Rupert Goodwins' Diary

Tuesday 04/09/2001A cautionary tale. Diary pal decides to sign up to an online SMS service for a free trial.

Tuesday 04/09/2001

A cautionary tale. Diary pal decides to sign up to an online SMS service for a free trial. He sent off one or two of his allocated handful of gratis messages, and thought no more about it. Later that day, he got a phone call from the company, and a bod asked him what he thought of the service, would he be signing up, and all that sort of thing. Fair enough, thought our pal, and made the usual fob-off "early days yet, let's see how it works" response. "But you thought it was good!" said the bloke from the service. "You said so in your message."

At which point, all manner of alarm bells go off in our pal's head. "You mean, you read my messages?" "Have to. It's the law. They might be criminal" says eager salesman.

Some time later, our pal makes contact with yours truly. "Is this right?" he asks. No, of course it isn't. So I call the company and speak to the salesman concerned -- who turns out to be the MD. At once, I'm plunged into one of those awful conversations where one party is aware that an entire planet of Clangers has been dropped but on no account must this be admitted. No, messages weren't read. No, he had no idea why our pal might think that. After the fifth repetition of the phrase "whiter than white", I was unavoidably reminded of the old saying that the louder he talked of his honour, the faster we counted the spoons. I was directed to the company's privacy policy: I read it. It didn't mention anything about the sanctity of messages.

Pal and I conferred afterwards. We agreed that this was probably a case of start-up fever, where an over-eager MD decides to get too hands-on, and that they almost certainly wouldn't do it again. We also evolved a protocol for finding out if they did. And I decided not to make a news story out of it: not yet, anyhow, but we will be watching.

The moral of this story? Assume data you send is public, unless you take steps to make it otherwise. If you do use a commercial service, make sure the limits of privacy are explicitly stated in the contract or associated bumf. And, if you're the MD of such a service, don't go exposing yourself to people who know just about every technology journalist in town.