Weak Fines Aren't Going To Stop Data Leaks

from the falling-short dept

The concept of “pretexting” — posing as somebody else in order to gain access to their personal information — got a lot of publicity when it was revealed that HP investigators used the tactic to spy on board members and journalists. However, it’s a problem that’s been going on for some time, and the usual responses to it gloss over the fact that wireless operators’ inadequate security is to blame for these leaks as much as any fraudster. Many attempts to enact or strengthen legislation in this area focus on people selling the information, rather than doing anything to force the operators to better secure their customers’ private data, but the FCC has proposed a $100,000 fine against virtual operator Amp’d for its shoddy safeguards to protect users’ calling records. The amount is a drop in the bucket for the company, or any other operator, and isn’t likely to do much in the way of motivation, since enacting better security procedures probably costs more than the fine. This is a big problem with pretexting, or other forms of identity theft: companies have very little motivation to do much to prevent it, since the costs of a leak are borne largely by the victims or third parties. Many companies, including the wireless operators, have been very successful with their PR efforts to make themselves look like victims here, and generate the public perception that hackers and criminals are the real problem, when corporate sloppiness, incompetence and disinterest are more to blame.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Weak Fines Aren't Going To Stop Data Leaks”

Subscribe: RSS Leave a comment
Joel Coehoorn says:

Make no mistake- if a cracker steals your information, it’s the cracker’s fault. They are still responsible for their own actions, and just because the company didn’t make it hard enough doesn’t absolve a cracker in the least. I know you didn’t mean to imply otherwise, but it sure sounds like it.

Also, a one-time $100000 fine is nothing, but if the fine is enforced per incident it could get expensive very quickly if a company is overly lax.

Manhole WaterStop says:

Why 'pretexting'? Why not privacy?

Why pretexting, why isn’t the argument not ‘privacy vs no privacy?’ Is it ok to have the information because you *work* for subsidiary of ATnT but not OK if you have to *pretend* to work for ATnT to get the info? Are employees of ATnT so much more trustworthy than others? Nah, I don’t think so.

I think the reason is this. A normal privacy vs no privacy argument runs,
#1 ‘I want privacy’
#2 ‘What are you doing wrong that you have to hide?’
#1 ‘If you’re OK with no privacy, show me your bank account’
#2 ‘Erm, if the FBI wanted to see it, that would be OK, but not you’
#1 ‘I am from the FBI, here’s my badge, let me see it’
#2 ‘…I meant to say FBI with a warrant or a national security letter’
#1 ‘That’s OK, I’m allowed to write NSLs, let me get some paper’
#2 ‘…erm no, I still rather not’

And that’s the crux of it, everyone wants privacy, even the people who claim they don’t, don’t reveal their telephone bills, bank statements or anything more than the rest of us.
By arguing for ‘pretexting=crime’ it lets the pro-privacy people score an easy point, and it’s something the anti-privacy people can go for without having to confront the contradictions in their position.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...