Link to WFC Website

 Newsletter - July, 1999
 

Pretexting and Web Surfing 
Last week, articles in Denver Post, New York Times, and ComputerWorld about 'pretexting' caught my attention. click to read articleThey dealt with an information broker who obtained confidential information about other persons by giving a false pretext. In other words, pretexting (or pretext calling) is lying over the telephone about who you are and why you are obtaining the information. Typical situations involve debt collection, fraud investigation, divorce proceedings, or tabloid articles about banking accounts, credit card histories, salaries, and medical histories from banks, insurance agencies, medical centers, and telephone companies, just to name a few.

It is interesting that pretexting is usually legal (except when impersonating a police officer or government official). No major corporations have been prosecuted for this deceptive practice. In fact, the practice is widely accepted in some industries.

The case in Denver involves the small firm of Touch Tone Information Acquisition. The State of Colorado is one of the few states having a law against impersonating someone to obtain confidential information for commercial gain. The precedence of this case may affect federal and state legislation across the nation.

The article in the New York Times entitled "Law Confronts Seller of Private Data" gave additional details. click to read article (requires a free registration with NYTimes.com)

click to read articleThe ComputerWorld article summarized the Colorado case and gave advice to companies on how to safeguard their information systems. Some suggestions for 'stopping the leaks' were:  to show dialog boxes to remind agents to verify the caller's identity, to track frequency of confidential inquiries against an account alerting if certain limits are exceeded, and to monitor outsourcing services for any sensitive customer support functions. Clearly state the policy for releasing confidential information to all employees (and contractors). And then, apply lots of common sense.

click for more info from Amazon.comThe issues and techniques for obtaining confidential information about persons are well explained in Carole Lane's book Naked in Cyberspace. The Web Farming book carried the following comment about Lane's book: "A must reference for the Web farmer... A sobering and balanced description of the privacy and need-to-know issues." However, nowhere in this book are suggestions for deceptive practices, like pretext calling. In contrast, Lane clearly calls for a high level of professionalism by information brokers. In particular, it is ethical practice by brokers to identify honestly the caller and the reasons for the call.

How does pretext calling relate to web farming? The efficient exchange of information for web farming will depend upon honest authentication of both producers and consumers of information. Deception by the parties in this exchange will add tremendous burdens.

It is widely accepted that it is wrong to falsify identity through misusing credit cards for an e-commerce purchase via the Web. However, is it wrong to falsify identity to obtain a white paper from your competitor's website? Is it wrong to not identify your web crawler when you spider your competitor's website? And so on. . .

The point is that web farmers must act in a highly ethical manner if we are to create a viable profession from this discipline. See the suggested Code of Ethics for web farming. Note specifically the point about disclosure.

I would like to hear about your comments on this critical issue.

- Richard Hackathorn
dick@webfarming.com