Unfortunately, I’ve heard that AT&T may be considering suing me to stop my talk. I can’t understand why this would be the case, and I hope that if it’s true, they will contact me first to discuss their concerns.
Let me clarify some things about my talk. First, I’m not doing anything to AT&T’s or any other network. I’m just going to do a demonstration of my attack. It will not affect the 911 service. Nor will it interfere with anyone’s ability to call 911 unless you’re both in (or near) the demonstration room and also have a GSM phone. The demo will not affect people on Sprint or Verizon or any CDMA network. If you’re nowhere near the Riviera you won’t be affected.
So if you’re in the room, need to dial 911 and you have a GSM phone you can just raise your hand and shout. In the extremely unlikely situation that someone near the room with a GSM phone connects to my demo network and also needs to dial 911, I am taking the extra precaution of ensuring that that person will be connected to someone local who can call for or send help.
I wanted to be clear that the EFF haven’t just given me carte blanche here. I doubt they’ll ever say “Intercepting cellphone calls is perfectly fine as long as you do X Y and Z” – what I’ve done with their help is try to work out a way to minimize any legal risk associated with the demo, and to do it safely, so that I can show people an important problem with GSM. I wouldn’t say I have EFF’s “stamp of approval” on the demo, but they’ve certainly offered plenty of helpful advice and I’ve been trying to take all of it.
The EFF have also asked not to be involved in the data destruction. I’m open to suggestions for a trusted third-party to either destroy the logs generated during my demonstration or verify that they’re wiped.
Hopefully that’ll explain my talk to anyone with safety concerns and head off any unnecessary and unfortunate legal actions. I’m open to talking further with AT&T or anyone about this. Here’s hoping for no major hiccups…