Jul 5, 2010
My phone’s been blacklisted
Well, it hasn’t really – not for a while anyway – but it’ll do as a title.
The massive problem of mobile phone handsets being stolen led in 2002 to a marvellous bit of innovation. If a phone was stolen, its unique reference number – the International Mobile Equipment Identity (IMEI) – could be logged on a central database of blacklisted numbers, and it wouldn’t work any more. Not on any UK service, anyway, regardless of what SIM card you put in it.
Now, with an idea this brilliant in its simplicity there are bound to be a few drawbacks. (It’s also a really good illustration of problems that come up in any distributed system built around a central point, with a large number of players and variables involved.)
I haven’t managed to find out much in the way of fact about this mysterious IMEI database. I have established that it is known as the Central Equipment Identity Register (how Orwellian is that?) and that the Global System for Mobiles Association (GSMA) handles requests from mobile network operators (MNOs) to join the membership of those able to update it. Whether there is any more regulation relating to it than that is unclear. [Wikipedia tells me there are certain weaknesses in the non-uniqueness of IMEI numbers across handsets, and that handsets can be reprogrammed with a new IMEI number with enough effort. But that's incidental to the argument of this post.]
My main point is that from a process perspective, it doesn’t actually do the job it’s intended to. This is why.
One day my phone stopped working. I took it into the shop. “It’s not the SIM”, they said – “your handset’s been blacklisted. You have a SIM-only contract with us, nothing we can do. Our responsibilities stop there. Where did you get the handset?”
I explained that I’d bought it on eBay about 9 months before (from a very genteel lady in Dorking who didn’t want it as an upgrade). “You’ll need to find her, and get a receipt.” And then what? They looked blank. And what if I can’t? Blanker. “Nothing we can do”. Hmm, I thought.
Obviously, there was no chance of finding the seller – I had absolutely no idea who or where she was, and anyway, why should I? This was a mistake. Could the wrong IMEI have been put on the blacklist by mistake? “Yes.”
I made a big fuss. I tried to track down a regulator. I wrote to Ofcom. I did all the usual things that a public service process obsessive does. Nothing. Silence everywhere. I carried on making increasing levels of fuss to Vodafone – my only hope: with membership of the GSMA club and able to get their digits on the database. Finally, after much griping, emailing and phoning, they said “it’ll work now.” And it did. “It was a mistake,” they said. “Happens quite a lot.”
Which means that making a big enough fuss, being articulate and invoking stories of nice grey-haired ladies in Dorking will get your phone unlocked. Stolen or not. By anyone MNO you pick on to force the unlocking.
Which seems like a complete load of bollocks.
This is a hugely powerful system, capable of causing immense inconvenience due to a finger-slip by any of hundreds of people, scattered widely. It’s designed to provide a serious barrier to theft, yet it can be unpicked with a sustained bout of whinging and some smartly written emails.
It reminded me of some of the concepts of centralised identity management, which I’ve written about before. As soon as a centralised system becomes powerful enough to be any use, almost by definition it becomes unusable when exposed to many real world conditions. The blocking process might have been quite effective when almost all handsets came via your MNO, and you didn’t swap networks much. But those days are long gone.
Gary Gale reported a similar experience to this today, triggering thoughts that it wasn’t just me, and provoking me to write this post. Thanks Gary. Add any comments you like.
I’m not a mobile industry expert. If any of you are, and I’ve made a string of howlers above, I’m sure you’ll let me know. Is something missing here in terms of an independent point of contact to appeal mistakes like this? Who would run it? Who would pay? We can certainly forget a “well, government should just do it” solution in the current climate.
Ah c'mon Paul. If I'm understanding you right, your initial complaint was that no one could help you, and your subsequent complaint was that someone helped you.
Current system is not perfect, agreed. But why would it being centrally kept prevent typos?
How about when you buy something you make sure you get all the paperwork? How about caveat emptor?
Yeah, it's definitely a bit moany
But there's something to moan about if a 'secure' system suddenly falls apart like a cheap suit, or if some customers are able to get 'help' through invoking certain words or behaviours. If I hadn't been a white, middle-aged professional sort, would I have got the same help? What if I'd looked (in the eyes of the company) like a phone thief? It's these inconsistencies and weaknesses that trouble me.
And yes, I'm all for personal responsibility on the paperwork. I won't make that mistake again. But people do legitimately buy phones that have no paperwork. Should they not? I guess it's a calculated risk; however the odds seem a little stacked against them due to this rather odd (and flawed) blocking system.
[...] My phone’s been blacklisted – honestlyreal As soon as a centralised system becomes powerful enough to be any use, almost by definition it becomes unusable when exposed to many real world conditions. The blocking process might have been quite effective when almost all handsets came via your MNO, and you didn’t swap networks much. But those days are long gone. [...]
That's why I'm wary of buying things on e-Bay myself, but setting that aside…
My interest in this story was piqued by lack of uniqueness in the IMEI numbers. The problems of unique identifiers do concern me at times. I sometimes need to create systems of identifiers for analogue or digital objects, therefore I think about what happens when the context of the identifier shifts eg when a small museum uses its own accession numbers to identify images of objects and when they out them on the Web, they find that they are the same as another museum's. We found out recently that a Sainsbury's re-usable bag has the same barcode as an item of clothing in M&S.
If I were a mobile phone company, I'd want to get together with other mobile phone companies and insurance companies to:
1) devise a unique mobile devices identifier system
2) think of a snappier, public-friendly name for the database
3) create a public-friendly database
4) charge public to register a phone on the database but offer them incentive so that when they have they can get money off insuring the handset, or free calls/texts/data for a set period
5) market it so people know about it, know advantages
6) employ staff tough enough to withstand the Awkward Squad's senior members, such as Mr Clarke