We'll end Eircom's dirty business - but no inspectors, please.

Dear Dermot,

There seems no pleasing the Comwreck crowd.

They have incited you and Hanafin and they are inciting the press.

After all that pressure you and Mary's office were heaping on us, we have come up with consultation and “soon” (though not on July 1st as promised ) with action on the Directory Inquiry regulation.

We even changed our reporting on the Internet penetration rate figure, and admitted publicly that the Irish Internet penetration rate is not close to 50% as we had previously claimed, but merely at 36%.


We finally move on the porn-dialler scam with a consultation document proposing measures to end the ongoing massive defrauding of dial-up Internet users through modem-hijacking (also known as porn-diallers or stealth diallers), but you have to understand that we need to be very quiet about the role of Eircom and ComReg in it.

I try to explain the whole mess to you in five parts and then print the formal response we got from Comwreck (because we wont't publish it on our web site, citing legal reasons).

1. First: The positive

After two years of feeding the Irish dial-up user to the birds we in ComReg are doing the right thing to protect the consumer in the future, by directing the Telcos to change the number ranges of the regions that host those dialler scammers into opt-in numbers. In other words, a customer’s PC cannot dial into those numbers, unless the customer specifically asks his Telco to unlock the region for him.


2. We don’t want to open this can of worms

The past stinks, we don’t want anybody to take notice.
• A considerable number of consumers were hit by stealth diallers and consequently ran up huge telephone bills – alone in 2004 our office was informed by some 200 people and businesses about call charges of between 20 and 2000 euros, one with a 12 000 euro bill – the real figure of people caught by this auto dialler fraud since Eircom’s introduction of its 360 cent per minute Band 13 in 2002 is probably in the thousands and the bills involved are most likely in the region of millions of euros.
• The biggest portion on these bills is our Telcos’ profits. In other words, the fraudster operating via Diego Garcia only collects a miniscule part of the money. To be more precise: A porn dialler located on the Diego Garcia number range will get 15-25 cents a minute "Ingress Payment" from "Revenue Share". Eircom charge €3 ex Vat, so they make some 12 times what the "Scammer" makes… who is the real "Scammer" one may well ask. Irish Telcos, mainly Eircom, were preying on the victims of Internet fraud, unhindered since 2002.
• Contrary to what our Tom Butler said on RTE, these scams have nothing to do with Irish Premium Service numbers, where the statuary industry self-regulating regulator RegTel makes sure these frauds cannot occur.
• We have clear evidence that the regions in question are basically identical with Eircom’s call band 13 (360 cent per minute). We as a regulator should not have allowed Eircom’s unethical profiteering on the back of Internet criminals. We should investigate all those cases and direct Eircom (and the tiny number of other Telcos involved) to reimburse the victims of stealth diallers.
• It’s fairly obvious that Eircom is deliberately preventing its customers to guard themselves in a simple and absolute way from those dialler scams:
A foolproof way of porn-dialler prevention for dial-up users is to bar all international calls on their lines and use one of the convenient and extremely cheap call carriers like Vartec or Telestunt for international calls (They circumvent the barring for voice calls).
Eircom has put up the considerable stumbling block of a 25 euro set up fee for such barring, an additional monthly fee of some 3 euro and it wrongly tells customers who want to order barring that they only guarantee international voice calls to be barred and not PC-Internet connections. (After this misinformation no customer in his right mind will go for this simple method– of course all calls are blocked and not only voice calls!).
• Eircom is the provider for over 80% of Irish customers. Esat/BT, having most of the other 20% of customers, operates a similar barring tariff. There is no justification for these tariffs. Both telcos offer, for example, free barring of Premium Service numbers.
• Eircom has further contributed to the risk of users on another level: By supplying dial-up customers with set-up CDs containing outdated and unsafe versions of web browsers. While free updates are available on the Net, it is a difficult and costly task to do on a slow analogue telephone connection.
• As modem hijacking is only possible on dial-up Internet connections, our failure to get more people onto broadband connections (Ireland is in the worst position, bar Greece, in the EU context, even the accession countries have higher dsl densities than Ireland) also contributes to the extent of the problem.


3. Our Measure One is a smoke-screen

As we do not want to get Eircom’s profiteering on the porn dialler scams and our two year failure to protect the Irish consumer exposed, we are not going to investigate the instances of the last two years.
The outcome would be too embarrassing for Eircom and us. Consumers might get the idea to ask for refunds of their bills. Or someone might publicly ask Eircom to do the same as BT in the UK: donate all its profits from these scams, which cannot be refunded, to charity.
So we are putting out a good smokescreen with our measure one: All ISPs have to inform their customers per email about “free or low-cost hardware and/or software solutions designed to remove or render inoperable dialler programs and to block the installation of dialler programs in the future”
Of course this will be a right gaffe. The ISPs will just throw stuff at the bamboozled punter. For most of the Internet dial-up users it will be too complicated to understand or act upon, but with this the customer is “told” that he himself is to blame. A theme that our Tom Butler already brought across in his radio interview: “Well, .. as you said there, in reading out what Eircom said, people who generate these charges are generally... tend to be responsible for the charges.” (From the full transcript of the RTE interview) This will further silence the majority of victims of these scams, who do not dare to fight back anyway, because they fear to get “outed” as porn viewers.


4. We exclude the issue of breach of money lending legislation

The porn-dialler scam issue touches on another very clear-cut and equally important consumer protection issue, which we don’t mention at all in our consultation document: The Irish laws and regulations about money lending and credit facilitation.
Eircom or any other Telco have never informed their telephone customers, that by renting a telephone line, they will be cursed with unlimited credit facilitation.
The normal regulations of money lending and credit facilitation should have been applied in this situation. The customers should have been informed about the credit facilitation, should have been assessed about their pay-back ability, and should have been given the ability to limit the credit etc. The total lack of regulation concerning consumer protection in this area makes a mockery of the existing consumer protection legislation and regulation in the banking and money-lending sector.

On the one hand we in ComReg have made a big fuss about creating a line rental fee for vulnerable users that is a few euros less than the normal rental, and on the other hand we allow Eircom to design and operate a system where this vulnerable user can run up the same cost as one month of line rental due to a 5 minute call by their hijacked modem connection, or even run up bills of thousands of euros within a couple of days. And all with no fault of the user. This user has never been informed about this credit facilitation, has had no chance to cap this credit facilitation, for example to a fixed amount or to a percentage of his average bill.
And all the while we in ComReg knew about Eircom’s unregulated money lending enabling it to profiteer on back of these Internet frauds, making monstrous profits on the Eircom Band 13 call charges.


5. Telco’s protect their heinous profits from porn-dialler scams, but not their customers.

We have cunningly hidden one of the most untenable actions by the big Telcos with regards to the porn-dialler scam, by dressing it as praise, when we write: “Industry currently employs a number of security measures which it is not appropriate to publicly describe but without these the scale of the problem would be considerably worse.”
But what this really is about is the following:
The bigger Telcos are secretly using real-time customer account monitoring software, which makes them aware and allows them to act immediately when the accounts of customers rise above amounts that the Telco’s judge to be so high that it would be difficult to enforce them. This system is not used to protect customers by allowing them for example to ask their Telco to inform them, or block further calls, in case their telephone bill is overshooting a defined level or a percentage of the average bill or similar, but to allow the Telco to draw the maximum profit from customers who are hit by scams or technical gliches.
It is useful to compare the above situation, where consumers are allowed to run up scam-produced bills of several thousand euros, with the regulation towards Premium Service numbers (the 15xx number range, regulated by RegTel) where strict consumer safeguards are in place: After a certain telephone charge is reached the user has to be informed about this and asked if he wants to stay on the line, and after reaching a certain amount of time the user is force-exited.
(Comwreck notice: This accusation is made on foot of information privately given to us by a senior employee in the Irish telecom industry, which we deem, but cannot guarantee to be reliable.)


Below is Comwreck’s fancy submission to our consultation document. As we will not publish any parts we do not like on our official comreg.ie website , I’ll print it here for your eyes.


Regards

John D.

Q. 1. Do you agree with the measures as proposed? If not, please indicate what aspect you disagree with and the reasons for your views. Also where appropriate please indicate alternative measures to address the problem.


Measure two (directing telcos to change the region codes that have sold out to or fundamentally failed to prevent Internet criminals into opt-in numbers) is the all-important measure, as it works from the top of the pyramid of prevention, and should be called measure one. It is the measure that will stop the modem-hijacking fraud, a pity it comes two years – and thousands of consumers defrauded of millions – late.

Measure one in its draft form is useless and possibly counterproductive; it will not help consumers to protect themselves against modem hijacking.

Just as ComReg has failed to make any impression with its so-called consumer information about modem hijacking which contains “advice” ranging from the frivolous (“Typical signs of Modem Hi-jacking? If you receive an unexpectedly high telephone bill..”) to the pathetic (“Be cautious when entering any unknown websites.”) and the outright wrong (“bar access to premium rate numbers..”), so will this information campaign by the ISPs.

If it is possible to put together a useful information document (that can withstand real life testing, that is helpful to the average non/tech dial-up user, and doesn’t frighten users away from using the Internet) then ComReg should draft that document, alone or together with the ISPs and get identical decent advice out to all the consumers.

Hint: No need to dish out fancy amounts of money to well-connected consultants for this testing of the consumer advice document: Just let the senior employees of ComReg loose on the draft advice information. If they can make use of it and secure a PC with dial-up connection against modem hijacking, then the advice should be good enough for the rest of us.
It is easy for ComReg to direct ISPs “to recommend to their subscribers, members and users, free or low-cost hardware and/or software solutions designed to remove or render inoperable dialler programs and to block the installation of dialler programs in the future”, and sure, the ISPs will throw stuff at their customers. But the issue of protection against modem hijacking at the consumer level is a very vexed one. All the available software and hardware solutions have enormous compatibility issues (besides not being fail-safe), which the average user should not be asked to shoulder.
To give well-founded technical advice is a welcome addition to the main measure of creating the opt-in number ranges, but measure one as it stands now will not lead to that. It is more likely that most dial-up users will be bamboozled by random and unchecked advice being thrown at them.
Under no circumstances should such a far-reaching information campaign be considered or ordered without careful testing.
A useful look into the German situation: A German dial-up user is not expected to have any special anti modem hijacking software or hardware installed in order to get compensated in case he or she becomes the victim of a stealth dialler.

Other measures:

• ComReg should direct all Telcos to allow customer call barring on international numbers free of charge. To bar all international calls (and use a convenient 13636 or 1890 operator for International calls) is the easiest and 100% proof method to safeguard ones dial-up modem against hijacking. The current fee (set-up and monthly) is a deliberate and unjustified hurdle for customers of Eircom and Esat/BT to prevent modem hijacking in a simple way that does not need computer expertise. Specifically Eircom should furthermore be directed to no longer hinder people using this method by (misleadingly) telling them that they do not guarantee the call barring to work for the PC modem’s dial-up action.

• ComReg should give the telephone customer the right to determine or limit any credit facilitation.
The whole modem hijacking issue has highlighted more fundamental problems: The Irish telephone user has been considered fair game by the big Telcos; the scenario is not dissimilar to the abuse in the banking system. Fundamental consumer rights have been neglected. The credit facilitation regarding the telephone user is a mockery of the money lending laws in this country: By ordering a telephone line a multi-thousand-euro credit facility is “given” to the consumer, about which he or she is neither informed, assessed, or given the possibility to refuse or limit.

• ComReg should examine the full economic circumstances and impact of the modem hijacking issue.
There is the accusation in the public arena that the big Irish Telcos, and especially Eircom, have deliberately used the Internet fraud of modem hijacking to make huge profits, by setting up specifically tailored call bands with extraordinarily (we did not find anything equivalent in other countries) high per minute charges, by enforcing charges from customers, for which these customers were not responsible, but victims, in the knowledge that these customers would not complain, but pay up, as they would otherwise stand the risk of being exposed as porn users. This accusation has to be followed up.
ComReg is surely aware that the 200 cases reported to its office in 2004, with bill charges in the region of between 20 and 2000 euros and in one case of 12 000 euros, are only the tip of the iceberg. (It has also considerably hindered the growth of Internet usage, by spreading anxiety amongst potential users.)
Questions need to be answered to resolve any accusations in the public that the big Telcos have preyed on the victims of Internet fraud, have deliberately used the actions of Internet criminals who operate those stealth dialler scams as a convenient and lucrative source of revenue:
– How big was the total revenue from calls caused by modem hijacking? This figure can be extracted from the Telco accounts, as practically no legitimate calls are knowingly made to those Eircom Band 13 countries (plus the implicated Satellite range), except perhaps by paedophiles.
– What’s the percentage of profit for the Irish Telco from those 360cent per minute calls?
– Is it true that the bigger part of those telephone charges caused by stealth diallers were profits for the Irish Telcos?
– Is it true that the big Telcos secretly operate real-time account monitoring systems, which they use to intervene when they think the charges reach a level that would be difficult to enforce, maximising the companies revenue, but not protecting the customer?

• This was one of the most enormous consumer frauds committed in Ireland in recent years. The sums of money and the number of victims are considerable. ComReg should involve the gardai fraud department.

• Since ComReg stands accused of having turned a blind eye on the fleecing of the Irish dial-up Internet user by means of the profiteering of Irish Telcos from porn-dialler scams, especially by Eircom since it introduced its 360cent per minute call Band 13 in 2002, it would seem prudent to involve independent outside inspectors to investigate the issue. Excellent people have just become available after successfully finishing their jobs with some Irish banks!

• These outside inspectors should also determine the retrospective refunding of modem hijacking victims. Under no circumstances should the Telcos be allowed to keep the ill-gotten gains.




Q. 2. Do you have views on the appropriateness of including any of the individual destinations listed in Appendix B?


Vanuatu and Guinea Bissau (the African[!] country that Eircom clandestinely included into its “Pacific Islands” Band 13 list via the small print, arguably because it did not want to loose out profits from the porn-dialler fraudsters this country harbours) should be included.




Q. 3. Have you views on how the destinations listed in Appendix B can be kept up to date?


Another useful look into the German situation: Since the High Court ruling a year ago, which basically made the Telcos the ones who loose money when stealth diallers hit a dial-up user, the telcos have a natural interest to keep the list up to date.

ComReg should update the list as appropriate in a speedy way as soon as another country is identified to harbour modem hijackers.

ComReg should make contact with the International Telecommunications Union with regards to stopping the criminal abuse of certain regional telephone codes at the highest level.


Peter Weigl
Comwreck.com



< Back Home