Understanding Nothing

I called BT back after an hour to ask why I hadn’t yet received the promised phone call from a manager.

They managed to reconnect me to the person I was talking to earlier, who seemed surprised that I hadn’t been called as the manager had left a note on my account saying that they had agreed a credit of £25 to my account to compensate me for my inconvenience!

The note also said they’d opened an internal investigation into how the system had gone wrong on this occassion, which makes me think they didn’t really understand my complaint.

I’m happy enough to take their £25, and I also look forward to the report on their investigation (which they say I should get in 7-10 days), but in the meantime, if anyone else is upset that BT would give out their details like this, I’d suggest ringing 150 (pressing 9 at the menu gets you straight through to Customer Service), and raising a complaint.

Asking for details on whether or not your information has been requested in this manner could be quite interesting…

According to the conversation sparked by this on the Data Protection mailing list, I think that Oftel and the Information Commissioner are going to get a few complaints about this too.

This afternoon, I, along with presumably many millions of other BT customers, received an email announcing their wonderful new SMS Self Service system.

Due to the marvels of modern technology, BT now allow me to use SMS to discover information about my phone line, such as when there was last a fault on the line, and when the bill was last paid.

All I have to do is send an SMS to 64364 asking “Paid [phonenumber]“, and they’ll reply with the information.

This would all be fine and dandy, except for the fact that that is, literally, all I have to do. Nothing to register my mobile phone number as being connected in any way with my home phone. Nothing to say that it’s OK to send this information to anyone with an SMS compatible phone who happens to know my home phone number. Nothing, in fact, to stop anyone getting access to such information about anyone else’s BT line.

And it’s not just restricted to ‘home’ phones either. It works with business too. Think that one of your clients might be late in paying other people’s bills too? Well, you can now explore your theory by checking when they last paid their BT bills.

For extra doses of incredulity, the “terms and conditions” of this service (which, of course, you don’t actually have to agree to before you can either access this information, or have your information accessed) say that:

17. You [i.e. *me*] are responsible for taking all reasonable steps to prevent unauthorised persons gaining access to the Services. [I'm really not sure how I'm meant to do that. Does saying here "Please don't access my details unless I've given you explicit permission" count? Somehow I doubt it ...]

and

24. We exclude all liability of any kind (including negligence) in respect of any third party information or other material made available on, or which can be accessed using SMS text services.

So far neither of the two people I’ve spoken to at BT have even been aware of the service, and seemed at a complete loss to know what to do with my complaint other than to escalate it. Now I’m waiting for a manager to call me back. This will supposedly happen within “15 to 20 minutes”, but I’m not going to hold my breath …