Better Together's SMS Campaign
22nd March 2013
Better Together today sent out a text message campaign to a reported 300,000 recipients. At a guess, they've had some negative feedback, as they've had to post a blog article explaining where they got the numbers from , and why they believe they have consent to send the texts.
I haven't received one myself, but have seen a number of tweets linking to this page, which I believe the text message must take you to.
The link sent is of the following format: http://www.bettr.to/?m=447712345678 - rather shockingly this seems to use the mobile number as the unique identifier - note 44 being the country, and 7... being the UK number after the zero.
This means of course that the Better Together system is almost certainly tracking what your response is. The small print at the bottom, and the linked privacy policy make it clear that by submitting your opinion "you consent to Better Together contacting you with important information relating to Scotland's referendum on Independence. This may be via Telephone, Mail, SMS and / or by E-Mail."
Of course, as the unique identifier in the webpage address is so blatantly open to spoofing, anyone could submit any mobile number to the system, simply by changing the url, replacing the X's in
http://www.bettr.to/?m=447XXXXXXXXXX.
But even ignoring this vulnerability, the survey page does not seem to conform to best practice and may be in breach of the law. The Information Commissioner's Office explains in a page directed at marketing organisations the difference between a solicited and unsolicited marketing message . (It may be questionable if Better Together's can be considered 'marketing' of course.) It admits that an active invitation can be given via a third party - that is what BT say they have done in purchasing a list. No-one on the list has agreed to receive communications from BT, but they have (presumably) agreed to receive them from 'our marketing partners and other organisations' or something like that.
However the ICO goes on to say to organisations that send messages:
Looking at the screenshot above, and seeing how small the small print is, do you believe that clicking the Submit button constitutes 'positively' opting in to receive further information? Take into account that the ICO on this page says:
Additionally there is no clear facility to actively opt out of further communications - this again does not seem to conform to the ICO's guidelines or indeed the law * see update below .
- you have not provided a valid address to which the recipient can send an opt-out request.
Update: 14:58 - Thanks to Scott Macdonald for this screenshot showing that the initial text message does have an opt-out option, so I'd say Better Together are complying with that part of the regulations. It's not clear whether opting out will result in a standard rate charge or not though!
☝