Service provider collaboration: Mobile network operators

Contents

Description
Mitigations
Used in repressive operations

Contents

Description
Mitigations
Used in repressive operations

Mobile network operators can provide information about you to an adversary.

They can provide:

Given a name: the phone numbers registered under that name.
Given a phone number: the name under which the phone number is registered and the IMEI number^[1] of the phone in which the phone number is used.
Given an IMEI number: the phone number that is used in the phone with that IMEI number.

Additionally, given your phone number, mobile network operators can provide (current and historical) data and metadata about your phone activity:

The content of SMS and regular calls you make on your phone.
The list of websites you visit on your phone.
Your phone physical location.
Metadata about your use of end-to-end encrypted messaging applications (e.g. when you use Signal and the approximate size of messages sent or received through Signal).

This means that any of the following conditions can allow an adversary, with the collaboration of mobile network operators, to access (current and historical) data and metadata about your phone activity:

Knowing your name (if your phone is not anonymous).
Knowing your phone number, which they can find by monitoring or seizing a phone in contact with yours, using an IMSI-catcher, or through advanced correlation techniques.^[2]
Knowing your phone IMEI number, which they can find by seizing your phone.

Used in tactics: Incrimination

Mitigations

Name	Description
Anonymous phones	You can use anonymous phones to make it harder for mobile network operators to provide useful information to an adversary.
Digital best practices	You can follow digital best practices to make it harder for mobile network operators to provide useful information to an adversary. For example, you can: Not use a phone, or leave your phone at home. Use end-to-end encrypted messaging applications on your phone, instead of traditional SMS and calls.
Encryption	You can encrypt “in-motion” data to make it harder for mobile network operators to provide useful information to an adversary.

Name

Description

Anonymous phones

You can use anonymous phones to make it harder for mobile network operators to provide useful information to an adversary.

Digital best practices

You can follow digital best practices to make it harder for mobile network operators to provide useful information to an adversary. For example, you can:

Not use a phone, or leave your phone at home.
Use end-to-end encrypted messaging applications on your phone, instead of traditional SMS and calls.

Encryption

You can encrypt “in-motion” data to make it harder for mobile network operators to provide useful information to an adversary.

Used in repressive operations

Name	Description
Case against Louna	Investigators used the collaboration of mobile network operators to geolocate approximately 30 phones and intercept their calls in real time.^[3] In particular, investigators used the intercepted calls to: Hear about a meeting outside apartment buildings, set up physical surveillance of those buildings, and arrest two people who went to the meeting. Hear Louna make an appointment with a doctor, then contact the doctor to obtain Louna's personal information, including her address and phone number.
Case against Boris	Investigators used the collaboration of mobile network operators to intercept calls from Boris's phone or the phones of people close to him.^[4] They regularly listened to the intercepted calls in real time and used information from the calls to adjust ongoing physical surveillance operations.
December 8 case	Investigators used the collaboration of mobile network operators to geolocate the phones of the defendants and of people close to them in real time and to record unencrypted phone conversations.^[5] In particular: In one case, investigators could not determine the phone number used by one of the defendants, but had determined that the defendant often moved around with another person, so they geolocated the other person's phone in real time to locate the defendant. In one case, investigators followed one of the defendants as part of a physical surveillance operation, but lost sight of them. In the following hour, they geolocated the defendant's phone in real time to locate them. As a result, one hour after losing sight of the defendant, investigators regained sight of them and resumed the physical surveillance operation.
Bure criminal association case	Investigators used the collaboration of mobile network operators to:^[3] Establish links between people. Geolocate phones in real time. Record a large number of phone conversations, including conversations that took place between the moment a call was placed and the moment it was answered (i.e., while the phone was ringing). Identify the phone numbers that were active around Bure during three demonstrations that took place there in February, June, and August 2017, including 55 numbers that were active during all three demonstrations.
Mauvaises intentions	Investigators used the collaboration of mobile network operators to link phone numbers to civil identities, to know which phone numbers were in contact with each other, to geolocate phones (both retrospectively and in real time) and to record phone calls.^[6]

An International Mobile Equipment Identity (IMEI) number is a number that uniquely identifies a phone.

For example, if an adversary knows that you were in place A on Monday and in place B on Tuesday, and they know from cell tower data that a particular phone was the only phone that was also in place A on Monday and in place B on Tuesday, they can deduce the phone is yours.

Private source.

https://rupture.noblogs.org/post/2023/10/04/no-bars

https://web.archive.org/web/20241215183331/https://soutien812.blackblogs.org/2024/12/15/affaire-du-8-12-analyse-dune-enquete-preliminaire-pnat-et-dgsi

https://infokiosques.net/spip.php?article597