Comments on: Sprint Nextel sues over sale of call records

Company files its second lawsuit to prevent Web sites from obtaining and selling customer billing information.

[willv]

Who owns your phone number?

Now that they have made it the law that you can take your cellphone number with you to another provider, I say the consumer should own their number(s) until they give their number up by canceling or non payment to their cell phone provider. It is getting to dang easy for people to get your personal data and use it agenst you (identiy theft is just a drop in the bucket!)

(turning rant off now)

Will

[Razzl]

What about internal security?

Okay, I have no problem with Sprint suing some of the bad guys, but the real cure to this problem, the thing that would have prevented it all in the first place, is for these companies to have sensible internal security procedures in place to begin with. Why would anyone need their cellphone records so badly that they can't wait to go online for a couple of minutes to fill out a form with discrete security questions that the harvesters can't hack easily, like they do with credit cards? And why would customer service reps. give out such information on the phone without similar security checks? This lawsuit looks like smokescreen from a company that doesn't want to be bothered to fix the real problem...

[freq]

popostrus!!! the telcos should be sued!

if the telcos want to sue, the should sue the government!!!!

sue everybody!

[Joe Blow]

Fraud is Fraud ...

and I find it curious how it can be "legal" to obtain what is clearly sensitive personal data and resell it (what the purveyors of this data claim). From what Sprint, et al, are saying, it appears that people who have access to this data are selling it out the back door. On the other hand, the telcos may just be jealous that someone else figured out how to make money from this data before they did, or they managed to establish a "blind eye" way to sell the data without the public relations hassle. I wouldn't be surprised to find out that people in telcos have some financial interest in the data brokers, which are obviously high-speed/low-drag shell operations, with their major costs of operations being the price of a domain name and web servers capable of taking and filling orders for data via credit card. Whether they're telco executives and/or people with direct access to the data (dbadmins, sysadmins, netadmins, computer security people, etc.), hopefully they weren't smart enough to know how to hide their tracks by disabling/modifying security logging, sneaking copies of backup storage media out of facilities, etc. I doubt that it was done via duping customer service people, as it would take minutes to obtain the info on a single call, and these perps allegedly have access to pretty much any record of any cell phone call anyone has made.

In any case, who knows how much data is already out of the barn, and how long it's going to take just to find out where it all is, much less how to reprotect it, if even possible. I think I see a business opportunity in phone call forwarding proxies, similar to the old Web surfing proxies that allowed you to hide where you surfed, or the e-mail proxies that concealed where e-mail was actually sent from (all of which died in the wake of 9/11 and the subsequent taps the FBI and NSA mandated the ISPs and telcos install to allow for instantaneous tracking of Net traffic and phone calls).

All the Best, and I Know Who You Called Last Summer! ;)

Joe Blow