Boffins propose Pretty Good Phone Privacy to end pretty invasive location data harvesting by telcos

Ready to go for telcos, but what's their incentive to lose all that lovely money?

Computer science boffins have devised a way to prevent the location of mobile phone users from being snarfed and sold to marketers, though the technique won't affect targeted nation-state surveillance.

"We solve something that had previously been thought impossible – achieving location privacy in mobile networks," Paul Schmitt, an associate research scholar at the Center for Information Technology Policy (CITP) at Princeton University, told The Register.

In "Pretty Good Phone Privacy," [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn't betray the location of mobile network customers.

"It's always been thought that since cell towers need to talk to phones then all users have to accept the status quo in which mobile operators track our every movement and sell the data to data brokers (as has been extensively reported)," said Schmitt. "We show how it's possible to protect users' mobile privacy while at the same time providing normal connectivity, and to do so without changing any of the hardware in mobile networks."

In recent years, mobile carriers have been routinely selling and leaking location data, to the detriment of customer privacy. Efforts to alter the status quo have been hampered by an uneven regulatory landscape, the resistance of data brokers that profit from the status quo, and the assumption that cellular network architecture requires knowing where customers are located.

But thanks to evolving networking technology, which has shifted many core cellular functions from hardware to software, it's now possible to redesign mobile networks to limit the availability of location data.

The SUPI (Subscription Permanent Identifier), the paper explains, is the 5G equivalent of the IMSI (International Mobile Subscriber Identity) used in 4G LTE networks. The SUPI gets encrypted before transmission in 5G networks to create a Subscription Concealed Identifier (SUCI); but when connecting to legacy networks, the SUPI like the IMSI may be exposed.

Schmitt and Raghavan describe a new logical network entity called the Pretty Good Phone Privacy Gateway (PGPPGW), which sits between public internet and the UPF (User Plane Function), the gateway that provides global IP connectivity from the network core.

The purpose of Pretty Good Phone Privacy (PGPP) is to avoid using a unique identifier for authenticating customers and granting access to the network. It's a technology that allows a Mobile Virtual Network Operator (MVNO) to issue SIM cards with identical SUPIs for every subscriber because the SUPI is only used to assess the validity of the SIM card. The PGPP network can then assign an IP address and a GUTI (Globally Unique Temporary Identifier) that can change in subsequent sessions, without telling the MVNO where the customer is located.

"We decouple network connectivity from authentication and billing, which allows the carrier to run Next Generation Core (NGC) services that are unaware of the identity or location of their users but while still authenticating them for network use," the paper explains. "Our architectural change allows us to nullify the value of the user’s SUPI, an often targeted identifier in the cellular ecosystem, as a unique identifier."

Not illegal, inventors claim

PGPP is not intended as a defense against law enforcement or intelligence agencies, though the researchers believe it would limit bulk surveillance of mobile customers. Its primary focus is defending against the surreptitious sale of location data by network providers.

"Our aim is to improve privacy in line with prior societal norms and user expectations, and to present an approach in which privacy enhanced service can be seamlessly deployed," the paper says.

The technology may improve the privacy of cellular network architecture but it leaves adjacent privacy issues unresolved. It does nothing to prevent apps from gathering location data, it doesn't provide voice or text privacy, and it doesn't address the tracking of hardware identifiers like IMEI.

The paper argues that PGPP is legal because while CALEA (Communications Assistance for Law Enforcement Act) requires that communication providers offer lawful interception of voice and SMS traffic, a PGPP-based carrier would be data-only, with third-party voice and messaging services, and CALEA compliance would be handled by providing access to communication data in the form of raw (and probably encrypted) network traffic via the UPF gateway.

But just because it's legal doesn't mean that MVNOs will rush to disavow data sales revenue and to implement technology that puts their customers' interests above their own.

More realistically, Schmitt argues PGPP will help mobile operators comply with current and emerging data privacy regulations in US states like California, Colorado, and Virginia, and post-GDPR rules in Europe. ®

Other stories you might like

  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover attempt

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading
  • Amazon investors nuke proposed ethics overhaul and say yes to $212m CEO pay
    Workplace safety, labor organizing, sustainability and, um, wage 'fairness' all struck down in vote

    Amazon CEO Andy Jassy's first shareholder meeting was a rousing success for Amazon leadership and Jassy's bank account. But for activist investors intent on making Amazon more open and transparent, it was nothing short of a disaster.

    While actual voting results haven't been released yet, Amazon general counsel David Zapolsky told Reuters that stock owners voted down fifteen shareholder resolutions addressing topics including workplace safety, labor organizing, sustainability, and pay fairness. Amazon's board recommended voting no on all of the proposals.

    Jassy and the board scored additional victories in the form of shareholder approval for board appointments, executive compensation and a 20-for-1 stock split. Jassy's executive compensation package, which is tied to Amazon stock price and mostly delivered as stock awards over a multi-year period, was $212 million in 2021. 

    Continue reading

Biting the hand that feeds IT © 1998–2022