alt Hacker NewsI'm sorry but this sounds like bullshit. As someone who has access to such data at a telco:
- Very few people have legit business cases requiring access to enriched network telemetry, at least non aggregated.
- Of which, only a handful have any reason to see the MSISDN in clear.
- Of which, none can get access to clear CRM data.
- Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
Also why not simply switch to a different phone operator?
Replies
So what you’re saying is if you were secretly a psycho and wanted to stalk your ex-girlfriend, you work at a Telco and basically have access to the tools to do it?
So putting aside the fact you’re a reasonable person, anyone who works themselves up to a similar seniority and job description in a Telco as you, could in fact do exactly what the article is saying is an issue for the victims.
I'm sure every single telco in the world is perfectly in line with this
I'm glad to hear that your random telco's governance and influence has spread around the entire world to every other telco.
FYI: from the fact it's hard (not impossible) to see the data mentioned and it's possible (not guaranteed) that the caught offender would be punished is a VERY long way to "you lie".
Theirs was anecdata, yours is anecdata but you're additionally rude.
> And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
What is this based on? I used to work for a data governance and privacy vendor that supplied data for audits. Tons and tons of customers asked us to fudge their data.
This is after the Delve scandal, where the hottest tech compliance company was completely fraudulent and numerous other hot tech companies also had completely fraudulent audits.
This is not a reasonable assumption.
Ah, I remember back in the day when "trust me I work in a telco and this is just dumb" people were really really silent after the room 641a stuff got leaked.
you are close to a system in a way that those guardrails are clear and present; the story is from the point of view of a victim, and it is possible that they were indeed a victim. Therefore the means of the stalking is not known at all via this story, but somehow, something did occur. It is not surprising on either side, and they do not necessarily contradict each other IMHO
50M+ subs operator, at least 10 employees can have both location and CRM data, I guess it's pretty typical.
> As someone who has access to such data at a telco
so you do have access :)
> - Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
correct for LI, not for emergency.
> Also why not simply switch to a different phone operator?
yes, the only solution.