Articles

Customer responsible for costs deriving from hacked voice services

Customer responsible for costs deriving from hacked voice services

Customer responsible for costs deriving from hacked voice services

17.12.2014

NEC Nederland BV (NEC), the Dutch branch of NEC Corporation which is a worldwide provider of IT and communication solutions, uses voice services provided by KPN BV (KPN), a Dutch telecom provider. In order to use these voice services, NEC built their own PBX (Private Branch Exchange – which is a system that concentrates central office lines and enables intercommunication between a large number of telephone stations within NEC) connected through a router to the WAN (Wide Area Network).

Unauthorized parties have managed to get access to the data lines via a badly secured NEC PBX device and have set up a dial up service through which telephone traffic with East Timor has taken place. KPN has invoiced NEC for the costs involved, in the sum of EUR 176,895,00. KPN claims payment of the invoice stating that it was NEC’s obligation to monitor the traffic. NEC however states that KPN has a duty of care (statutory and reinforced by case law) which entails that telecom providers are obliged to monitor telephone traffic and take measures when deviating telephone traffic is noticed. Furthermore, NEC claims that KPN should have warned NEC about the risks of using voice services. Because KPN neither monitored the telephone traffic nor warned NEC of the risk (the hack was discovered during a test), NEC claims that it is not liable for the costs of the fraudulent use of the voice services.

The Court rejects NEC’s claim that KPN owes it a duty of care. NEC built their own PBX system, which makes them responsible for the hardware and, being a professional in the communications sector, they are supposed to be aware of the risks of using voice services. A previous hack of their PBX system resulted in damage amounting to EUR 40,000 and confirms that NEC were aware of the risks involved. Following this incident, NEC asked KPN if it was possible to cap the use of their lines as a safeguard. KPN explained that this was not possible and instead offered a tool to enable NEC to monitor traffic on a daily basis. NEC decided not to make use of this option.

NEC also tried to rely on jurisprudence relating to telephone traffic, by claiming that such traffic should be adequately monitored on a regular basis. This plea was also rejected because – contrary to other phone traffic - different providers are used to provide voice services and KPN cannot monitor the traffic on the data lines of other providers.

Therefore, the Court concluded that NEC cannot claim a duty of care from KPN and that NEC should pay KPN’s invoice.

[Source: District Mid-Netherlands, 2 July 2014, ECLI:NL:RBMNE:2014:2617]

 

Click here to see a printable version of this article

All rights reserved. Care has been taken to ensure that the content of this e-bulletin is as accurate as possible. However the accuracy and completeness of the information in this e-bulletin, largely based upon third party sources, cannot be guaranteed. The materials contained in this e-bulletin have been prepared and provided by Stibbe for information purposes only. They do not constitute legal or other professional advice and readers should not act upon the information contained in this e-bulletin without consulting legal counsel. Consultation of this e-bulletin will not create an attorney-client relationship between Stibbe and the reader. The e-bulletin may be used only for personal use and all other uses are prohibited.

Team

Related news

10.10.2018 NL law
Ongevraagd advies Raad van State: normering van geautomatiseerde overheidsbesluitvorming

Short Reads - Op 31 augustus 2018 heeft de Afdeling advisering van de Raad van State (hierna: "Afdeling advisering") een 'Ongevraagd advies over de effecten van de digitalisering voor de rechtsstatelijke verhoudingen' betreffende de positie en de bescherming van de burger tegen een "iOverheid" uitgebracht. Het gebeurt niet vaak dat de Afdeling advisering zo een ongevraagd advies uitbrengt. Dit onderstreept het belang van de voortdurend in ontwikkeling zijnde technologie en digitalisering in relatie tot de verhouding tussen de overheid en de maatschappij.

Read more

12.10.2018 NL law
Tim Berners-Lee's Solid proposal: the future of data traffic?

Short Reads - The General Data Protection Regulation (GDPR) aims to strengthen the rights of individuals in respect of their personal data. Although this aim has been achieved to a certain extent, the fundamental framework of the way personal data is processed remains unchanged. Companies are still able to use large amounts of user data, in many cases without even obtaining their consent. Tim Berners-Lee, the inventor of the World Wide Web, has announced his plans for a decentralised web, in which users remain in control of their personal data.

Read more

09.10.2018 BE law
Stibbe continues to support law incubator project IusStart in new academic year

Inside Stibbe - Stibbe, in cooperation with IusStart (KU Leuven), has supported promising start-ups for many years now by drawing their attention to potential legal obstacles in the field of general commercial law and IP and IT law. This new academic year is no exception: our TMT department continues to assist final-year law students and start-ups by being their mentors.

Read more

11.10.2018 NL law
Stibbe hosts NGB Extra Seminar about product development and counsel’s role at the interface of new technology and law

Seminar - On 11 October 2018, Stibbe will host the NGB (Dutch Association of Corporate Lawyers) Extra Seminar.  IT/IP lawyers Judica Krikke, Jasper Klopper, Marc Spuijbroek and Frederiek Fernhout will discuss the practical aspects of the development of innovative new products. 

Read more

26.09.2018 EU law
Artikel 13 DSM-richtlijn: verplichting tot een online content filter?

Short Reads - In het kader van de modernisering van het auteursrecht binnen de Europese Unie heeft het Europese Parlement op woensdag 12 september 2018 gestemd over het voorstel voor een Richtlijn van het Europees Parlement en de Raad inzake auteursrechten in de 'digitale eengemaakte markt' (ofwel de Digital Single Market, afgekort de 'DSM-richtlijn'). Met name artikel 13 van de DSM-richtlijn – de zogenaamde 'content filter'- wordt ontvangen met veel kritiek. In deze blog wordt kort ingegaan op de betekenis en de mogelijke gevolgen van artikel 13.

Read more

Our website uses cookies: third party analytics cookies to best adapt our website to your needs & cookies to enable social media functionalities. For more information on the use of cookies, please check our Privacy and Cookie Policy. Please note that you can change your cookie opt-ins at any time via your browser settings.

Privacy – en cookieverklaring