Hi Harald,
we have only used the "Auth Token" mechanism
in the Netherlands, where
the regulatory authority didn't make any complaint. However, I
remember some people with the (then not all-omnipresent) iPhone
reporting some issues.
Seems to be a general problem...
In order to be on the safe side, we started issuing
our own sim cards at
CCC Congress and related events. This means that people have to obtain
such a card before being able to acces the network. I believe legally,
this is the better situation anyway, as the "real operator" SIM card in
their device belongs to their "real operator", and we don't know the
details of the agreement they have with their operator. They could have
some fine print that that SIM is only permitted to be used with
roaming partners of the "real operator". So by not accepting foreign
SIM cards, we make sure nobody is violating such terms. Furthermore, we
can of course use A3/A8 and as a result also A5/1, if we want.
Everybody using our sim cards would be the best of couse - we have some there
lying in the drawer. But simply switching the network seems to be more popular
- only one person came to get a programmed SIM card.
We will put a legal notice about fine prints onto the registration page.
So after all we will probably leave the Auth Token Policy off and let the users
enter their IMEI (followed by a registration) before accepting a location
update the first time.
The fact that we have the auth-token (or any other)
functionality in our
software doesn't mean that it is safe to run it, or that you will hve
legal guarantees about regulatory approval in any jurisdiction!
That's clear. But as I configured it some time ago, I thought it would not be a
problem, since normally the phones should only try to roam if they cannot
establish a connection to their home network. Since they are only one time in
our network for about 5 seconds to send the SMS, I saw no problem in there -
believing phones try to register back immediately after being thrown out.
Regards,
Lennart