Waddington family phone policy

Most of what is here applies to business calls, rather than to family or friends, but it is worth taking note of what we consider acceptable use of the phone, since security and inconvenience are still a concern, even for social calls !

We do not have a telephone so that people with whom we don't have a close personal relationship can call us up without prior notice. If you phone without arranging a convenient time, you will lose (or never gain) our business.

We have lots of things to take our attention, many of which will take us away from anywhere we can answer a phone - it is usually quicker (and more secure and far more reliable) to email. Even when near the phone, an unexpected phone call will cause disruption to whatever we are doing, even if we leave it for the answering machine. Unless you are clairvoyant or know us very well and have been in touch recently, you will not be able to pick a convenient time to call - such times do not really exist. Even expected calls are inconvenient, so our policy must be to arrange things to try to minimise that inconvenience. For the most part, that means we'd prefer email, since that can be dealt with at our convenience, usually sooner than you'd get for a phone call, and email leaves a record to go back to. In general, if the phone is answered, it is because we are expecting a call at that time, and if you are not the one from whom we are expecting the call, then you are causing us a very great deal of inconvenience by being on the line. Do not expect us to be anything other than very dismissive. Calling without prior notice will usually lose you our business. If you must apologise personally, a handwritten letter is more acceptable.

To go some way to compensate for the time and trouble caused by calling us without arranging a time beforehand, we charge a fee of £150.00 for unsolicited calls. Often that is considerably below the going rate for the amount of time that such a call will have cost us in terms of disruption, lost concentration and so on. If you do not cooperate and arrange for prompt payment; if you deny that your call is a nuisance or if you in any way seek to justify your call, we are likely to be very rude - no matter how offensive (and we can try quite hard), be assured that you will not be as upset as we are at receiving your unwanted call. Note that it is for the person being called to determine whether a call is a nuisance, not the caller, and while you may have made similar calls to other more tolerant people, you should base your behaviour on those least likely to find your calls acceptable.

In order to arrange a convenient time for a call that you consider unavoidable, you must email us. You must fully justify your call in terms of why it is not possible to obtain or supply the information by email. That your organisation lacks some facility is not an acceptable excuse. Failure of your organisation to do business by email, or to regard digital signatures and email encryption as a matter of routine would suggest that its attention to customer needs, and its attitude to our security and privacy falls well below acceptable standards.

Email can be secured by encryption, while phone calls cannot; the identity of someone sending email can be established by a digital signature - the identity of a phone caller cannot; the contents of an email can be retained for future reference, what is said in a phone call usually cannot - not by us, anyway. Thus we regard phone calls as less secure than email and will not rely on any information exchanged by phone for any business or financial transaction.

All incoming phonecalls are assumed to be phishing calls by identity thieves unless arranged in advance, and agreed rigid procedures are followed to confirm their validity and to ensure that no breach of confidence can arise through matters discussed on an open phoneline. The added overhead of using secure protocols arranged in advance by email mean that in no case that we can remember has doing business by phone been quicker, easier or more effective than doing so by email.

To contact us by phone, you must:

First contact us by encrypted email to request an appointment, stating clearly the business to be discussed and justifying why that business could not, under any circumstances, be dealt with by email. An unencrypted email is only acceptable if its purpose is solely to obtain an up to date copy of the relevant public key.

The email must contain sufficient evidence to convince a court of law of your identity - as a mimimum, it must, like all other emails dealing with business or financial matters, be signed with a private key (OpenPGP preferred) that can be verified with a public key obtainable from public keyservers. The email must come from a valid email address which will accept replies which go to a specific person; the address must respond correctly to all forms of header field intended to assure the sender that the mail has been both received and read...

If any email is not encrypted, all information it contains will be considered compromised and cannot be used for identity confirmation in future (sending any confidential information unencrypted will be taken as an indication that you wish to end all communication and/or business dealings with us at the eariest possible moment). GnuPG (or OpenPGP) public keys for our email addresses can be obtained from public keyservers. If you expect to communicate with us more than very infrequently, you should arrange a face-to-face mutual key signing. You should check public keyservers immediately before sending your email to be sure that the public key to be used for encryption has not been revoked. This is all basic hygiene and you should not find it in any way onerous - if you do, then you are probably not really people we want to business with.

If the request for an appointment is granted, I will try to give you a range of times and dates when the call might be acceptable - your encrypted reply should give a time that is convenient within those intervals. Your call will be expected and accepted within about five minutes either way of the specified time, although sending a signed and encrypted email the previous day to remind me would be advisable.

The phone number from which the call will be made must be specified (in an encrypted email) before the time of the appointment. Not necessarily in the initial email (we recognise that the number you will use may depend on the time of the call), but certainly some hours before the time of the call. The call must come from the number you have indicated (and calling line identification must not be withheld). Any call arriving in the relevant interval from a different number or with calling line identification withheld will be answered and the phone put down within a few seconds to clear the line. No words will be exchanged.

The phone call must be conducted on the assumption that it is being listened to and recorded by a determined identity thief - nothing which might be of any value to such an identity thief, including the identity of the calling organisation, the identity of the person being called, nor the nature of the business, may be mentioned in a form which could be understood by an identity thief - the call will be terminated immediately if such potential breach of confidentiality occurs, and no further appointments for phone communication will be granted under any circumstances. The caller must identify him or herself by a one-off codename given with the appointment. Otherwise, all conversation must be conducted by indirect reference to questions or facts in the encrypted emails preceding the phone call.

You must make an audio recording of the entire phone call, and, within 24 hours, send a copy of the audio recording, the plain text transcript of that recording, and your interpretation of what was to be understood by all coded exchanges in that phonecall, by signed and encrypted email. You should retain these files for your own reference, kept encrypted, of course. Until these have been received, checked and acknowledged as a true recording, no action may be taken on the basis of anything discussed by telephone.

You should note the requirement that your public key will be checked over a period of two weeks before being accepted as valid (to give us some confidence that a third party has not spoofed a key for your email address); that I may be away on holiday for periods of up to five weeks at a time, and that phone appointments will not normally be granted in the two weeks before or after such a holiday. This may mean, in the worst case, that an appointment cannot be arranged for eleven or more weeks after your original contact. Otherwise, I will give my best efforts to ensure that an appointment is granted within three weeks of a valid request.

I tend to find that the requirements for acceptable security and accountability for telephone communication are sufficiently stringent that most organisations find that it is both quicker and more effective to conduct all business by signed and encrypted email - or by post. Should your organisation be unable to use this mainstream and well-established technology, then it is not one which I would consider to take my privacy seriously and therefore not one with which I would choose to conduct any sort of business or exchange of communication.