Attention: CEOs and employees in the legal divisions of telecoms operators and banks
Having analysed the case law that has developed, Pepeliaev Group notes Resolution No. 3933/12 of the Presidium of the Supreme Commercial (‘Arbitration’) Court (the “SAC”) dated 18 September 2012. In its ruling, the court used as an example a case of third parties gaining unauthorised access to telecommunications services by stealing a subscriber’s identification information and developed a legal position as to the legal consequences for the operator and the subscriber. This legal position may extend to a wide range of legal relationships that contemplated remote access to different kinds of resources (remote banking service systems, providing telecommunications services, using credit and debit cards and others).
Facts of the case
A telecoms operator submitted to the court a claim against a subscriber which had not paid for Internet connection services.
The subscriber’s position was founded on the fact that the services were actually consumed by a third party which had stolen the subscriber’s identification details (a court sentence that had come into force confirmed that the subscriber’s actual name and password had been stolen).
Previous court practice
Until now, courts had been guided by the provisions of article 54 of the Federal Law On telecommunications dated 7 July 2003 and clause 31 of the SAC’s Information Letter No. S5-7/UZ-888 dated 6 August 2003. These stated that an operator may invoice telecommunications services based on figures from certified measuring devices, and in the majority of cases claims to recover money owed for services provided were upheld.
The courts of all three levels applied such an approach in this case. It was stated that the subscriber must ensure that his or her information is secure and that he or she is financially liable for services obtained by third parties.
Legal positions developed in Resolution No. 3933/12 of the Presidium of the SAC dated 18 September 2012
In its Resolution, the Presidium of the SAC sent the case to be reheard and noted as follows:
- Both an operator and subscriber should take steps to safeguard against the unlawful actions of third parties.
- Telecoms operators are to take organisational and technical measures aimed at preventing persons who do not have the right to do so from gaining access (the set of hardware and software used by the operator should ensure that a monitoring function is performed in relation to any ‘suspicious’ signalling load as one of the technical measures designed to prevent unauthorised access).
- If the figures from the telecoms equipment reveal a significant, ’unusual’ increase in traffic accessed by a subscriber, then the telecoms operator may require the subscriber to supply evidence that it is the subscriber or a person authorised by him/her that is accepting the services. The operator bears the risk of failing to make such a demand.
- If the subscriber pays for services, this does not mean that he/she is liable, since it does not follow that a subscriber should pay for services that he/she has not consumed having failed to ensure that his/her own data is secure.
Conclusions and recommendations
The Resolution of the SAC that is under consideration contains a legal position that allows other legal consequences to be applied in relation to widely used wording of contracts. It is therefore necessary to check the provisions of model contracts and certificates that govern relations with consumers of goods (work, services) in terms of the mutual rights and obligations, as well as the implications of subscribers losing personal data.