Legal situation when using auth policy token

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Lennart Müller mueller.lennart at googlemail.com
Tue Oct 18 08:10:17 UTC 2011 

Hi Harald,

> we have only used the "Auth Token" mechanism in the Netherlands, where
> the regulatory authority didn't make any complaint.  However,  I
> remember some people with the (then not all-omnipresent) iPhone
> reporting some issues.

Seems to be a general problem...
 
> In order to be on the safe side, we started issuing our own sim cards at
> CCC Congress and related events.  This means that people have to obtain
> such a card before being able to acces the network.  I believe legally,
> this is the better situation anyway, as the "real operator" SIM card in
> their device belongs to their "real operator", and we don't know the
> details of the agreement they have with their operator.  They could have
> some fine print that that SIM is only permitted to be used with
> roaming partners of the "real operator".  So by not accepting foreign
> SIM cards, we make sure nobody is violating such terms.  Furthermore, we
> can of course use A3/A8 and as a result also A5/1, if we want.

Everybody using our sim cards would be the best of couse - we have some there 
lying in the drawer. But simply switching the network seems to be more popular 
- only one person came to get a programmed SIM card.
We will put a legal notice about fine prints onto the registration page.

So after all we will probably leave the Auth Token Policy off and let the users 
enter their IMEI (followed by a registration) before accepting a location 
update the first time.

> The fact that we have the auth-token (or any other) functionality in our
> software doesn't mean that it is safe to run it, or that you will hve
> legal guarantees about regulatory approval in any jurisdiction!

That's clear. But as I configured it some time ago, I thought it would not be a 
problem, since normally the phones should only try to roam if they cannot 
establish a connection to their home network. Since they are only one time in 
our network for about 5 seconds to send the SMS, I saw no problem in there - 
believing phones try to register back immediately after being thrown out.

Regards,
Lennart

More information about the OpenBSC mailing list