Pakistani Mobile phone companies have started to scan (read: intercept) calls and SMS data of mobile phone users, we have learned.
According to an investigation that ProPakistani conducted, Pakistani cellular mobile operators now scan — at least the metadata — of calls and SMS that their customers send or receive on Pakistani networks.
Note: Metadata is the header information of call and SMS communication and usually has information about sender and receiver of calls and SMS, and not the content of calls or SMS.
It is clear that SMS and call data is exposed to mobile phone companies since they transport such data, however, it was assumed that operators never peeked into this data to ensure consumer privacy.
New revelations, however, suggest that mobile phone companies have started to intercept SMS and call data of their customers for commercial purposes.
Dangerously, these interception were made without the consent of customers and their call and SMS data was read by cellular companies to offer them personalized services.
For example, EasyPaisa sent personalized broadcast to its customers with special offers relating to banks where they maintained their accounts.
Customers who had bank accounts in UBL were sent special discounts related to UBL only. Similarly, special offers for Standard Chartered Bank account holders were sent to SC account holders only.
While Telenor didn’t elaborate how it knew about the banks where customers maintained their accounts, industry experts said that this could be due to frequent customer interaction with specific numbers, such as a bank helpline or through bank’s SMS short code that might had helped Telenor to identify the banks where their customers had accounts.
When we asked Telenor how it gathered such critical data about the customers’ bank accounts, it said
Telenor strives to provide personalized experience which involves customer data and preference analysis in an automated and anonymized way to ensure customer privacy.
PTA is clueless about how to deal with the situation. When we asked about any regulations in place when a customer data is intercepted for commercial purposes, it said that this is a grey area and is yet to be regulated.
Industry experts aren’t convinced by the approach. They say that Telenor should have done at least two things:
- Should have informed customers of any such data interception
- Should have compensated customers (through free services) if their data is used for commercial purposes
Industry experts said that data privacy is an alien concept these days, however, customers should know about how companies treat their data. Google for example, clearly mentions that customers’ data is used for commercial as well as system enhancement purposes.
Similarly, Telenor should have communicated customers about the same, said the experts.
Moreover, according to Industry high-ups, when companies use customers’ data for commercial purposes then they must not charge for the service or at least offer discounted prices.
Gmail for example, is free of charge when customers’ data is used.
They said that such personalized offers, when combined with other businesses (banks for example) will supplement partner businesses as well, and hence there are chances that Telenor is charging the partner (bank) for such a combo offer. This is where customers — whose data is used — should be compensated.