jp@tygra.Michigan.COM (John Palmer) (05/05/91)
In article <telecom11.325.3@eecs.nwu.edu> rborow@bcm1a09.attmail.com writes: > I'm asking Patrick to indulge me here as I tell you both what I found > out regarding your telemarketing calls from 312-292-9000. I decided to > dig deeper than Pat did (or deeper than he's able to, for that > matter). Accessing the telemarketer's account, I learned much stuff. > What I found out was quite interesting, so here goes ... > First, the name of the "business" is "Combined Credit Service," as Pat > had mentioned earlier. According to my records, they have only a few > lines (they appear to have a hunt feature which doesn't reveal all its > respective numbers, of course. They make all their outgoing calls off > line numbers 292-9027 and 9028. Line number 9015 is used to accept > collect calls (I'd bet from the people they call!) from all over the > country. Lines 9000 through 9014 appear to be the DID lines receiving > individuals' calls like yours, John. BTW, the several times I called > their numbers, each attempt was NOT busy and was answered: "Awards > Center, may I have your area code and phone number?" (more details omitted) > Randy Borow AT&T Communications Rolling Meadows, IL. ^^^^^^^^^^^^^^^^^^^ > DISCLAIMER: The above represents the opinions of me only and not Ma Bell. > She's busy enough on her own to worry about us little guys. WHAT THE HELL IS THIS!! Do all of you realize what Mr. Borow just did!!! He used his privilege as an AT&T employee to access PRIVATE telephone records about a subscriber of AT&T and has now broadcast them to the entire world. And we all though that our privacy was in jeapordy by because of the goverment !!! Mr. Borow, I am going to make a copy of your article and send it to AT&T security. You sir, have violated a trust. The trust the was given to you when you were given access to those records. Those records are none of the public's business. You most surely have violated the terms of your employment and perhaps several laws. I have no sympathy for the telemarketing firm in question. Its just another scam, but if this individual will release private phone records in such a manner, then all of our privacy is in danger. John Palmer CAT-TALK Conferencing System | E-MAIL: +1 313 343 0800 (USR HST) | jp@Michigan.COM +1 313 343 2925 (TELEBIT PEP) ********EIGHT NODES***********
trebor@uunet.uu.net> (05/05/91)
rborow@bcm1a09.attmail.com writes: > I'm asking Patrick to indulge me here as I tell you both what I found > out regarding your telemarketing calls from 312-292-9000. I decided to > dig deeper than Pat did (or deeper than he's able to, for that > matter). Accessing the telemarketer's account, I learned much stuff. > What I found out was quite interesting, so here goes ... Err, is anyone else a little shocked that our good friend Randy accessed someone's long distance phone records and aired them out in the public view? The fact that the company that made the calls is most likely sleazy is immeterial, I would think. The record of their phone calls is private, and IMHO Randy had no legitimate reason to go snooping through them, and certainly should not have published this information. Doesn't AT&T have rules about disclosing call information to third parties -- and if they don't, shouldn't they? Robert J. Woodhead, Biar Games / AnimEigo, Incs. trebor@foretune.co.jp [Moderator's Note: Well thus far, its just been you two guys who have mentioned this. Regarding Mr. Palmer's suggestion that he will send a copy of the original message to AT&T Security, my suggestion would be to save yourself the phone call (and the fax paper on the other end). There are several security people from various telcos and LD companies reading the Digest; I'm sure the original message has made the rounds by now. We'll see what others think in Monday's issues of the Digest. I'll try to print a representative sample, including a rebuttal from Randy Borow if he chooses to send one. Depending on the volume of stuff received, the thread will be forwarded to telecom-priv after a day or two if necessary. PAT]
Doug Faunt N6TQS 415-688-8269 <faunt@cisco.com> (05/06/91)
qI guess I didn't realize exactly what he'd done, but I must agree that it was a breach of trust to have done so.
Syd Weinstein <syd@dsinc.dsi.com> (05/06/91)
I didn't reply right away, Pat, because I was also in shock... only 1/2 :-) I worked at one time for United Computer Systems, Inc., a division of United Telecom (Long pre-Sprint Days).... We all had to read and sign the operators non disclosure stuff, and it definately handled cases like his. It was immediate grounds for dismissal. It was spelled out in clear terms. Accessing records without cause, disclosure of records of calling patterns to any third parties, or disclosure of phone calls was not only against rules, it was illegal and we could be procusuted, and a reference to the appropriate statue for my state was stapled to the booklet. Whether he gets ignored, a repriamand or canned depends on AT&T, after all he is not in LD department is he? But that anyone can access the records is a bit much. Perhaps AT&T does need to do some re-thinking re security. Sydney S. Weinstein, CDP, CCP Elm Coordinator Datacomp Systems, Inc. Voice: (215) 947-9900 syd@DSI.COM or dsinc!syd FAX: (215) 938-0235
John Stanley <stanley@phoenix.com> (05/06/91)
kddlab!lkbreth.foretune.co.jp!trebor@uunet.uu.net (Robert J Woodhead) writes: > rborow@bcm1a09.attmail.com writes: > > I'm asking Patrick to indulge me here as I tell you both what I found > > out regarding your telemarketing calls from 312-292-9000. I decided to > > dig deeper than Pat did (or deeper than he's able to, for that > > matter). Accessing the telemarketer's account, I learned much stuff. > > What I found out was quite interesting, so here goes ... > Err, is anyone else a little shocked that our good friend Randy > accessed someone's long distance phone records and aired them out in > the public view? Yes. I have been considering the effort it would take to review the Telecom Digest archives to locate the address of the AT&T Chairman of the Board or President or whomever it is. If I were the business in question, I would be talking to my lawyer right now. I KNOW that it would be a dark day on the sun before AT&T got any more of my (apparently high volume) traffic. While the passing of this information between LD carriers for use in marketing LD services might be arguably ethical, using one's position within AT&T to broadcast this stuff to the general public certainly is NOT. The fact that the company whose records were made public is a telemarketing scam is no defense. The information provided by Mr. Borow did not add any proof or disproof of the nature of their business, and as such, was completely immaterial to the discussion. If an AT&T employee feels free to publish long distance records for this company, what would make us think that he wouldn't do it for anyone else he took a dislike to? And if Mr. Borow does it, how many others? Gentlemen, Big Brother is watching, and it is NOT the government! [Moderator's Note: Thus far, no word (officially; I've received a confidential mailing) from AT&T or Randy on the state of affairs in Oak Brook today, but I'm told the situation is grim. Due to the backlog of Digests over the weekend, some people are just now getting around to reading the weekend issues; so we will see what tomorrow's mail brings on this subject. I hope Randy will at least reply. I can understand his possible embarassment, but hope he stays in touch with us. And a reply from AT&T would be appropriate also. PAT]
Nigel Allen <ndallen@contact.uucp> (05/07/91)
My two cents worth: I think Randy Borow acted improperly, but I don't think any serious harm was done. I was disturbed when I saw the original message, and considered sending a message to Patrick. A footnote to this incident for privacy activists: I believe that the Telegraph Act (federal Canadian legislation, probably passed in the first quarter of this century) makes telegraph company employees swear an oath to keep messages confidential. In that sense, I think that anyone who deals with sensitive information about other people, whether they work for a hospital or telecommunications company, has an obligation to make sure that any information they disclose about their work does no harm. Saying something in private to Patrick would have done no harm; posting something publicly about the calling patterns of a telemarketing company that could not be identified would probably do no harm. While the telemarketing company in this case did not lose anything by having its calling patterns disclosed, I think AT&T suffered by appearing to be a telecommunications carrier whose employees don't keep proprietary information confidential. That having been said, Randy didn't do this out of a desire for profit. He deserves to be yelled at by his boss, not fired. Nigel Allen ndallen@contact.uucp
Gregg Townsend <gmt@cs.arizona.edu> (05/07/91)
Robert J Woodhead writes: > Err, is anyone else a little shocked that our good friend Randy > accessed someone's long distance phone records and aired them out in > the public view?.... Pat wrote: > Well, thus far, its just been you two guys who have mentioned this ... Well, if you're keeping score, put me down on the side of those who think it was improper. It was a disturbing breach of trust. Gregg Townsend / Computer Science Dept / Univ of Arizona / Tucson, AZ 85721 +1 602 621 4325 gmt@cs.arizona.edu 110 57 16 W / 32 13 45 N / +758m [Moderator's Note: Because there were no Digests issued Friday morning due to my illness, there was a backlog of stuff over the weekend. Many readers are not in their offices over the weekend, and did not see the original item or the early responses until today. I'm not keeping score, nor was I saying the first two were isolated in their complaints. They were merely up to date in their reading. PAT]
Jeff Sicherman <sichermn@beach.csulb.edu> (05/07/91)
Note that I don't hold PAT morally responsible for having 'printed' it, but Mr. Moderator, were you asleep at the switch? I would think your background, attitudes and dedication to weeding out articles would have raised an alarm in your mind. [Moderator's Note: Yes, it raised alarms. But after thinking about it from both angles, I decided to go ahead with it. Maybe tomorrow I will explain why. Unofficially and off the record I was told this evening that AT&T continues to review the matter, and that the {New York Times} made an inquiry on this at AT&T corporate offices. More details when I have them and am free to discuss them. PAT]
"Marc T. Kaufman" <kaufman@neon.stanford.edu> (05/07/91)
In article <telecom11.337.3@eecs.nwu.edu> syd@dsi.com writes: > We all had to read and sign the operators non disclosure stuff, and it > definately handled cases like his. It was immediate grounds for > dismissal. It was spelled out in clear terms. Accessing records > without cause, disclosure of records of calling patterns to any third > parties, or disclosure of phone calls was not only against rules, it > was illegal and we could be procusuted, and a reference to the > appropriate statue for my state was stapled to the booklet. I understand this, and think it is proper, however ... how then can one of the LD carriers call me and say: "Mr. Kaufman, we have analyzed your long distance calling pattern -- and you can save $x by subscribing to our service". Surely, what's ok in one context must be ok in another. Maybe we just never knew that it was possible. I don't condone making this kind of information public, but I can't get outraged over it because I always expected it to happen. Marc Kaufman (kaufman@Neon.stanford.edu)
ehopper@attmail.com (05/07/91)
I too was shocked by Randy's disclosure of proprietary customer information. Such an action is definitely NOT condoned by AT&T. In fact, it is a violation of the AT&T "Code of Business Conduct" which all employees review and sign periodically. The problem here is the failure of the individual. Randy apparently is (perhaps "was") employed by the marketing organization and therefore had legitimate business reason to access this information. He did not, however, have legitimate cause to invade the customers privacy by disclosing information on that customer to others without a need to know. Some other comments about access by AT&T employees to confidential information caused me to engage in some reflection about security of that information. Let me tell you my perceptions. As an employee of Computer Systems, I have access to certain automated systems that are used by various elements of the company. For example, I have access to DOSS, the ordering/records system for PBX and computer customers. I do not have access to (nor do I even know the names of) the long distance records systems. I don't need to know, therefore I can't get in. This is typical of all AT&T systems. While security was somewhat lax in some non-critical areas a few years ago, all corporate systems now require individual accounts and passwords. You can only get an account by having appropriate management authorization and a need to know. Thus, I can look at equipment records, but not long distance. I do have access to general marketing information for long distance, pbx and computer systems. General marketing information is not customer specific. Instead it's things like price lists and tariffs, product announcements and some design tools. In other words, I couldn't do what Randy did as my division has no need for access to these systems. Was it a breach of trust? Absolutely. Unfortunately a moment of indiscretion may end up costing Randy quite a bit. That is unfortunate. I hope he is only reprimanded and not terminated. I fear the latter, however. Ed Hopper AT&T Computer Systems (Speaking only for myself.)
peed@uunet.uu.net> (05/07/91)
Now hold the phone, folks. IF the telephone customer in question had been a private citizen, I too would be outraged at Mr. Borow's publishing of this information. HOWEVER, American Consumer Services (or whatever it calls itself) is operating as a public-service company, and as such is (or should be) open to public scrutiny. I see absolutely NO problem with Mr. Borow's publishing what he did. This is information that anyone off the street could concievably get, either by asking the company directly, or if necessary by going through the Better Business Bureau or even legal channels. If I remember my American Government lecturer's comments correctly, the Constitution of the United States explicitly guarantees the right of privacy to INDIVIDUALS, not corporations. As I see it, corporations, particularly those that operate in the public interest, should be open books for us, the public, to read and base our consumer behavior upon. (Now look what you've made me do. I've gone and ended a sentence with a preposition. If my high school English teacher hunts me down and kills me, it'll be all your fault.) From what Mr. Borow posted, I think that we can gather that their product is a run-of-the-mill scam, but that their operating procedures are all above board. I don't have any problem with that; let the buyer beware. Andrew B. Peed Motorola, Inc. ..!uunet!motcid!peed Cellular Infrastructure Group (708) 632-6624 1501 W.Shure Dr., Arlington Heights, IL, 60074
de@cs.rit.edu (David Esan) (05/08/91)
In article <telecom11.335.7@eecs.nwu.edu> jp@tygra.Michigan.COM (John Palmer) writes: X-Telecom-Digest: Volume 11, Issue 335, Message 7 of 8 > WHAT THE HELL IS THIS!! Do all of you realize what Mr. Borow just > did!!! > He used his privilege as an AT&T employee to access PRIVATE telephone > records about a subscriber of AT&T and has now broadcast them to the > entire world I too was shocked by the original article and wondered where Randy got the information. I think that this could be construed as industrial espionage. Think about it, if your competition knows that you are calling a certain number or numbers often they can use this to figure your future plans or beat you to the punch. They could also intrude on personal issues (the CEO is calling his/her new girlfriend/ boyfriend (you may pick and choose, any combination could be embarrassing)) that could adversely affect the continuation of the business. My vote is that Randy's actions were wrong. David Esan de@moscom.com
kirk davis <kirkd@ism.isc.com> (05/08/91)
Pat, I've been a reader of the digest for while now, but this is my first posting (A lurker speeks!). I've enjoyed your comments & postings and I hope you don't take offense to this. I've gotta say when I read the original post, my jaw dropped. I couldn't believe a ATT employee could make a mistake like this. I also feel that Pat made a almost equal mistake in not bouncing the message back. It's always been my impression that one of the reasons this group is moderated is to keep people from getting into trouble (blue box, red box, etc ... there I said it and I'm *glad* I said it). So this guy is a ATT employee (target) who posted first and thought about it later. Half the people on the net are guilty of this. I'd suggest we let it go ... even still we all know what's going to happen. Kirk Davis (kirkd@ism.isc.com)
Peter da Silva <peter@taronga.hackercorp.com> (05/08/91)
Well, I must say this was a pretty dumb thing to do. The adrenaline rush at realising he could help these poor folks on the net obviously blew his judgement out of the water. Of course, the response from our favorite direct marketer is probably punishment enough... Peter da Silva. Taronga Park BBS +1 713 568 0480 2400/n/8/1 Taronga Park.
HAMER524@ruby.vcu.edu (Robert M. Hamer) (05/08/91)
kirk davis <kirkd@ism.isc.com> wrote: > I also feel that Pat made a almost equal mistake in not bouncing > the message back. It's always been my impression that one of the > reasons this group is moderated is to keep people from getting into > trouble (blue box, red box, etc ... there I said it and I'm *glad* I > said it). I, too, feel it would have been appropriate for you to bounce the note back to Randy with a "Are you absolutely sure you want to do this?" message. In my view, one of the reasons you moderate ought to be to help protect us from doing anything really stupid. This was, on Randy's part. He'll probably get canned. I'm not at all saying it's your fault; it's his. But we all do something really stupid at some time in our lives, and if someone is in a position to ask "Are you really sure you want to do it?" I think it appropriate.
ehopper@attmail.com (05/08/91)
Andrew Peed <motcid!peed@uunet.uu.net> writes: > Now hold the phone, folks. > IF the telephone customer in question had been a private citizen, I > too would be outraged at Mr. Borow's publishing of this information. Nonsense, all customers have a right to privacy. Just because a person or group of persons forms a corporation to do business does not mean that they are not entitled to privacy. > HOWEVER, American Consumer Services (or whatever it calls itself) is > operating as a public-service company, and as such is (or should be) > open to public scrutiny. I see absolutely NO problem with Mr. Borow's > publishing what he did. What in the world is a "public-service company"? True, these people are probably typical telemarketing sleaze (TTS for short), but that does not abrogate their rights. Why should they be open to public scrutiny? If they break the law, sure. But this type of invasion is inappropriate. I am, quite frankly, alarmed at this attitude that the sin of capitalism is an excuse for all types of excess. > This is information that anyone off the street could concievably get, > either by asking the company directly, or if necessary by going > through the Better Business Bureau or even legal channels. I think that's stretching it by a mile. I doubt that the company in question would give you that information, particularly if you advised them that you intended to publish it to Telecom. The BBB is, of course, a joke. They have virtually no investigative ability and certainly no authority. Pursuing legal channels would require that one show cause as to why one needed this information and why one had a right to this information. I doubt that anyone in this case, including the original recipient of the call, would be able to support such a request in court. > If I remember my American Government lecturer's comments correctly, > the Constitution of the United States explicitly guarantees the right > of privacy to INDIVIDUALS, not corporations. As I see it, > corporations, particularly those that operate in the public interest, > should be open books for us, the public, to read and base our consumer > behavior upon. I am not sure your lecturer knows what he is talking about. Corporations are "persons" under the law. They can own property and exercise a number of other rights. I know of no place where a court has specifically held that corporations, simply because they were corporations, had no right to privacy. Would you really want that? Without a corporate right to privacy, a letter you send to your bank, for example, could be opened at the post office for the amusement of all. Ed Hopper ehopper@ehpcb.wlk.com
cml@cs.umd.edu (Christopher Lott) (05/08/91)
Hi Pat, Here's my vote, if you're tallying them: You blew it. A moderator shouldn't post something this inflammatory. Mr too-eager-att-employee is in deep doo-doo, and it could have been avoided. If I were to send some slime in that libels various folks, you'd reject it. He libeled himself, in essence, and you sent it. Don't be personally offended, please. I think you do a great job. But you were waaaaaay out to lunch that day. chris...
PZ2@psuvm.psu.edu (David L. Phillips) (05/09/91)
In article <telecom11.341.7@eecs.nwu.edu>, motcid!peed@uunet.uu.net (Andrew Peed) says: > IF the telephone customer in question had been a private citizen, I > too would be outraged at Mr. Borow's publishing of this information. > If I remember my American Government lecturer's comments correctly, > the Constitution of the United States explicitly guarantees the right > of privacy to INDIVIDUALS, not corporations. In fact, if I remember MY lecturer's comments (from far too long ago) as well as more recent business dealings, in law, corporations are treated as persons. That is one of their main differences from partnerships and proprietorships. So they have the same right to privacy as the rest of us.
herrickd@uunet.uu.net (HERRICK, DANIEL) (05/09/91)
In article <telecom11.341.2@eecs.nwu.edu>, sichermn@beach.csulb.edu (Jeff Sicherman) writes: > Note that I don't hold PAT morally responsible for having 'printed' > it, but Mr. Moderator, were you asleep at the switch? I would think > your background, attitudes and dedication to weeding out articles > would have raised an alarm in your mind. I spent some time thinking about Pat's position with this little imbroglio. My first thought was that Pat could have kept things less drastic for his informant by just returning the posting saying he could not publish such a thing. However, this action would have left both of them open to blackmail - Pat for possession of contraband, his informant for having extracted it and then tried to coverup. Pat would never be able to demonstrate that he had destroyed all copies, and he sent a receipt for the original. Second possibility. Pat could have told his informant his action was improper and passed the information on to some authority in AT&T (postmaster@host is one possibility), while not publishing. This introduces the possibility of the informant being taught some wisdom without being fired. However, the story would have leaked out. There would have been screams of a coverup. AT&T lower-middle management might have tried to suppress the event without dealing with the systemic problem of inadequate controls on sensitive data. Third possibility. Pat does what his informant asked him to do when he submitted the contraband. Publish it to the world. And pursues whatever private action he considers appropriate. The informant has to be fired. Pat is not responsible for this event. comp.risks will have a new topic. AT&T will have to answer publicly for bad design and controls. The fallout will include non-technical management at many companies noticing that they should understand the safeguards on sensitive data. Summary. Pat had an ethical choice. All paths he could have chosen had undesirable results. I think the one he chose was well chosen. dan herrick herrickd@iccgcc.decnet.ab.com
trebor@uunet.uu.net (Robert J Woodhead) (05/10/91)
ndallen@contact.uucp (Nigel Allen) writes: > In that sense, I think that > anyone who deals with sensitive information about other people, > whether they work for a hospital or telecommunications company, has an > obligation to make sure that any information they disclose about their > work does no harm. And who decides whether the disclose did harm? Who gets to play "God?" > Saying something in private to Patrick would have done no harm. Again, sez who? Who knows what Patrick, or anyone else might be tempted to do with the information? The reason there are RULES about confidentiality is to reduce the temptation to play God! > While the telemarketing company in this case did not lose > anything by having its calling patterns disclosed, I think AT&T > suffered by appearing to be a telecommunications carrier whose > employees don't keep proprietary information confidential. I'd disagree with your first point -- I'm willing to bet that said company's lawyers would disagree too, if they found out about it. You're right on point two, though. The loss to AT&T could be quite significant. > That having been said, Randy didn't do this out of a desire for > profit. He deserves to be yelled at by his boss, not fired. What Randy "deserves" is to be treated like any other employee who committed this infraction of "the rules." Whether or not the disclosure was "harmless" is besides the point. kaufman@neon.stanford.edu (Marc T. Kaufman) writes: > In article <telecom11.337.3@eecs.nwu.edu> syd@dsi.com writes: >> disclosure of records of calling patterns to any third >> ----- >> parties, or disclosure of phone calls was not only against rules, it >> was illegal and we could be procusuted, and a reference to the >> appropriate statue for my state was stapled to the booklet. > I understand this, and think it is proper, however ... how then can > one of the LD carriers call me and say: "Mr. Kaufman, we have analyzed > your long distance calling pattern -- and you can save $x by > subscribing to our service". Mark, in this case, you are the party of the second part, not the infamous party of the third part. It's perfectly OK for the phone company to tell you "we've looked at how YOU make phone calls with US and you can save money" but not for THEM to tell US what phone calls YOU made. (Geez, I shudda been a lawyer ;^) ) Robert J. Woodhead, Biar Games / AnimEigo, Incs. trebor@foretune.co.jp