An Open Letter to the CRTC: Telecommunications Security and Cost Liability

NOTE: On September 21, 2009, GILL Technologies President George Gill sent the letter below to John Traversy, the Executive Director of Telecommunications at the CRTC, concerning the onerous costs end users bear over telehacking-related charges. We believe it is part of our role as a telecom expense management firm to help protect clients from all unnecessary charges, including those stemming from third party fraud, an issue we’ve covered in the past.

We hope regulators will take appropriate steps to foster a safe, responsible telecom environment. To minimize your own risks, please remember to take appropriate end-user precautions. Change default login information and block unnecessary services whenever possible.

Mr. Traversy and the Commission,

For nearly a decade, GILL Technologies has worked in close partnership with major carriers, including Rogers, Bell and Telus. Thus, it is with great concern that I note recent events that underline the need for CRTC regulations protecting end users from fraudulent charges.

On January 2009, Burlington, ON law firm Martin and Hillyer suffered a $207,000 bill from Bell due to voice mail hacking from abroad. In August, boutique telecom wholesaler Telepath incurred over $100,000 in charges from Rogers over a similar attack

In both cases, carriers took the position that the onus lay with victims who had only a limited ability to monitor usage. In Telepath’s case, its CEO told the Canadian Press (“Stop fraudsters with limit on telephone special services charges, CRTC urged,” Julian Beltrame, Canadian Press, August 20th, 2009) that he did in fact contact Rogers. Allegedly, the carrier did not respond promptly.

Beyond basic, user-centric precautions such as strong passwords, responsibility for secure telecommunications obviously rests with carriers. Under the current regime, carriers suffer a conflict of interest where preventing fraud denies them charges to levy against end users. In other words, the CRTC’s failure to regulate in this area rewards carriers for inadequate security. Currently, there’s no difference between a dollar earned on third party fraud and one earned through legitimate services.

The current system doesn’t work. Informal resolution mechanisms waste time and money. In many cases, they don’t adequately protect end users. Therefore, I call on the CRTC to:

  1. Regulate carrier security practices, as carriers currently have no economic motive to implement best practices.
  2. Establish reasonable limits on end user and reseller liabilities for fraudulent charges.
  3. Implement a dispute resolution system that investigates and fairly distributes fraudulent charges based on each party’s actual responsibilities.

I believe it is not only necessary but practical to better regulate the fallout of fraud in Canadian telecom. I sincerely hope that the CRTC will provide a regulatory solution with an equitable, forward-looking ethos.

Thank you,

George Gill

President, GILL Technologies

Cc:  Dean Del Mastro, Member of Parliament for Peterborough