Ofcom fine Three £1.9 million for emergency call weakness

Source: Ofcom

Reported to Ofcom by Three UK themselves in October, the weakness related to how emergency calls in restricted areas of the South were passing through a single data centre.

This meant that emergency calls were liable to be made impossible if the "single point of failure" were to be hit by an outage, with all available backup routes at the time running through this single point.

Given the seriousness of this fragility and "the potential impact on public health and safety", Ofcom decided to levy the £1.9 million fine, which stands as one of the biggest mobile operator penalties on record.

The back story

The weakness was discovered on October 6th, when Three UK reported a temporary loss of mobile service for their customers in London, Kent and Hampshire.

This prompted Ofcom to a launch an investigation, which soon enough revealed that "emergency calls from customers in the affected area had to pass through a particular data centre in order to reach the emergency services".

Ofcom note that this data centre wasn't actually the cause of the loss of service. Nonetheless, it's status as the sole route for emergency calls nonetheless caused them serious concern, not least because operators are obligated to provide emergency call services even when customers are out of credit.

As the diagram below illustrates, that's because Three's backup routes were all reliant on this centre, ironically creating a situation where there were in fact no backup routes.

Source: Ofcom

Fortunately, Three have since corrected this vulnerability, yet its potential for blocking those in need from vital emergency services effectively forced Ofcom to make an example of the operator and demand a £1.9 million fine.

Commenting on its magnitude, Ofcom's Enforcement and Investigations Director, Gaucho Rasmussen, said, "Today's fine serves as a clear warning to the wider telecoms industry. Providers must take all necessary steps to ensure uninterrupted access to emergency services".

And it seems that Three have taken heed of this warning, with the company stating, "Providing our customers with uninterrupted access to emergency services is a requirement we take extremely seriously. Three therefore acknowledges Ofcom's decision today to fine Three for a single point of vulnerability on Three's network"

Yet even though they "acknowledge" the fine (as opposed to denying its existence), they point out that the vulnerability did not have "any impact on our customers and only relates to a potential point of failure in Three's network".

A history of fines

And to be fair to Three, they aren't the only mobile operator to be fined by Ofcom recently, and neither is their £1.9 penalty the largest on record.

In October, Vodafone were hit by a £4.6 million fine - the largest ever levied - for violating billing rules and mishandling customer complaints.

Similarly, EE were fined a whopping £2.7 million in January for overcharging customers for EU roaming, billing them according to rates for US roaming.

And this wasn't the only time EE have been fined in recent memory for failing to comply with rules on handling complaints, seeing as how 2015 witnessed them receiving a £1 million punishment.

That such fines aren't particularly rare in the mobile industry isn't perhaps surprising, given that operators serve millions of customers on a daily basis, yet it's interesting to note that O2 are an exception to this.

They haven't received a comparable fine in recent years, with the only bad mark against their name being perhaps the Competition and Markets Authority's refusal from last April to approve their planned merger with Three.

Otherwise, their record is clean, and it's worth noting that according to Ofcom's latest telecoms complaints data, they have the lowest proportion of customer complaints compared to any of the Big Four operators, with only Tesco Mobile having less.

Source: Ofcom, Latest telecoms and pay TV complaints March 29, 2017

Never again?

Still, a fine for a network vulnerability isn't necessarily a direct indicator of the level of customer service someone might expect to receive from Three, or anyone else for that matter.

Yet there is likely some correlation, at least insofar as a network vulnerability will make it likelier that customers experience a loss of service, which would unsurprisingly make them less happy with their operator and more likely to complain.

As such, it's unquestionably a good thing that Three have removed the weakness affecting their network, and that Ofcom have made it less likely that any other operator would allow something similar to happen in the future.