photo by StockSnap, via Pixabay
I like to say that the impossible never happens, while the inevitable always does. But one night last month, the impossible happened.
According to telecom industry officials, on the night of Nov. 6-7, some U.S. cellphone users received text messages from friends, acquaintances and loved ones who had died. Thousands of others heard from former sweethearts or estranged relatives who were almost as unlikely as the dearly departed to have reached out with loving greetings.
This sort of thing supposedly can’t happen. Not only can the deceased not get in touch with us over ordinary mobile devices – Ouija boards do not count – but all five of the mobile network operators in this country have insisted for many years that they do not store the contents of text messages beyond a few days or a few weeks, if at all. Yet on the night in question, a reported total of 168,149 customers received text messages that had originally been sent last Feb. 14, Valentine’s Day.
“Awkward” does not begin to describe the fallout – for senders, recipients, and not least for the mobile industry and those who wonder about its security.
Last month’s phantom texts did not prove that dead people can take advantage of SMS technology. They did prove, however, that while the text-messaging privacy claims of our mobile communications providers may be technically accurate, they are incomplete and misleading at best.
The five mobile network operators in this country are Verizon, AT&T, T-Mobile, Sprint and U.S. Cellular. There are other brands of cellular service out there, but they simply lease and resell bandwidth from one or more of these five networks. If you take your cellphone out of the country and turn it on, you will find yourself connecting to one of the networks serving that location. Most developed countries, and some less-developed ones, also boast multiple carriers.
We take for granted that our cellphones will work, more or less, wherever we happen to be. We take for granted that our device can communicate with devices on any network, not only the one we happen to be using. We also expect our device to connect with equipment that isn’t using a cellular network at all, such as when we Skype or FaceTime with Grandma, who is using her home’s cable-based Wi-Fi.
Somebody has to make all those connections. One of the main players in this space is a company most of us have never heard of, even though we may use its facilities every day. That company, Syniverse, was launched in 1987 by another company younger readers may never have heard of, GTE Corp. (GTE was a major communications player back in those days.) Later, Syniverse was owned by Verizon, went public, and then was taken private again in 2011 by the Carlyle Group. It remains in Carlyle Group hands today.
Syniverse has contracts with most of the world’s major telecom players. It handles a lot of behind-the-scenes work, such as identifying your phone and its home carrier when you are roaming on a network in another country. It also delivers text messages.
Syniverse stepped forward to take the blame for the November snafu. According to the company, one of its messaging servers happened to go down on Valentine’s Day. The company blamed an “internal maintenance cycle.” Somehow, the server was not brought back to life until the fateful night nearly nine months later. Texts that had accumulated on the server but that had not been delivered got dumped into the queue, and voila – the Night of the Resurrected Message.
Many recipients were bemused by the delayed-action messages. Some were genuinely distressed. There was a brief flurry of conversation about the foul-up, and then the news cycle moved on. But the implications are more serious than just one day’s worth of text messages.
The incident highlights how complex, and vulnerable to disruption and potential interception, modern communications actually are. An entire industry of computer forensics and litigation support seeks to recover text messages for investigative and evidentiary purposes. Perhaps some of the people in that field have inside knowledge of vendors like Syniverse and have tried to probe them for information, through legal channels or otherwise. Certainly there are foreign adversaries who are well aware of how global communications systems operate, because their countries are tied into our systems. It is now clear, or at least a little clearer, to all of us.
There are also advocates in government, among them Attorney General William Barr and former FBI Director James Comey, who want to limit the use of encryption by ordinary citizens to aid law enforcement, or create back doors in such encryption for the same purpose.
If we needed another reason to understand why these are bad ideas, last month’s incident provided it. According to the carriers’ own stated policies, those long-lost messages should have existed by that date only on the devices that sent them (since they were never delivered). But that was not true – and even the carriers probably did not know it wasn’t true. It is not enough for Verizon or T-Mobile to manage or secure their own systems. Every intermediary along the chain has to be equally secure and equally private to deliver the results customers and carriers expect.
The Trump administration proposed new rules last week that would give the Commerce Department power to block or reverse business deals that would compromise U.S. telecommunications infrastructure. The proposal observes that the “supply chain has become increasingly vulnerable to exploitation and is an attractive target for espionage, sabotage and foreign interference activity,” The Wall Street Journal reported.
This observation is correct. At this point, most of us don’t even know what we don’t know. If our unencrypted messages are landing on third-party servers and passing through third-party equipment, those messages can and will become targets for interception. They will then become tools for blackmail, espionage and other crimes. That’s inevitable – and the inevitable always happens.