back to article Add it to the tab: ICO fines another spammer as unpaid bills mount

London-based finance company Nouveau Finance been fined £70,000 (US$85,752, A$112,391) for hiring a spamming marketing company that sent UK residents some 2.2 million illegal SMS messages. 92 battered Britons complained to the Information Commissioner's Office (ICO) which handed down the fine on Monday. The loan broker, based …

Silver badge

The law is there for a reason, it’s to stop companies inundating people with unwanted messages

And as long as people can close down old companies and spin up new ones easily the law is pretty pointless. Maybe it should target the people running the companies instead?

16
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

Maybe it should target the people running the companies instead?

Of course they should. If they do it once they might get away with an "I didn't realise" defence, and a fine.

Anyone who starts a second company to do the same thing after having been fined the first time should go straight to jail, with all their assets seized to pay the previous fine.

3
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

It would be nice, but the issue is that the companies are set up as limited companies, which protects the shareholders against such things as fines against the company. Break that and limited companies lose a lot of value (and become non-limited). Something else needs to be done

3
0
Silver badge
Go

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

Just a suggestion - Anyone involved in liquidating a company with outstanding fines is forbidden from holding directorship of another company for 10 years? I would also suggest them being forbidden from holding a senior management position for 10 years but I doubt that's enforceable.

10
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

I was under the impression that directors of a Limited Company do not enjoy unlimited immunity - as in, they can be held personally liable for activities undertaken "on their watch". Surely engaging in known illegal activities, especially for repeat offenders, would lift the veil of immunity ?

Anyone up on company law around here ?

4
0

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

It'd also help if domestic phone users were enabled to set up whitelists, so that any number not in their whitelist could not reach them. <cynci>Heaven forbid anything should get in the way of marketing though!

</cynic>

2
0

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

>Something else needs to be done

I'm thinking a baseball bat. With nails in it.

3
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

protects the shareholders against such things as fines against the company.

Limited companies protect the personal assets of the directors and shareholders from being seized to repay debts, but the courts can set aside the protected status of directors who knowingly indulge in fradulent or wrongful trading.

6
0
Thumb Up

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

My folks already have some kind of whitelist system. Known numbers get straight through and ring as normal. Unknown get diverted to a message asking who they are, and if the caller responds the system rings the landline, announces who is calling, then they have the option to accept, reject etc. If the caller doesn't respond the landline never even rings. Apparently zero marketing calls now get through. Think it's a paid service, might even be bt... Works well for them anyway.

0
0
Anonymous Coward

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

"Maybe it should target the people running the companies instead?"

Yes. From Spring 2017, the directors can get a £500,000 personal fine:

https://www.gov.uk/government/news/government-clamps-down-on-nuisance-call-crooks

3
0

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

@Esme

You can with the right phone system (it's what I did in the end). It is also possible at the switch, but the tel-co's make money by connecting calls and they won't get paid if they block the call, hence they only do so under court order, and they don't admit to it if they can plausibly deny they can do so.

0
0
Anonymous Coward

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

Not really an option when the NHS uses non-geographical numbers to call people and can be indistinguishable from marketing calls (until you pick up).

0
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

Then put pressure on the NHS. They have no reason to behave like spammers.

4
0
hmv

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

There is such a thing as a third-party costs order (which could force the directors to pay instead of the company) which is normally only granted where a limited company is only formed to pursue a court case. However it would seem to be worth trying in this case.

(IANL)

1
0

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

Got that. It's called BT Guardian, and runs on the phone handset, so no ongoing cost (aside from needing CallerID).

Unrecognised and withheld numbers get a mandatory whisper announce, numbers in the address book get straight through. So far it has blocked 100% of spam calls - the automated ones detect it as an answerphone, and the manual ones move on to an easier target.

It's a really simple fix. Takes a bit of time to enter all your numbers manually.

0
0
WTF?

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

@PatientOne.

"but the tel-co's make money by connecting calls and they won't get paid if they block the call, hence they only do so under court order, "

Utter bollocks.

TalkTalk alone are already blocking 70 million a month and BT are gearing up a service to block a 25 million a WEEK!

0
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

I'm thinking a baseball bat. With nails in it.

I see you've met Lucille.

0
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

"Maybe it should target the people running the companies instead?"

maybe it should hold the spammer AND THE COMPANY WHICH HIRED THEM jointly and severally liable.

I'm currently getting spam for Greenpeace UK, Debenhams and M&S, amongst others.

0
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

" but the issue is that the companies are set up as limited companies, which protects the shareholders against such things as fines against the company."

Shareholders: yes

Directors: NO, absolutely not.

0
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

"It'd also help if domestic phone users were enabled to set up whitelists,"

Which will result in addressbook snatching and forged callerID using entries from the addressbook, as has been happening for many years when targetting mobiles.

A few of these spammy directors need to be found face down at their desks with the back of their skull missing.

0
0
Silver badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

"It is also possible at the switch, but the tel-co's make money by connecting calls and they won't get paid if they block the call"

The vast majority of these calls are being injected with fraudulent routing information (different to forged caller-ID), so they don't get paid at all, or end up in billing disputes with telcos who didn't originate the calls.

This is why some of the mobile companies have started filtering such calls.

0
0
Bronze badge

Re: The law is there for a reason, it’s to stop companies inundating people with unwanted messages

Limited companies should not be a "get out of jail free" card. They should be required to obey the law. If they fail to do so, the directors should be jointly and severally liable for any punishment, up to, and including, "life imprisonment without parole". The shareholders, other than directors, do not need to lose their liability, unless it can be shown that they were involved in the illegal activities - eg representatives of institutional shareholders inciting mass fraud.

And the plea of "not guilty by reason of corporate insanity" is not valid (despite statements to me personally by a British gas employee). Although I accept that there is "corporate insanity" (not just at British Gas), I don't accept that it should be a defence in law - it probably ought to be a crime in itself.

1
0
Anonymous Coward

The ICO is toothless

it is as if they are trying to do a no 1 facing into the wind in a Force 8 gale.

Until they start raiding the directors homes and removing everything (even if it is the the wife's name) to pay these fines nothing will change.

I was deluged by texts and calls from one of these ******* outfits.

I changed my phone number and less than two weeks later they were back using my name on the new number. The thing is that I had not given that new number out to more than 10 people and none of them would have passed it on. How did they get my new number then? Perhaps there is a sideline in the Telco's where they sell newly activated numbers and the details for the contents of brown envelopes?

3
1

Re: The ICO is toothless

"How did they get my new number then? "

By generating lots of random numbers until one hits? They know the ranges of valid numbers and could easily just do things randomly.

3
1
Silver badge

Re: The ICO is toothless

Until they start raiding the directors homes and removing everything (even if it is the the wife's name) to pay these fines nothing will change.

At the risk of stating the bleedin' obvious, the ICO don't have any such powers. You're talking about setting them up with an enforcement unit with police-like powers to forcibly enter people's homes. As a society we are fairly strict about who we grant those sorts of powers, for very good and obvious reasons.

Banning them from being company directors would work, I should think. Then they have to cycle through their spouse, children, parents, siblings etc as front people for the next burner outfit they set up...

6
0
Anonymous Coward

Re: The ICO is toothless

The thing is that I had not given that new number out to more than 10 people and none of them would have passed it on. How did they get my new number then?

1 - random diallers reselling their list of hits

2 - buying lists from app suppliers

3 - raiding other people's online phonebooks

4 - a-social media disclosure of contact details (LinkedIn, Facebook)

I doubt they are targeting you specifically - you probably have a number that is in a targeted range right now.

Personally I think organisations like the ICO should be given investigative powers so they can unearth the actual numbers behind calls including "number withheld" because the bastards never identify themselves properly (the trick is to string them along until they think they have a sale - at that point they will need to provide some detail to get payment - of course, never use a credit card over the phone). Ditto for SMS, but that's harder because they can use PAYG and for some strange convenient reason, phone companies only seem to able to take the money but not perform any rate limiting or filtering against TPS..

As for company washing - turn this into a criminal offence that establishes personal liability so they can not hide behind company changes to keep the scam up, and mandate they have to publish the details of every means of communication they have - every landline, mobile number and email address - for the next 5 years.

4
0
Silver badge

Re: The ICO is toothless

The poster said that they were calling them and addressing them by name. That removed the 'random' call option.

anyone who calls me with an invalid or 'number withheld' gets blocked.

Sadly the local NHS Trust hospitals have started calling you with 'Number withheld'.

The Trust CEO said that it was for data protection issues. Who's data protection?

2
0
Silver badge
Trollface

Re: The ICO is toothless

You're talking about setting them up with an enforcement unit with police-like powers to forcibly enter people's homes. As a society we are fairly strict about who we grant those sorts of powers, for very good and obvious reasons.

Yep, that sort of stuff is for piracy rings (where ring >= 2).

1
0

Re: The ICO is toothless

"I changed my phone number and less than two weeks later they were back using my name on the new number."

Obvious questions: Did you have your new number unlisted? If not - they used the phone book.

If the number is unlisted, have you phoned a company from that number without withholding it? Or has anyone else? If so, they know who you are and could have retained the number.

If you haven't, have you registered the number anywhere against your name? This includes banks. If so, then someone traded your number.

When you answer the phone (or anyone at that address for that matter including a telephone answering machine message) do you announce who you are? If so, they could be random number dialing and recorded the name given when you, someone else, or the answering machine gave it. They might even have asked (possibly in response to a demand to remove your number from their system).

The moment one company has your name and number, they'll share/sell it on and then you'll get more calls, all claiming they're allowed to call.

If you've done none of the above then they shouldn't have your name againt that number at which point I'd refer it to your Tel-Co to explain. But be absolutely certain you've not fallen foul or slipped up even once with the above as your Tel-co will insist you must have.

However, if it was the Tel-co who gave out your details, it could have been under the pretense that the company was running a poll on behalf of the government and so was allowed even unlisted numbers. This is the excuse I had from one company who got my unlisted number. They were lying, of cause: I followed up with enquries of my own (aka a FoI to the relivant department on telephone polls they had commissioned in the last few years - their reply was they hadn't and wouldn't run such a poll). Cue one more complaint to OfTel.

0
0

Re: The ICO is toothless

A lot of them do just run the number range for that exchange. Unpublished test lines get spam calls as well.

0
0
Anonymous Coward

Re: The ICO is toothless

I assumed they were doing that to save money (voip with an exit gateway) and prevent people calling them back.

0
0
Silver badge

Re: The ICO is toothless

"Perhaps there is a sideline in the Telco's where they sell newly activated numbers and the details for the contents of brown envelopes?"

It's already been proven to have happened.

0
0

How is this still a thing?

Liquidating the company shouldn't matter... there's already a process to take the proceeds of crime from criminals.

mjcp

3
0
Silver badge

Just a guess, but -- something to do with it being civil, rather than criminal, law? Breach of the DPA probably isn't necessarily against the criminal law.

3
0

Civil law

... and there you have the real problem - and a solution, too: Make data protection violations a criminal offence.

When you're just fining the company, and - like in many cases in the past - the fine just makes up a fraction of the total cost of the spamming operation - nothing will change. That is called a tax, and not a fine.

Increasing the fines won't change anything either: if the fine is too high, the company owners will just fold up their chairs, print out a "Sorry, we're closed" sign for the door, and rent another office for their next operation.

Don't go after the company, go after the individuals (CEO, directors, whatever.)

2
0
Silver badge
Go

Go after the lawyers as well...

Might I also suggest that the lawyers involved in liquidating these companies and then setting up new ones should be disbarred for aiding and abetting a crime.

Trust me, do that a couple of times and this will stop VERY sharpish. Whilst it might seem like the first thing on any lawyers mind is to slurp up as much cash as possible in any situation, this is actually the second thing. The first is to make sure they wont get debarred for any action they do, basically so that the second thing on their mind (slurping up as much cash as possible) will be able to continue...

3
1
Silver badge

Re: Go after the lawyers as well...

"Might I also suggest that the lawyers involved in liquidating these companies and then setting up new ones should be disbarred for aiding and abetting a crime."

I doubt it requires a lawyer.

1
0
Silver badge
Go

Re: Go after the lawyers as well...

Actually it does. To set up any small business, the easiest way is to buy an "off the shelf" company, set up by a lawyer. The lawyer is supposed to do due diligence to ensure that the person buying it is on the level and not setting it up in order to perform illegal activities. Whilst it is possible to set up your own company, it is hugely more expensive and difficult (and I think still needs a lawyer involved at various stages). Since the bastards behind these things will almost certainly be going the easier way, the lawyer who doesn't do the due diligence should get it in the neck.

I've never been involved in liquidating a firm, but I can pretty much guarantee that would also need a lawyer involved. Rather heavily I imagine...

0
0
Silver badge

Re: Go after the lawyers as well...

To set up any small business, the easiest way is to buy an "off the shelf" company, set up by a lawyer.

Whilst it is possible to set up your own company, it is hugely more expensive and difficult (and I think still needs a lawyer involved at various stages).

That's way out of date. It used to be the case about 30+ years ago. These days you can trivially set up a company online with just a single director (who's also the company secretary) without a lawyer being involved. To quote from the gov.uk site:

"It usually takes 24 hours and costs £12 (paid by debit or credit card or PayPal account)."

You couldn't get a a lawyer to fart for that little.

2
0
Silver badge
Childcatcher

Re: Go after the lawyers as well...

That's a very dangerous precedent to be setting.

Our legal system REQUIRES lawyers to act for those alleged to have committed a crime, and while there are lawyers who are profiteering from unscrupulous activities I'd hate to see our system go back to the days where you didn't get a lawyer if you couldn't afford one.

OK, so perhaps the activities are different, but don't forget the lawyers are simply working within the law as it's written today. Perhaps it is the law that needs changed on liquidating companies rather than chasing those who execute it.

0
0
Silver badge

Re: Go after the lawyers as well...

" To set up any small business, the easiest way is to buy an "off the shelf" company, set up by a lawyer."

When I bought mine it was from an accountant. (An aside: one of the alternatives offered was one letter away from being the name of a then well-known database. It didn't seem like a good choice.)

0
0
Silver badge

Re: Go after the lawyers as well...

"To set up any small business, the easiest way is to buy an "off the shelf" company, set up by a lawyer."

1: Most are setup by accountants.

2: Filing the paperwork yourself is trivial but takes a few days to activate and involves standing in an office. Tthe only advantage to an off-the-shelf is that it's available instantly.

3: If you're burning through companmies as fast as these scammers are, there's a good chance they've built up a stock of names already OR haven't even bothered registering the trading names they use.

0
0
Silver badge
Thumb Up

Re: Go after the lawyers as well...

OK thanks for all the updates everyone, I guess my info was way out of date. :)

I'd still be suprised if you didnt need a lawyer to liquidate a company, but I had no idea it was now so easy to set up a company. 12 quid? Bugger me...

0
0
Silver badge

I still think my idea was the best.

Take a number in the 147x range. If the caller dials that immediately after a call their telecoms provider credits their account with a couple of quid as a fee for taking the call (a tenner if they were TPS registered) and adds that, plus their own handling charges to the caller's bill. If the call originated from another provider they charge that provider who can then add their own handling charge and bill the caller. Extend as required until it gets onto the caller's bill or a provider who was stupid enough to accept traffic from elsewhere without having the required arrangements in place.

Yes, it would require sufficient calls to be reported against a caller to activate it, both to avoid fat finger errors and to deal with someone who decides to try to collect from all incoming calls, however innocent.

And yes, telecoms companies do know the origin of calls with fake CLI - how do you think they bill them? Come to think of it, double the payout for a call with a faked CLI.

Telecoms companies would start being more careful about who gets to set up accounts, otherwise they'd end up with a lot of unpaid bills. They'd also be faced with the up-front costs of putting the arrangement into place although the costs would be recovered through the handling charges. The consequences, of course, would be that the scourge would disappear very quickly and the telecoms companies would end up with being unable to recover those costs. However if this scheme was presented to them as a potential Transaction Handling Reimbursment in Event of Abuse of Telecoms scheme I'm quite sure they'd quickly come up with an effective alternative means of stamping out the whole thing.

4
0

While I like your idea of the fines, all that the companies will do is cycle through faked CLI's to avoid triggering the fine. This is made worse by it not being possible to trace all faked or temporary CLI's. Yes, you'd get to the company that provides the CLI number used, but they would argue they are not responsible for their users use of the system resulting in quite an interesting court case (which I think is needed anyway).

Basically, it comes down to this: Someone making nuicanse calls v someone making an anonymous call. Considering why someone might be doing the latter: There's a case for protecting the caller from being identified, even if most users are abusing the system to avoid a fine.

0
0
Silver badge

"This is made worse by it not being possible to trace all faked or temporary CLI's"

How do you think telecoms companies bill the calls? If it originates on their system they know who made the call. If it didn't originate on their system they know who put it through and bill them. Telecoms companies have someone to bill, if they didn't they'd be out of business.

0
0
Silver badge

"If the call originated from another provider they charge that provider who can then add their own handling charge and bill the caller."

Except that calling data is frequently fraudulent and there is _no_ originating telco to charge.

One way of handling this is to make phone call routing fraud and caller-id falsification a serious criminal offence and then go after the directors for that.

Or simply enact a right of personal action and statutory £500 damages PER CALL - USA TCPA style - with triple damages for wilful violations (such as hitting TPS-registered numbers).

The death of a million paper cuts will take care of the rest.

0
0
Silver badge

It still works when there's no originating telco

The charges get passed up the chain until one of the following happens:

A) They reach the originating telco, who is charged and can charge their customer.

B) They reach a telco who can't prove that they got the call from another telco. That telco is then charged. Loser-pays civil court action can be taken if a telco denies they carried the call.

C) The chain becomes a circular loop with no telco at the end. This obviously makes the total charge infinite, and so to avoid this bankrupting all telcos involved, they instead pay a fine to OfCom of the total charge accumulated at the point where the loop occurred.

This then puts a direct commercial risk on all telcos to keep good and accurate records and to avoid doing business with spammers.

1
0
Anonymous Coward

"caller-id falsification a serious criminal offence and then go after the directors for that."

We legitimately fake the CLI of about 10,000 calls a day.

We operate contact centres for many large companies, they own the number we send, but it is redirected to us. However we have to jump through a load of hoops with our carrier to do this, and many of the UK ones are also similar, we simply cannot send one without the carrier allowing ti through.

You have 3 main issues:

1. Spoofed CLI's. Often these are originating from abroad and / or VoIP services. The issue you have is rapid changes. They spoof a number for a short period. The telco's clamp down and they simply move on. Many here are saying they can trace for billing purposes, but all a UK Telco does is bill the Telco it comes from and if a Telco in nation B is happy to handle those calls and pick up the charges and pass them onto the spammer, not much you can do, other than block the carrier, but then you have real issues.

2. Many now use mobile numbers. Take hundreds of PAYG SIMs, load them with credit, often using stolen credentials, or simply cash, then sitck them in a SIP to GSM gateway and fire away. As the SIMs get blocked, move onto another batch.

3. Withheld numbers. There isn't actually such a thing, it simply a flag that says please don't send my number. The carrier see the issues are similar to point 1. In the UK there are banned these for companies in the UK.

https://www.gov.uk/government/news/cold-callers-to-be-forced-to-display-phone-numbers-under-new-government-plans

0
0
Silver badge

Just cut their testicles off.

1
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018