Mobile Devices: Theft

Background

Policymakers in many countries are concerned about the incidence of mobile device theft, particularly when organised crime becomes involved in the bulk export of stolen devices to other markets.

For many years, the GSMA has led industry initiatives to block stolen mobile devices, based on a shared database of the unique identifiers of devices reported lost or stolen. Using the International Mobile Equipment Identifier (IMEI) of mobile devices, the GSMA maintains a central list — known as the GSMA Black List — of all devices reported lost or stolen by mobile network operators’ customers. The GSMA IMEI Database that hosts the GSMA blacklisting service is available to other network operators around the world to ensure those devices transported to other countries are also denied network access.

The efficient blocking of stolen devices on individual network Equipment Identity Registers (EIRs) depends on the secure implementation of the IMEI in all mobile devices. Leading device manufacturers have agreed to support a range of measures to strengthen IMEI security, and progress is monitored by the GSMA.

Debate

What can industry do to prevent mobile phone theft?
What are the policy implications of this rising trend?

Resources

GSMA & OAS Briefing Paper: Theft of Mobile Terminal Equipment
GSMA IMEI Database website
GSMA Reference Document: Anti-Theft Device Feature Requirements
GSMA Mobile Phone Theft – Consumer Advice
GSMA Mobile Device Theft website


Industry Position

The mobile industry has led numerous initiatives and made great strides in the global fight against mobile device theft.

Although the problem of device theft is not of the industry’s creation, the industry is part of the solution. When lost or stolen mobile devices are rendered useless, they have significantly reduced value, removing the incentive for thieves to target them.

The GSMA encourages its member operators to deploy EIRs on their networks to deny connectivity to any stolen device. Operators should connect to the GSMA IMEI Database and share their own network’s black list to ensure devices stolen from their customers can be blocked on any other networks that also connect to the database. These black list solutions have been in place on some networks for many years.

To better enable a range of stakeholders to combat device crime, GSMA provides services that allow eligible parties such as law enforcement, device traders and insurers to check the status of devices against the GSMA Black List.

IMEI blocking, when complimented with additional measures undertaken by, and in consultation with, a variety of stakeholders, can be the cornerstone of a highly effective anti-theft campaign.

Consumers that have had their devices stolen are particularly vulnerable to their personal data being used to commit a range of additional crimes. Industry, law enforcement agencies and regulators are recommended to provide anti-theft consumer education material on their websites reflecting the advice and measures appropriate to their market.

The concept of a ‘kill switch’ — a mechanism allowing mobile device users to remotely disable their stolen device — has received much attention. The GSMA supports device-based anti-theft features and has defined feature requirements that could lead to a global solution. These high-level requirements have set a benchmark for anti-theft functionality, while allowing the industry to innovate.

The deployment of persistent endpoint security solutions on mobile devices can also help render devices useless and unattractive to criminals by preventing those devices from working on non-mobile networks, such as Wi-Fi, where EIR blocking would otherwise be ineffective.

National authorities have a significant role to play in combatting this criminal activity. It is critical that they engage constructively with the industry to ensure the distribution of mobile devices through unauthorised channels is monitored and that action is taken against those involved in the theft or illegal distribution of stolen devices.

A coherent cross-border information sharing approach involving all relevant stakeholders increases the effectiveness of national measures. GSMA advocates the sharing of stolen device data internationally for blocking and status checking purposes and the GSMA IMEI Database facilitates this function. Only if regulation allows stolen device information to be shared across all countries will the deterrent have most impact.

Some national authorities have proposed national white lists or black lists with ongoing centralised customer registration requirements to combat device theft. These systems are unnecessary, as blacklisting systems are sufficient and less complex or expensive to implement and maintain.

In markets where a national white list or black list exists, lost and stolen device information can be exchanged between mobile network operators through the GSMA IMEI Database. Alternatively, if a national device blacklisting system is already in place, and is compliant with the GSMA’s requirements, it may be connected to the GSMA Black List.