New CLI rules are a bad idea

OFCOM have come up with some new rules on Calling Line Identity. Neil Brown has done a nice article on it (here).

One aspect is good! It is that the service to show CLI has to be free now. I like that part.

However. The other aspect is on various moves to try and make CLI more reliable. This is seems to make sense as junk callers often use invalid CLIs these days, e.g. 025 numbers.

But OFCOM have gone way further, insisting that CLIs should be valid and dialable, i.e. in service and can be used to make a return call. Now this is huge. There are loads of reasons you may not be able to make a return call :-

• Number is not valid / in service (what OFCOM want to catch)
• Incoming call barring (a valid service which currently does not stop CLI being sent)
• Incoming call diversion (to numbers that are not valid, etc, etc)
• Incoming call where caller is calling withheld and withheld is blocked (ACR)
• Incoming call where the called party has used some call refusal / blocking service
• Incoming call to a phone system which is able to reject the call (e.g. ISDN, SIP, etc).
• Incoming call that the called party rejects (e.g. to a mobile and press red/cancel button)
• Incoming call that the called party simply chooses not to answer

All of these are (or were) valid services to stop someone making a return call. However, taking OFCOM strictly at their word, if any of these are in place as a service (such as incoming call barring) then the calling telco should not send CLI or possible not allow the original call, because the CLI is not one that can be used to make a return call!

It is also unclear why OFCOM decided to go this far. There seems to be some merit in expecting some basic validation, maybe, but even that may have problems. That can be done in various ways, but if considering international numbers you suddenly present the telcos with the job of maintaining lists of all valid number allocation blocks for the whole world, a complex tasks, or relying on some 3rd party to do that, placing them in a position of power if they decide not to include some block of numbers in the CLI allow list and hence not allow calls. It creates lots of scope for consumer problems, which already exists with new number blocks not routing to their destination - now we face a separate hell of new number blocks unable to route outgoing calls as the block is not in CLI allow lists.

But, even if we have that, we have already seen junk callers go from withheld to invalid prefixes. They will now simply move to valid number blocks and there will be ways to get those in to the phone network I am sure. This will create something called back-scatter. Oddly I have already seen these where junk callers are using invalid numbers as I have some 0200 numbers (which would normally count as invalid), and I suddenly started getting calls from people saying I had called them trying to sell them something. It was not pleasant, not matter how much I tried to explain (and I knew what must have happened). I had to turn off one of my numbers for this. Now consider what happens when junk callers move to using real numbers that belong to innocent victims. This will be bad.

One reason calls will get in is that a telco / carrier cannot easily verify the CLIs of calls. We are a small telco and we will be able to send any CLI we choose, not just from our number blocks. (Obviously we are strict with our customers and follow rules) But the reason we can send any numbers is (a) presentation numbers and (b) forwarded calls. If a call comes in to us from telco A and we forward at our customer's request on to a number which we send via telco B, then telco B has to trust we are sending a sensible CLI even though not one of our numbers or a call they see coming in to us.

So junk callers need to make calls from the OFCOM press office direct line CLI as much as possible, that way OFCOM will understand the issue of back scatter. [OK that is an illustration, and I am not actually trying to incite people to do that].

If anything, better education that CLIs can, and are, spoofed, would help. It is just the same with email addresses. (educating police on this fact is a good idea too!)

Sorry OFCOM, I think you have massively missed the mark here, and could cause legitimate services like incoming call barring to impact CLI for no reason, and cause back-scatter on junk calls, whilst not actually addressing the real problem.

Junk calls, what can we do in A&A

Understandably after I was cross a junk call some people say "your work for a telco".

So, first off, I do, but I don't expect special treatment. Anything we can do for me, we should be able to do for any of our customers. OFCOM have some brain dead plans on CLI which will fix nothing in this area, so I will not even bother to link to them.

I have been pondering what A&A can do?

Well, one simple step is have anonymous call reject (ACR) on the normal (01/02) numbers which has a message "This number has been changed to" and quote a number with an unusual prefix, like 033 or 055 or 056. These are not expensive to call, but I bet junk callers will just move on to the next mark and not dial an alternative number.

But what else can we do?

At present, we do not see the underlying CLI for most callers where the CLI is withheld. As a telco that is something we are "allowed" to see. What we cannot do is pass it on to any of our customers. We have several carriers, and it is complicated. We can definitely have access to withheld CLI from one, but that depends on a factor outside our direct control at the moment, and we are working on it. We may be able to get from another carrier. In an ideal world, all the incoming calls would provide a CLI even when withheld. Obviously we need to audit our systems to be 100% sure we do suppress such CLI from our end users as well, though I am pretty sure we have that sorted.

If there is some police investigation we do have details of the way calls are routed in and out for long enough to allow some tracing of calls back through connected carriers if needed. In that respect we don't need to see withheld CLI. The police could investigate. But I assume most people would not want to involve police time on such nuisance if they can avoid it.

So, let's assume we get the withheld CLI in due course, what can we do?

Well, we have been working on ways we can provide customers with easy ways to block things. Not just blocking specific caller CLIs but ideally blocking withheld CLIs. We need some way to dial a code, or click on a CDR record, to say "block this caller" even when the end user cannot see the number being blocked. We can only really add that extra step fully when we have withheld CLIs.

But even where we have a block, I wonder what else to do - the simple answer is a message "This call is blocked", or an ACR level "This number does not accept calls where CLI is withheld, redial without withholding your CLI, usually by prefixing the call with 1470".

But do we want to offer users more choice, like "Fuck off and die in the pits of hell" as a message? Would such a message be break of some legislation on offensive communications? What if the communication is from a machine?

One idea was an ACR of "This number does not accept calls where CLI is withheld, redial without withholding your CLI, usually by prefixing the call with 1470, or hold to be connected if you agree to pay £5/minute to the recipient for handling this call"...

Now this would be a fun one, you'd want that on the call recording, obviously, but whilst we would not have a way to make the call expensive, the junk caller hanging on the line and being connected could be deemed to have entered in to a contract there. No need to rely on PECR or ICO or anything else, if they are a junk caller then they have agreed to pay for the call.

I can't work out a wording of "if you are a junk caller" that I can be confident would be legally enforceable. Maybe " if your call is in breach of the privacy and electronic communications regulations" on the end of that message would suffice. Then a hospital calling from withheld would be able to hold and talk without fear of a bill.

Would it put them off? Who knows! Would it make for a fun county court claim, maybe, just maybe...

Anyway, some time, A&A will no doubt have some more options for our voice customers. Watch this space.

What a "dick head" (his words): NRG Installs Ltd

Wow, I get some dodgy sales calls, but this takes the piss.

It took me ages to find he was calling from NRG Installs Ltd.

• He could not say who he was calling from, just "NRG Installations"
• He did not know the company number, and thought his phone number was the "company number" no matter how hard I tried
• He did know his web site, but thought that the web site/domain was actually the "company name"

So then we have the fact he called a number on the TPS...

• He told me the number he called, which I presumed was one of my numbers, I have a few. It is a number on the TPS!
• It turns out he made the number up (i.e. lied), but then rants at me for lying about it being one of my numbers!
• He refuses to say which number he actually called - to be a "dick head" (his words)!
• He has no idea how to say a phone number, i.e. area code, pause, number
• When I did track down which number he did call, from the incoming call logs from our PSTN gateway, he is adamant that is not the number he called. Now, in theory it could be some sort of re-direct but that is unlikely (I don't recall setting one up and would not have to that specific number), but we normally see redirection headers on the incoming logs in that case.
• The number he actually called is in the TPS and has been for a long time.

But it gets worse, I mean really bad!

• He says the TPS gives them numbers and they call them
• He actually has no idea who the TPS are even
• He thinks we should sue the TPS and not NRG Installs Ltd for the PECR breach
• "I thought we were meant to call the numbers that the TPS give us"

I have muted the number he called from the recording here... It is well worth listening to...

Sadly there is little point in talking to the ICO on this, they don't care.

We need something better than TPS and current legislation

I really wish, like late payment penalties, there was a simple defined civil charge one could make, sue for if necessary, for someone wasting your time with an unlawful unsolicited marketing call. It would be death by a thousand cuts as people, like us, would simply make claims. The courts would not be involved much, just the couple of times to prove the point to the idiots, and then they have to cough up for each claim without the threat of court.

We got one today that shows the problem quite well.

This is the call: mp3 (note this is stereo, one person on each ear).

The caller was, apparently, Black Sheep Utilities Ltd, selling water supply. They have been in business around 7 years, so really should know better. They called us, FireBrick Ltd.

So, some things wrong with the call...

• Claims not aware he called a TPS registered number, but later says he could not have made call if we were.
• Says they check data with TPS, which clearly they do not! That suggests he is just lying.
• Says you have to re-register every six months, which is wrong. The TPS say every 12 months, but actually the legislation does not require re-registration. We are registered permanently (as I threatened to sue them and OFCOM if they de-registered us again, many years ago) and I double checked and the number he called is still registered even now.
• He suggests that if you go on line, your number will be "attached to your IP" somehow.
• He suggests we may have left a "your data will be shared" tick box ticked on the Internet.
• No remorse whatsoever!
• He says if we were on the register he would not be able to call us, clearly that is a lie.

This all seems a bit confused. If they screen for TPS and don't allow calls, then how is having a "your data will be shared" tick box relevant. Clearly they don't in fact check against TPS as we are on it.

Until there is proper action against such people, they will just waffle their way through such calls and ignore their responsibilities. We all pay the price in huge amounts of wasted time.

Also, he seems confused over "details being shared" and the unlawfulness of unsolicited marketing calls. It does not matter how much our number is shared, and I would not be surprised if the number is shared, it is on our web site even, and companies may know it. I have no problem with the number being shared to people that may be interested in buying FireBricks. That is why we have a number, so potential and actual customers can call us. What matters for this is that we have not given him permission to call us for marketing. Even if we gave permission to someone else, and gave them permission to share our details, unless we gave Black Sheep permission then his calls are unlawful.

What can be done to sort this, really? The ICO will not be interested, I am sure.

Everyone loves Lenny!

Those that have read my blog will know how I feel about junk callers. I managed to make some really good long monologues to tie up callers. But I have to admit that "Lenny" takes the biscuit here and is better than I ever was.

Lenny is an automated system that can be used with asterisk and it just waits for gaps and plays some pre-recorded audio in various sequences. It is pretty impressive.

Now, to catch some of these we had to add a DTMF '5' to the start, but once that was done, we managed to get a person to chat with Lenny for nearly 5 minutes.

That is 5 minutes that some scumbag junk caller was paying someone to be on the phone with no prospect of actually getting any money. The more people that do this, the less the whole despicable business will be worth running.

The only thing is Lenny could be a bit quicker to answer, but I am sure that will improve.

Here's one we caught earlier (mp3).

I may post some more if I get some good ones.

P.S. we got a recruitment company too, LOL (mp3), and the classic Indian call centre call (mp3) and (mp3) and (mp3). And have you been in a car accident (mp3).

What is interesting is the number of "junk calls" that are now from "normal" calling numbers, so as to fool people in to answering. Also surprising how many from POP telecom!

Junk calls, TPS and DPA

If you want to avoid marketing calls, the "right" way to do it is to register the number with the Telephone Preference Service (TPS). They have a web site where you can check the number and register. Simple enough...

There are, however, a few problems. I am looking at this as the new number I recently obtained (my old home phone number from 20 years ago) got another junk call. I checked, and it is no in the TPS.

Now, this should be simple, but it is not.

The TPS web site does not just want the number, which is all they actually require to maintain the register, they also want:-

• Name
• Full postal address
• Email address
• Agreement to their privacy and cookie policy

Well, half way through the web site filling in a form, it is a tad late to ask for agreement to the cookie policy, but what if I do not wish to agree? I cannot register.

As for the privacy policy - it looks rather iffy to me. Again, what if I don't agree?

First part of the privacy policy that seemed odd was "You should be aware that if you subsequently give any personal information to another company, the uses to the Telephone Preference Service privacy policy will no longer apply." I am not trying to be thick here, but they seem to say that if I give any personal information (at all?) to another company (any company?), then their privacy policy no longer applies. Well, of course I have given some personal information to some other companies! My employer for a start, and, well, loads of companies. Does that really stop the TPS privacy policy applying. Maybe I am misreading it. Seems a pointless policy if it stops applying so easily.

The other issue is they can give my personal information to other parties. They do say the uses are limited to "suppression purposes or to incorporate onto suppression software". So if the software wants email and postal addresses, it can be incorporated in to that software. That is one valid use of the data. The suppression software does not have the restriction on use (note the "or" in that statement). The TPS can also use for "research and statistical analysis".

It seems to me a great way for my phone number and postal address and email address to leak, and be given to the unscrupulous companies involved in direct marketing. That could mean I am actually giving my data to the very people I do not want calling me. Saying "unscrupulous" may seem harsh, and is my opinion, but is an opinion based on the fact we even need laws on this matter in the first place, that I get junk calls to TPS listed numbers all the time, and that the ICO have fined companies, so I feel it is not an unfounded assertion, at least for some of them.

I have now contacted OFCOM to add the number, and advised that they are not to store email or postal addresses or disclose that to third parties. If they want to validate my request they can call the number! We'll see what they say.

Interestingly, OFCOM themselves were promoting (on twitter) a text based TPS listing saying "Calling all mobile users...text ‘TPS’ & your email address to 85095 to reduce #nuisancecalls http://ofcom.in/295yXjW" so again asking people to provide email address when not needed to maintain the register.

I believe one of the Data Protection principles is you don't collect data you don't need. As my requests on twitter went unanswered, I have asked OFCOM to tell us more (FoI request). We'll see what they say.

Fun with numbers

As I have posted, we are working on stuff with BT renumbering and number export (which is going quite well now actually), but in part of the process I got to understand the BT systems a bit better.

For amusement I checked, and the quite distinctive telephone number that we first had when we moved to Bracknell was in the free number pool. We have not had that number for over 20 years now. So, as part of my testing I had a play, renumbered on to a line, and exported to VoIP. It worked!

I think it is quite cool getting a really old phone number back. I found I could get my wife's old house number from when she was a kid, but she was not at all interested. Maybe it is just me. It is not really a "service" we can offer though, sorry.

Anyway, first and only call so far on that number:-

Dear Blogspot - just in case Verso Group (UK) Ltd contact you...

I get the impression Verso Group (UK) Ltd have given up actually talking to us - we have tried calling back many times, and offered to meet with them in our offices as he said "I'm going to come down to your office" after his 10:30 meeting last week - we were there and waiting, me and a solicitor (after all, he made several legal threats)... But I get the impression he may be trying to contact blogspot now.

Of course, that may be unrelated. It may be that there are more people than just myself causing him some concern. I could not possibly comment.

I posted on 17th March (here), but please note, whilst I mention Verso Group (UK) Ltd, I explain that it is only "apparently" a call from them - listen to the recording (which you don't host) and you will hear why, and the clear statement that the call is recorded to be posted in the public domain (Facebook). There is a clear statement from the caller that it is Verso Group and he confirms Verso Group (UK) Ltd calling as well as the call being from 02081507530 which is one of their numbers.

I posted on 6th April (here) which is a post to clarify matters as someone claiming to be from Verso Group (UK) Ltd (Dene Walsh himself, I assume) asserts that the call in question is not from them. I make that crystal clear in that post. This call recording is apparently not a call made by them. Given that it is not a call by them I am not sure they have any legal reason to suppress it.

I posted on 8th April (here) with a purely factual link to an OFCOM news item investigating Verso Group (UK) Ltd.

The call recording is not hosted on blogspot!

I own copyright in the call recording, and if you listen to it (here) you will hear that the caller is giving permission for it to be published on Facebook, where it is. I do not see that this is any concern of Verso Group (UK) Ltd if they did not make the call.

Given that I have made it clear that the recording is apparently not made by Verso Group (UK) Ltd, it is clear that no matter how stupid, idiotic, ironic, moronic, or ill informed, the caller sounds, or how unlawful such a call is to a TPS registered number, that is not in any way defamatory of Verso Group (UK) Ltd, as they were (apparently) not the one making the call. I can't see it is defamatory at all, but if it was, then it is defamatory of the unknown caller and not of Verso Group (UK) Ltd, as they are apparently not the caller.

I have offered to help - I am happy for the call recording to be used as evidence in pursuing someone impersonating Verso Group (UK) Ltd.

Indeed, I am happy to contact the call provider, Andrews & Arnold Ltd, to try and get the call traced to the real source and identify the spoof caller to assist in enquiries. Indeed, I may do that anyway - wouldn't it be funny if it really was a call from Verso Group (UK) Ltd after all - but that is purely amusing myself with speculation and not to be taken seriously in any way.

Anyway, Blogspot, if someone makes a complaint, feel free to contact me, and my solicitor will be happy to discuss the matter with you right away.

P.S. was I bang on?