ICO fines Tetrus owners £440,000

The pair (McNeish currently lives in Thailand) jointly owned and operated Tetrus Telecoms and sent up to 840,000 unsolicited texts every day in contravention of the Privacy and Electronic Communications Regulations (PECR). This is the first time that the ICO has used his authority to enforce PECR with monetary penalties.

The action follows ICO raids on the company’s Stockport premises in August 2011, and Niebel’s home in February 2012. It found evidence that Tetrus was earning up to £8000 per day through its illegal text messages. According to a BBC report, the ICO also found handwritten notes suggesting that Tetrus used up to 70 pre-paid mobile SIM cards each day. “These would be inserted in a card reader connected to a computer, and SMS messages would be sent until each card's text message limit had been reached.”

Neil Cook, CTO at Cloudmark, suggests that the use of such SIMs is growing. “The problem of unregistered pay-as-you-go SIM cards being used to send unsolicited spam messages is continuing to grow,” he said. “Cloudmark has noticed a 10x increase in reports from UK subscribers since 2011.”

“Under the UK electronic direct marketing rules,” explains global law firm Hunton & Williams, “marketers are prohibited from sending unsolicited electronic communications (including emails and SMS text messages) without prior consent, or disguising or concealing the sender’s identity. The spam messages sent by Tetrus breached both of the Privacy Regulations.”

Niebel denies this. He told the BBC that the company had permission to send out texts because the users on the lists they were using had given their ‘consent’ to be contacted. He also said that he had not been shown any evidence to substantiate the ICO’s allegations, and that he intended to appeal. For its part, the ICO claims to have connected the company to over 400 complaints to its office about spam texts.

This would appear to be just the beginning of the ICO’s action against text spammers. It has warned that Niebel and McNeish also face prosecution under the Data Protection Act for failing to notify that it was processing personal information. The penalty here could be a further £5000 in the Magistrates Court, or an unlimited fine if it goes to the Crown Court. The ICO is also investigating three other companies, as yet unnamed “as this could jeopardize our investigations and evidence gathering” for breaching the PECR. And it puts spammers’ clients (the law firms that buy the leads generated by the spammers) on notice. “We are working with the Ministry of Justice to consider whether further enforcement action should be taken against any of these associated companies, including the cancellation of their authorisation to operate,” it announced.

“Our message to the public,” said the Information Commissioner, “is that if you don’t know who sent you a text message then do not respond, otherwise your details may be used to generate profits for these unscrupulous individuals. Together we can put an end to this unlawful industry that continues to plague our daily lives.”

Cloudmark’s Cook adds, “I would also like to encourage users who receive such messages to forward the messages to the shortcode ‘7726’, as this will help the mobile operators to take action against the individuals and companies responsible for sending the messages.”

What’s Hot on Infosecurity Magazine?