Shostack + Friends Blog Archive



I realized today that Chris Hoofnagle’s blog at EPIC West wasn’t on my blogroll. He’s had lots of important posts up lately, from the informational (“ CA OPP: 13 New Privacy Laws in Effect“) to the amusingly disgusting (“Pretexting Isn’t Lying, According to“)

California’s Office of Privacy Protection just released an announcement that 13 new laws took effect on January 1 related to privacy. The annoucement is not yet online, but is reprinted in full in the extended entry section below.
One critical issue is how the phone records are obtained. There appear to be three methods in which online data brokers perform this service. We believe that the bulk are obtained through “pretexting,” a practice where an investigator impersonates the account holder, and gains access to the records by fooling a customer service representative. We believe that this is the case, because investigators have subscriptions to “commercial data broker” services that allow them to obtain account holders’ Social Security numbers, mother’s maiden names, and dates of birth, that facilitate impersonation and identity theft.

That California passed 13 laws about privacy is foreshadowing. Unless we have a strong national law, State Legislatures will continue to act, passing laws to protect people. So I’ve added Epic West to the blogroll.