What Did Exercise Cygnus Deliver?

May 11, 2020

The UK carried out Exercise Cygnus – a pandemic drill – in 2016, and it highlighted all the issues we have seen this year, though the conclusions have never been made public. The Guardian has published a document labelled as the final version of the report and it does not make reassuring reading.

Conclusions from the report:

  • There is no useful strategy in place, nor is there a useful implementation plan for what strategy there is
  • The public reaction has not been considered
  • Ethical aspects of decision making have not been considered
  • It’s recognised that capacity is inadequate and one area where it is lacking is in subject matter experts

Lessons ‘LEARNED’ from the exercise:

  • Organisations should ensure their Emergency Preparedness Resilience and Response training and exercising is consistent with best practice.
  • Planning should be considered a multi agency responsibility. Specialist advice from all stakeholders needs to be available. Sector specific advice should be scaled up during a pandemic.
  • During a reasonable worst case pandemic responders will struggle to maintain a response using the existing framework
  • Meetings between the health ministers of the 4 nations should be considered best practice
  • Consideration is needed of population based triage
  • Work is required to consider surge arrangements. An NHS plan is being developed. Service plans need to be modelled for health, social care, and community support. A communications plan is needed. A clinical and ethical plan needs to be agreed. Mitigation plans are needed to ensure flexibility. Buy in is needed from those who will actually implement these plans.
  • Strategy is needed for the use of antivirals – less relevant since there isn’t one for COVID
  • Staff absence should be considered
  • Health messaging at the national level was not effective. Procedures for getting the message out should be re-enforced (sic) and practiced. Local messaging was more effective.
  • National attitudes to use of social media render their use of it ineffective
  • Messaging needs to be consistent, avoid jargon, and consider that people want to make their own decisions. Trust in the message source is important
  • Consideration needs to be made to using the voluntary sector
  • There’s a need for a cross government group to make the response process effective
  • The impact of school closures needs to be considered
  • Overseas nationals should be considered
  • MoD involvement should be considered
  • Process for providing and presenting data to decision makers should be considered
  • Social care and surge capacity should be considered
  • Expansion of social care real estate and staffing capacity should be considered
  • Thought should be given to using the capacity of the voluntary sector
  • Capacity for managing excess deaths should be considered
  • Work is needed to develop contingency plans and processes for prisons
  • Future guidance and plans need to consider the potential response of the public

To all of the above unlearned lessons, the DeliveryDemon says NSS, all basic planning requirements. Such a shame that we have had generations of politicians who failed to consider that their job includes managing the country to the benefit of its population. Can there be any excuse for ignoring such a telling report? Maybe perhaps the astonishing claim made late in the document – ‘The healthcare framework to respond to a pandemic is robust’. Along with the minor bureaucrapic qualification that people need to be briefed of the plans for a similar exercise – seriously, the assumption for a disaster scenario is that there will be time for lots of cosy meetings.

We have seen the theory come up against reality. Will that make our politicians and bureaucraps treat disaster planning as something other than a fun exercise and a source of PR?


DELIVERING UP YOUR DATA

March 29, 2020

The DeliveryDemon, like most people, has long been aware that the reason we get ‘free’ online stuff is because the providers are after our data. Few if any providers are clear about what data they gather and how they use it. If they provide that information at all, it’s hidden in Ts and Cs the length of a small, or not so small, novel. And of course, in those Ts and Cs they reserve for themselves the right to make unilateral changes to those Ts and Cs whenever they want.

 

They might sell it on, they might use it themselves. Sometimes they seem to give you some choice, but is it real? There are sites, quite a few, which offer a ‘Reject All’ option. Seems good, the DeliveryDemon still doesn’t feel comfortable. Clicking that button – does it really do what she expects? She can but hope! But some sites are a lot more obstructive when it comes to letting users have control of their data. And once your data gets out of your control, there’s no way to get it back.

 

The DeliveryDemon stopped using Huff Post some time ago, after seeing how they reacted to data protection legislation intended to give data subjects more control. They’re not the only one to take this approach, but they are a classic bad example. So what did they do, and are they still doing it?

 

They did, obviously, provide a mindless ‘Accept’ button. But if the user chose the alternative options button, what happened? A couple of layers down there was a list of third parties that Huff Post wanted to provide data to. And some of those third parties existed to provide that data to yet more third parties. How long was that list? Something like a hundred entries.

 

The options were set to the default of giving away data to each of those third parties. It was not possible with a single click to reset those defaults, that had to be done individually. And that was only a part of the story. Not all third parties had the toggle option. To opt out, it was necessary to go to the site for each of those third parties and SEARCH for how to opt out. Of course such lists are not set in stone, new entries can be added. Is the user, who would normally be using a lot more sites than just Huff Post, to track each site frequently, looking for changes in a long list? And to follow through to all those third parties who can’t be toggled off? Sleazy to put it mildly.

 

The DeliveryDemon has just gone back to see what Huff Post is doing now. No upfront information about permissions now, it was necessary to keep scrolling just to find where the options are. Guess what. Using the site implies acceptance of the Ts and Cs, though to find them requires site usage. The terms aka user agreement have the usual bias of absolving Huff Post of responsibility by shifting it to the user.

 

But the user agreement is only a small part of the story, there’s more hidden in a privacy policy. There are 15 topics in that privacy policy. And 20 products. And 11 ‘controls’ which look very like company names. And a dash board which looks very like the 11 controls. Plus a section on advertising which goes back to the controls, or maybe the dashboard.

 

Eventually some of those sections lead to multiple individual advertisers and the like, all with their own policies and opt out arrangements. The DeliveryDemon CBA to count through them all.

 

The HuffPost user agreement claims to be under the laws of England and Wales. The DeliveryDemon wonders how those laws apply to those many partners whose individual Ts and Cs claim to operate under completely different legal frameworks.

 

Of course HuffPost is not alone in using these underhand tactics to get at user data. Users are being groomed right, left, and centre, to participate in the normalisation of this sort of behaviour by a highly unethical use of nudge techniques. And the more they are normalised, the more readily they will be adopted by newcomers to the field.

 

What may be less obvious is the impact CORVID-19 is having. Yes, a viral pandemic can affect the technology we use, and not in the way of the common or garden computer bug.

 

It’s happening through the massive increase in the use of conferencing facilities at all levels. A lot of people are working from home. Pubs, gyms, and other gathering places have been closed down, depriving people of their normal social contact. The internet provides ways of offsetting that absence of face to face contact. There are well established conferencing apps, some designed for professional use, some embedded in better known social media. Niche apps are suddenly becoming highly popular. They are our work meetings, our social gathering places.

 

What are these apps doing with our data? Rigorous analysis would take so long it would never stay up to date so the DeliveryDemon is picking on one example – the Zoom conferencing app. You can’t sign up without accepting cookies. Even the Required Cookies refer to tracking your orders – with no indication of this being a shopping site. Functional and Advertising options are opted in by default – recognised bad behaviour in data privacy terms. And the Basic Settings option doesn’t actually allow you to change that, it’s necessary to choose an Advanced option to get at it.

 

Try to see Zoom’s privacy policy? It’s greyed out till you go through the cookies rigmarole. And it contains the statement ‘Whether you have a Zoom account or not we may collect personal data from or about you when you use or otherwise interact with our product’. That includes names, user names, physical address, phone number, job title, employer, Facebook information, your device, network and internet connection details. It also demands the right to grab data other users hold about you – and you may not even know what that data is.

 

Zoom is an egregious example, but it’s not the only one. The DeliveryDemon wonders just how many people know how much of their data has been grabbed, and what use it is being put to. Actually, she knows the answer. No-one knows how much of their data has been grabbed and how far it has been distributed. As soon as an app provider starts grabbing one person’s data from that person’s contacts, all control has been lost. It’s been happening for a long time, and the conferencing needs driven by CORVID-19 isolation are an absolute gift to organisations whose Ts and Cs are in breach of the letter and the spirit of common data protection legislation structures.


Can Contingency Plans Deliver?

March 16, 2020

Back in the long-forgotten days of the Millennium Bug, the DeliveryDemon was involved in a fair bit of contingency planning, basically identifying and documenting the actions which would be needed if a range of adverse occurrences came to pass. Even twenty years ago most large public bodies had pretty detailed contingency plans to draw on and adapt to suit the risks specific to the Millennium hype and scares.

 
Twenty years have passed and the concept of contingency planning is fairly mainstream. Mainstream means routine. Routine means a chore. Routine chores don’t get the same analytical thinking as do novel concepts. They get written, signed off, then put on a shelf and forgotten. It’s not clear to the DeliveryDemon if this has happened to public sector contingency plans. Having a Prime Minister making a maudlin announcement like a B-movie actor, – ‘Loved ones will die’ – does not engender confidence. If the contingency planning material exists, there should be facts to announce, even if those facts are only decision points. Instead we have constant statements which are quickly contradicted. And our irresponsible media love it – headlines galore, each scary enough to be clickbait.

 
What would the DeliveryDemon expect to see?

 
Obviously the NHS ought to have fairly hefty and well maintained plans, since they call on them every winter. Whether they have the resources is another matter, and not one which can be addressed quickly enough.

 
Logistics, as at the Millennium, is another key area. The UK, with its old and twisted road system is not an easy place to plan logistics. That is partially offset by the traffic reduction which has started already as people reduce their social contact. But a whole range of other factors come into play. Food and related goods have to come from somewhere and they are part of the infrastructure a country needs in order to function. That means a lot of HGVs going up and down motorways and through towns and trading estates.  But successive governments have abdicated responsibility for this and left it to ‘The Market’ – the range of competing companies which form the food supply chain – to manage the logistics of getting food to customers. It does not work. Retailers forever look for ways to cut costs, JIT (just in time) supply is the norm, there is cost in reducing expensive shop space to create more storage space. The retail model has little contingency in it and that drives the need for supply logistics.

 

Panic buying and hoarding are human nature, and totally distort the demand side of the equation. ‘The Market’ quite simply cannot control that, not without some sensible support from those who are supposed to be managing the country. Yes, the DeliveryDemon is talking about rationing, but not in the way it was applied during the World Wars of the twentieth century. So far, we are told that there is sufficient food in the supply chain and the problem is the speed with which is leaving the supermarket shelves. That’s a pretty clearly defined problem to solve.

 
Of course it’s not the only problem. Much of the UK’s food comes from abroad and the agriculture and fishing sectors haven’t figured high on government priorities for decades. Dr Tim Leunig, economic adviser to Chancellor Rishi Sunak, is understood to have said the food sector was “not critically important” to the country’s economy – and that agriculture and fisheries “certainly isn’t”. That’s looking like very bad advice now.

 
Already scarce items are appearing on Amazon – 16 rolls of Andrex for £49.99 anyone? Mothers relying on formula milk can no longer find it in the supermarket and the advice circulating is that it can be obtained from pharmacies but only on prescription – further demand on GPs and on NHS finances.

 
Of course, logistics needs people – to move, load, unload, deliver the goods. Two problems here. Those people are as prone as the rest of us to Covid-19 infections. And it’s in the nature of the job that they have contact with other people as well as the goods they deliver. The Army is well supplied with logistics expertise but it is certainly not an infinite resource and there will be a whole range of calls on its manpower.

 
Disruption of utilities and hygiene services has yet to be given much prominence. Households need power, water, sewage, more so when social isolation advice causes people to spend more time than usual at home. Hospital needs are even greater. As is the case for logistics, all these services depend on people, and people can get sick. So can their families and that means healthy people having to drop out.

 

One utility which has become much more critical in the last 20 years is communications. Today the internet is an integral part of most people’s lives. It’s a good way to disseminate news – and false news. It allows people to work easily from home. Social media enables people to keep in touch during periods of physical isolation. It’s also a channel for mass hysteria. That makes it important for the powers to be to have a trustworthy and informative presence through reliable media sources. That’s just not happening.

 

And underlying the need for good communications is a whole range of other functions. Telecomms companies provide the delivery mechanism – in this country still reliant on ancient copper wire technology for the critical last mile to houses. Internet service providers enable individuals to have internet access. Security companies provide all manner of protection for data, financial functions and the like. Banks use the internet to let people and companies manage their money. Online retailers abound – a great benefit to those confined to home. Email and social media create a venue for communication without the need for face to face contact. Content providers are a major source of entertainment when public gatherings in cinemas and at live events no longer happen.

 
In a well-run democracy, the government would have at its fingertips the management status of all these critical functions. Well-established plans would already have been activated to smooth over the most obvious disruptions. Serious consideration would already be given to the actions of other countries in the global economy, and the impact these actions have on this country. There is no sign that this is happening. All we’re getting is bombast and hyperbole and contradiction and obfuscation.

 
The DeliveryDemon has a message for our senior politicians. Think. Plan. Forget the vanity projects of a fortnight ago. Deal in facts, not spin. Drop the B-movie Churchillian speeches. Do the job. It’s hard? Tough shit, you could have thought it through when you went for the job. JFDI!!


England’s Rotten Planning System

March 29, 2017

The DeliveryDemon wanted a brand new shiny kitchen, matched units fitting neatly together, with nice level worksurfaces. Someone suggested looking  at Howdens Joinery offerings.

It was going to take some time so it seemed like a good idea to get some planners in to sort things out. Maybe someone from East Northants Council’s Planning Department. After all, they should have some understanding of how structures are put together.

The units needed to sit on top of a plinth, so 600 millimetres seemed about the right height. Roxhill Joinery said ‘Of course 600 millimetre units is what we will provide’. The DeliveryDemon designed out what was needed, and Howdens Joinery said ‘Of course, that’s what we will create’. The DeliveryDemon briefed the planners from East Northants Planning Department and they took her hard earned money to check that Howdens Joinery actually did what they were supposed to do.

Having done everything necessary, the DeliveryDemon headed off to spend days working long hours to pay for this kitchen (and of course to shell out what the taxman demanded).

Come the day the kitchen was supposed to be ready, the DeliveryDemon  went to look.

At first she could see nothing for the glare. The promised soft downlighting had been replaced with what seemed like searchlights. She asked for an explanation, and the reply was drowned out by a cacophony of beeping reverse alarms and revving HGVs, from vehicles which had ignored gates and warning signs to demolish the garden wall.

Finally she managed to see the promised kitchen. But it wasn’t the promised kitchen. Those 600 millimetre units were not 600 millimetres high. Some were 350 millimetres high, some only 250 millimetres. And some took up only a half or a quarter of their allotted width. The work surfaces had been hacked up and balanced randomly on the mismatched units. Not to put too fine a point on it, the kitchen was a mess.

The DeliveryDemon demanded an explanation from those planners.

‘Howdens Joinery told us 600 was the same as 300 and of course we believed them’ they said.

‘Howdens Joinery told us 600 was the same as 250 and of course we believed them’ they said.

‘Howdens Joinery told us part width was the same as full width and of course we believed them’ they said.

‘All your neighbours offered us tape measures but we decided to ignore them’ they said.

‘We don’t care that your family will have to live with this’ they said.

‘We CBA to give you even vaguely credible responses’ they said.

This is a fable of our times. It exactly mirrors the surreal process we have just been through in East Northants. It started with predatory developer Roxhill, in collusion with Howdens Joinery, ignoring all the suitable industrial sites available because Roxhill thought they could overthrow  the taxpayer funded neighbourhood plans in order to rake in profits at the expense of real people.

Their multitude of planning documents were thrown together to allow planners to tick boxes. And those planners duly ticked their boxes without ever considering the omissions, inconsistencies, and inaccuracies before them. People who actually used their brains pointed out that those documents were entirely unreliable. But the planners had ticked a box saying 600 new jobs and they weren’t going to get off their backsides to perform the most basic level of challenge which due diligence demands.

‘Loadsa jobs’ said East Northants Planning Department.

‘That 600 justifies destroying people’s lives’ said East Northants Planning Department.

The 600 jobs figure was challenged on the basis of inconsistencies too blatant to be ignored.

‘Well maybe it’s only 300’ said Howdens Joinery.

‘Well maybe it’s only 250’ said Howdens Joinery.

‘Well, a lot of those jobs are only seasonal’ said Howdens Joinery.

‘We only have embarrassing answers  to your questions so we refuse to answer them’ said East Northants Planning Department.

‘The answer is always loadsa jobs’ said East Northants Planning Department.

‘We’re not going to consider that a lot of those jobs will be done by robots’ said East Northants Planning Department.

Six doughty councillors toiled tirelessly to put the facts in front of their colleagues. Deaf ears were relentlessly turned. Six eloquent voices could not prevail against that obdurate deafness. Why? I have my views and no doubt you have yours.

And this has made it very clear that our planning system is not fit for purpose. Real people’s hard earned and over-taxed money pays for that planning system. Yet it allows faceless corporates like Howdens Joinery and Roxhill to ignore democratic decisions and ruin lives, all to make themselves a fast buck.

The DeliveryDemon is holds a strong view that this country is overdue for a heavy dose of democracy.

And the DeliveryDemon would advise anyone considering a new kitchen to look for a supplier whose numbers can be relied on.


Why Marketing Doesn’t Deliver

October 26, 2016

Every organisation in the world spends a fortune on marketing, to the extent the DeliveryDemon would have to go entirely off the grid to avoid the deluge. With that volume, it’s not surprising that it’s easy to find examples of stupidity. One of the commonest marketing fails is when an organisation is so busy preening its corporate ego that it completely loses site of the real customer experience. Microsoft’s latest idiocy provides a classic example.

For most people, email is a utility – boring stuff but it needs to be there and usable, low key but reliable. It doesn’t have to look pretty or to keep coming up with new bells and whistles when a typical user ignores most of the facilities already in existence. Hotmail used to be a good utilitarian email. It popped up quickly on the screen. It was easy to skim through emails and get rid of the trash. Emails could be sorted. There were reasonable filters. It was pretty good at identifying spam. And, having been around for so long, a hotmail address was reasonably memorable.

For a good while after taking it over, Microsoft let Hotmail be. Then came the change to Outlook. Now Outlook on a business network has been a pretty reasonable utility too, but that wasn’t carried forward when Hotmail became Outlook. Loading became painfully slow. Months later it hasn’t improved. On an iPad it’s still totally unreliable, verging on unusable. First it displays a smug little picture showing how the floppy disc supersedes snail mail. Below that appears what the DeliveryDemon at first assumed to be a progress bar. Actually it’s a throwback to the 1980s, when time and again users would watch the blue bar inch painfully slowly across the screen, only to freeze when it reached a fraction from the end. Time and again it does this, with refresh and URL reentry making not the slightest bit of difference. The DeliveryDemon has left the progress bar for 40 minutes and it still didn’t display any emails, hit refresh over 100 times without anything useful happening. Sometimes there is a complete access fail because the site has failed entirely. And of course there are no updates from Microsoft to let users know what is happening.

That’s the user experience. How does Microsoft marketing handle it? With a classic demonstration of being blinded by focus on the big fat corporate ego, that’s how.

Several times during this (ongoing) fiasco, the DeliveryDemon has had emails from Microsoft marketeers. ‘Now that you’ve been using Outlook.com and some of its features for a while, we hope you’ll try one free month of Office 365 to see how much more you can do.’ Lets translate that into user experience.

Now that you’ve been using Outlook.com and some of its features for a while…. –
Now you have endured for a while the primitively slow response times and clunky user interface……

….we hope you’ll try one free month of Office 365…. – A free month is nothing but a cynical attempt to entice users into locking themselves into something which is barely usable and certainly not worth paying for when that month runs out….

….to see how much more you can do – If it can’t even do the basics at a barely competent level, it sure as hell isn’t going to do anything more useful.

In other words, Microsoft has made crap out of something useful and its marketing department are so enamoured of their own verbiage that they expect the world to be equally blind and shell out hard cash in response to that slimy marketing-speak.

Of course there may be another agenda behind this. Maybe the end of free Hotmail is in sight. Maybe Microsoft hopes that enough users will transfer to the paid for product so that any furore following the withdrawal of Hotmail will be minimal. If that’s the case, the marketing needs to be a damn sight more intelligent than the current efforts. And if that does happen, the DeliveryDemon will follow the oft-tested prudent advice. If something which works well is withdrawn, don’t blindly accept the offered replacement. Treat that replacement as just another product and evaluate it against whatever else is available. And of course, that replacement offering starts with an immediate handicap – it comes from a supplier which values its corporate ego over the customer’s need for continuity and reliability.


Delivering An Open Letter to BT

June 23, 2016

An open letter because BT continues with its custom of blatant dishonesty and obstruction of customer complaints. This letter was sent to Gavin Paterson, BT’s CEO, following a correspondence string which invariably received responses whose honesty was noticeable by its absence.

It appears that your staff are unable to check customer history correctly. Your complaints system should have comprehensive details of my previous complaints which state very clearly that, having been an extremely dissatisfied customer of BT, I was formally requiring that you did not pester me with junk sales communication via any channel.

It is unsatisfactory that your staff are pretending that the problem lies with another company. This is WRONG. I had enough unpleasant dealings with BT to be very sure of the name of the company causing the problem.

Your staff claim that the problem would not have existed were the number registered with TPS. Your staff should be capable of checking this before making such a stupid recommendation. They should also have the basic understanding that TPS registration is done directly, not through the service supplier. The number has in fact been registered with TPS for years, apart from a brief period when BT abused its position by instructing TPS to remove the number from its Do Not Call list. If your staff think that the TPS list is an effective way of preventing unwanted calls, then your processes should ensure that a check is made against TPS records BEFORE attempting to nuisance call people.

It is also clear from the reply below that your processes are unacceptably inadequate in dealing with the issue of nuisance calls. When BT is told that its nuisance calls are unwanted it has no excuse for failing to record that, whether or not the requirement comes from a BT customer. In this instance, your staff are wrong in claiming that there is no account to mark. There is the historic account, whose management left me disgusted with BT’s dishonesty. And, as I said in earlier correspondence, you are holding sufficient information to have my name associated with the number. Were you making the least attempt to comply with the Data Protection Act, this alone should have prevented your nuisance call.

It is very clear that BT is hiding behind company size and ignorant staff to try and block serious complaints. While this is not surprising given BT’s history, it is completely unacceptable.


Delivering Lack of Political Credibility – by Phone

March 30, 2015

Come election time, the DeliveryDemon expects politicos to pay at least lip service to the concerns of the electorate. Even in the Westminster bubble it would have been difficult to ignore the fact that, across the country, people are becoming increasingly annoyed by the sheer volume of blatant scam calls being made by crooks using automated dialling technology. The DeliveryDemon was more than a little annoyed to be pestered multiple times with calls from 0203 4765 258, despite telling them succinctly where to go.

Today’s call came across as a blatant scam. The caller started by claiming to be ringing from the Office of the Prime Minister, David Cameron. While the DeliveryDemon has plenty advice to offer politicos about what their electorate wants from them, she still thinks it highly unlikely that DC or any other politico would actually call her personally for such advice, so the call failed the most obvious credibility test. Then of course, there is the date. As of March 30th, the date of the call, Parliament is dissolved. There are no MPs and no Prime Minister. Credibility fail number two. When it transpired that the caller was from one of the legion of nuisance call companies, he struggled to provide the most basic information about his organisation – yet another indicator of scam calls.

The DeliveryDemon prefers to cast blame where it is well deserved, and it is quite possible that the caller was a run-of-the-mill scammer using the election period to try and add credibility to the scam. Equally it may be that the Tories are being bloody stupid, ignoring the reams of recent publicity and high profile regulator concern on the subject of nuisance calls. If the former is true, then it is right that the Tories should know how their candidate’s name is being used. If the latter is true, then the Tories, like all other parties, need to be reminded that they should pay attention to the concerns the electorate has been raising for months and years. In particular they should exercise the tiny amount of intelligence it takes to recognise how their junk calls may be received by those who have not agreed to be contacted in this way.

Since the nuisance caller claimed to be from David Cameron’s office, the DeliveryDemon considers it appropriate that he should know how his name is being used. After much searching, and failing to find an email address, she found a contact form which wasn’t limited to a couple of skimpy lines of content, and sent the message below.

Dear Mr Cameron,

Today I received, for the third time, a call from someone making the highly unlikely claim that they were from your office. This individual, with a voice like a comedy Tory, was determined to get at personal information but had not even bothered to get the correct location of the phone he was calling. Further probing came up with the name of a company called Return Marketing, and an address which did not match the Companies House registered address of a company with the same name.

Investigating Return Marketing showed that, under the DPA, they are registered to provide telecommunications services and to hold details of their customers. This is manifestly not the same as holding details of individuals who have not given their consent and using those details to make nuisance calls to them.

Clearly these calls have all the hallmarks of a scam and, given the current massive volume of attempted fraud by phone, this appears to be highly likely. Either this company is claiming to be from your office in an attempt to lend credibility to a dishonest attempt to get at people’s personal information, or you have commissioned an extremely unprofessional organisation which has failed even to comply with its statutory duties.

If you have in fact commissioned this rather unsavoury organisation, may I suggest that you should instruct them:
• Not to lie about where they are calling from
• To comply with their duties under the Data Protection Act
• Not to harass people with multiple calls
• To be honest about where they obtain details of the people they call
• When they call someone, to be ready to provide basic information to indicate their bona fides, such as full company name and number and registered address, and data protection registration number
• When told their calls are an unwelcome nuisance, not to make repeat calls to the same number.

If your party is in fact using these tactics to get at information, it shows little awareness of the industrial scale harassment being caused by scammers making millions of fraudulent calls every day. May I suggest that your party should factor this into your campaigning, and consider dealing with the issue in your policies, rather than lose credibility by behaving in exactly the same way as blatant crooks.

While this missive is addressed to the Tories, the DeliveryDemon is not party-partisan, and any politicos trying this phone ploy can expect to receive a similar communication.

Let’s face it, survey calls are unnecessary. If the politicos are not prepared to listen to what the electorate are telling them while there’s Parliament, the electorate has a lot more sense than to believe that politicos will live up to the promises they make in order to be elected – even if they go phoning around to try and find out which promises might garner votes.


Not Delivering Financial Regulation

February 18, 2015

The DeliveryDemon is sick to the back teeth of the legions of scammers who employ phone drones who are thick enough to expect people to believe them when they call out of the blue and try to scam all the personal data needed for ID theft and financial crime. When she can be bothered, she reports them to the appropriate regulatory bodies. DeliveryDemon does not have much faith in the great British bureaucracies, and in this she is rarely disappointed.

Take for example a call received recently from some sleazy bunch in Manchester calling themselves Beyond Comparison, pretending to offer free insurance. Obviously, the FCA should know about this sort of thing since either the company is regulated and not conforming to the rules, or it is not regulated and shouldn’t be peddling financial products and advice. In this case, the DeliveryDemon saw that they are registered with the FCA, so reported appropriately. She was somewhat flabbergasted to receive a reply claiming:

  • I’ve found an entry for Beyond Comparison.Com Limited (click link to double check), but I don’t know whether this is the same firm that contacted you.
  • If you do business with a firm we don’t regulate, you won’t have access to the Financial Ombudsman Service or the Financial Services Compensation Scheme if you have a dispute or something goes wrong.
  • You haven’t provided me with enough information about who has contacted you for me to pass it anywhere. If you would like to provide us with any more information, you may wish to use our unauthorised firms reporting form

Yes, the FCA regulate this company but is indulging in a coverup by pretending it might be another company calling, and uses the opportunity to try and frighten a complainant by abdicating responsibility for companies operating within the FCA’s remit without authorisation. The FCA can identify the company as one it regulates but says it doesn’t have enough information to do anything about its malfeasance, and suggests I report it as unauthorised. Yes, really, the FCA suggests the DeliveryDemon should report an authorised firm as being unauthorised!

So what is the FCA choosing to ignore?

  • The DeliveryDemon has provided the company name, which is registered with the FCA.
  • The company call from a Manchester number and the company’s registered office is in Manchester
  • The company is phoning people claiming to hold data about them, which they are not authorised to hold.
  • The company are quoting as a source of personal information a company which has been dissolved for several years and never had authorisation to hold such information.
  • The company start by misleadingly offering free insurance, and only back off from this when explicitly queried about whether the caller is authorised to offer financial advice.
  • The company claim to be holding personal information but do not have a data protection registration

If the FCA can’t identify the company from the first two items, there’s something badly wrong with its process. If the FCA regards the other items as acceptable, it’s hardly surprising that the British financial sector is rife with corruption. But if the FCA isn’t going to get off its backside and do a bit of regulation, why the hell should the British taxpayer be paying nearly half a billion a year for this useless bureaucracy? Not only can we not trust financial companies, we can’t even trust the regulator to do its job.


Aiding and Abetting Criminal Activity

December 9, 2014

That’s what our phone companies are doing. It is an offence to harass people. It is fraud to entice people into believing that they have money due to them when the caller has no evidence that that is the case. It is an offence to hold people’s data without their permission. It is fraud to lie to persuade people to reveal their personal information. According to a government task force, a BILLION of these crimes are committed every year, with the assistance of our phone companies.
Our telecoms companies are making money out of these crooks, one way or another. They are certainly making no effort to prevent their infrastructure being used for criminal activity, despite being fully aware of the scale of what is going on. All we get is mealy mouthed platitudes recommending that we take actions which are either unfeasible or ineffective. Let’s get a few facts straight on just how useless these recommendations are.

  • Register with TPS? It’s a waste of time.
    • TPS doesn’t actually do anything with complaints
    • The crooks ignore TPS anyway
  • Block callers?
    • The crooks are spoofing numbers so blocking one number has little effect
  • Don’t answer if the number is withheld?
    • There are, unfortunately, some genuine companies which call from withheld numbers, ignoring good customer service for their own administrative convenience
  • Don’t answer if you don’t recognise the number?
    • Few if any people have complete knowledge of all the numbers they could be called from, whether personal or business. A child whose phone battery is dead could borrow a friend’s phone to call so no parent can afford to ignore unknown numbers. A friend can change phone number. A business contact could call from a landline when you only have their mobile number recorded. There is a host of reasons why a call from an unknown number could be both valid and important.

There are various reporting mechanisms – the ICO, Action Fraud, TPS, Ofcom, to name but a few. All those websites are badly designed. Their automated responses are uninformative and, in the case of Action Fraud, hide the content of their response in a dubious looking attachment. There is little if any evidence of any use being made of the information provided by these routes.
It would not be unreasonable to expect phone companies to make significant and meaningful effort to prevent their infrastructure being used to harass people, commit large scale fraud, and commit widespread identity theft. It would not be unreasonable to expect legitimate organisations not to behave in a way which emulates crooked behaviour.
Here are a few suggestions for the Nuisance Call Task Force.

  • Make it an offence to spoof a number
  • Make it an offence to deliver a call with a spoofed number
  • Make it an offence for a commercial organisation to withhold their number
  • Make it an offence for any organisation to sell or give away the personal details they collect
  • Limit the period for which an organisation can retain personal details and use them for sales and marketing
  • Create a single, simple, effective means of reporting the numbers used by scammers
  • Use the scammer reporting facility to create and maintain a single database of numbers recognised as being used by scammers
  • Make the database publicly visible
  • Flag numbers which are consistently being used in a criminal manner – say after 10 reports of the number as one which makes scam / harassing calls
  • Make it an offence for a phone company to issue the scamming number to anyone
  • Make the ban on reissue of scammer numbers meaningful – say a 10 year ban on their reissue
  • Make use of existing legislation to prosecute scammers for harassment as well as data protection and telecoms offences
  • Hold the directors of those companies responsible – directors of the calling company, its parent company, and any company on whose behalf it makes outbound calls
  • Since the crimes are being committed in this country in the homes of those being called, ignore the country of residence of those responsible for the scams and arrest any responsible directors who set foot in this country
  • Recognise that it is individuals who are responsible for encouraging / permitting these crimes and hold all directors responsible and liable to prosecution
  • Set penalties so that they automatically include both default and a significant fine

So why does the DeliveryDemon thinks this would work?

  • It will create an incentive for phone companies to take responsibility for the way in which they allow their infrastructure to be used
  • It would prevent genuine customers from being issued with numbers which people have blocked because the numbers were being used for scam calls
  • It would prevent banks from grooming their customers to give away security information to people who call them – for over a decade banks’ cavalier attitude to customer security has been demonstrated time and again when they make outbound calls to customers and proceed to ask for passwords and other sensitive information
  • It would encourage organisations to start to take data protection seriously
  • It would do away with the loophole which allows all the enforcement organisations to abdicate responsibility for scam calls originating overseas
  • A mandatory penalty of imprisonment would prevent those responsible from buying their way out of loss of liberty
    Significant fines for every offence would start to undermine the business model which makes scam calls profitable.

Let’s face it, we are talking of 32 crimes every second of every day. If our politicians and legislature and police and regulators aren’t prepared to take this seriously, the DeliveryDemon wonders what the hell we pay them for.


Harassment – The Crime Committed By Nuisance Cold Callers and Similar Scammers

November 6, 2014

We’ve all had it, the persistent calls at ridiculous hours, with recorded or spoken scripts riddled with lies. The smarmy sleazy voices. They pretend to represent or be authorised by government departments. They pretend they know about a claim or right you have. They pretend you have to do something because of new legislation. They lie and lie and lie. They want your money for some dubious product, and people have been scammed out of thousands of pounds this way. They want your personal information, and giving them that is a large step on the way to the hell of ID theft and further fraud.

They got your data from somewhere illegally, and once one bunch of these crooks have your data it gets sold around. Try as you will, you can’t stop it. It’s not just data breaches. It’s not just small naïve organisations not being good enough with their data security. It’s not just all these marketing offers. Government departments have been publishing sensitive personal data for years, and two of the biggest are doing their damndest to start selling it on a large scale to all and sundry – step forward HMRC and the NHS. We have in the space of a few short years been forced into dealing with constant harassment within our homes.

I’m actually surprised that telecoms companies aren’t protesting about this. There’s been a lot of recent publicity about people giving up on landlines for the simple reason that the bulk of calls come from fraudsters autodialling or using illegally obtained information. At least with a mobile you can cut the call off. When it comes to the primitive technology of landlines, the caller has control and can block your line.
With elections coming up we’re getting mealy mouthed platitudes from politicians about doing something to stop this. Why haven’t they done it before? The legislation already exists. These calls easily fall within harassment legislation and it is a criminal offence.
• It certainly distresses people to be constantly interrupted
• Frequently numbers are withheld, which is intrinsically threatening since the caller appears to be untraceable
• Many of these calls are silent, which is particularly threatening.
• A frequent tactic is to pretend that there is legislation which means the called person must do something
• The callers refuse to say where they obtained the personal information they so clearly have, which is a tactic of intimidation – ‘we know about you, we won’t say how’
• Buying or selling or passing on illegally obtained information is certainly harassment since it perpetuates and escalates the distress being caused.

The CPS provides the following definition of harassment:
‘the term harassment is used to cover the ‘causing alarm or distress’ offences under section 2 of the Protection from Harassment Act 1997…. The term can also include harassment by two or more defendants against an individual or harassment against more than one victim.
Although harassment is not specifically defined in section 7(2) of the PHA, it can include repeated attempts to impose unwanted communications and contact upon a victim in a manner that could be expected to cause distress or fear in any reasonable person.
A prosecution under section 2 or 4 requires proof of harassment. In addition, there must be evidence to prove the conduct was targeted at an individual, was calculated to alarm or cause him/her distress, and was oppressive and unreasonable.
Closely connected groups may also be subjected to ‘collective’ harassment. The primary intention of this type of harassment is not generally directed at an individual but rather at members of a group. This could include: members of the same family; residents of a particular neighbourhood; groups of a specific identity including ethnicity or sexuality, for example, the racial harassment of the users of a specific ethnic community centre; harassment of a group of disabled people; harassment of gay clubs; or of those engaged in a specific trade or profession.

Well, distress is being caused on a large scale. There are very clearly repeated attempts to impose unwanted communication, and there is no realistic opt out – the so called opt out option on automated calls has long been recognised as being used as confirmation that the person called is gullible so a good target for further harassment.

As to evidence, since these scammers are being allowed by telecoms providers to withhold numbers or display numbers, there’s not a lot the victim can do. But the information is flowing through the telecoms companies. They make money from these calls. In effect they are abetting fraud and harassment by doing this. Let’s see them forced to take some responsibility.

Are individuals being targeted on the basis of ‘protected characteristics’? Look at the age profiles. Ask people who have hit 50 or 60 or 70. Ask people who have started getting a state pension. Age is a recognised trigger for increasing volumes of scam calls. The fraudsters assume that older people are easier to intimidate into parting with information and money, and sometimes they are right. It may be the targeting of people who grew up in more innocent times and who, by retiring, are predictably likely to be at home at times to suit scammers. It may be people who are vulnerable through bereavement, particularly if the late spouse took responsibility for financial matters. It is more common for elderly people to be confused, through dementia or medication, so less resistive to scams. It sure as hell means that these scammers are targeting people on the basis of the protected characteristic of age.

Of course the people doing all this cannot help but be fully aware that they are following a course of conduct which amounts to harassment. It takes little intelligent thought to recognise the conduct as unreasonable. In fact it takes a highly determined effort at self-deception to find even the flimsiest framework which shows the conduct as anything other than deceptive, dishonest, unreasonable, and intimidating.

They know all of this when they buy data without checking it has been legally obtained so the defence of legitimate trade does not apply. They know it when they sell the data on illegitimately. They know it when they autodial. They know it when they phone TPS registered numbers. They know it when they write and approve scripts full of lies. They know it when they train their staff.

They? The Board of Directors, obviously, and also those in senior management who promote and collude with harassing behaviour. That covers operational management and strategic decision making. It covers HR when they set targets which depend on harassment producing results. It covers those who accept financial reports based on results obtained by harassment. It covers auditors who turn a blind eye to the way a company generates its profits. It covers those businesses which provide outsourced outbound calling services and pretend that they have no responsibility for the legitimacy of the data they use for calling. They are all executing or colluding with institutionalised practices of harassment.

There is of course Data Protection legislation, but that is too weak to be useful, more so since it relies on civil prosecution by the victim, and the harassment is executed in a way which prevents the victim from getting access to the necessary proof.

Under Protection From Harassment legislation, a perpetrator can be imprisoned for up to 6 months and fined up to £5000. The legislation for punishment exists. The cases exist to prosecute. The data is available to prosecute. Yet there has yet to be a prosecution. Not a single politician has risen from their backside to ask why there have been no prosecutions.

The DeliveryDemon, like a lot of people, is pretty quick to recognise scammers and tell them where to go. They are still a bloody nuisance and their calls are still harassment. She would dearly love to hear just one actual or prospective MP actually stand up and ask – loudly – for action to be taken using the ample legislation which is already in place.

Yes, let’s see the Action Fraud database being used to collect details of these harassers. And Data Protection reports. And Ofcom reports. And TPS reports. All the data collection mechanisms exist. Let’s see a campaign encouraging the victims to report their harassers. Let’s see some pressure on the telecoms companies to take responsibility for ensuring that their networks are not used for harassment. And let’s see the data being used for prosecutions.

We have seen a few prosecutions in other sectors for blatant criminal activity. Doing the same to the decision makers in nuisance cold calling organisations just might prompt an improvement in their behaviour.