RSS
Twitter
Why Homeland Security May Contribute To The Pretexting Problem
from the forcing-more-data-to-be-kept-longer dept
While HP's recent problems have brought attention to the concept of "pretexting" (yes, a fancy name for a specific form of identity theft), the FCC had already been discussing ways to prevent the practice. At the beginning of the year, there were numerous press stories about data brokers who would sell anyone's phone records (using pretexting). At the time, very little of the blame was being put on the phone companies for making it so easy to get the data. Instead, everyone complained that "the government ought to do something." Well, the FCC did look into it, and received a number of recommendations from various parties about how such a release of records could be prevented. One of the suggestions was that phone companies should not be required to hang onto customer records for longer than necessary. Of course, with Attorney General Alberto Gonzalez running around the country pushing data retention laws on everyone, you know that's not going to go over well. In fact, Matthew Lasar writes in to point out that Homeland Security, the FBI and the Department of Justice filed objections to any plan that would suggest telcos purge old records -- and, in fact, said that some phone companies should be required to keep records even longer. Of course, this isn't a new issue. For years, there has been an ongoing debate about how much information a company should keep, with governments often wanting more info available "just in case." However, this is a dangerous idea, as more data retention often hides the problem, by burying the important data under lots and lots of useless data. Requiring companies to keep more data longer only guarantees that it will eventually be misused.
Reader Comments
(Flattened / Threaded)
It's a moot point, the goverment will get what they want and the information will never be useful as theres just too damn much of it to go through. Perhaps whats needed is better security on the telcos data retention services.
(reply to this comment) (link to this comment)
Now this will be controversial, but...
...if the government wants to have the historical data available, and the telcos can't be trusted to retain it securely, why doesn't the government build some archiving capability?
Telcos retain data until it is no longer relevant (whatever timespan the regulators set) and then hand it over to a secure (how naive am I?) government department who store it in encrypted form and will only release the information to security services with an appropriate warrant.
Hmmmm. Definitely a few sticking points, but more or less bad than the current position?
(reply to this comment) (link to this comment)
Re: Now this will be controversial, but...
yeah... government storing stuff is "Big Government" which is bad, mm'kay. you don't want to do that.
forcing companies to store the data at their expense so they can spy on citizens, that's small government, which we like for some reason.
(reply to this comment) (link to this comment)
I like it - except change every instance of "the government" to Google... They've already attained all the storage in the world anyway...
(reply to this comment) (link to this comment)
why not let google BE the government? and we can vote by clicking on ads...and they will know where we've been and what we're up to without having to get pesky court orders or find compliant judges.
and we will save money by not holding silly elections. Bush showed us already that they don't mean anything anyway.
(reply to this comment) (link to this comment)
Data
Geebs got the right idea(s).
JoJo, data might be too much to handle at present, but IMHO there IS NO SUCH THING as too much information. Retaining the records SHOULD be highly secure. THIS is where the problem lies today.
The data can - and will - prove useful to analysis, usage and tracking for both the telcos and the government. Heuristic algorythms and advanced search techniques, as they develop (think Google-style tools for TelCo) will continue to make the piles of information more useful to TelCo execs and government snoops. The problem with data-disposal is that once purged, the data cannot be re-generated.
Biologists will tell you there is NO substitute for a long-term test.. you just cant replicate the kind of data available. Using that same logic, applied to this data... the answer is simple: protect the information from beginning to end, and deal with the reality that the information is - will be - and should be - out there.
(reply to this comment) (link to this comment)
Wake up people!! They can and will have what they want,
Georgie's made sure of that, under the quise, of "Our Saftey", Homeland Security, and all that rot. All this discussion is a moot point. Just stuff to keep our attention busy while they get the RFID system into place..
(reply to this comment) (link to this comment)
How is this going to solve anything?
"One of the suggestions was that phone companies should not be required to hang onto customer records for longer than necessary." What exactly defines "longer than necessary"?
I don't think the solution should be to get rid of data asap. What about banks or the IRS who need to retain information from 10 years or 20 years back? The solution is secure the data so that it is more difficult to access.
Phone companies, as well as other companies who experience difficulties with handling data should definitely take responsibility for their behavior and image. Even if a phisher impersonated a bank for example, the company should be held accountable also, instead of putting all of the blame on the user or even the government!
Compliance laws are good, but take way too long to develop and implement. It's going to take the FCC forever to get a move on....
(reply to this comment) (link to this comment)
Pretexting shmetexting
Hey, what's with the "pretexting"? That's for bozo journalists. How about using plain english: "impersonation."
Sounds exotic when you make a new word for it though, and something that might be marginally acceptable. Impersonating someone though, well that's clearly not acceptable.
(reply to this comment) (link to this comment)
Add Your Comment