When Femtocells are finally rolled out, it would be possible for anyone to create their own little mobile cell anywhere to enhance their coverage. At least that is what the Femtocells are supposed to help with. This would also mean that the spectrum would be open to abuse by someone who wants to abuse it.
Let's take a scenario in which someone buys a Femtocell from an operator in UK. The Femtocells will be operator specific since they will contain lots of parameters and addresses that would be terminating in the operator network. Then that person can take the Femtocell away to another country (say India) and connect the Femtocell to an Ethernet port in India. The IP packets would be routed via IP to the operator and the user is now connected via Femtocell to the UK operator even though he in in India. He would get the same treatment as in case he was in UK.
Let me point out that this would be illegal because the Spectrum in India would belong to an operator in India or this spectrum may be used for something completely different.
The operators and the device manufacturers are aware of this potential abuse. As a result they are going to use a two step approach. The first is that they would allow Femtocell to register from a registered telephone line via an IP address. They may have access to ISP data or would be aware of the range of IP address being used by the ISP. The Femtocell user will hence have to register their Telephone line and ISP with the network operator and if they change them then this would need to be informed to the operator. The second is that they would check the location of the device via GPS. This can have two problems. The first is the cost of the Femtocell will increase and the second is that unless the Femtocell is near a window or an open area, there would be no GPS signals received and the GPS approach may not work. One of the obvious use of Femtocell in London city for example is in the basements where there is absolutely no coverage due to their location.
Note that from the above you can see that even if the Femtocells are advertised as PnP or Zero Touch, etc., there would still be some overhead that will always be required.
Even if we assume that both the above approaches are being used, it may stop mass market fraud but may not be able to deter individuals who are smart enough to work around them. For example the user in India (example in the start) may use VPN to tunnel the IP packets to their home or registered address in UK and from there the packets will go to the operator network. Similarly it is not too difficult to fool the GPS receiver into believing its location.
The operators are aware and working on something better then the above strategy. I have not come across any papers yet suggesting work around these problems.
This also highlights an important problem regarding emergency calls. Should the emergency calls go via Femtocell or should they be re-directed to Macro cell. Again a clever algorithm would be needed for this. There could be a configurable parameter in the Femtocell which can check during the startup if Macrocell is present or not. If Macrocell is present then emergency calls should be re-directed and if not present then the user should be able to initiate it via Femtocell.
There are probably many more problems that would be highlighted once Femtocells are rolled out.