Leaks, Litigation and Liability

In London, the adage goes that you’re never more than six feet from a rat. In telecoms, the adage could be that you’re never too far away from a lawsuit.

2014 saw various calls of governmental “spying”, patent wrangling, cyber security leaks, hacks and more. Allegations were made against government agencies; Apple had to endure the apparent celebrity iCloud hack; AT&T have sued Cox Communications; four Hong Kong telcos were targeted in a global hacking effort; Microsoft sued Samsung, Apple sued Samsung and Samsung sued Apple back as their love-triangle of litigation goes back and forth.

The telecoms industry is one of the most litigious industries in the world. James Tumbridge, who is a partner at law firm Pillsbury, believes that economic and competitive intensity is largely responsible.

“It’s a result of the fact that no modern device is wholly made with the components of one entity anymore. As a result, when a mobile phone has multiple components protected by multiple patents, businesses see using litigation as a legitimate business tool to modify the licence fees they are paying, or to attack their competitors whose patents might otherwise allow them to monopolise market share,” he says.

Intellectual property and patenting have both led to a raft of warning shots being fired between competitors in the telecoms space in recent years. Christopher Stothers, who is a partner at law firm Arnold & Porter, says there are two distinct threats facing telecoms companies, which leads to these legal challenges.

“Quite aside from the cost of protecting their own innovations internationally, telecoms companies face two major threats. Firstly, there are the ‘patent wars’; being competitors who seek to block use of their patents, or at least paint a picture for the public that the competitor is the real innovator. Secondly, you’ve got the ‘patent trolls’; who are non-competitors seeking to be paid for use of their patents, typically leveraged with the threat of expensive litigation and/or injunctions damaging product offerings.”

As well as patenting considerations for the telecoms community, it appears as though telcos are beginning to bear the brunt of responsibility for copyrighted content being pirated through the network. In the UK, certain internet service providers have completely blocked access to a number of high profile torrent file-sharing websites to users.

“We now know that in the UK there won’t be piracy warning letters under the Digital Economy Act 2010 (following challenges by various telcos), after the voluntary agreement on the Creative Content UK alert programme,” says Stothers. “However, there appears to be a growing appetite for content owners to seek and obtain injunctions against telcos as intermediaries to block pirates. This brings with it cost, management and reputational implications for telcos, which face criticism from vocal user groups if they are seen to cooperate too much.”

But how can an operator responsibly comply with the copyright demands of content owners, as well as fairly and neutrally manage the use of its network for users? File sharing sites are, technically, perfectly legal; illegality occurs through the sharing of copyright protected content. As a consequence, a blanket ban approach to such sites is on the rise.

BT is one of the UK operators to impose a ban on a number of high-profile torrent websites, such as The Pirate Bay. BT explained to us how it ensures neutral management of web traffic.
“In the UK, BT operates under a number of Codes of Practice (CoP), those being the Open Internet CoP and the Traffic Management Transparency CoP. These commit BT to treat all traffic consistently, regardless of its source, and being fully transparent about any types of traffic we may manage in order to minimise network congestion,” the operator said.

BT also shared its views on the wider net neutrality debate in the context of the EU’s Digital Agenda. It would be fair to assume that BT isn’t the only operator in the UK and across Europe to disagree with the proposals for competitive regulatory reform in Europe.

“The text agreed by the European Parliament Plenary in April 2014 is overly restrictive as well as creating legal uncertainty, which undermines investment and puts the EU’s Digital Agenda objectives at risk and we have proposed a number of amendments designed to preserve the principle of an open internet while allowing operators scope to meet customers’ demands and public interest objectives,” said BT.

Mike Ryan, a Partner at law firm Arnold & Porter, has observed a noticeable increase in regulatory pressure on operators in the last few years. “The list of issues that attract regulation has steadily expanded and now includes matters as diverse as net neutrality, operators’ data retention obligations, and operator cooperation with security authorities,” he said.

Moving away from the maintenance of a fair and neutral internet, one of the most well documented and heavily regulated challenges that exist within the telecommunications sector today relates to information security.
In a report commissioned by the Department for Business Innovation & Skills, and conducted by PricewaterhouseCoopers, 20% of organisations of national importance to the UK rely on externally hosted services. Furthermore, 77% of large organisations store confidential or highly confidential information in the cloud.

With third-party storage of data and services becoming an integral part of mission-critical strategies for a large percentage of businesses; pressure is mounting on the telecommunications sector to ensure the security and confidentiality of such information.

Customers of both a commercial and personal standing are increasingly concerned with how their data is being used and stored by operators. Undeniably, the stakes are being raised.

“Customers are increasingly concerned as to the use and storage of their personal data by operators and what measures are being taken to protect their sensitive information from hacking,” says Jonathan Snade, partner at telecoms law firm Thomas Eggar. “The risks for failures include fines from regulators and actions from affected customers, as well as reputational damage and negative press with consequential potential impact on share prices.”

Regulators in the telecommunications sector aren’t necessarily as heavy-handed with fines and punishment as their counterparts in finance; however the reputational and subsequent negative impact on share prices alone should act as significant motivation to tighten up network security measures.

So what avenues are available to telcos to prevent falling foul to cyber-criminals?

“Under the Communications Act, telecoms companies are already under an obligation to ensure that the networks and services they provide are secure. However, companies can seek to obtain the recently introduced Cyber Essentials accreditation, which is a self-assessed and independently verified compliance audit scheme, to assess and demonstrate security compliance,” says Snade.

He goes on to explain that the non-obligatory stance on Cyber Security accreditation is soon to change. From October this year companies will be obliged to achieve accreditation in order to win government contracts involving personal or sensitive data. Vodafone were the first to achieve “Cyber Essentials Plus” accreditation.

Aside from ensuring responsibility over password protection; Snade also recommends some simple to implement yet effective methods to help keep the hackers at bay.

“Ensure that passwords are strong and all software is kept up-to-date. Hackers are increasingly using companies’ own servers to host cyber-attacks and having weak cyber security systems leaves an organisation exposed. However, simply having anti-virus software is not enough and may lull organisations into a false sense of security,” he says. “The recent “Heartbleed” attack is a good example of how important it is to be aware that even the software itself can have its flaws which cyber pirates can exploit to their advantage.”

Alarmingly, and perhaps the reason why the UK government is putting more obligation on the telecoms sector to take cyber security more seriously, Snade highlights the disparity between how UK organisations view cyber security, compared to their counterparts in the US.

“Interestingly, a recent study by BT revealed that British business leaders place less importance on cyber security than their US counterparts. Only 17% of UK business leaders rate cyber security as a priority, the equivalent figure for the US is 41%,” he says.

With recent frailties in iCloud security raising more than just eyebrows, Daniel Hedley, a solicitor at Thomas Eggar, explains how the leaks may have pertinence to telcos and which simple steps can be implemented.

“While it is true that businesses will, quite rightly, not generally choose a consumer-focused cloud service such as iCloud, in this age of staff using their own devices for both work and personal use, it is very easy for confidential business data to end up being uploaded to these services,” he says. “Businesses can control these risks, while still maintaining many of the benefits of cloud storage services and bring your own device (BYOD), by deploying a combination of technical measures preventing unauthorised uploading of business data and user education.”

With recent hacking incidents dominating headlines and putting cyber security firmly back into the public eye, telcos and cloud service providers are under mounting pressure to shore up their networks. This adds yet another bump to the broader legal landscape facing the telecoms community today.