Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: verizon archive security glitch?

From: David Farber <dave () farber net>
Date: Sat, 7 Jun 2008 09:17:38 -0700

________________________________________
From: Lauren Weinstein [lauren () vortex com]
Sent: Saturday, June 07, 2008 12:16 PM
To: David Farber
Cc: lauren () vortex com
Subject: Re: [IP] verizon archive security glitch?

It's worse than that.  I know of cases where people have tried to
report such glitches to various organizations and have then found
themselves accused of hacking or violating privacy, and having to
then jump through hoops to prove they didn't!  This doesn't exactly
encourage people to be proactive about reporting such problems
when they're found.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com

 - -



________________________________________
From: Deborah Alexander [dsalexan () optonline net]
Sent: Saturday, June 07, 2008 10:53 AM
To: David Farber
Subject: verizon archive security glitch?

Dave – for IP-ers, if you think of use...
Scrolling blogs this a.m., I came across a posting that seems interesting in light of the presumptive Republican 
Presidential Candidate’s views about telecoms
, privacy and immunity:

From
http://www.explananda.com/

“On Thursday morning, I was trying to access some old cell phone bills online at www.verizonwireless.com. As I 
clicked through the months, most of the time th
e correct bill came up (as a pdf). But twice for some reason verizonwireless.com served up someone else’s bill. The 
first time I just absentmindedly clicked a
way and tried again. But the second time it occurred to me that there was something really squirrelly about the fact 
that I was able to access some other ran
dom dude’s bill. I could see all the calls that this guy made in September, 2007, his account number, and the fact 
that his bill was past due that month. That’
s hardly the biggest security breach in history, but it’s also a legitimate concern for people who care about their 
privacy, and rely on companies to take rea
sonable steps to secure personal information.
I spent 30 minutes on the phone with Verizon trying to get someone to understand that there was clearly some 
technical glitch on their end, and that it raise
d a privacy issue (and a potential legal issue for them).
<snip>
“[Verizon] promised me that someone would call me back with an explanation. No one has called yet.
“I also made them promise to call this guy and tell him that someone else had been able to view information that 
should have been kept private, but about 5 mi
nutes after I got off the phone with them I realized that that was unlikely. So I called the guy up and left a 
message. He called back a few hours later. No
one from Verizon had called him.
<snip>
[ADDED BY WAY OF FOLLOW UP COMMENT]:
“I found it sort of interesting from an organizational perspective. Obviously Verizon gets a lot of calls from a lot 
of angry or strange people every day. So
they need pretty robust filters, so that upper level managers don’t have to talk to every crackpot who calls with 
some issue that the operators aren’t in a pos
ition to properly assess. The result is that there was apparently no way at all for them to escalate the issue 
efficiently and effectively. According to them
 - and this may well be true - they just couldn’t get a hold of a supervisor who would be high up and smart enough to 
grasp the legal implications of my point
, let alone the privacy and public relations aspect.
<snip>

Deborah S. Alexander, Esq.
Alexander Law Offices LLC
395 Springfield Avenue
Berkeley Heights, NJ 07922
Phone: (908) 898-1800
Fax: (908) 898-1801
Email: dsaLaw () Alexander-Legal com<mailto:dsaLaw () Alexander-Legal com>
Web: www.Alexander-Legal.com<http://www.alexander-legal.com/>





-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com





-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: