Pretexting, what we used to call "social engineering," is a time-honored practice wherein you commit fraud to gain access to records or a computer system. Since the HP Board of Directors fell victim to it, Congress has grown worried about this "new trend." So, naturally, they are going to work hard to ensure that companies cannot do this to their employees, but they remain entirely defiant on law enforcement being allowed to use this practice. You did know that law enforcement and intelligence agencies are legally exempt from this form of fraud, right?
The problem, though, is that the proposals in front of Congress aren't likely to stop some of the most aggressive users of "pretexting": the FBI, the Department of Homeland Security and other law enforcement agencies.
They're simply immunized. Police who engage in pretexting and the shady private investigators they hire won't be affected. A CNET News.com chart of 11 supposedly "anti-pretexting" bills shows that all but four bills exempt police in one way or another.
Let's be clear about what pretexting is. It means committing fraud to acquire someone's personal records, such as phone calls, without their consent. It's like hiring a private investigator to break into someone's safe-deposit box one evening because you're curious about their net worth.
Here's the rub. Law enforcement and intelligence agencies don't need this ability for legitimate work. They already have avenues that they can go through, quaintly known in traditional English as "courts" (the postmodern Bush-English translation is "den of liberal traitors"). When they need information, they simply go to these "courts" and get a warrant for the information, which is a legal document saying that someone has the audacity to watch what they are doing and tell them what they can look at and take back with them. It's a waste of time and money, I know, because there is no track record of executive power being abused.
"Pretexting" is believed to be part of how the NSA got ahold of those phone records. As the article I linked to above points out, most of the major federal agencies use this fraudulent tactic to get around the legal requirements. Apparently the rule of law is too much of a burden for law enforcement. Why even stop them from continuing to cherry pick which felony crimes they are going to give themselves the privilege of committing to make their lives easier?
Meanwhile, things keep getting worse and worse for HP's former Chairwoman. It looks like she and those she hired are just not going to be able to avoid criminal prosecution for their use of social engineering. Better that the rule of law apply to part of the elite than none of it, I suppose...
The Founding Fathers were wise enough to understand that rules, like speed-limits, were going to be ignored.
That's why rather than try and mold government into an impregnable fortresses of morality and virtue armed, they tried to keep government as limited and impotent as needed, in order to keep the forces of darkness from seeing much use in it.
Oh well, like Big Poppa Barry told us, "The Government big enough to give you everything is big enough to..."
I think that the greatest weakness of our "democracy" is that our vaunted social engineers are never held to the same standard that real engineers are held to. You just did it again, Abe... now I've got material for yet another screed on the evils of social engineering...
The irony of these soul-saving laws is that they end up killing some of the people they are supposed to save since they're all enforced with the barrel of a gun.
I don't think we need laws like this.
The person who holds the information has the obligation to safeguard it, not the people who want it.
Pre-texting, as you describe it, certainly involves some lieing, but not to any extent where cooperation is compelled by the information-holding agency.
If they follow their own rules, businesses don't fall into this trap. If their rules are inadequate, their customers punish them in the market.
They do have an obligation, but there should be a punishment for the person trying to do it. The way that they do it clearly involves systematic fraud to be committed against the group holding the information. We were talking about this today, and one person brought up that they'll keep defrauding the company, getting a little bit more information every few days until they can successfully impersonate the person to a degree that will get them full access to the person's account.
The way I see it, there are at least multiple counts of fraud and identity theft involved in pretexting (or social engineering, if you prefer). It wouldn't be much of a stretch to argue that we do need laws to expand the scope of fraud and identity theft criminal statutes to encompass this behavior because it almost always is the precursor to very nasty criminal behavior (often economic crime).
...because it almost always is the precursor to very nasty criminal behavior (often economic crime).
But isn't that already against the law? If not, criminal behavior should be.
Make it a law then Roci.
Perhaps it should also be a law that we all should be nice to one another, create happiness from deep within our hearts and make love as often with that "special" someone (this actually helps society, as people are less agressive).
La, la, la, la...