lauren@vortex.com (Lauren Weinstein) (03/24/91)
Greetings. There have been reports in various forums recently of various concerns regarding U.S. Sprint's new policy of allowing access to almost all (1+ long distance dialing) customer account balances based only on ten-digit phone numbers (previously, account numbers had been needed to obtain such information). Account balances for all phone numbers with 1+ service selected to Sprint, except for those customers connected to Sprint by high volume leased line facilities (e.g. T1) are apparently accessible via the system. Concerns have been expressed about misuse of this data by outside organizations, competitors, or even other carriers looking to target the "big" customers. Certainly most people have been assuming that the amount of their long distance bills was not "public" information. I have been following this rather closely, and over the last several weeks have had a complaint working its way up the chain in Sprint. As a user of Sprint (as well as other carriers) I personally feel that account balance information should be private between the carrier and the customer. If reasonable protections cannot be provided for that information in automated systems, customers should at least have some method for "opting out" of the automated account system itself. Sprint has been very good about staying in touch about this issue. The "end of the line", so to speak, has been Ms. Rochelle Richter at the Sprint Executive Offices. She's an "Executive Analyst" in the offices of the President of Sprint (Mr. LeMay) and the Sprint CEO (Mr. Esrey). She tells me that they have been informed of the concerns I expressed over this system. The number for the Sprint Executive Offices where Ms. Richter (or the other persons mentioned above) can be reached is (800) 347-8988. Ms. Richter also discussed the issue with the gentleman in charge of the development and management of the automated system itself, Mr. Rick Shield at (816) 276-6242. I'm sorry to report that Sprint at this time does not view the privacy issues involved as a problem. They do plan to add a requirement that users enter their zipcode as well as their ten digit number, apparently viewing the zipcode as a security measure. I assume that most of us agree that the addition of the zipcode does not represent any real security improvement, since it is trivially available to anyone who wants it in most cases. The Sprint view is that they have had very few complaints from customers about the system (she claims only two), that they don't see what the concern is about account balance information, and that they haven't heard of any similar systems causing problems for the customers or the companies providing information. She invites those with concerns about this issue to contact her directly at the toll-free 800 number above. She made it clear that unless they get significant numbers of complaints from customers, there is currently no intention for any change other than the "zipcode" requirement mentioned above. She also invites comments to herself or Rick Shield from persons who have documented evidence of the privacy/security problems which could result from such systems. If any of you are Sprint customers and *are* concerned (either as an individual or as an organization) about the privacy issues involved with this system, or even if you are a non-customer and can offer Sprint some insight into the issues involved, I would suggest that each of you take Ms. Richter up on her offer and express your views, so that Sprint will have more opinions on which to base any future decisions about their system. --Lauren--
john@zygot.ati.com (John Higdon) (03/24/91)
Lauren Weinstein <lauren@vortex.com> writes: > If any of you are Sprint customers and *are* concerned (either as an > individual or as an organization) about the privacy issues involved > with this system, or even if you are a non-customer and can offer > Sprint some insight into the issues involved, I would suggest that > each of you take Ms. Richter up on her offer and express your views, > so that Sprint will have more opinions on which to base any future > decisions about their system. I have expressed my opinions to Sprint until my throat and fingertips hurt. You get a lot of "we appreciate your business" but not any real action. When Sprint started handing out my account balance (and the date and size of my last payment) to the world, I stopped prefixing any of my calls with 10333. If people want to get an idea of the amount of my long distance traffic, they will not get it from the Sprint Chatty-Kathy. Last night, I learned that an associate had just had one of his lines slammed by Sprint. That, coupled with the outage today, the chronic billing problems and the unreliability enhanced by a brain-dead service department has pretty well convinced me to save myself future headaches and go elsewhere for long distance service. At this point, Sprint would have to be nearly free for me to consider using it further. BTW, the suggestion by Sprint of using zipcode as a security key is a major laugh. Right now, it is given to the inquiring caller: "the zipcode on this account is 'XXXXX'. If this is correct press '1'." So, if you have any thoughts about sneaking a peek at someone's Sprint account and you really do not know the billing zipcode, be sure to call now and Sprint will give it to you for future reference! For the record, I have had a Sprint account since it was Southern Pacific Communications offering the excess capacity of the railroad communications. Considering the resouces, technology, and talent that operation has had available to it, it certainly has become a monumental disappointment. John Higdon | P. O. Box 7648 | +1 408 723 1395 john@zygot.ati.com | San Jose, CA 95150 | M o o !
wah@zach.fit.edu (Bill Huttig) (03/25/91)
MCI offers account information via their 800 number also ... depending on which region you call into depends on if it requires the number only or number and zip code. [Moderator's Note: Oh really? Would you please post the number we should call to invade our MCI-using neighbor's privacy? Thanks. PAT]
yazz@prodnet.la.locus.com (Bob Yazz) (03/25/91)
800/347-8988 is the number to complain to Sprint about this; first things first. Thank you, Lauren, for posting it. The Executive Analyst has had only TWO complaints? Must be John Higdon and me! I'm sure Sprint's ability to, uh, count isn't in question, is it? (:-/ Payphone ripoff problems in California? Call 800/352-2201 M-F, 8-5 Bob Yazz -- yazz@lccsd.sd.locus.com
fulk@cs.rochester.edu (Mark Fulk) (03/27/91)
In article <telecom11.239.5@eecs.nwu.edu> yazz@prodnet.la.locus.com (Bob Yazz) writes: > 800/347-8988 is the number to complain to Sprint about this; first > things first. > The Executive Analyst has had only TWO complaints? Must be John > Higdon and me! > I'm sure Sprint's ability to, uh, count isn't in question, is it? (:-/ I just spoke to Gena Fulmer at the above number. She admits to having heard quite a few complaints, and indicated that they would likely be acted on. We had a brief, but very nice, conversation about privacy concerns. I supplied her with the following scenario, which she agreed constituted a significant privacy invasion: My boss suspects me of wanting to go elsewhere. Before the start of the hiring season, he starts checking my Sprint balance every night. A rapid increase in long-distance phone calls contributes to his suspicions. Mark Fulk
whitejon@cmcl2.nyu.edu (jonathan white) (03/28/91)
yazz@prodnet.la.locus.com (Bob Yazz) writes: > The Executive Analyst has had only TWO complaints? Must be John > Higdon and me! I think that the count is a bit off. I also complained and recieved, in yesterday's mail, a letter from Ms Richter explaining what Lauren outlined in the earlier posting. While I can't be sure, the signature in the letter that I recieved looks like a photo copy (feel free to interpret that any way you like). jonathan whitejon@acf5.nyu.edu
whitejon@cmcl2.nyu.edu (jonathan white) (04/01/91)
wah@zach.fit.edu (Bill Huttig) writes: > MCI offers account information via their 800 number also ... > [Moderator's Note: Oh really? Would you please post the number we I called 1-800-444-3333 and although I got a real live customer service rep when I said that I had called for automated account information I was told that it was normaly available and that the system was down. [Moderator's Note: I just now tried the above number, and not only does the automated system discuss 'your' existing MCI account and balance, it also allows you to convert 'your' line to MCI One Plus service if desired. So, I converted several of you to MCI as your primary carrier while I was there. :) ha ha! PAT]
David Smallberg <das@cs.ucla.edu> (04/04/91)
In article <telecom11.243.2@eecs.nwu.edu> fulk@cs.rochester.edu (Mark Fulk) writes: > I just spoke to Gena Fulmer at the above number [ 1-800-347-8988 ]. She > admits to having heard quite a few complaints, and indicated that they would > likely be acted on. Maybe Rochelle Richter and Gena Fulmer don't talk to each other. I just got off the phone with Ms. Richter. Here's the history of the system: a survey of customers showed that people would love automated access to the kinds of information that they had previously had to ask a human operator for. Originally, a caller would give his Sprint account number to access the system. This was a pain for many people, and *lots* of complaints were received; things were changed so that your phone number is accepted instead. Sprint examined the Privacy Act, and does not disclose things that the Act prohibits (call details, customer name or address). They do, of course, give the total amount of your bill. Her claim is that the cost of the programming change to require a PIN is not yet justified by the number of complaints. There is some consideration of flagging a number to disallow automatic billing info access. It's a numbers game -- oodles of people like the system, whereas I'm only the 19th person to have called her (she's keeping a list, to let us know if things change). I gave her the "boss suspects you're looking for another job" and "jealous boyfriend suspects you're doing a lot of calling to that guy you met from far away" scenarios. I didn't think she felt that these were problems, given that no one's complained that it's happened to them. One thing she said was "Well, you can't have perfect security -- someone who really wants the information could probably find some way to get it." Oh, and since the number is that of Sprint's executive offices, I would imagine that those of you who've been having serious billing problems could direct your complaints there (You probably already have). David Smallberg, das@cs.ucla.edu, ...!{uunet,ucbvax,rutgers}!cs.ucla.edu!das