Why Homeland Security May Contribute To The Pretexting Problem
from the forcing-more-data-to-be-kept-longer dept
While HP's recent problems have brought attention to the concept of "pretexting" (yes, a fancy name for a specific form of identity theft), the FCC had already been discussing ways to prevent the practice. At the beginning of the year, there were numerous press stories about data brokers who would sell anyone's phone records (using pretexting). At the time, very little of the blame was being put on the phone companies for making it so easy to get the data. Instead, everyone complained that "the government ought to do something." Well, the FCC did look into it, and received a number of recommendations from various parties about how such a release of records could be prevented. One of the suggestions was that phone companies should not be required to hang onto customer records for longer than necessary. Of course, with Attorney General Alberto Gonzalez running around the country pushing data retention laws on everyone, you know that's not going to go over well. In fact, Matthew Lasar writes in to point out that Homeland Security, the FBI and the Department of Justice filed objections to any plan that would suggest telcos purge old records -- and, in fact, said that some phone companies should be required to keep records even longer. Of course, this isn't a new issue. For years, there has been an ongoing debate about how much information a company should keep, with governments often wanting more info available "just in case." However, this is a dangerous idea, as more data retention often hides the problem, by burying the important data under lots and lots of useless data. Requiring companies to keep more data longer only guarantees that it will eventually be misused.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Now this will be controversial, but...
Telcos retain data until it is no longer relevant (whatever timespan the regulators set) and then hand it over to a secure (how naive am I?) government department who store it in encrypted form and will only release the information to security services with an appropriate warrant.
Hmmmm. Definitely a few sticking points, but more or less bad than the current position?
[ link to this | view in thread ]
[ link to this | view in thread ]
and we will save money by not holding silly elections. Bush showed us already that they don't mean anything anyway.
[ link to this | view in thread ]
Data
JoJo, data might be too much to handle at present, but IMHO there IS NO SUCH THING as too much information. Retaining the records SHOULD be highly secure. THIS is where the problem lies today.
The data can - and will - prove useful to analysis, usage and tracking for both the telcos and the government. Heuristic algorythms and advanced search techniques, as they develop (think Google-style tools for TelCo) will continue to make the piles of information more useful to TelCo execs and government snoops. The problem with data-disposal is that once purged, the data cannot be re-generated.
Biologists will tell you there is NO substitute for a long-term test.. you just cant replicate the kind of data available. Using that same logic, applied to this data... the answer is simple: protect the information from beginning to end, and deal with the reality that the information is - will be - and should be - out there.
[ link to this | view in thread ]
Re: Now this will be controversial, but...
forcing companies to store the data at their expense so they can spy on citizens, that's small government, which we like for some reason.
[ link to this | view in thread ]
Georgie's made sure of that, under the quise, of "Our Saftey", Homeland Security, and all that rot. All this discussion is a moot point. Just stuff to keep our attention busy while they get the RFID system into place..
[ link to this | view in thread ]
How is this going to solve anything?
I don't think the solution should be to get rid of data asap. What about banks or the IRS who need to retain information from 10 years or 20 years back? The solution is secure the data so that it is more difficult to access.
Phone companies, as well as other companies who experience difficulties with handling data should definitely take responsibility for their behavior and image. Even if a phisher impersonated a bank for example, the company should be held accountable also, instead of putting all of the blame on the user or even the government!
Compliance laws are good, but take way too long to develop and implement. It's going to take the FCC forever to get a move on....
[ link to this | view in thread ]
Pretexting shmetexting
Sounds exotic when you make a new word for it though, and something that might be marginally acceptable. Impersonating someone though, well that's clearly not acceptable.
[ link to this | view in thread ]