MySudo Now Requires Government ID
-
Jack - TeamSudo
This new procedure is not something we at MySudo took lightly.
Unfortunately however, MySudo must adhere to the policies that Twilio (telephony provider for the UK) have enforced directly on us which includes KYC for individuals wanting a UK phone number.
This regulation document from Twilio, provides details of their KYC requirement for individuals and businesses. This is the regulation MySudo must follow in order to continue to provide UK phone numbers to our users.
Comment actions Permalink -
UK Solicitor
Hi Jack,
I hope this message finds you well.
Kindly confirm whether MySudo is considering the expansion of its VoIP partnerships and business operations. Additionally, has MySudo assessed the potential of forming a business partnership with Vonage? Vonage provides API services that would enable MySudo to resell VoIP numbers to UK consumers and other countries, which could be highly advantageous for your operations. Notably, Vonage offers VoIP services to UK consumers without requiring KYC.
If MySudo does not identify a solution to avoid storing KYC documents, it is highly likely that MySudo will lose a substantial portion of its UK business.
Comment actions Permalink -
Private Wry Ian
- Edited
If Twilio started to require that individual consumers provide ID for US phone numbers even though the laws, regulations and guidelines in the US do not require it, would MySudo just go along with it?
Or would you contact Twilio and vehemently push back against their decision, threaten to leave them, hire an expert lawyer to help, and try to find another provider who doesn't make up baseless requirements that negatively affect your customers and your business?
Comment actions Permalink -
ghost-charlie
I can tell you that as someone who does threat hunting in a counter-terrorism situation this is bullcrap. I use the UK number I have while I am based in the United States. I am not giving up my ID. I have the ability to trash the number if it is breached. The UK doesn’t understand security. Look how often they are hacked. This law was passed after I got my UK number, so why do I have to comply when I’m a US base resident. And you haven’t disclosed where the servers are if it’s cloud-based if it’s physical. You haven’t disclosed if Twila is getting it if you getting it and there are specialized laws in the state I’m located in that dictates what information you’re allowed to have about me what about those laws? So then I get to file a complaint with consumer protection bureau for my state and also my federal government because you’re violating my right to privacy because these people don’t even understand how terrorism works on the Internet. So once again, you’re infringing on my right to privacy because you guys can’t catch the bad actors. Tell us why that’s our fault. They’re using numbers that cost may be five cents for authentication purposes, but I have to show an ID because of UK? I’m not running a business. I’m running a threat intelligence model that catching counterterrorism and catching verifiable threats and you want me to give my ID. That’s gonna be a NO-GO. Are you willing to provide a credit for the number that we bought if we’re not willing to give our ID? Because I’m telling you right now, I’m not doing it.
Comment actions Permalink -
Jack - TeamSudo
In regards to your question on US numbers and providers. Fortunately in the US we have multiple telephony providers and therefore have flexibility going forward amongst those providers.
Unfortunately in the UK, we have not been able to identify additional telephony providers that can provide the base level technical capabilities that we require and/or are cost prohibitive. Additionally it will only be a matter of time before there smaller providers implement similar measures to adhere to these new UK regulations.
Comment actions Permalink -
UK Solicitor
There are no new UK regulations that require Governmental ID for UK-based phone numbers. It is misleading to state such.
Comment actions Permalink -
Stevenedwards
- Edited
It does seem like mysudo is misleading their clients as they are claiming this is due to the uk government but in reality it is due to their third party supplier.
Comment actions Permalink -
Jack - TeamSudo
I am sorry, but we are not trying to mislead our users. Our UK telephony provider has placed new requirements on MySudo and our users for obtaining a UK phone number. These requirements are based on Ofcom's guidelines for UK phone numbers.
Ofcom is responsible for the administration of the UK's phone numbers under the
Communications Act. You can read about Ofcom here on the UK governments website.Comment actions Permalink -
UK Solicitor
It has come to my attention that MySudo has introduced a new requirement for existing users with UK phone numbers to provide governmental ID by 30 September 2024.
As a solicitor in England & Wales, I advise that this requirement, imposed retroactively on consumers who subscribed before the implementation of the ID requirement, may give rise to civil claims under the Consumer Rights Act 2015. These claims could relate to changes in contract terms or consumer rights violations.
I intend to submit a ‘letter before claim’ to MySudo, seeking a resolution of this matter. Should MySudo fail to address the issue within 14 days, I will initiate legal proceedings under the jurisdiction of England & Wales. While I cannot comment on the laws of the United States or Canada, it is my position that UK consumers are entitled to a full refund of their subscriptions. Additional remedies may be available for other losses incurred.
I advise other affected consumers to also consider submitting a ‘letter before claim’ and pursuing civil proceedings if necessary.
Comment actions Permalink -
ghost-charlie
I am not a lawyer but a security professional. I am taking the same approach as the lawyer and using my state privacy office- deceptive business model from the Consumer Protection Bureau to end this. KYC is bull crap. Last night I watched in realtime as bad actors took numbers from other users and plugged them into What’s App to get them banned so they can’t use What’s App anymore. If we signed up before the change it should not apply to us. My-Sudo fails to understand I am not under the jurisdiction of UK law therefore it cannot apply to me. I am American- female- smart ass and rebellious. I hear that UK can’t control their own security and had the equivalent of what we have of the Social Security Administration hacked. Do they really think Russia- Iranian Allah Cyber Army decided to add My Sudo to their list of “security measures “ ? They are duh, no doubt. I guess this month letter for leaders is J for Jackass if you pissed them off. Hell the Secret Service can’t protect Trump and the people guarding Kate and her husband allowed a bystander to walk within arms reach of the next Queen and King of England but they want my ID? Let me think? No Come to my level and I won’t think I am talking to a stupid person.
Comment actions Permalink -
Private Wry Ian
- Edited
It is very unfortunate that MySudo is doing this and forcing its users to consider legal action. Anyone can read the new guide from the UK regulator (Ofcom) and see that what MySudo are doing is in direct contradiction.
As I said before (updated my name):
The new guide states that "the guide does not apply when [UK] numbers are assigned to 'consumers'" (page 4, footnote 8).
The guide does not call for KYC checks on individuals. It suggests doing checks on companies by collecting their company details, registration info, office address, nature of the business, info of the relevant senior manager, etc.
The way that MySudo and other companies are using this guide to justify collecting the personal data of individual consumers is dishonest and very disappointing.Comment actions Permalink -
Jack - TeamSudo
The last thing that MySudo wants to do is ask for or handle personal data from our users. However our UK telephony provider has enforced these new requirements on MySudo and our users for obtaining and retaining a UK phone number. These requirements are based on Ofcom's guidelines for UK phone numbers in addition to direct communications from the UK regulators. If we could switch to another provider that is not yet enforcing these new requirements we would. However we have not been able to identify additional telephony providers that can provide the base level technical capabilities that we require and/or are cost prohibitive.
Comment actions Permalink -
UK Solicitor
- Edited
I must express my full agreement with Private Wry Ian’s position.
Ofcom’s regulations, as well as the applicable legislation in England and Wales, are unequivocal. There is no legal requirement for suppliers or businesses to store consumer data or conduct Know Your Customer (KYC) checks
It is indeed regrettable that MySudo has been unable to secure alternative providers. Hutchison 3G UK Limited, trading as Three UK, offers virtual numbers that meet the technical requirements of MySudo and allows companies to acquire UK numbers for resale to consumers without imposing any KYC requirements. While MySudo may have explored a business relationship with Three UK and found it commercially unviable, it is imperative that MySudo clearly communicate to all its customers that the imposition of KYC requirements is solely due to the policies of its third-party supplier, Twilio, and not due to any legislative or regulatory mandate from Ofcom or other public authorities.
MySudo should view this as an opportunity to enhance its communication practices.
Many of its customers, including myself, have been strong advocates for the company, recommending it to family, friends, and associates.
However, the lack of transparency regarding the origin of the KYC requirement, stemming from a third-party supplier rather than from any public body, such as Ofcom or statutory legislation, is very disheartening. This lack of clarity undermines the trust and confidence that we have placed in MySudo. Clear and honest communication is crucial to maintaining the loyalty of those who wish to continue advocating for the company.
Comment actions Permalink -
Private Wry Ian
- Edited
Jack,
I, and I think others, understand that you are doing this because Twilio is doing this, but you seem to be completely unwilling to question, let alone forcefully challenge Twilio about it, and so you also bear responsibility for going along with a policy that violates Ofcom's guidelines.
(Jack, I edited my first reply which was the first one made under this post. I just made it a bit shorter and clearer but then it said something like "pending approval" and has disappeared from the public view. Can you please approve it? Thank you.)
Comment actions Permalink -
Private Wry Ian
- Edited
Since MySudo has removed my first comment on this topic, the first reply to the original post, here again is what Ofcom says about the new guidelines:
“Our new guide sets out clear expectations for providers to make sure they run ‘know your customer’ checks on business customers." (Ofcom website)
"The Guide is specifically aimed at business customers..." Ofcom Statement, section 3.32)
“…the Guide does not apply when [UK] numbers are assigned to ‘consumers’...” (Ofcom Guide, page 4, footnote 8)
“...it is important that the Guide does not impose unnecessary burdens on individual consumers in gaining access to a [UK] phone number…” (Ofcom Statement, section 3.23)
“For the avoidance of doubt…the Guide applies when [UK] numbers are sub-allocated or assigned to business customers.” (Ofcom Statement, section 3.21)
Companies like Twilio and MySudo that are applying KYC checks to individual consumers are violating and abusing the regulator's guidelines.
Comment actions Permalink -
Jack - TeamSudo
Ian, firstly we have not removed any of your comments, but the service that hosts our community does have an automated spam filter, so perhaps on of your posts was mistakenly filtered - I do apologise.
As previously mentioned our UK telephony provider has enforced these new requirements on MySudo and our users for obtaining and retaining a UK phone number. These requirements are based on Ofcom's guidelines for UK phone numbers in addition to direct communications from the UK regulators. Numerous other UK telephony providers are enforcing the same requirements.
Additionally, we have not been able to find an alternative UK provider that is not enforcing KYC for UK numbers, that also meets our technical and/or commercial requirements. It is also our understanding that the providers not currently enforcing KYC, will be doing so in the very near future.
Comment actions Permalink -
Private Wry Ian
- Edited
Whether Twilio and MySudo are violating the regulator's guidelines, or whether the regulator has told them that KYC for consumers is in fact a new requirement, I suggest that everyone complain to Ofcom about this issue. I also suggest that MySudo themsevles complain because if this policy stands and then spreads to the US, MySudo may well lose a large number of their users.
Ofcom’s Consumer Contact Team's email address: OCCtelecoms at ofcom dot org dot uk
You can also search for Ofcom's Monitoring form.
Comment actions Permalink
Please sign in to leave a comment.
Comments
17 comments