BT’s privacy busting SMS service

This afternoon, I, along with presumably many millions of other BT customers, received an email announcing their wonderful new SMS Self Service system.

Due to the marvels of modern technology, BT now allow me to use SMS to discover information about my phone line, such as when there was last a fault on the line, and when the bill was last paid.

All I have to do is send an SMS to 64364 asking “Paid [phonenumber]”, and they’ll reply with the information.

This would all be fine and dandy, except for the fact that that is, literally, all I have to do. Nothing to register my mobile phone number as being connected in any way with my home phone. Nothing to say that it’s OK to send this information to anyone with an SMS compatible phone who happens to know my home phone number. Nothing, in fact, to stop anyone getting access to such information about anyone else’s BT line.

And it’s not just restricted to ‘home’ phones either. It works with business too. Think that one of your clients might be late in paying other people’s bills too? Well, you can now explore your theory by checking when they last paid their BT bills.

For extra doses of incredulity, the “terms and conditions” of this service (which, of course, you don’t actually have to agree to before you can either access this information, or have your information accessed) say that:

17. You [i.e. *me*] are responsible for taking all reasonable steps to prevent unauthorised persons gaining access to the Services. [I’m really not sure how I’m meant to do that. Does saying here “Please don’t access my details unless I’ve given you explicit permission” count? Somehow I doubt it …]

and

24. We exclude all liability of any kind (including negligence) in respect of any third party information or other material made available on, or which can be accessed using SMS text services.

So far neither of the two people I’ve spoken to at BT have even been aware of the service, and seemed at a complete loss to know what to do with my complaint other than to escalate it. Now I’m waiting for a manager to call me back. This will supposedly happen within “15 to 20 minutes”, but I’m not going to hold my breath …

2 thoughts on “BT’s privacy busting SMS service

  1. BT are way beyond a service that is decent, here. The worst part is that they seem entirely unaware that there is a problem and actually refuse to acknowledge that they have a problem.

    It’s a marketing disaster and a data privacy disaster

Leave a Reply

Your email address will not be published. Required fields are marked *