This week's tirade stretches the rule about the pieces of nonsense that I write for this space having to be at least vaguely technology-related, but I was alerted to the subject by an item in a compendium of technology stories that, at my request, The Washington Post emails me daily. If The Washington Post considers it to be a technology story, that's good enough for me. In case it's not good enough for you, allow me to point out that, despite the fact that the activity I'm about to discuss doesn't necessarily require technology, the instance of it that I reference involves the telephone, which, of course, is a technology. Furthermore, the reason the practice is now in the news is that it was recently undertaken by an enterprise that is most definitely a technology company. For good measure, in order to bolster the technology context, I'll also include a paragraph that refers to an existing e-mail and Web issue. Thus, I do think that, if I have to, I can corroborate this column's technology-related credentials.
Now that I've thrown in enough words of mindless preamble to make absolutely certain that, after any edits, I will still have spewed out the maximum word count that MC Press will pay me for, let's get started.
This week, I'm going to talk about the "business" practice referred to as pretexting. In case you're not familiar with this term—if you're not, don't feel bad because it's a coined word (not coined by me) that you won't find in most dictionaries—I'll explain it. Pretexting has absolutely nothing to do with preparations taken before sending a text message. Nor does it refer to the period of human history before the dawn of text messaging. Instead, it's the practice of using a pretext to extract information from someone when they would likely not have given you that information if you told the truth. Many people would say it's the practice of using a "false pretext," but that would be redundant because the dictionary definition of "pretext" is a misleading or untrue reason given for something. And redundancy is a waste of time as it makes you spend time without gaining any value from its expenditure.
To illustrate pretexting, a September 9, 2006, Washington Post article used an example of a hypothetical company that gathers data by claiming to be a reputable research firm when, in fact, it's not. The article didn't suggest what purposes other than valid, anonymous research that the company might use that information for, but, on a personal rather than a corporate level, think in terms of the caller selling your personal data for big bucks to a whole mess of scum-like companies that will then annoy the hell out of you with a deluge of telemarketing calls, junk mail, and, if they can get your e-mail address, spam for the rest of your life and for the rest of your heirs' lives and their heirs' lives thereafter. Your third-generation heirs are probably safe, but I make no promises in that regard. On a corporate level, think of industrial espionage or the raiding of companies to try to hire away employees.
This is an old practice. Because you can do pretexting in person without any modern technology, I'd venture a guess that, while it may not be the world's oldest profession (wink, wink, nudge, nudge), it probably ranks right up there. Pretexting gained media prominence recently because investigators hired by Hewlett-Packard were caught doing it in order to attempt to find out who at HP leaked confidential corporate information to the media. The investigators obtained personal information, including Social Security Numbers, of various journalists and HP directors. The investigators used that information to trick phone companies into turning over the cell and home phone records of the people under investigation.
Despite the fact that this pretexting exercise was instigated as a result of the unauthorized disclosure of confidential corporate information by an insider—an activity that was, at best, likely unscrupulous and, at worst, possibly illegal—there are many people, myself included, who think that the pretexting was itself at least unethical, if not unlawful. Using a pretext, without any prior reference to a court, to spy on a bunch of people, most of whom are innocent, sounds very much like dirty pool to me.
As I mentioned, the practice of pretexting is not new. The term isn't new either, at least not here in Canada, but I can't speak for the rest of the world. About 20 years ago, I worked with a couple of former IT headhunters. One of them, who quit headhunting because she was uncomfortable with the lies she was expected to tell, told me about the pretexting that headhunting firms undertake in order to get the names and contact information of employees at targeted companies. Back then, headhunters in Canada and, although I can't say for sure, probably elsewhere, were already referring to it as pretexting.
Why anyone ever had to invent a word like pretexting is beyond me. There is already a perfectly good word that covers it: lying. If you are pretexting, you are deliberately saying something that is untrue. I checked the dictionary. That pretty much exactly matches the definition of lying.
The invention of the term "pretexting" is all part of the great human endeavor to soften uncomfortable things by couching them in manufactured, comfy language. It's like the word "downsizing," which is salve for the consciences of the downsizers but does little to help the downsized. When "downsizing" lost its comforting abilities through overuse, someone came up with the word "rightsizing."
A word to the downsizers and rightsizers: You're not downsizing or rightsizing. You're firing people. Many of those people are hard workers with strong work ethics. You're doing it because you think your business will be more profitable without those people than with them. I'm not opposed to that practice as long as the fired workers are treated as fairly as possible when dismissed. As they say, the business of business is business. Employment is not charity. All I'm saying is that if you're going to do it, have the guts to call it what it is: firing. And if you're going to make up some false story to get information that you would not otherwise get, have the guts to call that what it is too: lying, not pretexting.
The Washington Post article said that the laws concerning pretexting are, to use its term, fuzzy. A U.S. law already prohibits using false information to get financial data from individuals or corporations, but the legality of doing it to gather something other than financial data is a grey area. According to the article, Congress recently stiffened the penalties for using pretexting to access phone records, and some states are considering measures against pretexting as well.
Um, excuse me? I have no legal training, so I'm probably missing something, but aren't there already laws that prevent this practice? A pretexter tells lies in order to gain something of value. Clearly, the pretexter considers the data to be of value because otherwise he or she wouldn't go to the bother of trying to get it. Equally clearly, pretexters must think that the victims of pretexting believe that the nondisclosure of the information holds some value for themselves; otherwise, it wouldn't be necessary to use pretexting to obtain it. Let's sum this up. A pretexter lies in order to gain something of value from someone who wouldn't have given it to the pretexter if the truth had been told. Would someone please explain to me how that differs from fraud?
This has implications beyond the telephone pretexting discussed in the article. (I promised to relate it to email and the Web. This being the final paragraph, it's my last opportunity to keep my promise and avoid being accused of using a pretext to get you to read this column.) Phishing uses emails and Web sites that pretend to be something they're not—namely, the product of reputable, well-known companies—to gain information from you that you would otherwise not provide. If pretexting is legal, why shouldn't phishing be legal? Or, at the risk of being redundant again, if pretexting is legal, why shouldn't fraud be legal? As I said, I have no legal training, but my understanding is that fraud is not legal. Am I wrong about that?
Joel Klebanoff is a consultant, a writer, and president of Klebanoff Associates, Inc., a Toronto, Canada-based marketing communications firm. He is also the author of BYTE-ing Satire, a compilation of a year's worth of his columns. Joel has 25 years experience working in IT, first as a programmer/analyst and then as a marketer. He holds a Bachelor of Science in computer science and an MBA, both from the University of Toronto. Contact Joel at
Joel Klebanoff is a consultant, writer, and formerly president of Klebanoff Associates, Inc., a Toronto-based marketing communications firm. He has 30 years' experience in various IT capacities and now specializes in writing articles, white papers, and case studies for IT vendors and publications across North America. Joel is also the author of BYTE-ing Satire, a compilation of a year's worth of his columns. He holds a BS in computer science and an MBA, both from the University of Toronto.
MC Press books written by Joel Klebanoff available now on the MC Press Bookstore.
 |
||
 |
|
BYTE-ing Satire Find out the hilarious answer to the eternal question: "Is technology more hindrance than help?" List Price $14.95 Now On Sale
|
More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online