H-P 'pretexting' case raises privacy concerns

The Baltimore Sun

Last week's firing of Hewlett-Packard Chairwoman Patricia Dunn has focused new attention on privacy breaches involving consumer phone records, and could jump-start new government efforts to protect the public.

Security firms hired by Hewlett-Packard had apparently used a dubious technique known as "pretexting" - posing under false pretenses to obtain phone records of board members and news reporters - and are now being investigated by state and federal officials and by Congress.

The moral of the story goes beyond Hewlett-Packard: If such an intrusion of privacy can happen to millionaire Silicon Valley power brokers, it might happen to you.

"It's about every consumer ... who gets a monthly billing statement," says Marc Rotenberg, who heads the Electronic Privacy Information Center in Washington. "Policymakers need to address this challenge.

"For us it's certainly rising to the top of the list" of urgent privacy issues, says Rotenberg, whose organization petitioned the Federal Communications Commission (FCC) for new mandates on phone companies to protect customer information. "There's just very little regulation."

Consumer advocates say two steps are needed: a law that clearly bans the practice and creates tough penalties, and requirements that phone companies have strict safeguards in place in their customer service departments.

Although many believe that pretexting is already illegal, prosecution is not necessarily easy. A 1999 ban on pretexting to obtain financial records does not explicitly ban pretexting for other information such as phone bills.

In a busy election season, it's unclear whether legislation that Congress has been considering this year will move forward. But regulators at the Federal Communications Commission hope to lay out new rules for the telecommunications industry by the end of the year - a move the FCC has been considering for several months. And states could pass their own bans. The California legislature has already passed a bill, which now needs only the governor's signature to go into effect.

Many consumer advocates and industry officials say that when phone records are needed, such as for a legal proceeding, they can be accessed through channels such as a subpoena or warrant.

Phone companies say they have been trying to curb pretexting through litigation and other measures.

"The four national carriers, Verizon Wireless, Cingular, Sprint-Nextel and T-Mobile, have all filed complaints and obtained injunctions across the country to shut down these data thieves," cellular industry official Steve Largent told a congressional hearing in February. "The fact that data brokers apparently have been able to break and enter carrier customer-service operations to obtain call records has given our industry a black eye."

What to do

Consumers can take several steps to safeguard their phone records:

Ask that records only be sent to their home address.

Ask that your Social Security number not be used as the main way for customer service representatives to verify your identity on the phone.

Passwords are most effective when they are complex and changed regularly.

[ Christian Science Monitor]

Mark Trumbull writes for the Christian Science Monitor.

Copyright © 2021, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad