Caution! On Easterhegg 2019 we’re going to collect metadata of all DECT devices.

Tl;dr: We’­re going to coll­ect meta­da­ta on Eas­ter­hegg 2019 to impro­ve DECT device com­pa­ti­bi­li­ty. All coll­ec­ted data will be dele­ted after a 4 month peri­od. No Voice will be captured.

Deut­sche Version.

Why?

Last year, we almost com­ple­te­ly repla­ced the Pho­ne Ope­ra­ti­on Cen­ter (PoC) hard­ware and soft­ware, making it easier to use. This has given us the oppor­tu­ni­ty to pro­vi­de func­tion­a­li­ty that was impos­si­ble to imple­ment with our old set­up. This includes self-regis­tra­ti­on of DECT pho­nes, bet­ter exten­da­bili­ty, self-admi­nis­tra­ti­on of exten­si­ons and call groups and the LDAP phone­book. Now we want to sol­ve ano­ther major pro­blem from the user’s point of view. The com­pa­ti­bi­li­ty of DECT devices. DECT-GAP is a stan­dard which allows free inter­pre­ta­ti­on of some parts. As a result, the­re is a con­sidera­ble num­ber of devices that do indi­ca­te DECT-GAP con­for­mi­ty in their dats­heets, but still do not work at all or only with rest­ric­tions on our sys­tem. Up to now, no manu­fac­tu­rer has been wil­ling to ensu­re that the devices work with our sys­tem, e.g. through firm­ware adapt­a­ti­ons, even though we have made con­cre­te sug­ges­ti­ons for chan­ges that wouldn’t have cau­sed dis­ad­van­ta­ges with regard to com­pa­ti­bi­li­ty with their own base stations.

In our test sys­tem, we were able to ana­ly­ze and under­stand the com­mu­ni­ca­ti­on of some devices that had not work­ed befo­re. We have adapt­ed our sys­tem so that it reco­gni­zes some of the­se models by making the requi­red infor­ma­ti­on available to them. With other models, we still don’t have enough infor­ma­ti­on to gua­ran­tee repro­du­ci­b­le and relia­ble con­nec­tions. The­re are also models whe­re we don’t even know why they don’t work.

We like to get a deeper insights of the DECT infra­struc­tu­re when many dif­fe­rent models from dif­fe­rent ven­dors are regis­tered. (Per­haps) This will enable us to sup­port a grea­ter varie­ty of DECT devices. The basis for this is an under­stan­ding of how dif­fe­rent devices com­mu­ni­ca­te on the DECT inter­face. The­r­e­fo­re, we need signi­fi­cant­ly more sam­ple data than what we can pro­du­ce by manu­al tests. Sin­ce we do not store any con­nec­tion data, we are not able to ana­ly­ze data from past events. Becau­se of this, we want to store con­nec­tion data on the Eas­ter­hegg 2019.

Curr­ent­ly we have not found a way to offer opt-in on a per user basis. We could not ans­wer many ques­ti­ons such as: “What do we do if a par­ti­ci­pant agrees to cap­tu­re the data and calls a par­ti­ci­pant who has not agreed?”; “What hap­pens with a group call whe­re some mem­bers have agreed and some have not?”. If we optio­nal­ly anony­mi­ze data per user, you can still see who tried to call from the call set­up and you have to dele­te the attempt­ed call set­up for the user who tried to call and vice ver­sa. Sin­ce we know that it is basi­cal­ly bad to store data, we have come to the con­clu­si­on that the situa­ti­on does­n’t get any bet­ter if we make users belie­ve that it’s safe to click on a check­box when we can’t make sure it will work. We have deci­ded to make trans­pa­rent what we intend to do with the data, store it in a respon­si­ble way and to dele­te it safe­ly after a spe­ci­fied peri­od of time. If you do not want your meta­da­ta to be stored, you must not use any of our exten­si­ons on Eas­ter­hegg 2019. We belie­ve that, unli­ke a Con­gress or Camp, this is accep­ta­ble on an Easterhegg.

What data is affected?

It is basi­cal­ly about the meta­da­ta of the DECT exten­si­ons. Speech/Voice data is not stored. The con­trol mes­sa­ges bet­ween the anten­nas and the cen­tral soft­ware com­po­nent that coor­di­na­tes the anten­nae and pho­nes are affected.

In detail, the­se are the fol­lo­wing data:

  • the iden­ti­ties of the DECT devices: IPEI, TPUI and IPUI,
  • the keys used to encrypt the calls,
  • the call set­up: Cal­ler and cal­led party
  • the call end (dura­ti­on),
  • The mobi­le device details (capa­bi­li­ties of the mobi­le device),
  • the key­strokes on the device (for some devices),
  • the acces­ses to the pho­ne book (for some devices).

Exam­p­le: We store when Ali­ce cal­led Bob, how often it rang, how long the call las­ted, what device Ali­ce used, which device Bob used, what was shown on the dis­plays and that during the call e.g. key 2 was pres­sed. This includes all data neces­sa­ry to set up and dis­con­nect the call as well as the base sta­ti­ons involved.

We do not eva­lua­te key­strokes and acces­ses to the pho­ne book, but we can­not rule out that this infor­ma­ti­on will be sent.

Where is the data stored and how?

For the Eas­ter­hegg, we will take the ser­ver to a secu­re data cen­ter. The coll­ec­ted meta­da­ta is stored encrypt­ed. Access to the data is exclu­si­ve­ly encrypt­ed. The data is expli­cit­ly excluded from all backups.

How long is the data stored?

The meta­da­ta of Eas­ter­hegg 2019 will be stored for a maxi­mum of 4 months, i.e. until 23.08.2019 (end of CCCamp 2019). By 25.08.2019 at the latest, the data will be dele­ted and the area over­writ­ten. We will offi­ci­al­ly announ­ce the deletion.

Can I make a phone call without saving the metadata?

Yes, if you use a SIP exten­si­on and call ano­ther SIP exten­si­on, no meta­da­ta will be stored. Howe­ver, you can­not ensu­re that a user has not con­ver­ted a SIP exten­si­on into a DECT exten­si­on or group at short noti­ce. So you have to check if the exten­si­on you want to call is a SIP exten­si­on at the moment.

Can I use the services of the PoC anonymously?

Yes, you can regis­ter with fan­ta­sy names and anony­mous e‑mail addres­ses. We will then have the meta­da­ta, but we won’t be able to assign it to a real per­son. Note, howe­ver, that you are not using the pho­ne at the camp (or 35C3) with a real name, becau­se then we would be able to mer­ge the data using the IPEI (we don’t intend to).

Do I have a right to information?

Yes.

If you have any ques­ti­ons about the pro­ce­du­re or data pro­tec­tion, plea­se do not hesi­ta­te to cont­act us. You can find cont­act pos­si­bi­li­ties here: https://guru3.eventphone.de/support/

Our vol­un­t­a­ri­ly appoin­ted data pro­tec­tion offi­cer is:

Ste­phan Kambor
Nobis­tor 40
22767 Ham­burg, Germany

E‑Mail: st ‘at’ eventphone.de
DECT on Events: 2078 (20ST)