GATINEAU – The CRTC has told Canada’s wireless companies that their collective inaction when it comes to the loss or theft of customer handsets – and the personal data those mobiles contain – will not be tolerated.

Back in the summer, the Commission sent a letter to the Canadian Wireless Telecommunications Association asking what the group and its members (which include all Canadian wireless carriers, big and small) are doing to keep track of lost or stolen mobile phones and help their customers who are impacted. In most other jurisdictions around the world, a central database has been created so that mobiles which go missing aren’t able to be reactivated by someone else. If they can’t be used again, their value is limited. Public service campaigns and other initiatives have also been launched in many other places.

In its July 17th letter to the CWTA, the CRTC asked what the Canadian wireless companies are doing about protecting customers from becoming victims of mobile theft, “especially in light of the fact the industry is beginning to bring to market mobile devices that act as ‘digital wallets’.” The Regulator also asked for statistics for the past three years on the numbers of mobile devices reported stolen to the CWTA member companies, broken down by province.

Plus, since stolen mobiles don’t necessarily stay in the country from where were stolen, the CRTC wanted to know if the Canadian wireless industry is considering international initiatives, such as the International Mobile Equipment Identity (IMEI) database, in their strategies to combat mobile device theft.

In the U.S., for example, the Federal Communications Commission has partnered with a number of wireless carriers, the CTIA and police departments to create a database to track stolen and lost mobiles in order to deny them data and voice services altogether, the CRTC noted in its letter.

So, our Regulator wanted to know, what are we doing here? As it turns out, the Canadian carriers appear well behind the rest of the world.

The CWTA’s answer to the July letter showed Canadian wireless carriers doing little on this file, in comparison to other countries. Canadian carriers aren’t collectively tracking stolen handsets, are not contributing to the global database on stolen mobiles, are seemingly doing little to inform their customers about handset theft and are not very well involved internationally with trying to combat this problem.

The CWTA responded to the CRTC by saying its board of directors decided in May of this year to strike a working group on the matter and that it “is undertaking its initial analysis.” However, when it comes to statistics on stolen or lost wireless handsets in Canada, while the companies do track the data, it is in different degrees of detail and the companies do not share the information among themselves as they all consider data on lost and stolen phones “competitive, proprietary and confidential," reads the letter.

That said, the CWTA noted that some kind of statistical foundation is needed as a baseline and that it would provide a report to the CRTC “by late 2012 or early 2013.” Also to happen in that timeframe is the debut of a public awareness campaign for consumers to show them steps they can take to protect their data in the event they lose or have their smartphone stolen. Right now, Canadian carriers do tell their customers what to do if their device it lost or stolen (such as Rogers’ web page here), advise their customers to back up their data and sell insurance for a lost, stolen or damaged phone, and even try to help customers find them, but these warnings and information are not easily found on the corporate web sites.

The association also submitted a report outlining some handset security measures around the world and explained how the IMEI (launched in 2004) works and which countries are involved. No Canadian operators have fully connected to that database, although Rogers Wireless has activated an IMEI test account. That CWTA report also noted there is a bill before the U.S. congress called the Mobile Theft Deterrence Act which would make it illegal to alter or remove the identification number of a mobile device.

There is no legislative push for anything like that in Canada and the CWTA letter also made it seem as though its members saw little benefit in joining the IMEI database, adding that action against mobile phone theft was best accomplished in concert with legislation and law enforcement.

The Association’s reply letter to the CRTC also added: “CWTA reiterates that the establishment of statistics that reflect different corporate methodologies, across dozens of CWTA members, with respect to the collection and reporting of proprietary information, will require an adequate amount of lead time and a considerable outlay of financial resources.”

On Friday, the CRTC sent a letter back to the CWTA saying, and we’re paraphrasing here: “Dear CWTA, Not good enough.”

“The Commission takes the issue of lost and stolen mobile devices seriously, including potential privacy concerns, and to date is not satisfied with the responses filed with the Commission by the CWTA,” said the letter to CWTA president and COO Bernard Lord from CRTC secretary general John Traversy. It also wants answers to all the questions it asked in its first letter by November 30th.

“With respect to the question of statistics and their availability, though the Commission appreciates that there may be some challenges related to the coordination of the collection of statistics in the short term, the Commission does not view a timeframe of ‘late 2012 or early 2013’ as reasonable. As such, the Commission considers an additional 60 days is more than sufficient for the CWTA to survey its members and to process the data, especially in light of the fact that it became aware of the Commission’s request for the statistics two months ago,” reads the Commission’s sharply worded response.

The CRTC has also asked who is on the CWTA’s handset security working group, when it meets, how often, what type of resources are directed to it and whether or not the CWTA has invited law enforcement to participate.

The Commission also wants details on the public education campaign the CWTA has said will get under way in 2012-13. “(T)he CWTA is to provide, in addition to the requested information, a clear explanation as to why such a campaign could not be launched before 2013 in light of the fact that the industry has been considering this issue since the spring of 2012 with the creation of the ‘CWTA Handset Security Working Group’ and the resources available to the Canadian wireless industry,” reads the Friday letter.

The Commission also wants to know why Canadian wireless carriers have not joined the IMEI database. “The Commission is not convinced by the arguments put forward by the CWTA in its 13 August 2012 letter against joining the IMEI database, especially as the Commission is aware that at least one of the members of the CWTA is using that same database for reporting the theft of mobile devices from its retail storefronts. The CWTA is to provide to the Commission a detailed explanation of the costs and barriers Canadian carriers would face in joining the IMEI database.”

The CRTC left no doubt how seriously it is taking the issue of mobile phone loss or theft (which has everything to do with the personal data on the phone and not the device itself, really) by adding an “or else” at the end of its Friday letter to the CWTA.

“It should be noted that if the Commission is not satisfied by the response of the Canadian wireless industry to this issue, the Commission will investigate what further regulatory action needs to be taken to provide the necessary tools to help consumers in this regard,” it concludes.

The CWTA’s deadline to respond to this is November 30th.

– Greg O’Brien

Author