Caution! On Easterhegg 2019 we’re going to collect metadata of all DECT devices.

Tl;dr: We’­re going to coll­ect meta­da­ta on Eas­ter­hegg 2019 to impro­ve DECT device com­pa­ti­bi­li­ty. All coll­ec­ted data will be dele­ted after a 4 month peri­od. No Voice will be captured.

Deut­sche Version.


Last year, we almost com­ple­te­ly repla­ced the Pho­ne Ope­ra­ti­on Cen­ter (PoC) hard­ware and soft­ware, making it easier to use. This has given us the oppor­tu­ni­ty to pro­vi­de func­tion­a­li­ty that was impos­si­ble to imple­ment with our old set­up. This includes self-regis­tra­ti­on of DECT pho­nes, bet­ter exten­da­bili­ty, self-admi­nis­tra­ti­on of exten­si­ons and call groups and the LDAP phone­book. Now we want to sol­ve ano­ther major pro­blem from the user’s point of view. The com­pa­ti­bi­li­ty of DECT devices. DECT-GAP is a stan­dard which allows free inter­pre­ta­ti­on of some parts. As a result, the­re is a con­sidera­ble num­ber of devices that do indi­ca­te DECT-GAP con­for­mi­ty in their dats­heets, but still do not work at all or only with rest­ric­tions on our sys­tem. Up to now, no manu­fac­tu­rer has been wil­ling to ensu­re that the devices work with our sys­tem, e.g. through firm­ware adapt­a­ti­ons, even though we have made con­cre­te sug­ges­ti­ons for chan­ges that wouldn’t have cau­sed dis­ad­van­ta­ges with regard to com­pa­ti­bi­li­ty with their own base stations.

In our test sys¬≠tem, we were able to ana¬≠ly¬≠ze and under¬≠stand the com¬≠mu¬≠ni¬≠ca¬≠ti¬≠on of some devices that had not work¬≠ed befo¬≠re. We have adapt¬≠ed our sys¬≠tem so that it reco¬≠gni¬≠zes some of the¬≠se models by making the requi¬≠red infor¬≠ma¬≠ti¬≠on available to them. With other models, we still don‚Äôt have enough infor¬≠ma¬≠ti¬≠on to gua¬≠ran¬≠tee repro¬≠du¬≠ci¬≠b¬≠le and relia¬≠ble con¬≠nec¬≠tions. The¬≠re are also models whe¬≠re we don‚Äôt even know why they don‚Äôt work.

We like to get a deeper insights of the DECT infra¬≠struc¬≠tu¬≠re when many dif¬≠fe¬≠rent models from dif¬≠fe¬≠rent ven¬≠dors are regis¬≠tered. (Per¬≠haps) This will enable us to sup¬≠port a grea¬≠ter varie¬≠ty of DECT devices. The basis for this is an under¬≠stan¬≠ding of how dif¬≠fe¬≠rent devices com¬≠mu¬≠ni¬≠ca¬≠te on the DECT inter¬≠face. The¬≠r¬≠e¬≠fo¬≠re, we need signi¬≠fi¬≠cant¬≠ly more sam¬≠ple data than what we can pro¬≠du¬≠ce by manu¬≠al tests. Sin¬≠ce we do not store any con¬≠nec¬≠tion data, we are not able to ana¬≠ly¬≠ze data from past events. Becau¬≠se of this, we want to store con¬≠nec¬≠tion data on the Eas¬≠ter¬≠hegg 2019.

Curr¬≠ent¬≠ly we have not found a way to offer opt-in on a per user basis. We could not ans¬≠wer many ques¬≠ti¬≠ons such as: ‚ÄúWhat do we do if a par¬≠ti¬≠ci¬≠pant agrees to cap¬≠tu¬≠re the data and calls a par¬≠ti¬≠ci¬≠pant who has not agreed?‚ÄĚ; ‚ÄúWhat hap¬≠pens with a group call whe¬≠re some mem¬≠bers have agreed and some have not?‚ÄĚ. If we optio¬≠nal¬≠ly anony¬≠mi¬≠ze data per user, you can still see who tried to call from the call set¬≠up and you have to dele¬≠te the attempt¬≠ed call set¬≠up for the user who tried to call and vice ver¬≠sa. Sin¬≠ce we know that it is basi¬≠cal¬≠ly bad to store data, we have come to the con¬≠clu¬≠si¬≠on that the situa¬≠ti¬≠on does¬≠n‚Äôt get any bet¬≠ter if we make users belie¬≠ve that it‚Äôs safe to click on a check¬≠box when we can‚Äôt make sure it will work. We have deci¬≠ded to make trans¬≠pa¬≠rent what we intend to do with the data, store it in a respon¬≠si¬≠ble way and to dele¬≠te it safe¬≠ly after a spe¬≠ci¬≠fied peri¬≠od of time. If you do not want your meta¬≠da¬≠ta to be stored, you must not use any of our exten¬≠si¬≠ons on Eas¬≠ter¬≠hegg 2019. We belie¬≠ve that, unli¬≠ke a Con¬≠gress or Camp, this is accep¬≠ta¬≠ble on an Easterhegg.

What data is affected?

It is basi­cal­ly about the meta­da­ta of the DECT exten­si­ons. Speech/Voice data is not stored. The con­trol mes­sa­ges bet­ween the anten­nas and the cen­tral soft­ware com­po­nent that coor­di­na­tes the anten­nae and pho­nes are affected.

In detail, the¬≠se are the fol¬≠lo¬≠wing data:

  • the iden¬≠ti¬≠ties of the DECT devices: IPEI, TPUI and IPUI,
  • the keys used to encrypt the calls,
  • the call set¬≠up: Cal¬≠ler and cal¬≠led party
  • the call end (dura¬≠ti¬≠on),
  • The mobi¬≠le device details (capa¬≠bi¬≠li¬≠ties of the mobi¬≠le device),
  • the key¬≠strokes on the device (for some devices),
  • the acces¬≠ses to the pho¬≠ne book (for some devices).

Exam­p­le: We store when Ali­ce cal­led Bob, how often it rang, how long the call las­ted, what device Ali­ce used, which device Bob used, what was shown on the dis­plays and that during the call e.g. key 2 was pres­sed. This includes all data neces­sa­ry to set up and dis­con­nect the call as well as the base sta­ti­ons involved.

We do not eva¬≠lua¬≠te key¬≠strokes and acces¬≠ses to the pho¬≠ne book, but we can¬≠not rule out that this infor¬≠ma¬≠ti¬≠on will be sent.

Where is the data stored and how?

For the Eas­ter­hegg, we will take the ser­ver to a secu­re data cen­ter. The coll­ec­ted meta­da­ta is stored encrypt­ed. Access to the data is exclu­si­ve­ly encrypt­ed. The data is expli­cit­ly excluded from all backups.

How long is the data stored?

The meta­da­ta of Eas­ter­hegg 2019 will be stored for a maxi­mum of 4 months, i.e. until 23.08.2019 (end of CCCamp 2019). By 25.08.2019 at the latest, the data will be dele­ted and the area over­writ­ten. We will offi­ci­al­ly announ­ce the deletion.

Can I make a phone call without saving the metadata?

Yes, if you use a SIP exten­si­on and call ano­ther SIP exten­si­on, no meta­da­ta will be stored. Howe­ver, you can­not ensu­re that a user has not con­ver­ted a SIP exten­si­on into a DECT exten­si­on or group at short noti­ce. So you have to check if the exten­si­on you want to call is a SIP exten­si­on at the moment.

Can I use the services of the PoC anonymously?

Yes, you can regis¬≠ter with fan¬≠ta¬≠sy names and anony¬≠mous e‚ÄĎmail addres¬≠ses. We will then have the meta¬≠da¬≠ta, but we won‚Äôt be able to assign it to a real per¬≠son. Note, howe¬≠ver, that you are not using the pho¬≠ne at the camp (or 35C3) with a real name, becau¬≠se then we would be able to mer¬≠ge the data using the IPEI (we don‚Äôt intend to).

Do I have a right to information?


If you have any ques­ti­ons about the pro­ce­du­re or data pro­tec­tion, plea­se do not hesi­ta­te to cont­act us. You can find cont­act pos­si­bi­li­ties here:

Our vol¬≠un¬≠t¬≠a¬≠ri¬≠ly appoin¬≠ted data pro¬≠tec¬≠tion offi¬≠cer is:

Ste­phan Kambor
Nobis¬≠tor 40
22767 Ham­burg, Germany

E‚ÄĎMail: st ‚Äėat‚Äô
DECT on Events: 2078 (20ST)