A Stolen Device Database is Coming, and it’s Bad News


Yes, stupid. It’s not news that global theft of smartphones and other high-end electronic devices is a growing problem. These devices are becoming smaller, more powerful, and more expensive. As targets for theft go, you’re probably at the top of the list if there’s an iPhone 5 in your pocket. This is a serious problem on so many levels (from the cost of devices, to the potential loss of data to the clear invasion of privacy and other serious implications). The news is that what is being offered to fight this problem is so wrong.Recently, big news comes from the Canadian Wireless Telecommunications Association (CWTA) regarding the planned creation of a database of cell phone identifiers that will “…address the serious problem of cell phone theft“, said Christian Paradis, Minister of Industry. Clearly, this is a move to get cell phone carriers to supply a list of blacklisted devices as well as let users report theft, and keep those phones from working. With a reported 85% of Toronto street crimes being cell phone thefts, I imagine they think they’ve gotten the upper-hand on a thief by doing this, but this idea is incredibly misguided and stupid.

Beginning Sept. 30, 2013, users will be able to register their phones as stolen, which will be added to a database. It’s not entirely clear what measures will be taken to ensure the reports are authentic. Then, carriers will routinely check the database and refuse to activate devices if marked as unusable or stolen (by way of a database). In the eyes of CWTA and CRTC, this will make cell phone theft less desirable for thieves. No doubt, all this seems great on paper, but it’s so summarily out of touch with reality, that I couldn’t help shaking my head.

I can think of four horrible ramifications for something like this:

1. This will hurt the thriving secondary (Grey) market. For the many that would like to get a nice phone, but may not be able to afford it through official channels; buying a phone on Craigslist or Kijiji gives them a good low-cost way to get what they want. Legally purchased devices that enter this market can be bought and sold in a perfectly legal manner. A database hovering over buyers and would likely have a serious detrimental effect on legitimate transactions – possibly even kill the market altogether.

2. Criminals won’t be deterred. Exactly the thing the CWTA is trying to stop, will likely see little or no slowdown with this database. Criminals that don’t have technical means to circumvent this, will likely be sophisticated enough to just re-sell phones to unsuspecting people or ship them off to places they will work. The last thing I’d expect a phone thief to do is use the phone and be disappointed when he/she finds out the device is blocked. It’s an absurd notion.

3. This hurts the victims and users alike. Victims will likely have no ability to locate their devices or recover stolen data with this database. A feature like that would go a long way to helping authorities find thieves.  Even worse, the users who might want to buy on the grey market, they may have no way to tell before buying if the phone has been marked adding an unnecessary level of  fear and uncertainty to an already uncertain process.

4. This may respond extremely slowly to requests for change.  With massive databases and no clear way to contact anyone administering them, users will have little swift recourse when this database contains errors. This will only bolster the new phone market and further force users into (possibly) unwanted pricey new phones or subsidized contract situations. It’s hard to imagine a large service provider that handles customer requests so poorly (you know who I’m talking about), would respond quickly and efficiently to changing this database when they’ve been reluctant to do it themselves.

That’s a good list of reasons why something like this is a bad idea, for sure. But, can a database of stolen phones actually work? Yes, it can. But it’s going to need a strong theft authentication regimen when adding a device, a way for anyone to determine (over the web or mobile) if something has been marked as stolen, and a clear and easy way for erroneous reports to be handed swiftly and responsibly. If a bunch of reluctant carriers submit to an un-contactable government entity they grudgingly paid $20 million for – I doubt that will happen.

Indeed, education and awareness are also important. The Protect Your Data initiative is a great start. Education is always the best way to combat problems of this nature. A great next step for them is showing users how to setup remote phone location and remote wiping.