back to article Ofcom fines Three £1.9m over vulnerability in emergency call handling

Brit mobile operator Three has been fined £1.9m after an investigation by UK regulator Ofcom revealed its emergency call service handling was vulnerable to a single point of failure. Ofcom identified the vulnerability when investigating a separate fibre break outage on Three's network in October 2016, which resulted in a …

  1. Andy Livingstone

    Not breach of OFCOM rules?

    If Three did not breach OFCOM rules then what right in law does OFCOM have to impose a penalty?

    1. Alister
      FAIL

      Re: Not breach of OFCOM rules?

      If Three did not breach OFCOM rules then what right in law does OFCOM have to impose a penalty?

      Apparently reading and comprehension have failed here.

      The incident they were investigating - a failure of a fibre link - was not deemed to be in breach of OFCOM rules.

      However in the process of investigating that incident, they found that Three only had one Datacentre handling all emergency traffic, with no failover, which is a breach of OFCOM requirements.

      1. Stuart 22

        Re: Not breach of OFCOM rules?

        "However in the process of investigating that incident, they found that Three only had one Datacentre handling all emergency traffic, with no failover, which is a breach of OFCOM requirements."

        And hence of Three's licence which is worth rather more than £1.9 million.

        Good to know emergency handling are taken so seriously by OFCOM (which is not usually one of my favoured organisations) in light of this week's disaster which must have taken out a load of base stations on the roof while placing an enormous load on the emergency networks of all operators.

        The fact we heard so many harrowing stories of the final moments of people owes to the resilience of many of the systems. At a time when the emergency services would be also be overloading the networks. Do they share bandwidth/base stations?

        1. Anonymous Coward
          Anonymous Coward

          Re: Not breach of OFCOM rules?

          It's right next to the former Wood Lane BBC Television Centre/Rooftop Antenna. Mobile Communications are not generally a problem, due to the history of the area.

        2. John Brown (no body) Silver badge

          Re: Not breach of OFCOM rules?

          "Do they share bandwidth/base stations?"

          IIRC, 999 calls should work on any phone, even without a SIM and on any reachable network.

          1. Bughunter
            Alert

            Re: Not breach of OFCOM rules?

            >IIRC, 999 calls should work on any phone, even without a SIM and on any reachable network.

            If my memory serves, whilst this should be the case, in practice, I don't think it ever was in the UK for 999 or 112 calls, because the Home Office wanted traceability back to a subscriber, even if it was a no-name bought-for-cash in-a-store-with-no-CCTV prepay SIM.

            [I never kept any of my test documents for commissioning new HLRs, so I can't remember for certain; I do have a recollection of being told by one of the network architects that the Home Office wouldn't allow mobile network operators to permit 112/999 calls without a SIM that can register on the network.

            I wouldn't suggest trying this out to disprove otherwise, as if it did actually work, it might prevent a genuine emergency call getting through]

        3. Bughunter
          Alert

          Re: Not breach of OFCOM rules?

          >Do they share bandwidth/base stations?

          Yes and no.

          Emergency services use Airwave Tetra radio systems, though no doubt many have employer-provided mobile phones (or at least, SIMs).

          Before I left Vodafone, the old method of prioritising access on base stations was using something called ACCOLC (ACCess OverLoad Control), where a class of access would be set on the SIM card.

          ACCOLC wasn't (read: shouldn't) be enabled on cell equipment by default, and has to be activated by the network operator (possibly at the behest of the Home Office).

          [I didn't work on the radio side, so I can't be sure, but my guess would be that it is enabled on the BSC and propagates out to the BTS; there's an article on ACCOLC on Wikipedia]

          There was talk at the time of ACCOLC being replaced by something else, and I see that the Wikipedia article refers to MTPAS.

          ACCOLC was activated in London during the July 2005 bombings, due to an overload of network traffic and I think possibly coverage issues with Airwave.

          I'm sure I read somewhere recently that Airwave is on its way out for the Emergency services, although one essential bit of kit at a Mobile Network Operator (I forget which; possibly even an article here at El Reg) is due to be decommissioned before then.

          ACCOLC is fine unless you happen to have a large concentration of priority users in the same location, all competing for limited network resources (I don't imagine that MTPAS is any different in that respect).

          Like ~200 people at Vodafone on 31st December 1999.

  2. djstardust

    Feel at home

    All that traffic is routed back to a single point the UK then throttled to death, even more so for streaming services and Google maps which are totally unusable abroad.

    Nothing new for Three.

    1. ARGO

      Re: Feel at home

      It worked fine for me in Rome a few weeks ago; no problem streaming (even HD) as long as I wasn't in a tourist spot. Can't really blame the UK network for a lack of capacity on certain overseas cells.

    2. IsJustabloke
      Meh

      Re: Feel at home

      "even more so for streaming services and Google maps which are totally unusable abroad."

      can't say that was my experience in New Zealand, Hong Kong or The US, without easy access to google maps I would have been "lost" on more than one occasion

    3. mikeyt

      Re: Feel at home

      Nonsense, I've used Google maps across Spain and France. When my Garmin all Europe satnav was nicked I moved exclusively to Google maps and no problems subsequently in Spain, France Belgium or Holland no probs roaming at home or abroad. Plus throw in real time monitoring. I've been with three for a dozen years.

  3. Your alien overlord - fear me

    " added an additional backup route to carry emergency call traffic" but it seems normal calls will still be cut off if the link goes down. Nice. Now OFCOM how about fining them for that as well?

    1. Boris the Cockroach Silver badge
      Facepalm

      Because you

      can survive not being able to call your nephew to congratulate him on passing his degree, but not a serious heart attack...

      1. Anonymous Coward
        Anonymous Coward

        Re: Because you

        Ah but what if the degree was in medicine and he has become a doctor.

        1. Alister

          Re: Because you

          Ah but what if the degree was in medicine and he has become a doctor.

          Ok, I know this was probably in jest or sarcasm, but I'll bite anyway.

          Being a doctor doesn't make him magically able to save you over the phone, and any competent doctor would immediately say "ring 999".

          1. Anonymous Coward
            Anonymous Coward

            Re: Because you

            It was jest.

            Though the doctor could give advice that might be able to help in situations such as a heart attack.

    2. Anonymous Coward
      Anonymous Coward

      Your understanding is flawed. The link in question is for emergency traffic only. Telcos separate out that traffic, sometimes in part, sometimes across the whole network, as congestion is not a desirable condition.

      But - even if that weren't the case - there's no rule about making standard telephony resilient. Doing so makes networks very expensive. The public have shown, every time they have a choice, that they want cheap telecoms, not super reliable telecoms. Does your provider offer any kind of SLA or uptime guarantee for your service? You can pay for a resilient telephony service if you feel you need it, but it will cost you quite a lot.

  4. Lee D Silver badge

    "However, this vulnerability has not had any impact on our customers and only relates to a potential point of failure in Three's network."

    Translation: We only NEARLY killed people.

  5. A Nonny Moose

    "Though the doctor could give advice that might be able to help in situations such as a heart attack."

    Yes, it's "Dial 999 and get to a bloody hospital"

  6. Kreton

    Only carry one phone?

    No Backup?

    As well as my 3 phone I carry a Co-op Mobile PAYG non smart LG phone which cost me £8 many years ago, it's on a different network just in case.

  7. andNonBreakingEmptySpace

    The url for this story shows as "three_fined_19m_over_..."

    - Shame it's not true.

    When will toothless (and this is obviously a pretty toothy example by their standards) watchdogs learn to bite HARD and bite ONCE?

    I mean it's not like the whole history of the world is littered with examples to learn from, is it...?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like