Should the legal system force telcos to defend themselves from claims of negligence in open court, even if a contract with a customer says disputes will be settled through arbitration? That is one of the arguments being tested in Canada by a lawsuit that asserts mobile operator Rogers and store manager Match Transact negligently allowed a SIM swap fraud which cost the victim CAD534,000 (USD391,000) in bitcoin stolen during 2021. That amount would be worth CAD1.8mn (USD1.3mn) at bitcoin’s current valuation.
The suit brought by Raelene Vandenbosch of British Columbia (B.C.) highlights how the province’s law has since changed to prevent telcos imposing binding arbitration agreements on customers. It also presents a public interest argument for transparently examining business practices when flaws may also affect other customers, per the detailed reporting of local news provider Sooke News Mirror.
Vandenbosch’s central argument for why she should not be required to go through arbitration rests on amendments the B.C. government made to the Business Practices and Consumer Protection Act in March.
The B.C. government amended the legislation so cell phone companies can no longer impose these agreements on customers, arguing forced arbitration hurts consumers.
Vandenbosch contended that these new rules must be retroactively applied to her case.
Judge Anita Chan of the British Columbia Supreme Court disagreed. However, she did rule that the public interest permitted one aspect of Vandenbosch’s case to be pursued in open court.
In her decision, Chan offered one caveat: the case can proceed under a section of the Business Practices and Consumer Protection Act that allows for resolution in the public interest.
This section predates the spring rule changes and allows for a judge to order a company to publicly accept responsibility or make changes and restore “any money or other property or thing” that was acquired through activity found to violate the act.
Vandenbosch alleges her bitcoin was stolen after a fraudster that pretended to be from Rogers contacted a Match employee working in a kiosk in Montreal. The fraudster persuaded the Match employee to share their computer screen, effectively giving the fraudster visibility of information about Vandenbosch’s phone account. It seemingly did not occur to the Match employee to challenge the reasons for a Rogers employee to request information about a Rogers customer based over 4,000km away, nor did the store exercise a strong enough protocol to determine if they were speaking to a genuine Rogers employee or not. Rogers is also blamed for permitting so much customer data to be freely accessible to people working in Match’s stores.
This case revolves around the specific laws that apply in British Columbia but the issues are general in nature. Telcos are trying to limit their liability for SIM swap crimes by placing contractual limits on how customers seek redress. One of these limitations prevents customers warning the rest of the public about security failures. Meanwhile, privacy infringements remain rife. How many times have we heard that protecting customer data ranks as a telco’s highest priority? You would never form that impression based on the litany of data breaches and data thefts that are reported each month. The theft of large amounts of cryptocurrency through SIM swaps has been so common that there are law firms which specialize in representing cryptocurrency SIM swap victims. In such circumstances, it is unsurprising that legislators in places like British Columbia might stop comms providers using arbitration clauses to reduce their own risk by effectively increasing the risk borne by their customers.
Instead of managing risk by hushing up bad news and restricting the legal options available to victims, telcos might be better off refocusing on the root cause of these crimes: lax controls around data. The phrase ‘restoring trust’ gets repeated a lot these days. The widespread use of mandatory arbitration contract clauses suggests telcos continue to attach more importance to different objectives than the restoration of trust.



