A stricter regime is required for ensuring uniqueness of IMEIs
Mohammad Faisal A.
Analytics | Consulting | Insights | Gadgets | Smart Devices | Startups | Autotech
A month-old notification of DoT has all of a sudden got media attention. The notification declares tampering of IMEIs other than assigning of the same by the manufacturer as an unlawful punishable offense.This is a step in the right direction as it makes changing IMEIs for ulterior motives illegal. This shall prevent using of handsets for criminal and terrorist activities with dubious identity by modifying the IMEIs using software and other techniques.
However, the notification addresses only one aspect of the issue. No doubt, this is a very serious and important issue concerning security and frauds. Especially, when a lot of digital payments are taking place, the uniqueness of the device through IMEIs becomes paramount for law enforcing agencies to detect the origin of dubious digital transactions. But, the notification does not address three concerns.
Ascertaining the genuine one: Suppose there are now two devices on the network with same IMEI. How can the law enforcement agency decide the genuineness of the legitimate one? For this, the agency has to work with the entire value chain, because the operator would not be in a position to help on this. For a simple case where a few devices have the same IMEI, it may even be possible for the investigating agencies to work closely with the entire value chain. But, imagine the real cases where the same IMEI is flashed on thousands of devices. How can the investigating agency decipher which one is genuine?
Cleaning the existing system: The notification bars the flashing of unauthorized IMEIs prospectively. How do we clean the system/networks with the duplicate IMEIs? CMR has done some analysis and as per initial estimates, there are 5-6% duplicate IMEIs in the country of the total subscriber base. It is essential from security as well as sanity purposes that the existing base is also cleaned.
After sales: There are instances, for example, changing of the motherboard, where IMEI gets changed during servicing of a phone. As per the notification, the only manufacturer is allowed to assign IMEI and that too in the initial stage during manufacturing. The current notification does not include authorized service centers to tamper the IMEI for legitimate reasons.
The present guideline only addresses the issue where for unlawful activities someone tries to tamper the IMEI to disguise the device. Even in this the problem is who will report the tampering as both the parties involved will be having vested interests and nobody would bring it to the notice of law enforcing agencies. Else, there shall have to be very close vigilance mechanism but that would also not be cent percent effective and will be prone to loopholes.
So, is there no solution at all? Well that is not the case. There are a couple of solutions available with the industry. I would not go here into the details of the solution, but, would definitely want to highlight that the need is for to have a centralized solution across operators where IMEIs of devices could be compared to find out the duplicates across the subscriber base. Thereafter the solution must have capability to allow the device with genuine IMEI whether already in the network or connecting for the first time.
First published in ET Teletalk on September 25, 2017