Why Homeland Security May Contribute To The Pretexting Problem

from the forcing-more-data-to-be-kept-longer dept

While HP’s recent problems have brought attention to the concept of “pretexting” (yes, a fancy name for a specific form of identity theft), the FCC had already been discussing ways to prevent the practice. At the beginning of the year, there were numerous press stories about data brokers who would sell anyone’s phone records (using pretexting). At the time, very little of the blame was being put on the phone companies for making it so easy to get the data. Instead, everyone complained that “the government ought to do something.” Well, the FCC did look into it, and received a number of recommendations from various parties about how such a release of records could be prevented. One of the suggestions was that phone companies should not be required to hang onto customer records for longer than necessary. Of course, with Attorney General Alberto Gonzalez running around the country pushing data retention laws on everyone, you know that’s not going to go over well. In fact, Matthew Lasar writes in to point out that Homeland Security, the FBI and the Department of Justice filed objections to any plan that would suggest telcos purge old records — and, in fact, said that some phone companies should be required to keep records even longer. Of course, this isn’t a new issue. For years, there has been an ongoing debate about how much information a company should keep, with governments often wanting more info available “just in case.” However, this is a dangerous idea, as more data retention often hides the problem, by burying the important data under lots and lots of useless data. Requiring companies to keep more data longer only guarantees that it will eventually be misused.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Why Homeland Security May Contribute To The Pretexting Problem”

Subscribe: RSS Leave a comment
Geeb says:

Now this will be controversial, but...

…if the government wants to have the historical data available, and the telcos can’t be trusted to retain it securely, why doesn’t the government build some archiving capability?

Telcos retain data until it is no longer relevant (whatever timespan the regulators set) and then hand it over to a secure (how naive am I?) government department who store it in encrypted form and will only release the information to security services with an appropriate warrant.

Hmmmm. Definitely a few sticking points, but more or less bad than the current position?

aj says:


Geebs got the right idea(s).
JoJo, data might be too much to handle at present, but IMHO there IS NO SUCH THING as too much information. Retaining the records SHOULD be highly secure. THIS is where the problem lies today.
The data can – and will – prove useful to analysis, usage and tracking for both the telcos and the government. Heuristic algorythms and advanced search techniques, as they develop (think Google-style tools for TelCo) will continue to make the piles of information more useful to TelCo execs and government snoops. The problem with data-disposal is that once purged, the data cannot be re-generated.
Biologists will tell you there is NO substitute for a long-term test.. you just cant replicate the kind of data available. Using that same logic, applied to this data… the answer is simple: protect the information from beginning to end, and deal with the reality that the information is – will be – and should be – out there.

mroonie (user link) says:

How is this going to solve anything?

“One of the suggestions was that phone companies should not be required to hang onto customer records for longer than necessary.” What exactly defines “longer than necessary”?

I don’t think the solution should be to get rid of data asap. What about banks or the IRS who need to retain information from 10 years or 20 years back? The solution is secure the data so that it is more difficult to access.

Phone companies, as well as other companies who experience difficulties with handling data should definitely take responsibility for their behavior and image. Even if a phisher impersonated a bank for example, the company should be held accountable also, instead of putting all of the blame on the user or even the government!

Compliance laws are good, but take way too long to develop and implement. It’s going to take the FCC forever to get a move on….

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...