Weak Fines Aren't Going To Stop Data Leaks

from the falling-short dept

The concept of "pretexting" -- posing as somebody else in order to gain access to their personal information -- got a lot of publicity when it was revealed that HP investigators used the tactic to spy on board members and journalists. However, it's a problem that's been going on for some time, and the usual responses to it gloss over the fact that wireless operators' inadequate security is to blame for these leaks as much as any fraudster. Many attempts to enact or strengthen legislation in this area focus on people selling the information, rather than doing anything to force the operators to better secure their customers' private data, but the FCC has proposed a $100,000 fine against virtual operator Amp'd for its shoddy safeguards to protect users' calling records. The amount is a drop in the bucket for the company, or any other operator, and isn't likely to do much in the way of motivation, since enacting better security procedures probably costs more than the fine. This is a big problem with pretexting, or other forms of identity theft: companies have very little motivation to do much to prevent it, since the costs of a leak are borne largely by the victims or third parties. Many companies, including the wireless operators, have been very successful with their PR efforts to make themselves look like victims here, and generate the public perception that hackers and criminals are the real problem, when corporate sloppiness, incompetence and disinterest are more to blame.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 29 Mar 2007 @ 12:59pm

    First!!!!!!!

    link to this | view in thread ]

  2. identicon
    RandomThoughts, 29 Mar 2007 @ 1:35pm

    Risk and reward. If the solution costs more than the fine so in the business sense, it would be stupid to fix the problem. Now, one of the things that does need to be considered is how many customers do they lose over the issue. That is the soft number.

    How many people have stopped shopping at TJ Maxx?

    link to this | view in thread ]

  3. identicon
    Joel Coehoorn, 29 Mar 2007 @ 1:37pm

    Make no mistake- if a cracker steals your information, it's the cracker's fault. They are still responsible for their own actions, and just because the company didn't make it hard enough doesn't absolve a cracker in the least. I know you didn't mean to imply otherwise, but it sure sounds like it.

    Also, a one-time $100000 fine is nothing, but if the fine is enforced per incident it could get expensive very quickly if a company is overly lax.

    link to this | view in thread ]

  4. identicon
    Overcast, 29 Mar 2007 @ 2:09pm

    Yeah, heck - so if someone offers 250,000 for some data... you could still make a 150k profit.

    link to this | view in thread ]

  5. identicon
    Manhole WaterStop, 29 Mar 2007 @ 2:30pm

    Why 'pretexting'? Why not privacy?

    Why pretexting, why isn't the argument not 'privacy vs no privacy?' Is it ok to have the information because you *work* for subsidiary of ATnT but not OK if you have to *pretend* to work for ATnT to get the info? Are employees of ATnT so much more trustworthy than others? Nah, I don't think so.

    I think the reason is this. A normal privacy vs no privacy argument runs,
    #1 'I want privacy'
    #2 'What are you doing wrong that you have to hide?'
    #1 'If you're OK with no privacy, show me your bank account'
    #2 'Erm, if the FBI wanted to see it, that would be OK, but not you'
    #1 'I am from the FBI, here's my badge, let me see it'
    #2 '...I meant to say FBI with a warrant or a national security letter'
    #1 'That's OK, I'm allowed to write NSLs, let me get some paper'
    #2 '...erm no, I still rather not'

    And that's the crux of it, everyone wants privacy, even the people who claim they don't, don't reveal their telephone bills, bank statements or anything more than the rest of us.
    By arguing for 'pretexting=crime' it lets the pro-privacy people score an easy point, and it's something the anti-privacy people can go for without having to confront the contradictions in their position.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.