Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Azerbaijan wants to register mobile phones

planetary planetary at plntry.net
Mon Jan 9 16:51:54 PST 2012


In the US, CALEA requires that telecom service providers and equipment vendors not interfere with the ability for an LEA to surveil communications in real-time, and @ the time of implementation in '07 required them to regressively update their products.  So, no true E2E encryption for a publicly available service in the USA is strictly legal.

The WP article is a fairly good intro to its provisions. http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

We are aware that vendors supplying equipment into the US and close diplomatic allies tend to support CALEA requirements regardless of whether it's actually in force in a given territory - in part because it's the same units shipping globally that need to support the heterogenous LEA reqs, in part because there is significant soft pressure for allies - particularly those bordering the US - to comply with CALEA requests.

Believe that some of the corporate policy-based prepaid identification reqs are modeled around, if not required by, by the KYC provisions of PATRIOT (Know Your Customer, referring to ID data collection reqs for financial institutions.)  

On Jan 9, 12, at 3:47 PM, Pavol Luptak wrote:

> Hi!
> 
> On Mon, Jan 09, 2012 at 12:00:30PM -0500, Katrin Verclas wrote:
>> 
>> Are there any emergency or national security laws that allow the government to gain control of mobile network (e.g. suspend network, conduct interception, etc)?
> 
> Data retention law (at least in the EU):
> https://en.wikipedia.org/wiki/Telecommunications_data_retention
> 
>> Article 16 entitles the government during times of martial law and state of emergency "to preference in use of necessary telecommunication nets, units and means and can stop, limit their use or apply special rules for use of communication."  New rules require all operational mobile devices (cell phones) in the territory of Azerbaijan to be registered at Mobile Devices Registration System (MDRS). MDRS is not ready yet and is to be set up by the Ministry of Communication and IT. All cell phone carriers will have to connect their networks to MDRS. Information required for the system will include cell phone's IMEI code, a number associated with that phone and serial number of the SIM card. A cell phone will work only with a number associated with it and registered at MDRS. Otherwise, cell phone operators will have to block it.In practice, it means the government will be able to switch off every phone in the country.
> 
> This is also possible in Slovakia/EU if there is a "suspicion" (which can be
> quite unclear what is the "suspicion") and consequently obtain court order...
> 	
>> Are there any restrictions on encryption, including on VoIP? Is encryption allowed or forbidden? 
> 
> I think it is illegal in the EU to provide _publicly_ end-to-end calls
> encryption (without possibility of interception for legal/secret agencies).
> At least in Slovakia, if you decide to find out "ultra secure mobile operator"
> and provide end-to-end encrypted calls without possibility to intercept these
> calls by legal authorities, you will not receive an official license for this
> business. What practically means that this kind of business is illegal.
> 
> Of course you ca provide end-to-end encrypted calls for private companies,
> organizations, etc., you can sell crypto phones and all other crypto devices,
> but you cannot offer completely public end-to-end call encryption services
> for all people...
> 
> I guess the situation is similar even in the US - I don't know if it is legal
> to provide encrypted voice calls services _publicly_ (for all people) 
> without possibility of interception of legal/secret agencies.
> 
>> The telecom law does not specify any restrictions on encryption.  VoIP service is considered a form of communication and requires a license (source: http://news.day.az/hitech/69561.html).
> 
> That's also true in the EU. If you are VoIP service provider, you also need
> to follow the data retention law... 
> 
> I believe the situation in Azerbaijan is really bad, but probably not so worse
> than in the other developed countries :-(
> 
> Pavol
> -- 
> _______________________________________________________________
> [wilder at trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678]
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120109/3e2bea5f/attachment.html>


More information about the liberationtech mailing list