Technological Advisory Council (TAC) Mobile Device Theft Prevention

Technological Advisory Council (TAC) Mobile Device Theft Prevention (MDTP) Working Group

Jun, 19

Technological Advisory Council (TAC) Mobile Device Theft Prevention (MDTP) Working Group.

This report provides an overview of the Mobile Device Theft Prevention Working Group’s (MDTP WG) efforts to reduce mobile device theft throughout its history and specifically in response to the requests made of the group for the 2018 calendar year by the FCC’s Chairman.

Since its inception, the MDTP WG has made significant strides towards creating solutions to help deter the criminal theft of mobile devices. These solutions include coordinating a voluntary industry-led effort to implement recommendations for consumer anti-theft features and the development of the Stolen Phone Checker—a tool, powered by the GSMA Device Check service—that enables consumers, commercial entities, and law enforcement to verify whether a device has been reported lost or stolen.

Anecdotal evidence suggests that these and other efforts are having an impact. The Stolen Phone Checker, which was released in May 2017, has already resulted in more than a million queries. And consumer survey results show that consumers are increasingly adopting security features on their mobile devices. In fact, an analysis of these survey results indicates that between 2016 and 2018, the number of consumers impacted by mobile device theft has dropped dramatically. Our estimate suggests that theft of mobile devices has declined by more than 50 percent.

During the 2018 session, the MDTP WG worked to:

  • Identify sources of statistics that could be used to study future mobile device threats and trafficking across international borders, as well as make further recommendations to mitigate device theft;
  • Continue partnering with law enforcement to assess the benefits of the information portal (i.e. stolenphonechecker.org) to relevant stakeholders and identify potential enhancements;
  • Develop baseline statistics on device theft based on data from directed consumer surveys and law enforcement to help track long-term progress and identify theft scenarios.

While the group has seen overall success, challenges remain with regard to these areas. The MDTP WG puts forth ten actionable recommendations for consideration that it believes will help to solve some of these challenges and move towards continued success in the fight to combat criminal mobile device theft.

 

  1. History of MDTP WG and Achievements

1.1 Efforts of MDTP WG

The Federal Communications Commission (“FCC) Technological Advisory Council’s (“TAC”) Mobile Device Theft Prevention (“MDTP”) Working Group (“WG”) has been collaborating for more than four years on solutions to the challenge of criminal theft of mobile devices, principally smartphones. The problem was identified by local law enforcement as a key challenge, and solutions were sought by industry, consumer protection advocates, and law enforcement. At one point, law enforcement found that in major American cities, such as Washington, D.C., and New York, roughly 40 percent of all robberies involved smartphones.

The MDTP WG is made up of representatives from carriers, manufacturers, smartphone recyclers, third-party solution providers, industry associations, and federal, state and local law enforcement. The WG made a wide range of recommendations in 2014 and in 2015 that focused on technical solutions to device theft, consumer education, and information sharing. Technical solutions included dedicated work by the Alliance for Telecommunications Industry Solutions (“ATIS”) to develop policies, methods, or procedures for law enforcement to obtain device identifiers from smartphones in their possession. The WG also recommended steps to explore blacklists and methods for consumers to be able to look up a smartphone’s International Mobile Equipment Identifier (“IMEI”)/Mobile Equipment Identifier (“MEID”) status, and a mechanism for consumers to check the enrolment status of a device. Other recommendations included educating consumers about how they can protect their data and their smartphones to augment efforts undertaken by the FCC and law enforcement.

1.2 Industry Voluntary Commitment to Include Anti-Theft Tools on Devices

A key part of the initial work of the MDTP WG was to develop recommendations for visible opt-out anti-theft features to be embedded within mobile devices for consumer use. MDTP WG members responded by coordinating a vigorous and dynamic voluntary industry-led effort among mobile device manufacturers to implement these recommendations. In an April 10, 2012 voluntary commitment, industry participants took steps to deter theft, and in the Smartphone Anti-Theft Voluntary Commitment of 2014, industry participants agreed to provide remote capabilities to wipe information from new smartphones, among other security measures. The Smartphone Anti-Theft Voluntary Commitment provides that: New models of smartphones first manufactured after July 2015 for retail sale in the United States will offer, at no cost to consumers, a baseline anti-theft tool that is preloaded or downloadable on wireless smartphones and provides the connected capability to:

  1. Remotely wipe the authorized user’s data (i.e., erase personal info that is added after purchase such as contacts, photos, emails, etc.) from their smartphone in the event it is lost or stolen.
  2. Render the smartphone inoperable to an unauthorized user (e.g., locking the smartphone so it cannot be used without a password or PIN), except in accordance with FCC rules for 9-1-1 emergency communications, and if available, emergency numbers programmed by the authorized user (e.g., “phone home”).
  3. Prevent reactivation without the authorized user’s permission (including unauthorized factory reset attempts) to the extent technologically feasible (e.g., locking the smartphone as in 2 above).
  4. Reverse the inoperability if the smartphone is recovered by the authorized user and restore user data on the smartphone to the extent feasible (e.g., restored from the cloud).

Each network operator signatory commits to permit the availability and full usability of a baseline anti-theft tool that can be preloaded or downloaded on a smartphone as specified in this commitment.

1.3 Stolen Phone Checker

Based on the efforts and recommendations of the TAC MDTP WG, CTIAThe Wireless Association (“CTIA”) launched the Stolen Phone Checker in May 2017. The Stolen Phone Checkerpowered by the GSMA Device Check serviceis a public service designed to limit the resale of lost and stolen mobile devices in the United State and to help consumers, businesses, and law enforcement agencies learn the status of a device and ultimately make informed choices. When launched, this service garnered significant national media coverage, and this coverage continues today.

1.4 Impact of Increased Public Awareness of Tools Available to Mitigate Mobile Device Theft

1.4.1 Industry Efforts to Raise Public Awareness

Over the last several years, both industry and government have worked hard to combat the problem of mobile device theft and to inform consumers of ways to protect themselves. Industry makes available numerous resources for consumers to protect their devices and their data, including tools to deter and prevent theft, help consumers recover a lost or stolen device, and remotely manage data in the instance that their device cannot be found. Industry has taken steps 

to make it easy for users to enable these features. For example, on iOS, when a user signs into iCloud as part of setting up a new device, Find My iPhone is enabled automatically and links the device to their account. This functionality helps end-users locate and protect their devices by viewing device location on a map, playing sounds to help find the device, and remotely locking and or erasing personal information from a missing device. Most major carriers who provide the ability to “bring your own phone” to their networks also offer web-based tools for consumers to look up IMEI numbers. Aimed at addressing mobile theft, these services are almost always accompanied by explicit policies to not activate devices that have been reported lost or stolen.

Beyond CTIA’s Stolen Phone Checker, CTIA has also developed a variety of new consumer-centric cybersecurity resources over the past year, including a just-released series of “how to” videos on important cybersecurity topics, such as how to set up a device passcode, how to engage “find my phone” anti-theft tools, and what to do if your device is lost or stolen.  Industry also continues to educate consumers about how they can protect their devices and personal data.  CTIA regularly updates its consumer resource pages to ensure consumers have access to the latest recommendations on how to protect against cyber threats and device theft.

GSMA’s IMEI Database3 allows operators to exchange data and to block devices that are “blacklisted,” i.e., reported lost or stolen using a device’s IMEI.4 Device Check service allows entities to query the GSMA IMEI database to provide up to 10 years of a device’s history as well as the device model information and capabilities. It serves to help resellers identify and eliminate stolen devices before they can enter supply chains, confirm the true device model for authenticity and calculate device value, discourage device theft by reducing the value of a stolen device, and confirm the network operator that reported a device stolen or lost, which helps with repatriation to the rightful owner.

GSMA also provides additional services aimed at reducing the number of lost or stolen devices, including consumer tips on mobile phone theft.6  GSMA has also recently developed a pilot program—the Third Party Blacklisting Pilot Program—that allows certain operator-approved entities to directly contribute to the GSMA Black List. 

1.4.2 Federal Government Efforts to Raise Public Awareness

The Federal Government has expanded the resources it provides to the public and has promoted awareness and common-sense solutions, including better use of the tools already available to deter theft and safeguard data. For example, the Federal Communications Commission (“FCC” or “Commission”) lists tips to safeguard against smart device theft and protect data on a phone7 and the Federal Trade Commission provides guidance on locking, updating, finding, and reporting a phone missing.8 The FCC also lists numbers of cellular service providers for victims to report stolen smart devices.9 Additionally, we have seen action taken by the United States Department of Justice to prosecute those who traffic in stolen devices.

1.4.3 Law Enforcement Efforts To Raise Public Awareness

Law enforcement can play an important role in highlighting anti-theft features. Numerous law enforcement authorities are engaged in public awareness and education campaigns to stem mobile phone theft and share industry and federal resources with their residents. The Washington, D.C. Metropolitan Police Department, for example, launched a public campaign urging victims of mobile phone theft to “brick it.” If a device is stolen, the owner should contact the carrier and have the device remotely disabled because, “[i]f a smart phone is rendered inactive in such a manner, it’s often considered to be as useful as a ‘brick.’ These ‘bricked’ phones are of little use to thieves because they can’t be reactivated after being sold on the black market.”

Similarly, the City of San Francisco established an “eyes up, phones down” anti-crime and public awareness campaign, providing tips to outsmart thieves and protect individuals’ devices.  New York Police Department (NYPD) has also established campaigns to raise awareness of available tools, including a robust campaign to actively encourage residents to upgrade to iOS 7 to activate available anti-theft tools.12  Campaigns such as these can help to raise both consumer awareness and adoption of anti-theft tools and best practices.

1.4.4 Other Resources

Other resources abound as well, including checklists and tips to protect consumers produced by a range of security- and consumer-focused organizations.  Consumer Reports outlines that users should adopt practices such as using strong passwords for lock screens, enabling a “find my phone” application, and backing up a phone’s information.13  Other organizations, like Norton, encourage users to immediately report the loss of a cell phone to the carrier, remotely lock and wipe the phone, and change sensitive passwords which might be saved on the device.

1.4.5 Impact on Mobile Device Theft

The MDTP WG has reviewed the effectiveness of these and other efforts to raise awareness and increase the use of tools to protect against and recover from mobile device theft. Consumer education appears to have had a substantial impact on the practices of consumers and has helped to ameliorate this public safety and consumer protection challenge.

A recent Harris Poll, commissioned by CTIA to survey consumer awareness and adoption of cybersecurity features and tools, shows that America’s wireless consumers continue to adopt anti-theft features and more advanced security measures for their mobile devices amid ongoing consumer protection and education efforts. Nearly 60 percent of American smartphone owners reported being aware that they have the “find your phone” capability on their device, allowing them to remotely locate, lock, and erase their smartphones. 

The MDTP WG attempted to determine the effect of these efforts on the number of consumers impacted by mobile device theft.  Using the Harris Poll survey results and publicly available data on the U.S. population, the WG was able to derive that between 2016 and 2018 the number of consumers impacted by mobile device theft has dropped dramatically. Our estimate suggests that theft of mobile devices has declined by more than 50 percent and is consistent with anecdotal press reports from key U.S. cities. The timing appears to align with introduction of the anti-theft tools and Stolen Phone Checker, but further study is required to determine whether there is a correlation. 

Chart 1.1: Trend in Stolen Smartphones 

2 2018 Tasking of Federal Communications Commission Chairman

For 2018, the WG was asked to build on earlier work and attempt to identify statistics that help support anecdotal evidence suggesting a steep decline in device theft and also focus on international engagement to determine where stolen devices ultimately end up. Specifically, the Chairman tasked the MDTP WG with the following:

  • Focus on supporting FCC efforts in working with foreign regulatory agencies to combat the theft and use of illegal mobile devices, including working to identify where devices go once they are stolen.
  • Reassess the effectiveness of the information portal and make recommendations, as appropriate, for its future improvement.
  • Study whether mobile device theft has declined in the United States since these efforts have been implemented.

With this tasking, the MDTP WG focused on three primary areas: 

  • Study future mobile device threats and trafficking across international borders and make further recommendations.
  • Continue to work with law enforcement to assess the benefits of the information portal (i.e. stolenphonechecker.org) to relevant stakeholders and identify potential enhancements.
  • Develop baseline statistics on device theft based on data from directed consumer surveys and law enforcement to help track long-term progress and identify theft scenarios.

 

3 Stolen Phone Checker 
CTIA's Stolen Phone Checker lets consumers, law enforcement, and commercial users know if a mobile device has been reported lost or stolen. This information is beneficial for consumers and commercial entities—including third-party resellers of mobile devices—to alert them to the status of a device before they make a purchase or a sale. If a device is “reported lost or stolen” it means that an owner reported the device is no longer in his/her possession; the wireless carrier confirmed the device was stolen due to fraud; and/or the wireless carrier confirmed the owner is not in possession of the device.
By inputting a device’s unique serial number or International Mobile Equipment Identifier(IMEI) into the database, users of the Stolen Phone Checker have instant access to the world’s largest collection of data concerning reported lost or stolen phones provided by carriers, including information on different device models and their capabilities. If the device has been blocked, it will be marked with a red warning status and will highlight that it might not be able to access mobile networks. GSMA Device Check, which powers the service, contains regularly refreshed data supplied by over a hundred carriers internationally, including U.S. operators AT&T, Sprint, T-Mobile, U.S. Cellular and Verizon Wireless.
The tool allows consumers, commercial entities, and law enforcement representatives to check devices based on IMEI, mobile equipment identifier (MEID), or electronic serial number (ESN) identifiers.
For consumers, the tool provides simple instructions and guidance, including tips on how users can better protect themselves by utilizing PINs, passwords, apps, and other security features—such as using apps to locate, lock, and/or erase a wireless device if it is lost or stolen16—and instructions on how to contact their wireless carrier and local law enforcement.
The Stolen Phone Checker also helps protect commercial users and businesses such as device resellers or retailers, insurers, repair centers, recyclers, and other companies in the wireless ecosystem and includes use case examples.18  It also helps law enforcement agencies discourage device theft, identify and check the lost or stolen status of a recovered device, and identify the wireless carrier associated with a device reported to the GSMA Black List.
3.1 Usage 
As explained above, the Stolen Phone Checker is available to consumers, law enforcement, and commercial users, including retailers, resellers, and recyclers of devices, along with insurers, repair centers, and providers of solutions to help identify or prevent the use of lost or stolen devices.  Since its launch in May 2017, more than one million queries have been made using the database.20  Commercial users make up the majority of users, followed by consumers, and then law enforcement.   As will be discussed below, the WG and industry has continued to make efforts to increase awareness of this tool to both consumers and law enforcement.
3.2 Evolution
The Stolen Phone Checker tool was created to assist with combatting mobile device theft. The MDTP WG has explored what improvements can be made to the database to make it an even more useful tool for consumers, commercial users, and law enforcement. Two possibilities have arisen: (1) develop the ability to use the Stolen Phone Checker as a tool to help mitigate the problem of contraband phones in prisons; and (2) find ways to streamline the onboarding process, making it easier for individual law enforcement officers to take advantage of the tool.
3.2.1 Contraband Reason Code
In February 2018, the FCC, under the leadership of Chairman Pai, convened a stakeholder meeting to discuss solutions to contraband cell phones in state correctional facilities. Chairman Pai explained the initiative’s goal as follows: “to bring together a diverse group to determine the most effective, affordable, and safe ways to address this problem—that is, to stop the threat of contraband cell phones without causing harm to legitimate wireless users.”21 During the February stakeholder meeting, CTIA, on behalf of the wireless industry, proposed the creation of a task force to serve as a forum for further dialogue, as an organizing body for testing technologies, and as a means to combat contraband devices generally.  
In April, the Contraband Phone Task Force held its first meeting in Washington, D.C. The task force consists of wireless industry representatives, state correctional department officials, the Department of Justice’s Bureau of Prisons, and the FCC. The task force has since held several additional face-to-face meetings and plans to hold its next meeting in January at the Association of State Correctional Administrators’ (ASCA) annual winter conference in New Orleans.  
The task force has explored a variety of potential solutions to address this challenge, including identifying and testing ways to stamp out the use of contraband cell phones, generally known as Contraband Interdiction System (CIS) technologies.22  The task force has also been developing a court order process to direct wireless providers to disable service to devices identified as contraband. In addition, the task force is working to modify the GSMA Black List for use in combatting contraband devices, specifically by adding a Reason Code dedicated to contraband phones. Over the past six months, the wireless industry has worked closely with several states to develop a court order process and has effectively disabled service to hundreds of contraband phones. Adding the Contraband Reason Code to the Stolen Phone Checker, via the GSMA Black List, will further assist corrections officials in combatting contraband devices.  
3.2.2 Efforts to Streamline the Onboarding Process for Law Enforcement 
As described in greater detail below, there are approximately 18,000 different law enforcement agencies throughout the United States at the federal, state, and local levels.  Each of these agencies has their own processes for approving contracts and managing their own investigative procedures.  Several agencies have reported challenges with the process necessary to be onboarded to use the Stolen Phone Checker.  Possible solutions are being explored. 
3.3 Efforts to Increase Awareness and Use of Stolen Phone Checker 
Since the inception of the Stolen Phone Checker last year, the industry has worked to increase awareness. In particular, CTIA has worked to share information related to the Stolen Phone Checker, including capabilities and how to sign up, through op-eds and written collateral circulated among law enforcement agencies.
In addition to these efforts, the law enforcement community is also working to help raise awareness. In November, the International Association of Chiefs of Police (IACP) adopted a resolution to further encourage mobile network operators worldwide to participate in the global GSMA IMEI Blacklist database.

Search

Just added to your cart:
Qty:
Total:
Subtotal:
Excl. postage 
My Bag
Just added to your wishlist:
Excl. postage 
My Wishlist