FCC Creates New Anti-Pretexting Rules -- Makes Sure The FBI Knows About Your Leaked Data Before You Do

from the take-your-time-informing-customers dept

The concept of "pretexting" got a lot of attention when HP's CEO used it to spy on the phone calls of board members and the press in trying to stop information leaks from the board. However, it's been a problem for quite some time. Of course, the real problem was that the mobile operators were leaking this data without any protections to make sure that the person they were giving the info to was authorized to have it. However, every time such a story came out, the mobile operators tried to blame everyone else for their own failure to protect the data. The FCC has taken its time, but has finally ruled that mobile operators cannot release data over the phone without a password and need to let customers know if there are changes to their account. Why the operators hadn't done this already to protect their customers isn't readily explained. Of course, all this really means is that pretexters will need to come up with a new scheme to figure out how to get passwords out of people before accessing their phone records.

There is one other interesting side note in the FCC's ruling. Matthew Lasar notes that the ruling also includes that the operators need to inform the FBI about data leaks quickly, but can take their time informing the customers whose data was actually leaked. Apparently, the FBI lobbied for this particular rule, because they were afraid if customers involved in illegal activities found out their data was leaked, it would cause them to destroy evidence, potentially ruining investigations. This doesn't make much sense... unless it turned out that the FBI was using pretexting itself, rather than going through the process of getting subpoenas and search warrants. You would think that as long as the FBI went through the proper channels to get the info they needed, investigations wouldn't be harmed -- but perhaps we should know better than to expect such things.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Apr 3rd, 2007 @ 8:55pm

    The FBI (pronounced Fibby???) using extra-legal means. What do you think this is a Big Brother state?

    Wait --- wasn't that what they just got caught doing with the Patriot Act abuses???


    I LOVE YOU Big Brother !!!!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Unanimous Custard, Apr 4th, 2007 @ 4:03am

    What if HP merged with ATnT?

    So HP investigators call up a telephone company and pretend to be someone else to get call records is pretexting and to be illegal.

    What if HP merged with ATnT, would it be OK for HP employees to get the call records then?

    What if ATnT was selling call records, is that OK for HP to buy them?

    What's special about telecoms company employees that it's OK for them to have have access to that data without limits and not OK for other people to have access to that data?

    I think the answer is nothing, peoples private information is their private information and there should be full laws protecting their privacy, even if HP are merged with ATnT, HP employee should not have free access to customers information.

    There was an investigation on BBC into Barclays bank sales dept. Any salesman could (and did) type in any persons name and postcode and see their bank transaction details. The salesmen boasted of looking up famous peoples bank transactions out of curiosity.
    These are really scuzz ball second hand car saleman types, you wouldn't give your second name too. Yet there were no restrictions on access.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    RandomThoughts, Apr 4th, 2007 @ 6:10am

    Maybe the FBI just wants to have advance notice that someone already under surveillance will be changing their service?

    Another issue is that it would keep Sprint and the cable companies from sharing personal information about their customers for their cable/wireless venture.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    markusfarkus, Apr 4th, 2007 @ 2:55pm

    VPN

    No voip in route? No problem just use your companies VPN or set up your own vpn server from home.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This