Sunday, December 16, 2007

Datenschutz in Amerika

Why must you record my phone calls? Are you planning a bootleg EP? (thnx, derausqed!) So said the Specials.
Laura Rozen points us to a New York Times story regarding the wider telecoms surveillance effort that led to the great AT&T whistleblower case; it seems as good as certain that they got cracking the moment Bush took office.

What interests me, however, are the exceptions - two carriers refused to take part. One was Qwest - their motto is Spirit of Service, and I recall that at MCI we glossed it as Spirit of Silence, until some nut started sending green-ink emails about how they should be Al Qa'ida Telecom. The other, about which you hear less, was T-Mobile USA. Now, Qwest's motivations remain obscure; but we can deduce something about the program from T-Mobile.

T-Mobile is, of course, the mobile division of Deutsche Telekom; it bought the former Voicestream assets in the United States, and is now rolling out a UMTS network. The company is the biggest mobile operator in Germany, the fourth-biggest in the UK, and the fourth-biggest in the US. Being a GSM/UMTS operator, it can offer transatlantic roaming; and here is the rub.

When one of T-Mobile's European customers gets off the plane in the US, their mobile phone will send a CC SETUP message to the loudest base station it can hear whose network ID is in its list of available roaming partners. It will try to get on to T-Mobile's local network by preference; if it does so, the base station controller (RNC for 3G purposes) will send a signalling message to the switching centre requesting that the subscriber be added to a local database called a Visitor Location Register (VLR), which holds a list of all roamers on the network. This is used to authenticate attempts to make calls from the number, and also to route incoming calls to it.

In order to check if the number is indeed from the network it says it is, and that the subscriber is in credit, a further signalling message is spawned to the home network to look up their Home Location Register (HLR), their master database containing all their subscribers. This will also cause a lookup on the BSS (Billing Support Subsystem), and will amend the HLR so that calls to the number are routed to the visited network.

We're now in a position to roam. There are two ways in which that works - one has all traffic to or from the roamer routed to their home network's switching centre, the other delegates the switching to the visited network and merely sends signalling messages to the home network. Yes, it's complicated.

Now, if (as seems to be the case) the NSA was trying to hoover up signalling data and call-detail records, this all means that whatever they were doing in the US would also absorb information from the German and UK HLRs. Similarly, T-Mobile USA customers roaming in the UK or Germany would be leaving a data trail sent back by T-Mobile UK or Germany. The reason T-Mobile declined is probably for fear of being taken to German or British courts; because not only the local affiliate, but also the European-based networks, would in a sense have taken part, the distinction of jurisdiction could not save them. And such an act would have been highly illegal; either the German legislation on data privacy or the UK Data Protection Act, as far as I can make out, would have been violated comprehensively.

1 comment:

Anonymous said...

"a bootleg LP", I always heard it as, although old Terry was never the clearest ennunciator in pop.

T-Mobile is quite big among the conspiracy crowd as it is strongly believed that they were the only network to maintain signal in London during the 7/7 bombings, and then shut down suddenly an hour later.

kostenloser Counter