Legal situation when using auth policy token

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Harald Welte laforge at gnumonks.org
Tue Oct 18 07:33:57 UTC 2011 

Hi Lennart,

On Tue, Oct 18, 2011 at 08:18:24AM +0200, Lennart Müller wrote:
> we own a frequency usage licence from the Bundesnetzagentur and ran our 
> network with auth policy token. So every new phone trying to attach to our 
> network will receive a SMS with information how to register and a token. 
> Thereafter, the phone is kicked out and will no longer be able to register 
> again.

> Now there was a problem with some phones from Cupertino which, as I heard, 
> registered to our network, received the SMS, were kicked out again but did not 
> try to re-register with their home network. So some "nice" guys threaten to 
> call the Bundesnetzagentur if we will not shut down the network immediately.

we have only used the "Auth Token" mechanism in the Netherlands, where

the regulatory authority didn't make any complaint.  However,  I
remember some people with the (then not all-omnipresent) iPhone
reporting some issues.

In order to be on the safe side, we started issuing our own sim cards at
CCC Congress and related events.  This means that people have to obtain
such a card before being able to acces the network.  I believe legally,
this is the better situation anyway, as the "real operator" SIM card in
their device belongs to their "real operator", and we don't know the
details of the agreement they have with their operator.  They could have
some fine print that that SIM is only permitted to be used with
roaming partners of the "real operator".  So by not accepting foreign
SIM cards, we make sure nobody is violating such terms.  Furthermore, we
can of course use A3/A8 and as a result also A5/1, if we want.

> My question is: Are there really legal problems when using the "Auth Token" 
> policy?

The fact that we have the auth-token (or any other) functionality in our
software doesn't mean that it is safe to run it, or that you will hve
legal guarantees about regulatory approval in any jurisdiction!

Regards,
	Harald
-- 
- Harald Welte <laforge at gnumonks.org>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)

More information about the OpenBSC mailing list