Gary Davis, global senior director for privacy and law enforcement requests at Apple,....said.... 'It is necessary for me to refute the suggestion that we somehow benefit....'"

My iphone gets nicked, so I buy a new iphone. The stolen iphone gets sold on and the new iphone owner buys apps and accessories from Apple. In many cases the owner of the new iPhone will end up lockedi in the Apple ecosystem and buy more Apple stuff. Apple makes extra money three ways from my phone getting nicked, so it's clearly not neccesary for Davis to refute the fact that Apple benefits from thefts. The committee should have done more than laugh at him, they should have called him out for the liar that he is.

> My iphone gets nicked, so I buy a new iphone. The stolen iphone gets sold on and the new iphone owner buys apps and accessories from Apple.

But what about those phones that get stripped for spares? Think of the money Apple *loses* when repairs are done cheaply by 3rd parties.

(Warning: post may contain irony.)

A) Is this supposed to become a Lex Apple or will "the cloud" be defined for every vendor differently?

B) What a gift for privacy-invading PII-resellers ...

I had the same thought.

What the hell is he talking about?

no, it's still written in a ROM at the factory and can't be modified easilly.

Chagig the IMEI means that you eed to locate the right chip, unsolder it, transfer all it's content, except the IMEI, on a new chip, put in that new chip the IMEI you want, solder the new chip...

So not something that can be done in a hurry.

IIRC 30+ years ago, when GSM (2G) was brand new IMEI blocking was sold as the way to make sure your phone couldn't be used by a thief... and all the operators told you to keep that number around and give it to the police so that they could send it to the operators for blocking.

Whatever the cops want, don't do it. Never is the span of history have cops been on the right side of it.

In this case, they are extremely strongly on the right side. If a device is stolen, with a police report to indicate this, brick it. But the manufacturers (who make money off of people buying replacements) don't want to do this.

Try reporting a stolen car or bike to UK police.

They jot down the details and then ignore it.

So we are expected to believe that the police are wanting to put resources into deterring phone theft?

What the UK gov wants (ok, what MI5 and the Met want) is a mechanism in place to remotely disable people's phones. Going to a Greenpeace demo? The ISMI catchers will capture all the IMEIs within a radius and those phones will be suddenly disabled as the kettle is being put in place. End of text-based demo management, end of camera functionality.

I don't think Apple or Google (except in relation to the Pixel) should be responsible for this. At least some mobile handset manufacturers already implement remote locking technology like Samsung's Knox. I imagine Apple have something similar and Google Pixel has something similar too. Cheapo brands might not but they could do and if the government wanted to make it mandatory they could.

I imagine Apple have something similar

They offer "Lost Mode", which means that (if Find My Phone is turned on), when the phone contacts Apple, it is put into Lost Mode.

IME blocking is something done by network providers, and would require Apple to work with network providers. They don't do that. Apart from people who want to have Apple phone tracking turned off, I don't know if it would have any advantage.

Telecos from many countries already use an international stolen IMEI blocklist. If there were a problem with this as Apple and Google maintain, we'd have seen it by now.

There are several problems with it, but none of them are the ones mentioned by Apple and Google.

The main one is that - outside of Europe and North America - not many operators are signed up to use it. This is slowly being addressed.

A secondary issue is that most of the operators who are signed up only use blocklists for device stolen in their own country - so if you export the stolen device, it works again.

A third is that while the IMEI is usually stored in write-once memory on the device, it has to pass through layers of rather less secure software before it reaches the network. Intercepting and changing the IMEI is illegal in the UK. But so is stealing the phone.

And so on....

That said, it is a relatively simple way of making life more complicated for purveyors of stolen phones. It's far from watertight though.

you can't really change the IMEI, even with software... Since it has to be part (in one form or another, nowadays in 5G only something encrypted derived from IMEI and the IMSI is sent [I won't go in more details, you can read the 3GPP specs] ) of the first messages exchanged by the phone to connect to a PLMN.

.. governments should actually do their job and have rigorous enough policing to prevent theft and catch those that do it, and adequate punishment and rehabilitation for those caught.

It'll never happen.

> .. governments should actually do their job and have rigorous enough policing to prevent theft and catch those that do it, and adequate punishment and rehabilitation for those caught.

In other news, I'm looking forward to receiving a refund for the costs of locks on my doors and windows...

Onwurah asked: "Why can't you do what the Met Police is asking for, which is to block it on the basis of the IMEI?"

Wingrove explained that the IMEI is connected to the cellular modem of the device and is a construct from the telecom industry. "The IMEI is actually the identifier for the business relationship that the carrier has with the victim of theft. The IMEI represents that relationship. Our relationship with the user is through the Google account," he said

Yeah, Google accounts in no way have any relationship to the device on which they're used. My device's operating system has no relationship to Google, and Google clearly have no way of knowing the IMEI number of the device I'm using the account on. How could they possibly lock it out of their cloud services at a platform level when reported stolen?

MPs pass dumb laws like the Online Safety Act that try to turn behavioural problems into technology ones, and yet here we have a clear-cut case where the technology exists and could be applied with relatively little effort - just legislate for it!

All phones' OSes have access to the phone's IMEI - having the OS check online if the IMEI is on a block list is not rocket surgery

The network itself checks that when you try to connect to a telecom network. It's part of the built in stuff that's been there sinnce 2G.

To be allowed on a mobile network the terminal equipment ( parse that as phone ) has to send the IMEI and the IMSI in one form or another depending if it's 2G/3G/4G or 5G.

That's how $TELCOs SIM-Locked phones when SIM-Locking was a thing. They were checking the IMEI and the IMSI and if the phone IMSI was not matching with the Phone IMEI in the database they didn't authorize the phone on the network.

It is also a false statement. The IMSI identifies the subscriber, the International Mobile Equipment Identifier or IMEI identifies the specific device independently of SIM card, IMSI or anything else tying the subscriber to the carrier.

I thought it was a crime to lie to Parliament.

The same potential issue exists with CompuTrace and other BIOS/IP-style remote laptop erase/disable services: Freddy/Fanny Fatfingers at CompuTrace (or whomever) can wipe or brick the wrong device when they're typing the reported-as-stolen device's MAC address into their control computer.

People and businesses have to weigh whether that risk is less or more than risk of data on their stolen laptops being potentially accessed/copied/sold, and that's why it is an option , not a requirement.

"I don't understand, speaking as a telephone engineer myself, why you can't do that."

Greed, they profit from the crimes. They can do it, but it will hurt their income.

BUT - I can guarantee you if a goog or apple executive's phone gets stolen, it will be blocked and tracked down using the IMEI. But you and me,, nooooo, we are the cattle, not the farmers.

Milk us, butcher us, that's all we are to them, something to squeeze for profit.

We are less than cattle. We are livestock feed.

The livestock are small companies and start-ups that are bought after reaching harvest size, er, a certain market status. We are the suckers, er, punters, that feed their growth until slaughter, er, damn, I mean market buy-out or IPO size.

They could disable the phone except to 999 and then if it was a mistake or hacking it would be easily straightened out.

I don't think 999 would want to be dealing with admin mistakes. But you could allocate another number.

Of course, then you have to staff it (across all languages and timezones, as these phones are shipped abroad), and then deal with all the crims calling and claiming they've accidentally disabled their own phone.

Had to look it up as I specifically remember reading articles saying police said drops in apple theft following them making some change like the one requested in the article.

Apparently that change was activation lock. Can't tell when it was put in the news article I just saw was dated 2021 but references 2013 which sounds more reasonable.

Perhaps it assumes the user has to do something special to enable it. I did read an article on how to disable it seems in some cases you can use specific DNS to bypass it (seems simple for apple to block that workaround if they want). Then you can file a claim with apple to justify that you are the proper owner. They can deny the request(they could just flat out not allow appeals if they want). I'm sure it causes headaches for some legitimate sales of incorrectly prepared devices that are sold.

Doing something more extreme seems likely to cause more headaches. Maybe the police or someone can explain why activation lock isn't good enough. At the time it was expected that the feature would render such devices as useful as spare components only.

Activation lock, and you don't have to do anything special. As long as you have signed into iCloud, it's on by default and will prevent anyone else from activating that iOS/macOS device, even if they wipe it. if you to the DNS bypass thing, you can activate it can't ever sign into iCloud with your own account or it will lock down again.

This does not prevent stolen devices from being chop shopped, nor does IEMI lock.

It occurs to me that a phone that was verifiably inside the UK, when reported stolen, and which is now located outside the UK - is almost certainly stolen. That's a "tell".

Another characteristic sign is that the phone will be factory reset and a new account installed.

Combine both of these, and it should be safe to shut down. Once a phone with a mark against it is moved outside the UK and has had a factory reset, then any attempt to associate it with any cloud account, except the one it was previously associated with, should be made to fail.

Surely it's the network that has access to the IMEI. I don't use any Google services on my Android and don't see why they should have the IMEI even if I did.

Numpties.