Why Homeland Security May Contribute To The Pretexting Problem

from the forcing-more-data-to-be-kept-longer dept

While HP's recent problems have brought attention to the concept of "pretexting" (yes, a fancy name for a specific form of identity theft), the FCC had already been discussing ways to prevent the practice. At the beginning of the year, there were numerous press stories about data brokers who would sell anyone's phone records (using pretexting). At the time, very little of the blame was being put on the phone companies for making it so easy to get the data. Instead, everyone complained that "the government ought to do something." Well, the FCC did look into it, and received a number of recommendations from various parties about how such a release of records could be prevented. One of the suggestions was that phone companies should not be required to hang onto customer records for longer than necessary. Of course, with Attorney General Alberto Gonzalez running around the country pushing data retention laws on everyone, you know that's not going to go over well. In fact, Matthew Lasar writes in to point out that Homeland Security, the FBI and the Department of Justice filed objections to any plan that would suggest telcos purge old records -- and, in fact, said that some phone companies should be required to keep records even longer. Of course, this isn't a new issue. For years, there has been an ongoing debate about how much information a company should keep, with governments often wanting more info available "just in case." However, this is a dangerous idea, as more data retention often hides the problem, by burying the important data under lots and lots of useless data. Requiring companies to keep more data longer only guarantees that it will eventually be misused.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    JoJo, 25 Sep 2006 @ 3:02am

    It's a moot point, the goverment will get what they want and the information will never be useful as theres just too damn much of it to go through. Perhaps whats needed is better security on the telcos data retention services.

    link to this | view in thread ]

  2. identicon
    Geeb, 25 Sep 2006 @ 4:47am

    Now this will be controversial, but...

    ...if the government wants to have the historical data available, and the telcos can't be trusted to retain it securely, why doesn't the government build some archiving capability?

    Telcos retain data until it is no longer relevant (whatever timespan the regulators set) and then hand it over to a secure (how naive am I?) government department who store it in encrypted form and will only release the information to security services with an appropriate warrant.

    Hmmmm. Definitely a few sticking points, but more or less bad than the current position?

    link to this | view in thread ]

  3. identicon
    Spartikus, 25 Sep 2006 @ 6:47am

    I like it - except change every instance of "the government" to Google... They've already attained all the storage in the world anyway...

    link to this | view in thread ]

  4. identicon
    charlie potatoes, 25 Sep 2006 @ 7:26am

    why not let google BE the government? and we can vote by clicking on ads...and they will know where we've been and what we're up to without having to get pesky court orders or find compliant judges.
    and we will save money by not holding silly elections. Bush showed us already that they don't mean anything anyway.

    link to this | view in thread ]

  5. identicon
    aj, 25 Sep 2006 @ 7:40am

    Data

    Geebs got the right idea(s).
    JoJo, data might be too much to handle at present, but IMHO there IS NO SUCH THING as too much information. Retaining the records SHOULD be highly secure. THIS is where the problem lies today.
    The data can - and will - prove useful to analysis, usage and tracking for both the telcos and the government. Heuristic algorythms and advanced search techniques, as they develop (think Google-style tools for TelCo) will continue to make the piles of information more useful to TelCo execs and government snoops. The problem with data-disposal is that once purged, the data cannot be re-generated.
    Biologists will tell you there is NO substitute for a long-term test.. you just cant replicate the kind of data available. Using that same logic, applied to this data... the answer is simple: protect the information from beginning to end, and deal with the reality that the information is - will be - and should be - out there.

    link to this | view in thread ]

  6. icon
    chris (profile), 25 Sep 2006 @ 9:34am

    Re: Now this will be controversial, but...

    yeah... government storing stuff is "Big Government" which is bad, mm'kay. you don't want to do that.

    forcing companies to store the data at their expense so they can spy on citizens, that's small government, which we like for some reason.

    link to this | view in thread ]

  7. identicon
    Citizen#123456789, 25 Sep 2006 @ 10:50am

    Wake up people!! They can and will have what they want,
    Georgie's made sure of that, under the quise, of "Our Saftey", Homeland Security, and all that rot. All this discussion is a moot point. Just stuff to keep our attention busy while they get the RFID system into place..

    link to this | view in thread ]

  8. identicon
    mroonie, 25 Sep 2006 @ 11:59am

    How is this going to solve anything?

    "One of the suggestions was that phone companies should not be required to hang onto customer records for longer than necessary." What exactly defines "longer than necessary"?

    I don't think the solution should be to get rid of data asap. What about banks or the IRS who need to retain information from 10 years or 20 years back? The solution is secure the data so that it is more difficult to access.

    Phone companies, as well as other companies who experience difficulties with handling data should definitely take responsibility for their behavior and image. Even if a phisher impersonated a bank for example, the company should be held accountable also, instead of putting all of the blame on the user or even the government!


    Compliance laws are good, but take way too long to develop and implement. It's going to take the FCC forever to get a move on....

    link to this | view in thread ]

  9. identicon
    DV Henkel-Wallace, 25 Sep 2006 @ 12:56pm

    Pretexting shmetexting

    Hey, what's with the "pretexting"? That's for bozo journalists. How about using plain english: "impersonation."

    Sounds exotic when you make a new word for it though, and something that might be marginally acceptable. Impersonating someone though, well that's clearly not acceptable.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.