38.4k unique visitors in the last 3 days

UK Sets Precedent for Other Countries by Banning Global Title Leasing

Ofcom, the UK comms regulator, has taken the lead in protecting phone users from network spies. The question is whether other national regulators will follow their example.

The UK’s communications regulator, Ofcom, announced yesterday that it has immediately prohibited new leases of Global Titles (GTs). Existing GT leases must end by April 22, 2026, apart from two specific uses, which will be allowed to persist until October 22, 2026. This decisive action will cause a stir amongst other national regulators who may now face pressure from civil liberties campaigners that want a worldwide crackdown on the abuse of Global Titles. Journalists have previously investigated the links between the misuse of Global Title and multiple crimes committed by state actors and gangsters, including the 2022 assassination of Mexican journalist Fredid Román Román. Ofcom’s decision follows a consultation they ran last year which revealed research showing some telcos were hiding the truth of how Global Title leasing is managed in practice.

Global Title is a kind of address that is used to route information needed by SS7 networks. Inadequate identification of who is using each Global Title has allowed bad actors to query telecoms systems to gather data about phone users without having any legitimate reason to do so. For example, one form of exploitation involves repeatedly pinging networks as if to determine how to route communications to a traveller whilst they are roaming but actually to track the movements of that person. Network spy-for-hire specialists are also believed to have misused Global Title for the unauthorized access of private communications and to compromise one-time passwords sent by SMS. Ofcom shared the following diagram to help explain the intended purpose of Global Title.

The abuse of Global Title is insidious because any entry point on the planet can be used to instigate the monitoring of mobile phones connected to any other network worldwide and there is nothing phone users can do to prevent it. Prohibiting the leasing of Global Title means businesses will no longer be able to rent out a Global Title to another party without being responsible for who is using it or how it is used. However, Ofcom only has ultimate control of Global Titles derived from UK phone numbers. Spies will continue to run rampant across networks unless other countries adopt similar rules. Ofcom’s press release accurately refers to the leadership mantle they have adopted.

Ofcom has today announced new rules that will make the UK a world leader in protecting people from the malicious use of mobile networks.

Natalie Black, Group Director for Networks and Communications at Ofcom, elaborated:

Leased Global Titles are one of the most significant and persistent sources of malicious signalling. Our ban will help prevent them falling into the wrong hands — protecting mobile users and our critical telecoms infrastructure in the process.

Ollie Whitehouse, Chief Technical Officer at the UK’s National Cyber Security Centre, encouraged other national comms regulators to follow Ofcom’s lead.

This technique, which is actively used by unregulated commercial companies, poses privacy and security risks to everyday users, and we urge our international partners to follow suit in addressing it.

The news about Ofcom’s ban was welcomed by Stephen Ornadel, a world-renowned expert in fraud and roaming who has a deep interest in GT leasing.

This is a very welcome addition in the fight to protect the security of subscribers worldwide and the integrity of mobile networks. Ofcom rightly describes this as cracking down on criminal activity and I applaud them for their work. However, it is important to remember, although Ofcom found that networks using the +44 country code were disproportionately represented in the research Ofcom commissioned, this is not a UK problem but a global problem. I now hope to see similar action taken by regulators elsewhere in the world.

I responded to Ofcom’s consultation to express support for the ban during my brief stint as Director of Anti-Fraud and Integrity at the Mobile Ecosystem Forum (MEF). Not all of MEF’s members were enamored with the position I adopted, even though it was consistent with the GSMA’s Global Title Leasing Code of Conduct, as written by a GSMA task force chaired by Stephen Ornadel. The need for regulatory intervention has become increasingly apparent because telcos have not volunteered to comply with the GSMA code.

It previously upset me to see some of the weaselly-worded submissions from businesses that responded to Ofcom’s consultation but I think their tactics have backfired. Instead of getting what they wanted, those firms have marked themselves for special attention whenever they comment on consumer protection proposals in future. Some employees of telcos and their suppliers have convinced themselves that they can run circles around regulators, but at least one regulator has demonstrated they can cut through the fog of disinformation and see the true extent of the danger to the public. That is why Ofcom’s bravery needs to be applauded and supported by professionals who care about securing phone networks and are able to speak freely. The US Federal Communications Commission (FCC) has also consulted on the need for tougher privacy safeguards surrounding Global Title, but Ofcom has taken a definitive stance whilst others continue to dither. The abuse of Global Title is too obscure a topic for most of the public to be aware of the risks. Professionals have a moral duty to pressure governments and regulators to follow Ofcom’s example.

This summary of Ofcom’s decision is very abbreviated; their statement is 116 pages long and it will take me a while to digest it all. More importantly, it will take wiser people than me some time to interpret all the ramifications so they can explain them to the rest of us. Nevertheless, I am grateful to Ofcom for references they made to two recent Commsrisk articles (here and here). These articles explore connected questions about data which needs to be exchanged for the proper functioning of networks but which is potentially being exploited by businesses without consent and without a legitimate exemption to privacy laws. Trying to clean up the communications industry often feels like a never-ending war, but an important victory was secured yesterday.

Ofcom’s statement on measures to address the misuse of Global Titles is here. It is one of many documents relating to the Global Title consultation which are available here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email