Weak Fines Aren't Going To Stop Data Leaks
from the falling-short dept
The concept of "pretexting" -- posing as somebody else in order to gain access to their personal information -- got a lot of publicity when it was revealed that HP investigators used the tactic to spy on board members and journalists. However, it's a problem that's been going on for some time, and the usual responses to it gloss over the fact that wireless operators' inadequate security is to blame for these leaks as much as any fraudster. Many attempts to enact or strengthen legislation in this area focus on people selling the information, rather than doing anything to force the operators to better secure their customers' private data, but the FCC has proposed a $100,000 fine against virtual operator Amp'd for its shoddy safeguards to protect users' calling records. The amount is a drop in the bucket for the company, or any other operator, and isn't likely to do much in the way of motivation, since enacting better security procedures probably costs more than the fine. This is a big problem with pretexting, or other forms of identity theft: companies have very little motivation to do much to prevent it, since the costs of a leak are borne largely by the victims or third parties. Many companies, including the wireless operators, have been very successful with their PR efforts to make themselves look like victims here, and generate the public perception that hackers and criminals are the real problem, when corporate sloppiness, incompetence and disinterest are more to blame.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
How many people have stopped shopping at TJ Maxx?
[ link to this | view in chronology ]
Also, a one-time $100000 fine is nothing, but if the fine is enforced per incident it could get expensive very quickly if a company is overly lax.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Why 'pretexting'? Why not privacy?
I think the reason is this. A normal privacy vs no privacy argument runs,
#1 'I want privacy'
#2 'What are you doing wrong that you have to hide?'
#1 'If you're OK with no privacy, show me your bank account'
#2 'Erm, if the FBI wanted to see it, that would be OK, but not you'
#1 'I am from the FBI, here's my badge, let me see it'
#2 '...I meant to say FBI with a warrant or a national security letter'
#1 'That's OK, I'm allowed to write NSLs, let me get some paper'
#2 '...erm no, I still rather not'
And that's the crux of it, everyone wants privacy, even the people who claim they don't, don't reveal their telephone bills, bank statements or anything more than the rest of us.
By arguing for 'pretexting=crime' it lets the pro-privacy people score an easy point, and it's something the anti-privacy people can go for without having to confront the contradictions in their position.
[ link to this | view in chronology ]