UK Reg Decides Crime Prevention Does Not Justify Handset Locking

Ofcom, the UK’s comms regulator, has proposed that British telcos will no longer be allowed to lock handsets to their networks, as part of a wider plan to make it easier for customers to switch suppliers. Their consultation document discussed the merits of locking handsets to deter criminals, but judged that the practice “may not be essential” to reducing fraud.

Whilst there are various arguments for and against the locking of handsets, there is one obvious motive for Ofcom’s plan; the UK regulator seeks to ensure compliance with the European Electronic Communications Code, a Directive of the European Union. This begs the question of why compliance is still considered necessary when the UK has conclusively decided to leave the European Union by re-electing Boris Johnson’s Conservative government.

The regulator’s consultation document provides only a superficial analysis of the risk of handset fraud. Two networks sought to justify their locking of handsets, but no facts or figures about the extent of crime were presented.

BT Mobile/EE and Vodafone told us that device locking was an important tool in reducing fraud, bad debt and device theft. For example, they say that device locking helps to reduce the risk that a pay monthly customer obtains a phone as part of a long-term contract, but then defaults on the monthly payment to that provider and uses the phone on another network. By making this more difficult, they consider device locking may help deter fraud and keep providers’ costs down, which in turn would feed through to a benefit to customers in terms of lower prices. Without device locking, their costs and potentially prices may rise.

BT, which has two separate brands for its mobile services following the acquisition of mobile provider EE, also argued they had witnessed the benefit of implementing new network locks.

BT Mobile/EE also said its experience of introducing device locking at BT Mobile suggested device locking was effective in reducing fraud. BT Mobile/EE advised that fraud is most likely in the initial months after a device is acquired, and that this is the period when locking would have potential benefits for reducing fraud.

Ofcom offered a very simple counter-argument: not all operators lock handsets.

However, mobile operators other than BT Mobile/EE and Vodafone manage fraud and bad debt without locking devices. This includes large operators such as O2 and Three which had previously sold locked devices and moved to selling unlocked devices, as well as the major mobile virtual network operators (MVNOs).

Presumably the same logic would mean society could manage car crime without anyone pressuring manufacturers to install car alarms, because some people have cars that do not have alarms. It is telling that nobody has determined whether the likelihood of fraud is higher for telcos who unlock handsets.

Another key argument was that UK telcos already have a common database of handsets which cannot be used.

In addition to the credit check processes that can be used for any other product, for mobile devices there is a ‘blacklisting’ process, by which mobile providers in the UK keep a shared database of devices that are registered as lost or stolen. Three told us that in light of such blacklisting capabilities, its view was that locking devices to networks would not have any discernible impact in preventing fraud.

Meanwhile, organized criminals are willing to spend a million dollars on bribing US telco staff to unlock handsets so they can be resold abroad. It is hard to understand why anyone would think a national blacklist is sufficient to protect telcos when so much of telecoms crime is international in nature. But it does not help that there are telcos who argue against methods used to prevent fraud.

Another mobile operator O2 said that locking was of limited use in terms of preventing fraud. This was because fraudsters and thieves can find alternative ways to unlock devices without going through their provider’s official process. That it is possible to unlock some devices without going through the provider’s official process is consistent with some indicative survey evidence that has found a proportion of customers unlock devices in other ways than through their provider.

Ofcom is referring to a question in a survey which was answered by just 49 phone users. That means their ‘indicative’ evidence is the unproven claims made by just 13 people.

So whilst the USA has captured criminals who literally spent a million dollars on bribing telco employees to unlock handsets, Ofcom somehow failed to weigh that number against the 13 people who said their phones were unlocked by somebody other than their provider. Perhaps they are ignorant of the situation in the USA, where Verizon reported a sharp rise in theft of their unlocked handsets. And maybe they failed to see the GSMA report which says 4 million handsets are trafficked from the USA each year. Or perhaps they think freely available data from the US market is less relevant than achieving regulatory harmony with the European Union. Whatever research they did, Ofcom presented no hard data before deciding that unlocking phones need not have any ‘essential’ impact on crime.

On balance, while we accept that locking mobile devices may help reduce fraud and bad debt, the fact that other providers manage fraud and bad debt without device locking suggests that device locking may not be essential to this.

Ofcom’s consultation on switching telcos and unlocking handsets can be found here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.