Add it to the tab: ICO fines another spammer as unpaid bills mount London-based finance company Nouveau Finance been fined £70,000 (US$85,752, A$112,391) for hiring a spamming marketing company that sent UK residents some 2.2 million illegal SMS messages. 92 battered Britons complained to the Information Commissioner's Office (ICO) which handed down the fine on Monday. The loan broker, based …
Maybe it should target the people running the companies instead?
Of course they should. If they do it once they might get away with an "I didn't realise" defence, and a fine.
Anyone who starts a second company to do the same thing after having been fined the first time should go straight to jail, with all their assets seized to pay the previous fine.
It would be nice, but the issue is that the companies are set up as limited companies, which protects the shareholders against such things as fines against the company. Break that and limited companies lose a lot of value (and become non-limited). Something else needs to be done
Just a suggestion - Anyone involved in liquidating a company with outstanding fines is forbidden from holding directorship of another company for 10 years? I would also suggest them being forbidden from holding a senior management position for 10 years but I doubt that's enforceable.
I was under the impression that directors of a Limited Company do not enjoy unlimited immunity - as in, they can be held personally liable for activities undertaken "on their watch". Surely engaging in known illegal activities, especially for repeat offenders, would lift the veil of immunity ?
Anyone up on company law around here ?
There is such a thing as a third-party costs order (which could force the directors to pay instead of the company) which is normally only granted where a limited company is only formed to pursue a court case. However it would seem to be worth trying in this case.
(IANL)
protects the shareholders against such things as fines against the company.
Limited companies protect the personal assets of the directors and shareholders from being seized to repay debts, but the courts can set aside the protected status of directors who knowingly indulge in fradulent or wrongful trading.
" but the issue is that the companies are set up as limited companies, which protects the shareholders against such things as fines against the company."
Shareholders: yes
Directors: NO, absolutely not.
Limited companies should not be a "get out of jail free" card. They should be required to obey the law. If they fail to do so, the directors should be jointly and severally liable for any punishment, up to, and including, "life imprisonment without parole". The shareholders, other than directors, do not need to lose their liability, unless it can be shown that they were involved in the illegal activities - eg representatives of institutional shareholders inciting mass fraud.
And the plea of "not guilty by reason of corporate insanity" is not valid (despite statements to me personally by a British gas employee). Although I accept that there is "corporate insanity" (not just at British Gas), I don't accept that it should be a defence in law - it probably ought to be a crime in itself.
It'd also help if domestic phone users were enabled to set up whitelists, so that any number not in their whitelist could not reach them. <cynci>Heaven forbid anything should get in the way of marketing though!
</cynic>
My folks already have some kind of whitelist system. Known numbers get straight through and ring as normal. Unknown get diverted to a message asking who they are, and if the caller responds the system rings the landline, announces who is calling, then they have the option to accept, reject etc. If the caller doesn't respond the landline never even rings. Apparently zero marketing calls now get through. Think it's a paid service, might even be bt... Works well for them anyway.
Got that. It's called BT Guardian, and runs on the phone handset, so no ongoing cost (aside from needing CallerID).
Unrecognised and withheld numbers get a mandatory whisper announce, numbers in the address book get straight through. So far it has blocked 100% of spam calls - the automated ones detect it as an answerphone, and the manual ones move on to an easier target.
It's a really simple fix. Takes a bit of time to enter all your numbers manually.
@Esme
You can with the right phone system (it's what I did in the end). It is also possible at the switch, but the tel-co's make money by connecting calls and they won't get paid if they block the call, hence they only do so under court order, and they don't admit to it if they can plausibly deny they can do so.
@PatientOne.
"but the tel-co's make money by connecting calls and they won't get paid if they block the call, hence they only do so under court order, "
Utter bollocks.
TalkTalk alone are already blocking 70 million a month and BT are gearing up a service to block a 25 million a WEEK!
"It is also possible at the switch, but the tel-co's make money by connecting calls and they won't get paid if they block the call"
The vast majority of these calls are being injected with fraudulent routing information (different to forged caller-ID), so they don't get paid at all, or end up in billing disputes with telcos who didn't originate the calls.
This is why some of the mobile companies have started filtering such calls.
"It'd also help if domestic phone users were enabled to set up whitelists,"
Which will result in addressbook snatching and forged callerID using entries from the addressbook, as has been happening for many years when targetting mobiles.
A few of these spammy directors need to be found face down at their desks with the back of their skull missing.
"Maybe it should target the people running the companies instead?"
Yes. From Spring 2017, the directors can get a £500,000 personal fine:
https://www.gov.uk/government/news/government-clamps-down-on-nuisance-call-crooks
"Maybe it should target the people running the companies instead?"
maybe it should hold the spammer AND THE COMPANY WHICH HIRED THEM jointly and severally liable.
I'm currently getting spam for Greenpeace UK, Debenhams and M&S, amongst others.
it is as if they are trying to do a no 1 facing into the wind in a Force 8 gale.
Until they start raiding the directors homes and removing everything (even if it is the the wife's name) to pay these fines nothing will change.
I was deluged by texts and calls from one of these ******* outfits.
I changed my phone number and less than two weeks later they were back using my name on the new number. The thing is that I had not given that new number out to more than 10 people and none of them would have passed it on. How did they get my new number then? Perhaps there is a sideline in the Telco's where they sell newly activated numbers and the details for the contents of brown envelopes?
The poster said that they were calling them and addressing them by name. That removed the 'random' call option.
anyone who calls me with an invalid or 'number withheld' gets blocked.
Sadly the local NHS Trust hospitals have started calling you with 'Number withheld'.
The Trust CEO said that it was for data protection issues. Who's data protection?
Until they start raiding the directors homes and removing everything (even if it is the the wife's name) to pay these fines nothing will change.
At the risk of stating the bleedin' obvious, the ICO don't have any such powers. You're talking about setting them up with an enforcement unit with police-like powers to forcibly enter people's homes. As a society we are fairly strict about who we grant those sorts of powers, for very good and obvious reasons.
Banning them from being company directors would work, I should think. Then they have to cycle through their spouse, children, parents, siblings etc as front people for the next burner outfit they set up...
You're talking about setting them up with an enforcement unit with police-like powers to forcibly enter people's homes. As a society we are fairly strict about who we grant those sorts of powers, for very good and obvious reasons.
Yep, that sort of stuff is for piracy rings (where ring >= 2).
The thing is that I had not given that new number out to more than 10 people and none of them would have passed it on. How did they get my new number then?
1 - random diallers reselling their list of hits
2 - buying lists from app suppliers
3 - raiding other people's online phonebooks
4 - a-social media disclosure of contact details (LinkedIn, Facebook)
I doubt they are targeting you specifically - you probably have a number that is in a targeted range right now.
Personally I think organisations like the ICO should be given investigative powers so they can unearth the actual numbers behind calls including "number withheld" because the bastards never identify themselves properly (the trick is to string them along until they think they have a sale - at that point they will need to provide some detail to get payment - of course, never use a credit card over the phone). Ditto for SMS, but that's harder because they can use PAYG and for some strange convenient reason, phone companies only seem to able to take the money but not perform any rate limiting or filtering against TPS..
As for company washing - turn this into a criminal offence that establishes personal liability so they can not hide behind company changes to keep the scam up, and mandate they have to publish the details of every means of communication they have - every landline, mobile number and email address - for the next 5 years.
"I changed my phone number and less than two weeks later they were back using my name on the new number."
Obvious questions: Did you have your new number unlisted? If not - they used the phone book.
If the number is unlisted, have you phoned a company from that number without withholding it? Or has anyone else? If so, they know who you are and could have retained the number.
If you haven't, have you registered the number anywhere against your name? This includes banks. If so, then someone traded your number.
When you answer the phone (or anyone at that address for that matter including a telephone answering machine message) do you announce who you are? If so, they could be random number dialing and recorded the name given when you, someone else, or the answering machine gave it. They might even have asked (possibly in response to a demand to remove your number from their system).
The moment one company has your name and number, they'll share/sell it on and then you'll get more calls, all claiming they're allowed to call.
If you've done none of the above then they shouldn't have your name againt that number at which point I'd refer it to your Tel-Co to explain. But be absolutely certain you've not fallen foul or slipped up even once with the above as your Tel-co will insist you must have.
However, if it was the Tel-co who gave out your details, it could have been under the pretense that the company was running a poll on behalf of the government and so was allowed even unlisted numbers. This is the excuse I had from one company who got my unlisted number. They were lying, of cause: I followed up with enquries of my own (aka a FoI to the relivant department on telephone polls they had commissioned in the last few years - their reply was they hadn't and wouldn't run such a poll). Cue one more complaint to OfTel.
... and there you have the real problem - and a solution, too: Make data protection violations a criminal offence.
When you're just fining the company, and - like in many cases in the past - the fine just makes up a fraction of the total cost of the spamming operation - nothing will change. That is called a tax, and not a fine.
Increasing the fines won't change anything either: if the fine is too high, the company owners will just fold up their chairs, print out a "Sorry, we're closed" sign for the door, and rent another office for their next operation.
Don't go after the company, go after the individuals (CEO, directors, whatever.)
Might I also suggest that the lawyers involved in liquidating these companies and then setting up new ones should be disbarred for aiding and abetting a crime.
Trust me, do that a couple of times and this will stop VERY sharpish. Whilst it might seem like the first thing on any lawyers mind is to slurp up as much cash as possible in any situation, this is actually the second thing. The first is to make sure they wont get debarred for any action they do, basically so that the second thing on their mind (slurping up as much cash as possible) will be able to continue...
Actually it does. To set up any small business, the easiest way is to buy an "off the shelf" company, set up by a lawyer. The lawyer is supposed to do due diligence to ensure that the person buying it is on the level and not setting it up in order to perform illegal activities. Whilst it is possible to set up your own company, it is hugely more expensive and difficult (and I think still needs a lawyer involved at various stages). Since the bastards behind these things will almost certainly be going the easier way, the lawyer who doesn't do the due diligence should get it in the neck.
I've never been involved in liquidating a firm, but I can pretty much guarantee that would also need a lawyer involved. Rather heavily I imagine...
To set up any small business, the easiest way is to buy an "off the shelf" company, set up by a lawyer.
Whilst it is possible to set up your own company, it is hugely more expensive and difficult (and I think still needs a lawyer involved at various stages).
That's way out of date. It used to be the case about 30+ years ago. These days you can trivially set up a company online with just a single director (who's also the company secretary) without a lawyer being involved. To quote from the gov.uk site:
"It usually takes 24 hours and costs £12 (paid by debit or credit card or PayPal account)."
You couldn't get a a lawyer to fart for that little.
" To set up any small business, the easiest way is to buy an "off the shelf" company, set up by a lawyer."
When I bought mine it was from an accountant. (An aside: one of the alternatives offered was one letter away from being the name of a then well-known database. It didn't seem like a good choice.)
"To set up any small business, the easiest way is to buy an "off the shelf" company, set up by a lawyer."
1: Most are setup by accountants.
2: Filing the paperwork yourself is trivial but takes a few days to activate and involves standing in an office. Tthe only advantage to an off-the-shelf is that it's available instantly.
3: If you're burning through companmies as fast as these scammers are, there's a good chance they've built up a stock of names already OR haven't even bothered registering the trading names they use.
That's a very dangerous precedent to be setting.
Our legal system REQUIRES lawyers to act for those alleged to have committed a crime, and while there are lawyers who are profiteering from unscrupulous activities I'd hate to see our system go back to the days where you didn't get a lawyer if you couldn't afford one.
OK, so perhaps the activities are different, but don't forget the lawyers are simply working within the law as it's written today. Perhaps it is the law that needs changed on liquidating companies rather than chasing those who execute it.
I still think my idea was the best.
Take a number in the 147x range. If the caller dials that immediately after a call their telecoms provider credits their account with a couple of quid as a fee for taking the call (a tenner if they were TPS registered) and adds that, plus their own handling charges to the caller's bill. If the call originated from another provider they charge that provider who can then add their own handling charge and bill the caller. Extend as required until it gets onto the caller's bill or a provider who was stupid enough to accept traffic from elsewhere without having the required arrangements in place.
Yes, it would require sufficient calls to be reported against a caller to activate it, both to avoid fat finger errors and to deal with someone who decides to try to collect from all incoming calls, however innocent.
And yes, telecoms companies do know the origin of calls with fake CLI - how do you think they bill them? Come to think of it, double the payout for a call with a faked CLI.
Telecoms companies would start being more careful about who gets to set up accounts, otherwise they'd end up with a lot of unpaid bills. They'd also be faced with the up-front costs of putting the arrangement into place although the costs would be recovered through the handling charges. The consequences, of course, would be that the scourge would disappear very quickly and the telecoms companies would end up with being unable to recover those costs. However if this scheme was presented to them as a potential Transaction Handling Reimbursment in Event of Abuse of Telecoms scheme I'm quite sure they'd quickly come up with an effective alternative means of stamping out the whole thing.
While I like your idea of the fines, all that the companies will do is cycle through faked CLI's to avoid triggering the fine. This is made worse by it not being possible to trace all faked or temporary CLI's. Yes, you'd get to the company that provides the CLI number used, but they would argue they are not responsible for their users use of the system resulting in quite an interesting court case (which I think is needed anyway).
Basically, it comes down to this: Someone making nuicanse calls v someone making an anonymous call. Considering why someone might be doing the latter: There's a case for protecting the caller from being identified, even if most users are abusing the system to avoid a fine.
"This is made worse by it not being possible to trace all faked or temporary CLI's"
How do you think telecoms companies bill the calls? If it originates on their system they know who made the call. If it didn't originate on their system they know who put it through and bill them. Telecoms companies have someone to bill, if they didn't they'd be out of business.
"If the call originated from another provider they charge that provider who can then add their own handling charge and bill the caller."
Except that calling data is frequently fraudulent and there is _no_ originating telco to charge.
One way of handling this is to make phone call routing fraud and caller-id falsification a serious criminal offence and then go after the directors for that.
Or simply enact a right of personal action and statutory £500 damages PER CALL - USA TCPA style - with triple damages for wilful violations (such as hitting TPS-registered numbers).
The death of a million paper cuts will take care of the rest.
The charges get passed up the chain until one of the following happens:
A) They reach the originating telco, who is charged and can charge their customer.
B) They reach a telco who can't prove that they got the call from another telco. That telco is then charged. Loser-pays civil court action can be taken if a telco denies they carried the call.
C) The chain becomes a circular loop with no telco at the end. This obviously makes the total charge infinite, and so to avoid this bankrupting all telcos involved, they instead pay a fine to OfCom of the total charge accumulated at the point where the loop occurred.
This then puts a direct commercial risk on all telcos to keep good and accurate records and to avoid doing business with spammers.
"caller-id falsification a serious criminal offence and then go after the directors for that."
We legitimately fake the CLI of about 10,000 calls a day.
We operate contact centres for many large companies, they own the number we send, but it is redirected to us. However we have to jump through a load of hoops with our carrier to do this, and many of the UK ones are also similar, we simply cannot send one without the carrier allowing ti through.
You have 3 main issues:
1. Spoofed CLI's. Often these are originating from abroad and / or VoIP services. The issue you have is rapid changes. They spoof a number for a short period. The telco's clamp down and they simply move on. Many here are saying they can trace for billing purposes, but all a UK Telco does is bill the Telco it comes from and if a Telco in nation B is happy to handle those calls and pick up the charges and pass them onto the spammer, not much you can do, other than block the carrier, but then you have real issues.
2. Many now use mobile numbers. Take hundreds of PAYG SIMs, load them with credit, often using stolen credentials, or simply cash, then sitck them in a SIP to GSM gateway and fire away. As the SIMs get blocked, move onto another batch.
3. Withheld numbers. There isn't actually such a thing, it simply a flag that says please don't send my number. The carrier see the issues are similar to point 1. In the UK there are banned these for companies in the UK.
https://www.gov.uk/government/news/cold-callers-to-be-forced-to-display-phone-numbers-under-new-government-plans
"Directors of churn and burn spamming marketing outfits could be personally fined up to £1 million under Government plans, in what the ICO says will prevent liquidation as a means of escaping paying hefty fines."
Ah, so at least someone at El Reg has noticed that, then! I was starting to wonder.
The largest fine of £350,000 was imposed on Brighton company Prodial Ltd for sending some 46 million automated nuisance phone calls. It opted to liquidate rather than pay the fine.
I bet shortly afterwards they started a new company doing the exact same thing.
It just seems to be so easy to start up companies, liquidate it and start up another.
There seem to be two separate issues here - the companies that do the spamming, and the companies that hire them. Reading the ICO's statements, it appears that the problem with non-payment of fines is mainly confined to the spammers themselves - they have no brand or real business to speak of, so they can just pop up, spam, and shut down before getting caught. Those hiring them, on the other hand, can't do that because the whole point is to bring in customers and you can't do that if you liquidate your company.
So the solution seems fairly obvious - simply fine the people hiring the spammers. Cut off their source of income and the spammers will disappear (or at least have to come up with a new scam). Fortunately, it seems this may be what the ICO is now trying to do - the company in question here wasn't the spammer but rather the hirer, and all the talk of spammers liquidating and not paying fines isn't actually relevant to them. Hopefully this isn't a one-off and they'll carry on fining the people they can actually catch. Fine enough of them and the spammers will die out because it simply won't be profitable for anyone to hire them.
Those hiring them, on the other hand, can't do that because the whole point is to bring in customers victims and you can't do that if you liquidate your company.
FTFY
It would be interesting to know just how many "spam generators" are actually working for legitimate companies, with the rest operating on their own behalf for whatever reason (for which the term scam generators may be more appropriate) or for companies that are as dodgy as they are.
At the risk of stating the obvious be very wary of those claiming to be carrying out "lifestyle surveys" (not covered by the distance selling regulations, and therefore (IIRC) not "banned" under the TPS) because they can all too easily be followed by marketing calls to which you "agreed". One of those coming in to Chez Nous is likely to get an abrupt variant of "I am not interested in this call" which in turn is usually followed by a reprimand from Mrs Commswonk "they're only trying to make a living".
<steam from ears>
One of those coming in to Chez Nous is likely to get an abrupt variant of "I am not interested in this call" which in turn is usually followed by a reprimand from Mrs Commswonk "they're only trying to make a living".
You could be a vegetarian who grows or forages all their own food and knits their own clothing from wool gathered from the surrounding hedgerows. You could even offer to sell the caller some of your surplus lentils.
"There seem to be two separate issues here - the companies that do the spamming, and the companies that hire them."
I think there's an alternative approach: rather than work for direct hire the spammers generate leads which are sold on to companies that actually have some product or service. This would be somewhat more difficult to deal with in this way. The owner of the spammer can shut down and still have the leads to sell on.
"The spammers generate leads which are sold on to companies that actually have some product or service."
This is exactly the model that the insurance scam callers operate on.
The insurance industry has tried to combat it by making commissions on leads illegal but so far that hasn't helped.
"Now what I do is pick up the phone,
say nothing,
they hang up in a couple of seconds."
An alternative. Ask them to hang on a moment and simply put the handset aside. Sometimes they spend several minutes that they could waste annoying other people. Go on, do that, it's a public service.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
