Crime has spread like cancer throughout communications networks. One reason for this is that people working within the industry are often unable to tell the difference between lawful and unlawful behavior. If highly specialized professionals with an intimate understanding of technological and commercial details cannot distinguish between lawful and unlawful activity then no politician, bureaucrat, lawyer or member of the public will be better at discriminating between the two. We have allowed impenetrable blizzards of words to blind us to the illegality of some business practices that are widespread. To make matters worse, some of the most abusive practices are orchestrated by people who claim to be protecting us from harm.
Gobbledegook has gotten in the way of a clear understanding of how the communications industry works, and when it misbehaves. Consider this simple example. Just a few months ago I found myself publicly arguing with a former FCC lawyer who unequivocally stated that some communications traffic is neither legal nor illegal. Working for a telecoms regulator had somehow warped his understanding of the fundamentals of law. Every first-year law student will have been introduced to the maxim that “everything which is not forbidden is allowed”. However, the FCC is producing lawyers who believe there can be network traffic which is neither forbidden nor allowed at the same time.
Lawyers like this have become confused because of how long it takes the legal system to determine the legality of what occurs on networks. To use a simple analogy, if a person is killed in 1983 and the murderer is tried and found guilty in 2025 then the law was broken in 1983, not in 2025, even if nobody in 1983 could tell if the killing was accidental or deliberate. Communications networks are being used to commit an enormous number of crimes at the speed of light, but our legal systems have proven incapable of responding in timely fashion. In many cases our legal systems never respond, with the result that unlawful activity continues unabated. What occurs is still a crime, even if the laws are never enforced and the crooks are never found guilty.
The legal profession should exhibit mastery over the meaning of words, but it has not been helped by the chicanery of businessmen and technologists who use words to obfuscate facts. The industry has long faced challenges that are variously described as fraud, abuse or arbitrage. The definitions of these terms have been debated, often because some players are trying to legitimize their actions. Or to put it another way: many telecommunications players cannot agree on what is good and what is bad!
In the UK, it took well over 20 years for simboxes to be made illegal. Prior to that, the law was opaque and cases were bogged down in the courts. In the meantime, opportunists continued to profit from the use of simboxes. When operators cried foul, the opportunists said that they were simply offering an alternative to official termination. In other words, they used routes which were ‘gray’, rather than those which were black or white. The term ‘gray route’ is a euphemism, used to legitimize the illegitimate. Traffic that is being delivered outside the officially supported routes is labelled as gray because that sounds a lot better than ‘fraudulently’ or ‘illegally’ terminated.
For several decades, no product has been exploited more than SMS. Operators would set their termination rates and naively expect to collect them. However, in the absence of an SMS firewall, there were plenty of fraudsters that would happily use illegitimate routes to terminate traffic. They would not describe themselves as fraudsters, nor would they describe their routes as illegitimate. The word ‘gray’ has been used to convey the same meaning but without the more obviously negative connotations. In many cases, these fraudsters were, and continue to be, some of the biggest players in the SMS business.
Once operators brought in SMS firewalls, a game of cat-and-mouse commenced as the fraudsters tried new tricks to bypass firewalls and charging. I do not think anyone seriously suggests this traffic is anything other than fraudulent, even if it is generously labelled as ‘gray’. Everyone knows that a termination fee needs to be paid, and if the cost of terminating a message is less than the termination rate, something is wrong. If you are buying a Luis Vuitton handbag for $100, you know it is either fake or stolen!
Whilst the case of SMS is very well understood, there is an associated case that is not so well understood and which relates to the status of a customer’s phone number. You may have heard about number portability queries and Home Location Register (HLR) queries. These two similar services overlap but they are actually very different.
- Number portability dips are a service that allows a user to query the status of a number and to identify which network the number belongs to, even if it has been ported from one network to another. Legitimate services source official data from the various number portability databases and do so with permission. There is nothing to criticize about this. The illegitimate providers of this service may use stolen data, data accessed in breach of contract or even unofficial data built up by caching the recipients of traffic that has been successfully delivered in the past.
- HLR dips are very different. This service uses a real-time query, to an operator’s HLR or Home Subscriber Server (HSS), to identify various subscriber attributes. Examples of these attributes include whether the number is valid, what is the full IMSI, the connection status, the roaming status, and call forward settings. Accessing this data can be very useful, but it is also problematic. HLR query providers almost never have permission to access this data.
I am aware of only a handful of operators that have consented to HLR dips, all of which are in the UK, since the UK does not have a central number portability database. Businesses that offer anti-fraud services, like the verification of a phone user’s location, may be providing this service by executing HLR dips without permission.
Services such as HLR dips developed at a time when there were no alternatives. They satisfied a need. However, that does not make the theft of subscriber data any more legitimate. There are various ways these thefts cause harm to telcos.
- Lost revenue and lost investment from their own API services that fully meet the same data needs.
- Lost revenue from A2P SMS. One of the main motivators of HLR dipping services is to save SMS aggregators money. If an aggregator is saving money, someone must be losing money.
- Additional signaling costs with no incremental revenue to cover the fees.
- Breach of data protection rules, including GDPR, with respect to the safeguarding their customer data.
It will not be long until the reputation of the communications is further tarnished by a court case that examines the way HLR dipping exploits customer data. When it does, public relations goons will issue press releases that also twist the meaning of words. Instead of learning about wrongdoing so businesses behave better in future, these manipulated interpretations of the facts will be spread far and wide, further confusing industry insiders about the legality of their own actions.
All of these are serious challenges, and more so in an environment of ever-increasing focus on subscriber security and operator profitability. It is time to stop referring to this theft of data as a ‘gray’ business. HLR dippers are engaging in plain and simple theft. Some of the providers of these services also claim to be protecting us from fraud; can you think of anything more ironic?



