First off I better explain what a WISP , it means Wireless Internet Service Provider. For this sorry tale the WISP in question is OceanTelecom who operate in West Waterford/East Cork.

I got a call the other day from my friend’s wife who was having problems receiving mail from her eircom.net account when using POP to retreive it. Sometimes she would get some mail and other times none. Using the webmail interface to her account she could see her mail there. All this started she claimed around two weeks ago.

Strange thought I, but then she mentioned that she had gotten a few spam reports in her mail.

Even stranger thought I, so I asked her to forward one of them on to me and here’s what I saw:

This mail was generated automatically from Endian Firewall, which runs on
efw1-oceantelecom.localdomain.(none) for scanning all mails for spam and viruses.

In a mail sent to you a virus has been found.

Virus name: Suspect.Bredozip-zippwd-2
Sender of the email:  “DHL Manager Felipe Dove” <shipping@dhl.com>
Subject: DHL delivery problem number 25130.
Connection date: POP3 from 149.5.34.3:11778 to 159.134.198.135:110
Message File: Per instruction, the message has been deleted.

Instead of the infected email this message has been sent to you.

Regardless of the fact that it was a virus, it was the very fact that it had been intercepted before it got to her PC was annoying her. Her POP session to eircom’s mail server was intercepted by her ISP. Her ISP acted as a POP proxy without her permisison. Therefore her ISP is effectively snooping on her mail. You can see clear as day in the report above that their firewall intercepted her connection to eircom’s POP3 server.

As you can imagine this really, really annoyed her so she rang ComReg (Ireland’s Communications Regulator) to find out if OceanTelecom were allowed to do this. ComReg said it was a grey area and advised her to contact the office of the Data Protection Commissioner which she duly did. The advice she received from the DPC was that they should not be snooping on her mail as her mail is not being hosted by her ISP.

With this information in hand, she rang OceanTelecom to compain and promptly received torrents of abuse from the owner! Ranting and raving about how he is protecting his network, etc, etc and if she didn’t like it she could cancel her account! How about that for customer service?

But when she informed him that she had already contacted ComReg and the DPC he terminated the call! He hung up a call from a loyal customer of over two years!

She rang me yesterday to tell me what had happened and that that she was naturally going to change her ISP which is only right IMHO.

So, for anyone looking to choose an ISP keep this information in mind. An ISP is an internet service provider. Their only obligation should at it’s most basic level to provide you with access to the internet and nothing else. Everything else should be optional. How you use your internet connection should be of no interest to your ISP once you keep within the terms of your contract, the laws of the land and adhere to their fair use policy. You can view eircom’s policy here.  Some choice quotes from their policy are:

eircom net will use its reasonable endeavours to prevent unauthorised access to the Service by third parties, but shall have no liability to the Customer for any unauthorised access to the Customer’s computer system. The Customer is responsible for selecting and properly using any security procedures made available by eircom net as well as other procedures and measures necessary to safeguard and back-up the Customer’s files, data and programs or any other form of information

and

You acknowledge that eircom net has no control over the information which can be accessed by using eircom net services and that we do not examine the use to which you or other users put the Services or the nature of the information you or they are sending or uploading. We therefore exclude all liability of any kind for the transmission or reception or such information of whatever nature.

Pretty much common sense. The onus is on the customer to remain secure, eircom as an ISP only provide a service which is more than can be said for OceanTelecom.

However I understand that OceanTelecom is a privately owned business and ultimately it is their network and they can pretty much do what they want but I would not have expected that to include interfering with clients  e-mail that is hosted elsewhere. I certainly wouldn’t like my ISP reading my mail before me. Some serious privacy implications there.

If you are an OceanTelecom customer or are considering becoming one, based on the above I would suggest you avoid them or terminate your subscription. If anything the shocking and abusive customer service alone should be good enough reason.