised TACs. These Non-Indian TACs with mobile phones are being sold into the Indian Markets spread across major metros and tier II metros without the knowledge of the mobile phone users.

The serious consequences that flows from the above can be summarized into the following:

TAC/IMEI Integrity Compromised: The IMEI numbers of the copy TAC models which when connect on to the mobile network operator create a pseudo profile mimicking the original TAC identity, which then compromise the uniqueness of the mobile phone and its IMEI identifiers.

Mobile Network Operator Identity Systems Instable: The mobile network operator identifies the genuine phones via TAC and its subrange IMEI. The mobile network operator systems are clueless about this rampant TAC cloned activity and they cannot differentiate the genuine TAC from the copy TAC.

In mobile network operator’s network when the Key Identifier = TAC is compromised then mobile network operator’s system treat the copy TAC as a genuine TAC as they have no way of understanding the value of copy TAC in their systems. They remain clueless about the identity of the copy TAC phones which they are provisioning on their network.

This results into multi-prong serious mobile phone identity concerns:

An infested TAC can easily transmit false identity copycatting a genuine TAC which throws off the operational investigations. False identity of the mobile phone through infested TAC is a huge law enforcement and security agencies nightmare and it has the potential to jeopardize the national security tremendously.The investigation of the case involving mobile phones has  become  complex manifold due to the increase in the duplicate TAC’s and their associated IMEI which means duplicate or copy mobile phones with copy IMEIs which shows similar print that of the original TAC and its known IMEI.

Mobile Network Operator also have a tough time provisioning the mobile phone correctly between the copy and the original TAC’s. Their systems detect falsely and try to configure the 4G device whereas in certain cases the device hiding behind the copy TAC is only a 2G feature phone.This Detection of a false mobile phone as a genuine one and provisioning it as per the technical frequency bands capabilities of the genuine one also hogs the network resources and creates false triggers thereby denying the proper service to the mobile phone user.

The Entire India Is Affected:

There are numerous instances where this kind of TAC Integrity breach is happening at multiple cities at the same time. The Non-Indian Copy TAC also travels to multiple mobile network operator systems evading detection and hiding behind the identity of the genuine one. The problem is prevalent pan India and all mobile network operators including variant devices using IMEI no’s such as M2Ms, TABLETS, GPS  are also At Risk.

The non-Indian copy TAC practice is also spread onto other form factors of the wireless mobile devices such as Tablets, Wrist phones, GPS devices, M2M etc. This is creating another high-risk challenge for the Mobile Network Operator’s to correctly identify these devices, as for example; a copy TAC of a GPS tracker module which belongs to a 4G smartphone will now mimic the profile of a 4G smartphone rather than GPS tracker. Both of these products function differently, use different spectrum bands for data and bear different device classifications/Technical specifications than each other.

The misuse of the TAC has become an epidemic in correctly identifying the wireless mobile devices bearing these form factors. It is also difficult to correctly pinpoint the exact numbers behind each form factors in any of the Mobile Network Operator’s networks.

Now how are you impacted by this Non-Indian TAC manipulation issued from abroad?

Mobile Phone User’s Unique Identity Is Compromised: The subscribers who have unknowingly bought the copy TAC mobile phone is equally at risk and clueless as their phone’s TAC is already compromised. The subscriber is oblivious of the fact that their device TAC/IMEI is a harvested copy of the genuine mobile phone’s TAC/IMEI number. The original owner of the genuine TAC/IMEI also becomes at risk if and when the dubious duplicated TAC/IMEI phones turn on and latch onto the TSP’s. The genuine TAC/IMEI now have a copy TAC/IMEI floating around and it is no longer unique, which is how it should have been.

This gets further complicated if the fake copy TAC/IMEI is used in any crime or terrorist activity. The law enforcement/security agencies now have to go through a lot of hassle in figuring out the culprit device holder as there are multiple copies of the original TAC/IMEI floating in the Mobile Network Operator’s systems.

Why? Why? and Why? Why is this happening to my India?

 Primary Root Cause: The primary root cause can be summed up as follows:

Lack of TAC Surveillance: As of now there is a lack of TAC surveillance for the mobile phones which are sold in India. TAC surveillance and TAC inspections at the manufacturers is also missing big time. The manufacturers who are currently producing such security breached mobile phones do it openly without any audit performed by GSMA who tend to collect millions of dollars after dollars but do not warrant the TAC or IMEI.

The mobile phone earthquake shocks are being felt by the Indian government who has also approached ITU to get them to warrant their TAC product or finish this monopoly which is badly managed. No regulation or control mechanism has been introduced by the government or GSMA to restrict these offending TAC companies and they turn a blind eye to the consequences which is being felt by the mobile network operators in identifying these copy TAC mobile phones. This is ironical given that GSMA Association which is the parent company of the GSMA limited is an Mobile Network Operators body.

The delicate fabric of the digital India’s connected mobile society is also endangered as it is also causing damage to the integrity, of the entire ancillary telecom ecosystem companies who rely upon the TAC/IMEI number for their system’s decisions. The national security is at stake and mobile identity on the basis of IMEI number cannot be testified in the court of law and there are inherent risks of innocent citizen being framed in the false cases. The government needs to take urgent step to regulate the menace before it becomes uncontrollable.

Probably, the only solution for the government to introduce its own framework of distributing the TAC/IMEI numbers and removing the monopoly of the GSMA which is not only going to remove the disparities in the price charged by the GSMA in USA, China or India but also save the foreign revenue which is being paid by the Indian Telecom Companies to the GSMA. There is no other way to implement the controls to protect and implement the national security spawn by the threats of duplicate TAC/IMEI’s.

Leave a Reply

Your email address will not be published.