The Checkout

A Pretext of Vulnerability

The story of Hewlett-Packard hiring private eyes to pull the private phone records of its board members has the makings of a great corporate soap opera. But who can enjoy it when it's also a depressing reminder of the vulnerability of our personal information?

A brief recap: The non-executive chairman of the giant computer maker authorized an internal probe into whether her fellow board members were leaking information to the press. The company hired a guy who hired a guy who used "pretexting"--setting up phony e-mail addresses and impersonating account holders on the phone--to obtain the phone records of HP's board members and nine journalists without their permission. HP appears to have run afoul of two California state laws on identity theft and computer records access. The U.S. attorney for the Northern District of California is weighing whether to press charges.

HP's lame defense? Spokesman Ryan Donovan told The Washington Post last week, "there were no established laws in the United States prohibiting" the practice at the time.

He's mostly right. Congress has been working on tightening protections for phone records but that legislation is currently stalled. In the meantime, there's not a whole lot regular folks can do about it.

"I don't think there's much for consumers to do," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "It's the companies that have information about their customers and don't do enough to protect it."

Earlier this year, AT&T, Sprint Nextel, Verizon Wireless and Cingular Wireless took several data-broker firms to court, saying they fraudulently obtained customers' phone records. But companies can do more than just file lawsuits, Rotenberg said.

"They need to make it more difficult for people to impersonate their customers and get their customers' information," he said. For example, "using the last four digits of Social Security numbers is terribly dumb because it's pretty easy to find the last four digits of an SSN."

Pretexting has flourished because of a growing market for personal information. Private eyes are not the only ones who want phone records. Divorce attorneys, debt collectors, even news media buy them.

The government has gotten more aggressive lately about going after pretexters. In May, the Federal Trade Commission filed complaints against five Web-based data brokers, seeking to permanently halt the sale of confidential telephone records.

In June, a House panel held a hearing on phone record security and tried grilling several professional pretexters, but the witnesses ducked lawmakers' questions by invoking their Fifth Amendment right against self-incrimination. The FCC is working on requiring phone companies to do more to protect phone records.

Until regulators and companies sort things out, there are a couple things you can do. The FTC recommends adding passwords to credit card, bank and phone accounts to prevent someone from setting up an account in your name. And watch your statements. If you get a notice, for instance, that you opened an account that you didn't, you may have been the target of pretexting.

If you think your phone records have been compromised, file a complaint with your phone company, state attorney general and the Federal Communications Commission. You can also support tougher state and federal laws to protect phone records.

Have you ever been the victim of pretexting? Share your stories here.

By Annys Shin |  September 12, 2006; 7:00 AM ET Consumer Tips
Previous: My Name is Annys | Next: Message to MCI: It's NOT Me!

Comments

Please email us to report offensive comments.



Somebody tell me - why does it matter if somebody else knows who I called, how often I called them, and/or how long we talked (i.e. my phone records)??? Yes, it's information about me and I really would prefer it stay private but how can this harm me or my credit record??? I fail to see the big deal.

Posted by: Anonymous | September 12, 2006 8:26 AM

>> Okay, so your life is so f-ing perfect that you don't give a damn who knows whom you call. Not everyone has that luxury. Still, we all should enjoy a measure of privacy in our lives, and personal communications--from our email messages, to our phone records--should be limited to our eyes only.

Posted by: bigolpoofter | September 12, 2006 9:08 AM

So:
The FTC recommends adding passwords to credit card, bank and phone accounts to prevent someone from setting up an account in your name.

Does this mean all credit card, bank and phone accounts will let me add a password to my account?

Posted by: Arlington, VA | September 12, 2006 9:22 AM

"Okay, so your life is so f-ing perfect that you don't give a damn who knows whom you call."

No, my life isn't f-ing perfect (but it's pretty nice). But why do YOU give a darn who knows who you call? Seriously, educate me.

Posted by: Anonymous | September 12, 2006 9:40 AM

I knew the first post would be from somebody virtuously asking what difference it makes. Annys, this is the kind of "response" that Caroline received more often than not. The old smug "so what's YOUR problem...it couldn't/wouldn't/didn't happen to ME but if it did I wouldn't complain" mentality. Good luck in placating Big Brother, people.

As for why it should matter - it should matter because if they can get stuff you DON'T care about, they can get stuff you DO care about. Assuming you aren't too much of a Big Brother ass kisser to have any.

Posted by: Lily | September 12, 2006 9:53 AM

So the FTC recommends adding passwords to our accounts to prevent fraud and identity theft. And every security expert in the known universe says we should never write our passwords down, and we should not use the same password for more than one purpose, and we should change our passwords frequently, and we should use passwords that are hard to guess. Can somebody please tell me where to get additional memory for my brain? I am about out of storage space for passwords, log-in ID's, PIN's, access codes, ad nauseum.

Posted by: cbo | September 12, 2006 10:30 AM

The press reaction to this story has been interesting to watch. Journalists, of course, use pretexting all the time. Watch Dateline, 20/20, etc., where journalists get jobs on false pretenses then bring in hidden cameras, participate in stings of criminal suspects, and so on. And certainly if the Post got hold of your e-mail or your phone records, it would insist that any law imposing privacy on that information was an unconstitutional infringement of the First Amendment. But when other businesses do it, it's a bad thing.

Posted by: Tom T. | September 12, 2006 10:33 AM

This is too weird...My ex just told me a story yesterday, how she was able to get her current boyfriend's cell records faxed to her. She had another male friend inpersonate the BF.

Posted by: fwash | September 12, 2006 11:23 AM

>>>>Somebody tell me - why does it matter if somebody else knows who I called, how often I called them, and/or how long we talked (i.e. my phone records)??? Yes, it's information about me and I really would prefer it stay private but how can this harm me or my credit record??? I fail to see the big deal.<<<<


If you're not trolling: Big Brother fascism doesn't happen all at once, overnight. It develops over time through accumulation of little, seemingly inconsequential things. All put together, and you find that no one's left to speak for you, etc.

Posted by: Anonymous | September 12, 2006 12:05 PM

"If you're not trolling: Big Brother fascism doesn't happen all at once, "

Thank you. No, I was not trolling.

However, I fail to see the conspiracy theory in this. Maybe it's my rose-colored glasses...

Posted by: Anonymous | September 12, 2006 12:12 PM

>>>>Somebody tell me - why does it matter if somebody else knows who I called, how often I called them, and/or how long we talked (i.e. my phone records)??? Yes, it's information about me and I really would prefer it stay private but how can this harm me or my credit record??? I fail to see the big deal.<<<<

Would you want to give your phone records to a stalker?

Posted by: Anonymous | September 12, 2006 1:01 PM

The phone record, in itself, may not be a big deal to many. BUT, it is the principle of privacy.

I may not be doing anything wrong in my bedroom, bathroom, or anywhere else in my house, but do I want someone peeking in my windows and watching? I am not breaking any laws, but I still want to have privacy.

Posted by: Stacey | September 12, 2006 2:19 PM

It wouldn't cause me any harm if the government knows who I call either, but it's MY BUSINESS.

That's the key point I think people like the first poster don't get: it's not the government's business (or a big company's business or whatever)who I call, what books I buy, where I was on Saturday night, etc.

I'm constantly amazed at people who act befuddled as to why anyone could possibly want to retain whatever privacy remains possible. Well, maybe you don't care, but a lot of us do.

Posted by: SteveG | September 12, 2006 2:56 PM

"That's the key point I think people like the first poster don't get: it's not the government's business (or a big company's business or whatever)who I call, what books I buy, where I was on Saturday night, etc. "

SteveG, correct me if I'm wrong but this isn't about the government knowing. It's private businesses and people finding out the info. Nowhere in the blog did Annys say the government was gathering this information.

Posted by: Anonymous | September 12, 2006 3:23 PM

Actually the concern is not the government (they can get a warrant if they are concerned) it is other private parties who are using deceptive means - like your ex trying to make it seem like your friendship is really an affair; getting the person's number and then harrassing them- An abusive/stalking ex who gets your mother's calls and uses it to track you down, an employer who checks your private cell phone records to see if you are the whistleblower,

And those are just a few I can think of off the top of my head.

Posted by: Anonymous | September 12, 2006 3:23 PM

Pretexting is one of a basketful of techniques used by collection agents, lawyers, detectives and most significantly, many major corporations that deal with the general public. I know this because I was a collection agent for years, for a major retailer. We were taught these techniques even though the Fair Credit Act prohibits many of them. I quit a management position over these practices. Later I worked with lawyers and learned they regularly do this, albeit under anonymous names to avoid getting caught. Today I teach business people and individuals ethical business practices and how to avoid becoming an ID theft victim. I sleep better at night now.

Posted by: thw2001 | September 12, 2006 3:49 PM

I can't imagine a scenario in which a legitimate user would urgently need to have their information on individual phone calls other than international calls, so why not just insist on mailing the information to the user's billing address.

Also, more and more people have unlimited calling for a fixed fee. Why keep records on calls under these plans?

Posted by: Richard Clare | September 12, 2006 5:09 PM

With permission of my then-BF, I once called all his credit cards and frequent flier accounts, got his passwords, found out how many miles and bonus points he had and arranged myself a plane ticket. All it took was knowing his birthday and a good story about why he wasn't making the calls himself. The truth was he was too busy with his job at the time, but I told a more sympathetic story to get the passwords.

Maybe the phone call records aren't super sensitive, but his credit card password certainly was. And it took about 5 minutes to get.

Posted by: Annys Fan | September 13, 2006 8:37 AM

The phone companies all keep those records so they know if your all in one price is making money for them. They don't pull that number out of the air.

Posted by: To Richard | September 13, 2006 8:40 AM

You wrote:

"The U.S. attorney for the Northern District of California is weighing whether to press charges. The U.S. Justice Department has also joined the probe."

FYI, the US Attorney's Office is part of the Department of Justice.

Posted by: mark | September 13, 2006 1:30 PM

The comments to this entry are closed.

 
 

© 2010 The Washington Post Company