Another Legal Smear: This Attack On Rogers Communications

I read a news story over at Techweb which just didn't sound right to me. The story reported that Rogers Communications Top Dog Ted Rogers' phone was cloned along with some of his customers' phones, and used by terrorists to place calls to Pakistan, Syria, and Libya. "Cloned" I wondered? Haven't heard about cloning since the analog 1G days... If terrorists have found a way to clone 2G digital phones, this would indeed be huge news for the cellular industry. But as it turns out, the story is a fabrication, and part of an effort to smear Rogers. What really happened is that a Rogers subscriber, a lawyer named Susan Drummond, lost her GSM phone, and the phone was subsequently used by someone to place CDN$12,000 in calls to the Middle East. But Ms. Drummond failed to report the phone stolen until she received her next bill. For that reason, Rogers maintained that she was liable for the calls (which could have been prevented if the phone were reported stolen). Ms. Drummond then sued Rogers, and began researching the issue of phone fraud, at which point she learned that Rogers CEO Ted Rogers' phone was once cloned - a point which she mixes in with her own tale. But Ted Rogers' phone was cloned in 1997! Yep, nine years ago on his old analog model. Breaking news indeed. Ms. Drummond has aggressively been trying to defame the security aspects of Rogers GSM networks as a extortion tactic to get them to erase her bill, which according to The Globe and Mail, has been successful. But this extortionists claims aren't justified: whether perfect or not, Rogers GSM security was never compromised. Ms. Drummond would do better to review her own security procedures: if your phone (or credit cards, etc) are lost or stolen...duh...report it and cancel the account. Rogers may not be perfect (no carrier is) and their fraud detection systems should be called into question here: they should have detected the odd pattern of calls and put out a red flag. But let's not let the extortionists mix nine year old history, security red herrings, and a fear of terrorists into a smokescreen for their own mistakes. Click Read More below to learn more about cloning.Back in the analog days of cellular (or 1G) criminals could "clone" a phone by using radio scanning equipment and simply listening in on the frequencies that the cellular carriers had licensed. When a legitimate cell phone user nearby made a call, the criminals could grab the ID and account numbers of the legit phone. They could subsequently mimic that phone and place calls which would be attributed to the victim's account. This proved to be a lucrative business for organized crime. The steadily had teams out "grabbing" accounts, and would sell "free" cell phones to others on the black market. The organized criminals also set up shops in basements and out of the way back rooms. In the shops, they would sell "Cheap Calls" using word of mouth advertising. People who had relatives in distant lands, or who wanted to conduct illicit business, or who wanted to just save a buck would stream into these call shops pay cash for overseas calls using cell phones provisioned with stolen accounts. It was for this reason that carriers tried to develop fraud-alert systems that would sound an alarm when a phone that had been used to make only local calls for 10 months suddenly called Eritrea or the Philippines to the tune of thousands of dollars. The fraud detection systems, however, are like modern spam-catchers. Some fraud still manages to get through, while some legitimate users get blocked. Carriers need to avoid blocking phones, because legitimate users who get blocked get very angry. For example, the carrier who blocks a users cell phone because of an unusual pattern may find a legitimate customer that is very displeased that their phone stopped working when they tried to call their father in Pakistan after hearing their mother was ill... In 1995, the first digital phones began to emerge, and today form the vast majority of phones used. Digital phones can be cloned, but the effort required, and the equipment required to do so is beyond the reach of of most organized crime syndicates. There have been no reported cases. Rogers says it has some 150,000 customers using legacy analog phones, and these are usually customers who either refuse to upgrade because they don't like change, or rural customers who have found that their analog phones have slightly better range than digital counterparts. By the way, the carriers, including Rogers, ate all the costs for these calls made from cloned phones. The reasoning was that, through no fault of the customer, the phone was cloned, so the carrier needed to erase the bill. This cost the carriers dearly, because it wasn't just their money, but the international carriers needed to get paid, as well as the local carriers in the destination country. Analog cellular carriers had to pay these other businesses real money, but also had to erase the bills of their own customers. So why did Rogers pay the bills before, but would not pay Ms. Drummond's? Because it was her fault! She lost her phone, and didn't report it. Why should Rogers be held responsible for each of their customers' personal security habits?