The Citizen Lab report detailed in The Record exposes more than isolated incidents of spyware vendors abusing mobile networks. It reveals a structural pathology embedded in the foundational architecture of global telecommunications: the systematic commercialization of core signaling protocols that were never designed for the adversarial environment they now inhabit. By posing as legitimate carriers, surveillance firms are turning SS7, Diameter, and related legacy systems into always-on location tracking infrastructures, effectively converting the planet's cellular backbone into a panopticon for hire.

This is not a novel vulnerability. SS7 weaknesses have been public since at least 2014 when Positive Technologies researchers demonstrated location tracking and SMS interception capabilities to the Chaos Communication Congress. What the original coverage underplays is the industrialization of these flaws. What began as state-level intelligence capabilities (notably documented in German BND scandals and Russian GRU operations) has metastasized into a vibrant commercial marketplace. The Citizen Lab findings, when synthesized with prior research from the Electronic Frontier Foundation's 2018 SS7 analysis and a 2022 GSMA security assessment, paint a picture of persistent neglect driven by economic disincentives: implementing Diameter security extensions (IPsec, mutual authentication) is expensive, disrupts legacy roaming agreements, and offers no immediate ROI for carriers.

The Israeli connection flagged by researcher Gary Miller fits a larger pattern. Israel's signals intelligence ecosystem, built around Unit 8200 alumni networks, has repeatedly produced dual-use technologies that blur lines between national security and commercial export. This mirrors the trajectory of NSO Group's Pegasus, but operates at the network layer rather than the device layer — a more insidious vector because it requires no user interaction or device compromise. Traditional mobile security recommendations (avoid suspicious links, keep software updated) are rendered irrelevant when the telecom infrastructure itself betrays location data.

What existing coverage has largely missed is the human rights dimension and the selective enforcement vacuum. These capabilities disproportionately impact activists, journalists, and political dissidents in the Middle East, Africa, and Southeast Asia, where telecom operators often operate under limited regulatory oversight or direct government pressure. The three networks repeatedly identified as surveillance gateways function as 'dirty transit providers' — entities willing to look past anomalous signaling traffic for revenue. This creates a classic transnational repression pipeline: authoritarian regimes contract commercial vendors who rent access to compromised Western or allied carrier infrastructure.

The under-reported aspect is the normalization. Miller notes that over 90% of unauthorized signaling traffic appears generated by third parties. This suggests the commercial surveillance sector has scaled beyond occasional targeted operations into industrial-scale data harvesting. When combined with the rise of data brokers and OSINT firms, we see the emergence of a location intelligence ecosystem that feeds everything from mercenary spyware sales to predictive policing and assassination targeting. Previous incidents — the 2018 tracking of German Chancellor Merkel's phone via SS7, the location of Ukrainian officials prior to Russian strikes, and documented cases of Bahraini dissidents tracked across borders — illustrate these are not theoretical risks.

The transition from 3G SS7 to 4G/5G Diameter was supposed to resolve these issues. The protocol includes security provisions, yet implementation remains patchy because full deployment would fracture lucrative international roaming arrangements. This represents a classic collective action failure: no single carrier wants to be the first to harden their systems if it risks losing interconnectivity revenue. International standards bodies like 3GPP and GSMA have issued warnings for years, yet the commercial surveillance industry continues to thrive in the resulting gray zone.

Geopolitically, this infrastructure weakness represents a significant blind spot in both cybersecurity policy and human rights frameworks. Western governments that decry Chinese telecom risks (Huawei, ZTE) have been comparatively silent on the SS7/Diameter ecosystem that enables their own surveillance contractors and allies. The result is a two-tiered global communications security environment where privacy is a luxury good, available primarily to those with access to encrypted apps running over hardened networks — while the cellular layer remains a porous sieve.

The persistence of this vulnerability signals deeper strategic implications. In an era of hybrid conflict, the ability to geolocate targets at scale without device compromise offers both state and non-state actors plausible deniability and operational efficiency. As 5G Standalone networks roll out, the window for meaningful retrofit is closing. Without binding international standards enforcement, financial penalties for negligent carriers, or export controls on signaling exploitation tools, this 'infrastructure weakness' will remain a permanent feature of the digital battlefield.

This is not merely a technical story about outdated protocols. It is a case study in how commercial incentives, regulatory capture, and geopolitical rivalries have hollowed out the security of critical global infrastructure. The surveillance vendors are not exploiting a bug — they are exploiting a business model.