Hi Lennart,
On Tue, Oct 18, 2011 at 08:18:24AM +0200, Lennart Müller wrote:
we own a frequency usage licence from the
Bundesnetzagentur and ran our
network with auth policy token. So every new phone trying to attach to our
network will receive a SMS with information how to register and a token.
Thereafter, the phone is kicked out and will no longer be able to register
again.
Now there was a problem with some phones from
Cupertino which, as I heard,
registered to our network, received the SMS, were kicked out again but did not
try to re-register with their home network. So some "nice" guys threaten to
call the Bundesnetzagentur if we will not shut down the network immediately.
we have only used the "Auth Token" mechanism in the Netherlands, where
the regulatory authority didn't make any complaint. However, I
remember some people with the (then not all-omnipresent) iPhone
reporting some issues.
In order to be on the safe side, we started issuing our own sim cards at
CCC Congress and related events. This means that people have to obtain
such a card before being able to acces the network. I believe legally,
this is the better situation anyway, as the "real operator" SIM card in
their device belongs to their "real operator", and we don't know the
details of the agreement they have with their operator. They could have
some fine print that that SIM is only permitted to be used with
roaming partners of the "real operator". So by not accepting foreign
SIM cards, we make sure nobody is violating such terms. Furthermore, we
can of course use A3/A8 and as a result also A5/1, if we want.
My question is: Are there really legal problems when
using the "Auth Token"
policy?
The fact that we have the auth-token (or any other) functionality in our
software doesn't mean that it is safe to run it, or that you will hve
legal guarantees about regulatory approval in any jurisdiction!
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)