Scottish biz raided, fined £500k for making 193 million automated calls A Scottish business that fired 193.6 million automated nuisance calls at Brits has itself become the recipient of some unwanted comms – a letter containing a £500,000 fine from the UK's data watchdog. The Information Commissioner's Office confirmed today (PDF) that it raided CRDNN Ltd’s business premises in March 2018 to seize …
"These outfits typically have multiple companies on the go and migrate as soon as they're found out so they can avoid the fines."
Hence the ICO's ability to freeze the winding up of the company.
There's also a process known as "piercing the corporate veil" - which is legally deployed for EXACTLY these kinds of scenarios.
Remember folks: Company DIRECTORS are not protected from criminal or other charges due to the way they operate a company. "Limited liability" refers to shareholder exposure in the event of bankruptcy.
That said: The ICO is _still_ hobbled by laws which the current government has set to make things clear they don't want _ACTUALLY_ want the ICO going after their friends in business - this is one of the myriad reasons the neoliberal set wanted Brexit so much - taking back control was about the GOVERNMENT taking back control from Brussels so it could unwind the laws that protect and empower the ordinary citizen.
to organisations which can be shown to have a genuine need and a track record to be responsible. Eg: offices in multiple locations that want to appear calls from head office. Yes: a bit more work needed by the telcos - but they should be made to do it.
I get a large number of calls that claim to be from within the UK but are evidentially (by caller accent) from the far East and try to scam something. This might not reduce the number of calls but would make more people suspicious of them.
Caller ID masking is an important part of many businesses communication arrangements, for preventing callbacks to outbound-only call centre teams for example. It's a service offered by all telcos and a major benefit of VoIP. It's not really spoofing until it's used dishonestly.
Ofcom GC6 forces telecoms providers to use a valid P-asserted-ID these days (which gets kept in the telecoms chain up to the last step) so that'll stop a few, as the major networks will just start 404'ing anything without PAID in it soon.
So for example, a callcentre can still (legitimately) mask their number, but the real DDI will be in the call trace just one step upstream, with your local communications provider.
Likewise if someone is robocalling, same story.
Of course, you can put a fake PAID in there, but that then is really very clear evidence of tampering, which should make big fines far easier to hand out.
So hopefully it'll make things like this less common.
I agree. They [sic] claim that it is for client confidentiality. There could be a central number that we see and therefore does not get blocked but they won't do it. So calls from my Doctor don't hget through.
They have my mobile number but won't use it. Why? Can't get an answer.
Until all those calls suppsedly from Microsoft, My Bank, HMRC, Amazon, Car Accident claim lines and a host of others, get blocked at source there is little we can do about it.
Come on OfCom get your finger out and get the Government to put a solution into law.
See Icon for what I'd like to do to the call generators.
Agreed. I have complained several times when the local NHS eye clinic uses a withheld number and then tries to get me on my landline, which I have set to kill such calls (through necessity). They then have to call me on my mobile (which I don't give out to many organisations). When they tell me they tried my landline first, I ask if they are still using a withheld number and, when they confirm this, I go ballistic at them for doing so. They then say I'm not the only person to complain about this and that they "are looking at a solution".
They've been using the same damn excuse for about 3 years now! Pathetic!
It's funny how none of these organisations will not release even their switchboard number for the CLI
I am always told it's too difficult to do....It's for privacy reasons etc etc
What a load of old claptrap,
I have a BT phone with truecall built-in. The best phone I have had for 3 years and not got a single cold call on it despite getting 10/day before installation.
So now I don't even give my phone details out to any of these organisations, I tell them that if they can not release their CLI then have to post everything out to me. It's more costly for them and time consuming but it's what they want.
>> I ask if they are still using a withheld number and, when they confirm this, I go ballistic at them for doing so. They then say I'm not the only person to complain about this and that they "are looking at a solution".
"Have you tried adding 1470 before my phone number?"
My current roll in the NHS involves calling Doctor's surgeries to arrange/troubleshoot issues with label printers, it's amazing how many GP practices that block withheld numbers.
There is a code the hospitals can enter into the phone first to remove the withheld number, but most people don't really know it or can be arsed to find out.
" the only people I really want to hear from) all have a blank CLI! "
Only because they're deliberately suppressing it. My landline and mobile both divert to a message telling them that blocked CLI is not accepted, please try again with 1470 in front of the number or dial "this" 070 number at £1.50/minute
The NHS has spent the last 5+ years specifically telling hospitals and doctor surgeries that they MUST NOT block outbound CLI for this reason. Mind you they've also banned fax machines and those are still in widespread use across pharmacies and surgeries....
"So for example, a callcentre can still (legitimately) mask their number, but the real DDI will be in the call trace just one step upstream, with your local communications provider."
Under the old SS7 model the CLI and the origin number were different items and whilst CLI could be altered, the originating number was used for bill routing and supposedly unalterable. On my ISDN PRIs I could see both numbers and if a privacy flag had been set. (which gives a hint: When calling any outfit with a ISDN PRI there's _no guarantee_ your callerID suppression is being honoured...(*))
One of the reasons telcos started to get stroppy about spoofing is that origin number data is being forged and they're unable to bill for terminating calls - the supposed "consumer protection stance" is mostly about them finding themselves being bilked out of millions of dollars/pounds.
(*) At the time I used to handle requests for call data (suspected fraud) by my ISP customers as "I can't tell you who's been using your account, as that would breach privacy laws - and in any case I don't know, however if you ask me for a breakdown of calls you've made on your login, I can provide that to you as the account owner along with the originating number you were using that day....." - to nobody's great surprise 9 times out of 10 the other originating number would prove to be that of a "friend" of the customer's teenage son.
Fine. Let them spoof their number, but make it a requirement that they spoof using a number they actually own.
If matching every outgoing phone call is too complicated to perform in real-time, then carry out random inspections on the most active call centers.
Yup, got a call from the council (I forgot to pay the council tax in Dec) and it was a private number. The woman asked if I wanted to pay it then. I told her since I had no idea what number was calling if she thought I was going to give out my card details to her since she couldn't actually prove she was from the council she had another think coming.
I paid the errant amount online. The council then lost my payment in the system despite sending me an email receipt for it (always get a receipt) and chased me for it again. I gave them the details of the receipt (having found it to ensure my memory wasn't faulty) and they couldn't find that either. Took them a day to ring me back saying it was all okay.
And they want me to go direct debit. Not on their nelly.
Oh yes, I lost the piece of paper with my account no on it. So I followed their procedure to recover it which involved setting up a login to mygov. Except the details there were well out of date, as was the account no. Which caused different 'you haven't paid' ructions of course. I did everything they said to locate my account no.
"Spoofing of phone numbers should be limited"
Legally it already is. It's an offence to set CLID to something you're not legally entitled to use.
Meaning, you can "spoof" your main incoming number as the source for your outbound calls, but spoofing a wide range of Manchester numbers (including ones in active service - belonging to a dentist and a hairdresser on a couple of the ones I received/followed up on) is definite naughty step material.
The dentist surgery were relieved when I explained what had happened - they'd been getting a tirade of abusive calls all morning - and were hopefully one of the ICO complainants.
The company's most recent accounts show it was a dormant company at the time of the offences, so it was trading improperly anyway, and I bet its net worth hasn't increased from the nominal £1 share that was issued on formation. The ICO must know that prosecuting firms like this is only going to cost taxpayers with no prospect of the fine ever being paid.
If you fail to comply with an ICO enforcement notice, assessment notice (for a compulsory audit) or information notice (requiring you to provide us with information for our investigation) we also have the power to impose more substantial fines of up to €20 million, or 4% of your total worldwide annual turnover, whichever is higher.
Source: https://ico.org.uk/for-organisations/guide-to-eidas/enforcement/
Lets take some proper steps. You can't pass the liability on to your spouse to start a new business if you've been hung, drawn and quartered.
Not if you could kindly get the bastards who phone me to tell me I've been in an accident and put them in a gibbet cage until their bones decompose.
Whack-a-mole is the game, phone spamming is the name.
Anything coming from 0843 is a spammer. ICO get a clue bag!
We at work have gotten particularly good at winding up Microsoft Support that calls in our office. Current record is more than 12 mins feeding them utterly random twaddle before they melt, curse and hang up.
You've obviously not looked too far into the business practises of many takeaways in village and town centres then? They all play the same game, in their case the public gets food poisoning/rats &/or roaches in shop then it is summarily closed down. Their wife/son/daughter/brother/etc. etc. then opens a "new place" in the exact same location.
And the conveyor of these had no clue at all that something was fishy? Shouldn't the phone companies have some sort of hang on they've 5 employees and 300K calls a piece per day that's not right safeguards?
Aren't there laws against conveying unlawful articles? Go after the companies that (still) have money!
OK, here's this once again:
1. Allocate a number such as 1476 (nicely away from miskeying 1471.
2. Dial that after the nuisance call.
3. Until a threshold of reports has been reached your telco holds a record of your report.
4. Once the threshold has been reached your telco credits your account with a few, say £1 for each call or £2 if you're registered with TPS.
5. The telco charges whoever originated the call to them and adds a handling charge. If it's the actual caller it goes straight on their bill, if not it's up to the telco who forwarded to yours to keep records and charge their source, along with their handling charge.
6. If some telco along the line didn't keep track they're on the hook and won't be doing it again.
7. The telcos are given notice to prepare for all this.
8. The telcos realise there'll be upfront costs plus even if they don't kill the practice stone dead with credit control to protect themselves the costs will kill the rogue-calling industry and their upfront costs won't e recouped in handling charges.
9. The telcos suddenly discover previously unknown ways to stop the problem at source so there's no need to incur those costs.
Requires only will on the part of government to empower the regulator.
Nice idea, but might possibly fall foul of some technical difficulties for a bit. Particularly IP telephony where you can set your own CLI. In practice, it would be nice if global telcos would enforce this, but it would basically result in these spammers running their operations out of whichever country lets them get away with it until either the country gets blacklisted from anyone making calls internationally, or implements modern products. Additionally, will probably have to do something about false reports, too.
See points 6* and 3 respectively.
* No matter whether it's spoofed or not the originator's telco knows the originator and if a telco is passing on a call that originated elsewhere it still knows the telco it got it from. They need that for billing. They'd have a problem if they were obfuscating the origins of the calls in which case they'd be - deservedly - on the hook themselves.
In the USA version of the anti-junk call legislation it is.
UK protection against these calls and right of redress are amongst the worst in the world.
The TCPA explicitly criminalised calling lines tied to emergency services, medical establishments(hospitals) or military authorities _OR_ interfering with any public safety service
It also criminalised spoofing.
The reason it WORKED was because it enshrines the right of private action in small claims courts along with statutory _per-call_ damages that are tripled for wilful violations - along with holding both the spammer AND the hiring company jointly and severally liable.
So if you got a call from "Jim Bob's double glazing" you'd file a claim against them with a demand to disclose who they hired, otherwise the oiffence moves to wilful territory - meaning that Jim Bob, facing a few dozen of these would give up the telemarketer to save going bankrupt.
At the time it was characterised by the FTC as giving junk fax and nuisance telemarketers the death of 1 million papercuts - and whilst it's only been slightly undermined by judges refusing to hear cases(*), every time that gets bounced to a higher court a ruling comes down HARD against the judge concerned and awards court costs to the plaintiff (meaning Jim Bob now finds he's got a $200k bill instead of a $500 one), the effect in the first few years was dramatic - spamming and junkfaxing stopped being an exploding cottage industry and the only players left were the criminal enterprises like fax.com (who were eventually taken down by the FTC and FBI)
(*) on the basis it would hurt the business - which is the intent of the law and the higher court judges have made that excruciatingly clear in their rulings - along with the sentiment that they did not want to see anything like this kicked up to them again or heads would roll.
As I understand it in civil law decisions are based on the balance of probabilities.
Well I have no track record of harassing people with multiple calls. They do. And as company directors their protection is solely limited if the company articles of incorporation are clearly and specifically followed. Having checked with companies house there seems to be no exception to UK Law as one of the articles. So if the scheming scumbag shites who woke me up when I had severe mental health issues (I was seriously pissed off with then waking me up in an acute state of depression due to psoriatic arthritis) are not exempt then the limited liability does not protect them.
All that stuff about having to have clean hands etc.
Now of course if they can show there were worst people than them then I would, being a decent sort of chappie merely hire a couple of large Glaswegians (possibly Sikhs as I met some of them as gentlemen who enforced (legally) about 30 years ago and they scared the shit out of me, whilst also being quite inexpensive), to go and remonstrate with them in the nicest possible way.
Otherwise, should they fail to provide an adequate defence then no doubt my small claims court case would be proven and then I would....
See antepenultimate paragraph for enforcement modality.
PS, does anyone have an address to send the summons to?
"Having checked with companies house there seems to be no exception to UK Law as one of the articles."
The Companies Act has a section of on directors' duties. I can't remember the exact wording on fiduciary duties but it makes reference to Common Law. Presumably a director causing or allowing the company to do something contrary to Common Law would be failing in this duty. There is also a concept in law of "piercing the corporate vei"l which seems intended specifically to prevent the hiding of criminal acts behind a limited company; otherwise you'd have every thief in the land incorporating and trying to pass off their thefts as those of the company.
"the carriers who sell service to these jerks are hit with massive fines"
What's needed is what happened in the USA - so called "pink contracts" to leak out showing that the Telcos KNOW what's going on and allow it anyway.
Once the AT&T pink contracts got out into public sight is when the crackdown on rogue ISPs and Telcos really got into gear in the early 2000s
https://www.cnet.com/news/at-t-admits-spam-offense-after-contract-exposed/
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
