Phone Cramming: Hackers Hijack Technology Designed to Help Earthquake Victims

EDITOR’S NOTE: A recent study by the Pew Internet and American Life Project reports that, of the 88% of Americans with smart phones, 55% of them use those phones to get online. This means that smart phones are rapidly becoming a major portal for approximately 150 million people to access and share information. While this blog usually does not cover general technology issues, I found that this connection between mobile devices and the internet indicates that I need to keep my eye on issues in this area.

With that in mind, following a discussion after class that brought this issue to my attention, I invited one of my former students to write a post for inclusion on this blog. After collaborating with Jake as we dug into this relatively unexplored topic, I am pleased to present the first guest post to Virtual Navigator in its 2+ year history! Enjoy.

Phone Cramming Goes Mobile
By Jake Sherlock

Here’s a scenario based on events that I had the misfortune of experiencing a few weeks ago: I am one of the 331.6 million cellular phone subscribers in the United States. This should be easy to relate to, as that number actually covers 104.6 percent of the total US population! (Actually, only 88% of Americans have smart phones, so that means that several million people have more than one!)  Like most of those people, I send and receive the occasional text message. Now, here is where things start to get a little more interesting.  Imagine that you receive an odd text message from a number you do not recognize.  It might be asking you if you want to receive weather updates, sports scores, “fun” facts, or dating advice, all conveniently delivered to your phone for the low, low, monthly price of only $9.99!  Like most people, you would probably delete such messages rather than respond, like most would do to similar e-mail spam messages.  After all, these spam companies are like the annoying kid in class; if you pay attention to them and acknowledge their antics, they will only get worse.  In internet slang, you don’t want to “feed the troll.”

Now, instead of receiving an advertisement for one of these “worthwhile” services, imagine that you get a text message with actual weather update, real sports score, “fun” fact, or dating advice–followed shortly with another message advising that you have been enrolled in the service and the “low, low” price of $9.99 has conveniently been billed to your account, and will continue to be billed on a monthly basis.  You might chuckle to yourself at the audacity of these spammers.  You would never agree to such a thing.  You then proceed to go about your life. Later, on, just to be sure, you check your phone bill.  There you discover, tucked in with all the other taxes, fees and surcharges, you see an additional charge for $9.99…

Wait, what?!

This practice is known as cramming.  The Federal Communications Commission (FCC) defines it as the “practice of placing unauthorized, misleading or deceptive charges on your telephone bill.”  While cramming has long existed on land-lines (in the form of bogus long-distance charges) it is becoming an increasing problem for the cellular and smart phone generation, where crammers now most often attempt to ply their schemes; mainly through text messages.
Before diving into the problems associated with cramming, and the ethics involved, it is important to determine whether or not it is actually legal.  The answer here, unfortunately, is not as clear as one would hope.

As of this writing, there are no laws that directly address both wireline and mobile cramming.  US Senator John “Jay” Rockefeller (D-WV) has introduced Senate Bill S.3291, known as the Fair Telephone Billing Act of 2012 (FTBA).  The FTBA would amend the Section 258 of the Communications Act (47 U.S.C. § 258) to ban all third party charges from land-line telephone bills.  Of course, there are a few exceptions to the ban.  For example, charges that a customer affirmatively assents to, or charges directly from the provider would still be allowed.  The one caveat to all this is that these new rules would apply only to land-lines.  There is a separate section of the FTBA that deals with third party charges on mobile devices.  Assuming the bill passes, the FCC–along with the Federal Trade Commission (FTC)–would have 180 days to create a set of rules protecting wireless consumers.  The bill requires that these rules give the customer the means of avoiding third-party charges (as well as clear disclosure of this option).  The bill also requires the creation of a procedure that wireless service providers can follow to determine whether third-party charges have been authorized by the customer, as well as procedures that allow the customer to seek and receive reimbursement for any unauthorized third-party charges directly from the wireless provider.

Until such time as the FTBA is passed, consumers wishing to fight back against the crammers have a limited arsenal at their disposal.  The plaintiff’s in Moore v. Verizon attempted to attack cramming through the current version of the Communications Act but were ultimately unsuccessful.  Other plaintiffs have brought complaints under the RICO Act and the Consumer Fraud Act.  While the claims in Nwabueze v. AT&T (RICO Act) and Brown v. SBC Communications, Inc. (Consumer Fraud Act) survived motions to dismiss for failures to state a claim, there have been no definitive rulings either way.

One other avenue a consumer could try would be to bring a complaint under the Computer Fraud and Abuse Act (CFAA), 18 USC § 1030. Section 1030(a)(4) of the CFAA states in pertinent part that someone, “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value…” would be guilty of a crime.  One could make a case that a smartphone acts as the “protected computer” in this scenario, that the crammers are accessing the protected computer without authorization (by sending an unwanted text to a customer and signing that customer up to the service without consent), and that they are obtaining “something of value” in the $9.99 per month. Or you could say that they are accessing the computers of the wireless service providers and pretending to be users in order to gain the $9.99 per month. There are a lot of ways to read the law to fit the facts, which is why the CFAA is such a powerful tool for law enforcement (as long as we know what it means).

Legal or not, one of the major problems associated with cramming is its insidious nature.  The cramming problem is exacerbated by the fact that most of us have become increasingly desensitized to spam.  We have trained ourselves to ignore and delete these types of messages.  Be careful, this is exactly the type of behavior the crammers thrive on.  If you ignore and delete the message advising you that you have been “enrolled” in their “service,” it could be months before you discover it in your phone bill.

This is particularly problematic because, even though AT&T and Verizon agreed to ban cramming back in March, they seem to be dragging their feet. As I experienced firsthand, however, the most surprising (and disturbing) fact is not that the crammer was allowed (by AT&T in my case) to enroll me in one of their “legitimate” services without my knowledge or consent, but the fact that this despicable practice had the tacit approval of AT&T.  Not only was it done with AT&T’s consent, but AT&T (and Verizon, and Sprint, and T-Mobile) actually profit from this practice.  The New York Times reported that in general, one-third to one-half of the revenue generated by crammers goes to the cell phone carrier.  This means that, in a sense, AT&T essentially tried to steal upwards of $5 out of my wallet.  Granted, AT&T did eventually put it back by refunding the charge, but not without a good deal of resistance. Given the sheer number of fraudulent charges and the fact that most people do not notice them right away (if at all), that $5 likely grows into a whole lot more.  Fortunately, in addition to the refund, AT&T also placed purchase protection on my text account to prevent this from happening again, but it took an hour of my time and three phone calls to AT&T Customer Care to accomplish this.  As the Times article explains, it’s not remotely easy to accomplish this. Enabling purchase protection should be the default option for customers; not something only available after you have already been crammed. This explains why, several months after the carriers supposedly acquiesced, Senator Rockefeller continues to move forward with his bill.

Members of Congress are starting to pay attention to cell-phone cramming (including Minnesota Senator Amy Klobuchar) but the question remains as to whether AT&T, Verizon, and the rest of the telecoms will move to protect consumers without government intervention. Maybe they should check their horoscopes.

About Justin Kwong

An attorney in the Twin Cities and adjunct professor at William Mitchell College of Law where I teach a seminar on the law of virtual worlds.
This entry was posted in Legal Developments, Legislation, Mobile Devices, Privacy. Bookmark the permalink.

1 Response to Phone Cramming: Hackers Hijack Technology Designed to Help Earthquake Victims

  1. Pingback: FTC Suit Against T-Mobile Says ‘Un-Carrier’ Profited From Cell Phone Cramming | Virtual Navigator

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s