The Colombian cellphone registry to counter cellphone theft and why it is bad for human rights
The Colombian General Prosecutor said recently that the blocking of IMEI is not working. He is talking about a registry created in 2011 that aims to reduce cellphone theft by blocking reportedly stolen phones of Colombian networks.
Fundación Karisma has been following this program and now, after six years of implementation, it is clear for us and for our institutions, that the registry is not working as intended. Even more, the research report launched by Karisma the first of September shows that it affects our rights to privacy and freedom of expression.
Along with the report, Karisma has launched a serie of multimedia pieces that explain the problems found with the registry. Here is a summary guide in English to the problems we found and what can we learn about them.
What is the registry?
In 2011, the media reported the death of a priest in Bogotá because thieves wanted to steal his cellphone. By that time, around 400 people were killed in order to take their cellphones and more than 1.6 million devices were reported as stolen. Building upon that pressure, the Ministry of ICTs issued a decree to establish a measure to reduce the incentives for thieves to go after cellphones and thus reducing theft and related crimes.
The decree, followed by a law and rules by the Telecommunications Regulator set a registry consisting of:
(1) lists of IMEI, or databases, as the legal documents call them, and
(2) a verification procedure
The core idea of the registry is that every legal device is allowed to work on mobile networks because it’s listed in a “positive database”. Whenever a cell phone is stolen or lost, its IMEI is recorded in the “negative database”. Mobile carriers should block any IMEI listed on this negative database barring them from working on their networks. Also, to keep both lists operational and effective, a verification procedure was devised. Based on communications metadata, the activity of each cellphone in the Colombian networks is monitored to detect counterfeit or duplicated IMEI, along with devices that lack a certificate of conformity.
What is the problem?
The registry poses several problems from a Human Rights perspective.
First, each IMEI is tied to a person’s ID because the registry demands carriers to record IMEI, IMSI and telephone number along with the owner’s name, ID and address. These registry mechanisms have been rejected by the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression of the United Nations because they eliminate the possibility to communicate anonymously. This allows the tracking of people and simplifies the surveillance of communications.
Second, the verification procedure uses communications metadata, bypassing the constitutional protection recognized for communications content. The list of requirements for data retention that mobile carriers have to follow, may fill voids in surveillance communications law, which effectively reduces the protection of privacy and data protection rights.
Finally, the system affects Human Rights and is not effective. The same results currently achieved can be reached without the registration of people’s ID and the use of metadata. Sharing the list of stolen cell phones may be as effective and less invasive than the current registry. Moreover, using only the negative list of IMEI is how it works generally in other countries and it is the way GSMA promotes the use of the system.
Want to learn more?
Fundación Karisma has launched a research report along with the website karisma.org.co/nomascelusvigilados to explain the cell phone registry in Colombia and its problems. Most of the material is in Spanish, still you will be able to find two key pieces in English: an animated video called The war against phone theft in Colombia and the executive summary of Karisma’s research. Read and share!