Wednesday, September 13, 2006

Pretexting

It's a nice word being used in the HP case. The media usually refers to it as "identity theft". However, as often is the case, when dealing with the upper classes and especially when dealing with the large corporate world, one shouldn't be so crass to use such a gauche. proletariat term. Such individuals, no doubt more hip and better than you and I, require the Business 2.0 version of the term and hence, "pretexting.

A friend writes to me today:
what do you think of this 'pretexting' thing? I don't see what the problem is
Below is my reply. Keep in mind, this is an off the top of my head, casual reply written in email. As it seemed to sum up my thoughts on the issue and as I seem to be too lazy today to write up a more proper article, I publish it via copy and paste.
I think it's unethical. However, the real "outrage" being expressed here is that someone had the unmitigated gall to do this to another wealthy person. This type of thing is done all of the time, and talked openly about in crime books and on Oprah. No one thinks twice when it's done to discover a cheating spouse, a long lost family member, a dead beat dad, etc. When it happens to someone in the boardroom, though, off with their heads! Fuck that.

The real issue, to my mind, is that companies have been breaking privacy law for years and technology has finally caught up to bite them in the ass. Yet no one points out in the media, for it would be corporately incorrect to do so, that SSN's, which were used in this pretexting example, are by law specifically not to be used as an identification number in any way by any agency - government or private - outside of the Social Security Administration. No one points out that by ignoring this law for decades, we have a de facto national identification number that is published and sold time and again in multiple places and that it is insecure as all hell. No one points out how this affects average people - not just criminals or wealthy people caught in violation of Boardroom agreements - by exposing them to potential greater damage via identity theft (which is what "pretexting really is - only on a limited scale in the HP example), stalkers, etc. No one dares discuss the real privacy implications of these actions and instead spends a great deal of print ink and electrons discussing the ethics of using such data in that way. Hey, wake up call, folks! If the data is so easily available, then what makes you think that people aren't going to use it?!!?

Finally, no one discussed the blame that should be placed on the telephone company whose security is so porous that someone could so easily pull off such a scam. Why is it so porous? Because like millions of other companies, they use the freakin' social security number as a sole identification number for an individual. In addition to potential prosecutions, someone should sue. But that won't happen because A) it would expose entire networks between and within millions of U.S. companies to similar potential suits and B) the ability to sue is on such grounds is not written into the law and therefore, not available to anyone.

Digital privacy has been an interest of mine, particularly over the last 3 years. I've read some law books on the topic and basically, we have fewer rights than even Europe when it comes to this issue. American business interests argue that such openness greases the economic wheels that make us more competitive. There's a good argument to be made that that position is bullshit. However, business suddenly gets upset when such "openness" hits the boardroom? Puleeze. I can't get worked up about this insider crap unless we widen the topic to include the larger issue and all of those who are affected.

No comments: