Weak Fines Aren't Going To Stop Data Leaks

from the falling-short dept

The concept of "pretexting" -- posing as somebody else in order to gain access to their personal information -- got a lot of publicity when it was revealed that HP investigators used the tactic to spy on board members and journalists. However, it's a problem that's been going on for some time, and the usual responses to it gloss over the fact that wireless operators' inadequate security is to blame for these leaks as much as any fraudster. Many attempts to enact or strengthen legislation in this area focus on people selling the information, rather than doing anything to force the operators to better secure their customers' private data, but the FCC has proposed a $100,000 fine against virtual operator Amp'd for its shoddy safeguards to protect users' calling records. The amount is a drop in the bucket for the company, or any other operator, and isn't likely to do much in the way of motivation, since enacting better security procedures probably costs more than the fine. This is a big problem with pretexting, or other forms of identity theft: companies have very little motivation to do much to prevent it, since the costs of a leak are borne largely by the victims or third parties. Many companies, including the wireless operators, have been very successful with their PR efforts to make themselves look like victims here, and generate the public perception that hackers and criminals are the real problem, when corporate sloppiness, incompetence and disinterest are more to blame.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 29 Mar 2007 @ 12:59pm

    First!!!!!!!

    reply to this | link to this | view in chronology ]

  • identicon
    RandomThoughts, 29 Mar 2007 @ 1:35pm

    Risk and reward. If the solution costs more than the fine so in the business sense, it would be stupid to fix the problem. Now, one of the things that does need to be considered is how many customers do they lose over the issue. That is the soft number.

    How many people have stopped shopping at TJ Maxx?

    reply to this | link to this | view in chronology ]

  • identicon
    Joel Coehoorn, 29 Mar 2007 @ 1:37pm

    Make no mistake- if a cracker steals your information, it's the cracker's fault. They are still responsible for their own actions, and just because the company didn't make it hard enough doesn't absolve a cracker in the least. I know you didn't mean to imply otherwise, but it sure sounds like it.

    Also, a one-time $100000 fine is nothing, but if the fine is enforced per incident it could get expensive very quickly if a company is overly lax.

    reply to this | link to this | view in chronology ]

  • identicon
    Overcast, 29 Mar 2007 @ 2:09pm

    Yeah, heck - so if someone offers 250,000 for some data... you could still make a 150k profit.

    reply to this | link to this | view in chronology ]

  • identicon
    Manhole WaterStop, 29 Mar 2007 @ 2:30pm

    Why 'pretexting'? Why not privacy?

    Why pretexting, why isn't the argument not 'privacy vs no privacy?' Is it ok to have the information because you *work* for subsidiary of ATnT but not OK if you have to *pretend* to work for ATnT to get the info? Are employees of ATnT so much more trustworthy than others? Nah, I don't think so.

    I think the reason is this. A normal privacy vs no privacy argument runs,
    #1 'I want privacy'
    #2 'What are you doing wrong that you have to hide?'
    #1 'If you're OK with no privacy, show me your bank account'
    #2 'Erm, if the FBI wanted to see it, that would be OK, but not you'
    #1 'I am from the FBI, here's my badge, let me see it'
    #2 '...I meant to say FBI with a warrant or a national security letter'
    #1 'That's OK, I'm allowed to write NSLs, let me get some paper'
    #2 '...erm no, I still rather not'

    And that's the crux of it, everyone wants privacy, even the people who claim they don't, don't reveal their telephone bills, bank statements or anything more than the rest of us.
    By arguing for 'pretexting=crime' it lets the pro-privacy people score an easy point, and it's something the anti-privacy people can go for without having to confront the contradictions in their position.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.