FCC Creates New Anti-Pretexting Rules -- Makes Sure The FBI Knows About Your Leaked Data Before You Do

from the take-your-time-informing-customers dept

Tue, Apr 3rd 2007 5:19pm — Mike Masnick

The concept of "pretexting" got a lot of attention when HP's CEO used it to spy on the phone calls of board members and the press in trying to stop information leaks from the board. However, it's been a problem for quite some time. Of course, the real problem was that the mobile operators were leaking this data without any protections to make sure that the person they were giving the info to was authorized to have it. However, every time such a story came out, the mobile operators tried to blame everyone else for their own failure to protect the data. The FCC has taken its time, but has finally ruled that mobile operators cannot release data over the phone without a password and need to let customers know if there are changes to their account. Why the operators hadn't done this already to protect their customers isn't readily explained. Of course, all this really means is that pretexters will need to come up with a new scheme to figure out how to get passwords out of people before accessing their phone records.

There is one other interesting side note in the FCC's ruling. Matthew Lasar notes that the ruling also includes that the operators need to inform the FBI about data leaks quickly, but can take their time informing the customers whose data was actually leaked. Apparently, the FBI lobbied for this particular rule, because they were afraid if customers involved in illegal activities found out their data was leaked, it would cause them to destroy evidence, potentially ruining investigations. This doesn't make much sense... unless it turned out that the FBI was using pretexting itself, rather than going through the process of getting subpoenas and search warrants. You would think that as long as the FBI went through the proper channels to get the info they needed, investigations wouldn't be harmed -- but perhaps we should know better than to expect such things.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

5 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 3 Apr 2007 @ 8:55pm

The FBI (pronounced Fibby???) using extra-legal means. What do you think this is a Big Brother state?

Wait --- wasn't that what they just got caught doing with the Patriot Act abuses???

I LOVE YOU Big Brother !!!!
[ link to this | view in thread ]
Big Brother, 3 Apr 2007 @ 9:18pm

Re:
Noted.
[ link to this | view in thread ]
Unanimous Custard, 4 Apr 2007 @ 4:03am

What if HP merged with ATnT?
So HP investigators call up a telephone company and pretend to be someone else to get call records is pretexting and to be illegal.

What if HP merged with ATnT, would it be OK for HP employees to get the call records then?

What if ATnT was selling call records, is that OK for HP to buy them?

What's special about telecoms company employees that it's OK for them to have have access to that data without limits and not OK for other people to have access to that data?

I think the answer is nothing, peoples private information is their private information and there should be full laws protecting their privacy, even if HP are merged with ATnT, HP employee should not have free access to customers information.

There was an investigation on BBC into Barclays bank sales dept. Any salesman could (and did) type in any persons name and postcode and see their bank transaction details. The salesmen boasted of looking up famous peoples bank transactions out of curiosity.
These are really scuzz ball second hand car saleman types, you wouldn't give your second name too. Yet there were no restrictions on access.
[ link to this | view in thread ]
RandomThoughts, 4 Apr 2007 @ 6:10am

Maybe the FBI just wants to have advance notice that someone already under surveillance will be changing their service?

Another issue is that it would keep Sprint and the cable companies from sharing personal information about their customers for their cable/wireless venture.
[ link to this | view in thread ]
markusfarkus, 4 Apr 2007 @ 2:55pm

VPN
No voip in route? No problem just use your companies VPN or set up your own vpn server from home.
[ link to this | view in thread ]