EE feels the sharp-end of the opt-in stick

EE is the latest firm to feel the rising wrath of the Information Commissioner’s Office as it is forced to cough up £100,000 for opt-in violations during 2018.

The messages, which were sent back in early 2018, encouraged customers to use a new feature but also to suggest device upgrades. EE claimed the communications were sent as ‘service messages’, but due to the presence of directing marketing, fell afoul of the guidance on electronic marketing put forward by the ICO.

“These were marketing messages which promoted the company’s products and services,” said Andy White, ICO Director of Investigations. “The direct marketing guidance is clear: if a message that contains customer service information also includes promotional material to buy extra products for services, it is no longer a service message and electronic marketing rules apply.

“EE Limited were aware of the law and should have known that they needed customers’ consent to send them in line with the direct marketing rules. Companies should be aware that texts and emails providing service information which also include a marketing or promotional element must comply with the relevant legislation or could face a fine up to £500,000.”

EE might feel a little bit hard-done by here, though it is a pretty clear violation of the rules.

As these messages contained prompts to earn EE a few extra quid each month, they clearly fall into the marketing category. EE would have to secured opt-in from these customers in the past, or in the case of ‘soft opt-in’, existing customers would have had to buy relevant products and given the opportunity to opt-out.

In this instance, the ICO accepted EE had not knowingly broken the rules, though as it did intentionally send out the emails it did not escape a fine. A second-batch of messages were sent out to those who didn’t engage with the first, which probably didn’t help the EE case.

Although this is a relatively minor fine, we expect to see a lot more of these investigations over the coming months. Rules around privacy and data protection are being toughened up, and the regulators need to be seen enforcing them. This fine might not be significant when you compare it to total revenues at the BT Group, but it is symbolic; we expect a few more of these ‘gestures’ sooner rather than later.

Telegram faces ban in Russia

Messaging app Telegram is on the ropes in Russia after the state communications watchdog said it filed a lawsuit to limit access after it refused security services access to its users’ secret messages.

According to Reuters, Russia’s FSB Federal Security service had requested information hidden behind the app’s encryption software, but was refused. Citing respect for users privacy, Telegram refused access for the intelligence services who were reportedly following leads of terrorist activity, and now faces being banned in the country.

Telegram is currently listed as the ninth most popular messaging app worldwide, roughly 200 million users, using software which it claims is more secure than mass market applications such as WhatsApp and Line. The team claim to support two layers of secure encryption, which is based on 256-bit symmetric AES encryption, 2048-bit RSA encryption, and Diffie–Hellman secure key exchange.

While the normal chat groups are pretty secure, Telegram states the secret chats feature uses end-to-end encryption, leave no trace on its servers, support self-destructing messages and don’t allow forwarding. On top of this, secret chats are not part of the Telegram cloud and can only be accessed on their devices of origin. In other words, Telegram is pretty confident in its security, so confident it have a £300,000 prize set aside for anyone who can prove they can crack the encryption.

The Russian watchdog, Roskomnadzor, claims that by refusing to offer the information to security services, it is not complying with its legal obligations as an ‘organizer of information distribution’. Since passing new legislation in 2016 which forces messenger services to provide authorities with a backdoor into encryption, Russia has been clamping down heavily on online communications. It’s already battled with Instagram and YouTube earlier this year over videos uploaded by political activist Alexei Anatolievich, while Twitter and Facebook have agreed to host user data locally to comply with encryption laws. Telegram has refused to do so to date.

Should the Russian government be successful, it will force ISPs to block Telegram inside the nation, in a similar manner to what has been done in Iran over the last 12 months. That said, in Iran has been a relatively simple process to navigate around the hurdles using a VPN.

Such threats might make some of the internet giants tremble, but it does not seem to worry CEO Pavel Durov who has long stood by the idea of privacy. While it is certainly not uncommon for CEOs to preach about the best interests of the user, few applications can boast the same depth of security.

While this will certainly be of interest to users in the country and worldwide, investors will also be watching closely as Telegram is also undertaking the world’s biggest initial coin offering, with pre-sales reaching £1.7 billion already. Such attention from the Russian government might have a way of making investors nervous.