FCC Creates New Anti-Pretexting Rules -- Makes Sure The FBI Knows About Your Leaked Data Before You Do
from the take-your-time-informing-customers dept
The concept of "pretexting" got a lot of attention when HP's CEO used it to spy on the phone calls of board members and the press in trying to stop information leaks from the board. However, it's been a problem for quite some time. Of course, the real problem was that the mobile operators were leaking this data without any protections to make sure that the person they were giving the info to was authorized to have it. However, every time such a story came out, the mobile operators tried to blame everyone else for their own failure to protect the data. The FCC has taken its time, but has finally ruled that mobile operators cannot release data over the phone without a password and need to let customers know if there are changes to their account. Why the operators hadn't done this already to protect their customers isn't readily explained. Of course, all this really means is that pretexters will need to come up with a new scheme to figure out how to get passwords out of people before accessing their phone records.There is one other interesting side note in the FCC's ruling. Matthew Lasar notes that the ruling also includes that the operators need to inform the FBI about data leaks quickly, but can take their time informing the customers whose data was actually leaked. Apparently, the FBI lobbied for this particular rule, because they were afraid if customers involved in illegal activities found out their data was leaked, it would cause them to destroy evidence, potentially ruining investigations. This doesn't make much sense... unless it turned out that the FBI was using pretexting itself, rather than going through the process of getting subpoenas and search warrants. You would think that as long as the FBI went through the proper channels to get the info they needed, investigations wouldn't be harmed -- but perhaps we should know better than to expect such things.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Wait --- wasn't that what they just got caught doing with the Patriot Act abuses???
I LOVE YOU Big Brother !!!!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
What if HP merged with ATnT?
What if HP merged with ATnT, would it be OK for HP employees to get the call records then?
What if ATnT was selling call records, is that OK for HP to buy them?
What's special about telecoms company employees that it's OK for them to have have access to that data without limits and not OK for other people to have access to that data?
I think the answer is nothing, peoples private information is their private information and there should be full laws protecting their privacy, even if HP are merged with ATnT, HP employee should not have free access to customers information.
There was an investigation on BBC into Barclays bank sales dept. Any salesman could (and did) type in any persons name and postcode and see their bank transaction details. The salesmen boasted of looking up famous peoples bank transactions out of curiosity.
These are really scuzz ball second hand car saleman types, you wouldn't give your second name too. Yet there were no restrictions on access.
[ link to this | view in chronology ]
Another issue is that it would keep Sprint and the cable companies from sharing personal information about their customers for their cable/wireless venture.
[ link to this | view in chronology ]
VPN
[ link to this | view in chronology ]