USA Losing the Fight for American Data Sovereignty
USA Data Vulnerabilities Exploited in Cyber Warfare
The personal views expressed by the author in the below article should not form the basis for making investment decisions, nor be construed as a recommendation or advice to engage in investment transactions.
I started writing this article almost 2 years ago before any of the legal events had transpired. I was actually writing this article whilst FTX was solvent and had approached SBF about a possible solution using Solana. Funny how time passed and events transpired!
I decided not to publish the article because I felt I didn’t know enough of the situation, I had no insight and the writings were based on my own view of the SMS industry especially in the US. I hold the utmost respect for Bill Peters and Jonny Tarone, who have both provided support in the form of time and effort at points in my career.
The below article is a summary of the fight that Bill and Jonny have taken up, with the immense courage and bravery it has taken to protect every smartphone user in America today!
https://alanquayle.com/2023/09/william-peters-plaintiff-versus-kaleyra-defendant/
There is an underground data war being fought by the USA.
Those “groups” pushing their agenda are attempting to destabilise the American people with disinformation and illegal surveillance.
But for what purpose?
I’m sure we’ve seen this movie before…….
Am I right? Am I right?
The USA is losing!
Remember the stories of social media being used to influence the “Brexit Vote” and Russian interference of Donald Trumps US election victory?
Facebook and Cambridge Analytica ring any bells?
What about stories of China spying on America using mobile networks and smart phone applications?
Huawei and TikTok ring any bells?
2019 marked the first published exploitation of the SMS telecom network in the US. The exploit performed illegal surveillance on a US official……. ON AMERICAN SOIL by a Swiss company!
a phone number associated with a senior US State Department official was targeted in 2019 for surveillance through third party use of Mitto’s systems
Harrison Ford or Tom Cruise was in one of these movies?
Am I right? Am I right?
Do you see a pattern here?
- Facebook used for Brexit and Trump Election Win (2016)
- China accused of spying on Americans via telecom networks (Huawei) and social media (TikTok) (2019)
- US official spied upon using SMS telecom networks (2019)
- November 2022 American Midterm Elections???
- American 2024 Presidential Elections???
Okay, maybe I am being very speculative here.
However…..
Let me stage a scenario for you. What if I told you that there exists an exploit TODAY that COULD** sway American elections first starting with; House of Representatives and The Senate in 2022. Then if successful; followed by Presidential Elections in 2024.
**This is pure speculation and many varying factors, one of which we hope to achieve with the release of this article; “WHICH IS SOME FORM OF INTERVENTION BY THE AMERICAN PEOPLE ON HANDLING OF THEIR DATA!”
Did I mention that every American user of a Crypto Exchange that uses Two Factor Authentication via SMS is under threat too?
If you use the USA iterations of FTX, Binance, Coinbase, Gemini and even any Exchange which allows users to validate access or payments using SMS over cell phone networks originated from either a “Short Code” e.g. 69420 or “Long Code” e.g. (420) 420 6969. YOUR DATA IS UNDER THREAT!
As an American, do you know who your Data is protected by?
The issue Americans have today with their Data Rights is that there isn’t really any form of specific American federal data privacy legislation or regulation.
Many other jurisdictions have distinct and robust regulations such as GDPR in Europe and the UK.
But in the US they have industry or sector specific type regulations, examples being telecom, marketing and financial services.
The Federal Trade Commission (FTC) protects general consumer rights within general trading practises which include data privacy of those transacting consumers.
But again…..
There is NO REAL FEDERAL PROTECTION OR OVERSIGHT of an Americans Data Rights.
At State level there is more regulation, oversight and enforcement by the US Attorneys Office across multiple sectors and industries.
I have read that Federal Government is making a push for privacy legislation to be handled at State level.
In California, citizens took the initiative without intervention from State Assembly or Senate to pass the first comprehensive American Data Privacy Laws!
RIGHT ON: POWER TO THE PEOPLE!!!
Your theory is very far fetched DeFiKash, prove it?
Definition of SPAM:
irrelevant or unsolicited messages sent over the internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.
Let me ask you a simple question
Have you ever received a SPAM SMS to your cell phone?
How did the SENDER get my number?
The Problem
The simple fact that SPAM SMS getting through to the cell phones of Americans today represents an ongoing exploit of the American SMS telecom network.
Innocent Americans are losing money each day. It is not known how much, but published reports suggest 59m Americans lost money in 2021 from this type of exploit.
Today, companies like Twilio, Sinch, Kaleyra or Nexmo (Vonage) et al, provide telecom connectivity via API to developers or companies who have customers they want to interact with.
Interactions could be for security purposes such as Two Factor Authentication (2FA) or a reminder to pay a bill.
You know that message and code you get when you want to login to FTX or Binance or Gemini?
God forbid the North Koreans don’t hijack our messages and steal our crypto
More often than not, it is a message advertising or promoting something. In many cases that promotion is leading to some sort of fraudulent act at a loss to the American people.
So taking the example of 2FA;
Sam has an exchange with millions of us plebs using it.
To keep a plebs exchange accounts secure, Sam pays Twilio to use their APIs to setup a flow of 2FA SMS between his users and his exchange.
Sam integrates the Twilio API into his exchange and now users get a SMS from Sam with a unique 4/6 digit code to input at login to access ones crypto.
Every time Sam sends out a 2FA SMS; when a user wants to access the exchange, the flow of SMS is as follows:
Sam > Twilio > Telecom > User
Not only does Sam have a copy of the unique code sent to his user, but so does Twilio and Telecom.
What Sam and his American users don’t know, is that Twilio doesn’t buy the telecom connectivity direct from Telecom.
Twilio has to send the 2FA message to a 3rd party, what is known as an “Inter-Carrier Vendor” (ICV), in order to buy telecom connectivity. Twilios ICV is Syniverse who have some very influential owners (Carlyle).
The article above explains how the Syniverse service is completely centralised, their network is at risk of toppling over and not for the first time either.
So back to Sams 2FA messages to his users, the flow of data is actually;
Sam > Twilio > Syniverse > Telecom > User
So Twilio, Syniverse and Telecom all have the same copy of Sams users unique 2FA code.
Let’s hope Twilio, Syniverse & Telecom are good at securing an Americans data!
Am I Right? Am I Right?
So when Sams sending his users 2FA messages to access their crypto (and money now!), Sam is giving this sensitive data to 3 centralised parties, 2 of which cannot be trusted whatsoever ( The ICVs and the CPaaS companies).
Let’s move on to SMS SPAM now shall we?
OK, so “Mr Somebodys” mothers brother wifes sister babysitters aunt, got some SPAM SMS to their phone and unwittingly got scammed out of the their pension.
“Somebody” got rightly pissed, and started putting pressure on Telecom to fix it. Thing is, Telecom has no control, they just send/receive SMS to Syniverse and in turn get paid by Syniverse for this interaction.
You see, some of these CPaaS companies listed on NYSE and NASDAQ for massively inflated valuations. Majority were making huge losses, but revenues were big.
That’s because CPaaS was too busy selling their SMS connectivity to unscrupulous marketers and promoters who have been sending SMS campaigns that involve the end user being scammed; just to show revenue growth whilst CPaaS dumped stock on retail during the last Bull Run.
Remember the SMS flow of data?
Sam > Twilio > Syniverse > Telecom > User
Telecom doesn’t even know if Twilio or Sinch or Kaleyra or even ALL of them are sending the fraudulent SMS for unscrupulous campaigns.
Helpless as Telecom is, they decided to turn to the “A-Team” for help.
A for Americans
Am I Right? Am I Right?
To combat against SPAM and exploits of the SMS telecom network is a company founded originally by Americans called Campaign Registry.
NYSE public company; Kaleyra (“$KLR”) is a CPaaS provider and acquired a US company called Hook Mobile in 2018.
I remember speaking to a couple of the founders** of Hook once it was a Kaleyra company. Hook specialised in customer interaction via SMS using local phone numbers i.e. 10 Digit Long Code (10DLC). A buddy of mine sold Hook Mobile and Kaleyra licensing to an API protocol for telecom signalling called RestcommOne by Telestax.
[**Since my company Opt1mize is a specialist in real-time settlement on telecom traffic like SMS as well as voice calls, it was a natural discussion of discovery about each others tech. I really liked the CFO he completely got our tech! Now that dude was a real life Top Gun like Maverick. Best of the best!]
You see most of these CPaaS companies are integrating 3rd party tech to deliver their API customer experience via SMS or voice calls. They are in effect reselling the Telecom companies connectivity to Developers and Companies wanting to interact with their customers.
But Telecom was starting to get political pressure as “Mr Somebody” is someone, so if someone has got a problem and no one else can help, and if someone can find them; it’s the A-Team.
The Solution (But is it really?)
The Campaign Registry is the exclusive vendor used by all nationwide mobile telephone companies to verify who sends text messages and what is contained in text messages sent to mobile phones used by U.S. customers. This registry is responsible for screening billions of text messages sent to U.S. mobile phones every month. The senders of these text messages include public law enforcement and safety officials, state and federal election campaigns, not for profit organizations, and thousands of commercial entities.
The A-Team aka Hook Mobile pivoted to become The Campaign Registry after it was acquired by NYSE public company Kaleyra; a CPaaS company that sells telecom connectivity via API to Developers and Companies.
The A-Team stepped up to tackle this problem with the full backing of Telecom. As the statement above claims, the A-Team is now the EXCLUSIVE vendor for ALL AMERICAN “nationwide mobile telephone companies” when verifying the SMS campaigns originating from 10 Digit Long Code US numbers.
Telecom will not allow SMS to pass unless the campaign via CPaaS has been registered with The Campaign Registry i.e. the A-Team. CPaaS had no choice but to comply and reached out to their developer communities as below:
So back to Sams 2FA messages to his users and the flow of data;
Sam > Twilio > Syniverse > Telecom > User
In addition to Twilio, Syniverse and Telecom having a copy of the SMS he sends to his users as well as the unique code in the SMS for 2FA, Sam now must register his brand, the 10DLC numbers he’s using as well as the campaign content with a 3rd party; Campaign Registry.
This way Campaign Registry acts as a centralised gateway for exchange of information with Telecom by vetting Devs/Companies, on behalf of CPaaS, prior to campaign kick-off.
If at any point Telecom has an issue with any specific campaign, Telecom can rely on Campaign Registry to cross reference which Dev/Company sent the campaign via which CPaaS.
But does it fix SPAM?
Simply put, NO!
But i’ll let you in on a secret; SPAM highlights the exploit exists but the SPAM isn’t the real problem. Politics and fair elections is the real problem.
The Plot Thickens
Remember “Mr Somebody”?
Remember how I said that “Somebody” is someone?
Well, it turns out that someone once held the highest national security clearance in America and chairman of telecoms & cybersecurity of a huge law firm.
Somebody is Captain fucking America and he’s bringing his pals the Avengers to:
repatriate into the United States critical and essential telecommunications and Internet services that have been acquired, in whole or in part, by China and other foreign entities that intend to usurp U.S. technology for their own commercial and political benefit
So, what Captain America and the Avengers are saying is that political campaigns in America rely on SMS as a means of interacting with voters and supporters at all levels of American politics, all the way up to the U.S. Senate and even the Presidency.
Due to the sensitivity of such political SMS campaigns, Captain America states:
The operation and network of The Campaign Registry constitute ‘critical infrastructure’ of vital importance to U.S. national security interests. Moreover, this registry handles sensitive and confidential customer and carrier data.
Captain America is saying that The Campaign Registry is owned by non-US citizens specifically groups representing Italy, China and India connected by political and financial affiliations between such countries to promote and invest into “global dominance in every critical infrastructure sector”.
Public confidence in the integrity of The Campaign Registry is essential for maintaining and bolstering confidence in the electoral process. It is therefore particularly concerning that foreign ownership and interests could put a thumb on the scale of information flow — or could distort or bias these communication channels in favor of unknown or foreign goals. With 2022 federal election campaigns already in progress, and to ensure the integrity of the 2024 Presidential campaigns, it is critical that The Campaign Registry be owned by a transparent, U.S.-owned and operated entity
Here’s the full press release the Avengers put out recently:
Who is Kaleyra?
Kaleyra like Twilio, Nexmo, Sinch and Signal Wire is a CPaaS company that was owned by a bunch of Italian, Indian and Chinese parties. Kaleyra was acquired by a Special Purpose Acquisition Company (SPAC) and was listed on the New York Stock Exchange.
As I mentioned previously, Kaleyra acquired Hook Mobile which was an American company founded by Americans. Hook Mobile pivoted to Campaign Registry, but with Kaleyra as the owner of this company.
Now, Kaleyra is a NYSE listed CPaaS company that resells Telecoms connectivity to Devs/Companies. Kaleyra’s own customers would have to be registered on Campaign Registry to send SMS campaigns.
Seems like a Conflict of Interest?
Am I right? Am I right?
Indeed Kaleyras ownership of The Campaign Registry does represent a conflict of interest, and that is why the executives of Kaleyra have been approaching other groups to acquire The Campaign Registry from Kaleyra for $150m.
Yet, The Campaign Registry has no technology. Everything is managed manually, and there is no proactive monitoring or enforcement of the campaigns passing through to American Mobile Operators.
For this reason Captain America offered $19.4m to acquire The Campaign Registry from Kaleyra. You see “Cap” wants to bring the A-Team home and make them part of the Avengers.
But now, since Kaleyra made the Hulk mad, the Avengers don’t want to pay a single dime for The Campaign Registry, since it has no technology and is the A-Team doing manual operations to manage the registry of campaigns and brands sending SMS campaigns.
The Avengers want to use the Committee on Foreign Investment in the United States (CFIUS) expanded powers to take The Campaign Registry from Kaleyra for FREE. In fact, they don’t even want to stop there. They want to repatriate everything, all in the name of plain old fashioned democracy and capitalism!
I’m bored DeFiKash, can you get to the point?
I have written a lot of context and background above. What’s my angle?
DeFiKash by name DeFiKash by nature
i’ve mentioned at times how The Campaign Registry is:
centralised gateway for exchange of information with Telecom by vetting Devs/Companies, on behalf of CPaaS, prior to campaign kick-off
The Campaign Registry is a “for profit” company that charges $15 per campaign being verified. Telecom will not accept SMS campaigns unless CPaaS has all Devs/Companies vetted prior to sending a single SMS.
This sounds like a good old capitalist monopoly
But don’t you think The Campaign Registry would make a fantastic real world use case for Blockchain Technology?
Imagine a world in which every Americans data that passes through the mobile telecom networks is monitored and protected by a decentralised authority, an authority owned by the very participants in this ecosystem.
The Real Solution
Like many of you in crypto who bought an Ethereum Name Service (ENS) address, I received an airdrop of ENS tokens for my participation and contribution to the ENS register.
When I first learned about this issue present with The Campaign Registry, my first reaction was:
Wouldn’t it be great if we had a type of ENS for such type of SMS Campaigns?
The current model is not only in dire need of a real-time technology for monitoring and enforcement of SMS campaigns, but also for vetting the KYC of parties involved whilst maintaining ALL users data sovereignty.
But who will own this new service if it was created?
How will it be governed?
How will data be protected?
How will misuse of the SMS network (SPAM) be enforced?
I had this vision of a decentralised blockchain registration standard for telecom campaigns (including Voice campaigns as well as SMS) transiting the American Public Switched Telecom Network (PSTN).
A transparent and real-time technology that monitors, enforces, performs settlement and ultimately protects every American cell phone user from malicious phone calls or text messages.
A tokenomic model that emphasises incentivises beneficial network interaction between Telecom, CPaaS, Devs/Companies as well as introducing incentives for the Telecom Customer and Owners of 10DLC or even Short Code Numbers***.
***In some jurisdictions telecom authorities sell/lease/auction/allocate 10 Digit Long Code and Short Code numbers and number ranges to entities who are regulated to provide regulated telecom services. In such cases, a tariff is associated with such phone numbers where a telecom carrier pays the number owner the per minute call rate or SMS rate.
An Indecent Proposal
Captain America has a point, the whole Kaleyra ownership of The Campaign Registry needs to be reviewed by appropriate federal authorities even if the sole reason was to protect election campaign tampering from unknown or foreign malicious parties. Of course there are many more reasons this needs to be reviewed as we have covered in this article.
That is a provocative narrative for the Blockchain Industry
Remember Syniverse? The Inter Carrier Vendor (ICV) that has a monopoly on sending A2P SMS traffic to the American PSTN?
Here’s the thing, if CNR was a blockchain network, maybe even permissioned for network participants only; why would Telecom and CPaaS need Syniverse……..FOR ANYTHING?
They wouldn’t; cut Syniverse out
The CNR represents a settlement exchange network for telecom traffic transiting to regulated PSTN networks for termination.
The first use case would be the delivery of a public good for the American People based on blockchain technologies (Solana???).
It would comprise of 3 registries:
Telecom traffic would pass from CPaaS to Telecom and Telecom to Number Owners through existing standard telecom interfaces adopted by the Telecom Industry and its participants.
CPaaS and/or Devs or Companies would pay for their campaigns to be vetted by CNR prior to the network being open to transit their campaign traffic to Telecom and then on to Customers.
The CNR network would be embedded into the CPaaS customer experience so that Devs/Companies can pay CPaaS to transit the SMS campaign on to Telecom who terminate the SMS campaigns on to their Customers.
With Syniverse disrupted and potentially out of the picture (LOL) and CNR the connectivity between CPaaS and Telecom, the data flow example of Sams 2FA messages to his exchange users would be this:
Sam > Twilio > Telecom > User
But the payment flow for every SMS sent by Sam to his users would be:
Sam > Twilio > Telecom
Where both the data and payment flow would transit the CNR networks connectivity in real-time.
In any interactions where Telecom Customers are required to interact via reply in SMS with the sending parties number i.e. 10DLC or Short Code supplied by Number Owners to CPaaS, the data flow would be as follows:
User > Telecom > Number Owner > Twilio > Sam
With a corresponding payment flow within the CNR network of:
Telecom > Number Owner > Twilio^ > Sam^
^ Typically number owners don’t share any of the per minute or per SMS rates charged to telecom who typically route calls or messages to Number Owners, but example above assumes a model where per minute and per SMS rates are shared to both CPaaS and Dev/Companies.
With 3 levels of enforcement:
Such that the X and/or Y USD collected from CPaaS and/or Dev or Companies is collected in reserve by treasury to meet any future claims for compensation paid to Telecom Customers when losses are suffered as a result of a malicious campaign or a security breach that managed to get through CNRs network (like an insurance or ombudsman).
