Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!casbah.acns.nwu.edu!nucsrl!telecom-request From: davep@u.washington.edu (David Ptasnik) Newsgroups: comp.dcom.telecom Subject: Sprint Responds to Privacy Complaint Message-ID: Date: 3 Mar 91 12:18:47 GMT Sender: news@casbah.acns.nwu.edu (Mr. News) Organization: TELECOM Digest Lines: 61 Approved: Telecom@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 173, Message 6 of 9 Originator: telecom@delta.eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu Nntp-Posting-Host: hub.eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu Some weeks ago I found the US Sprint 800 number that gives the balance of any Sprint customer's bill to any caller with an interest. I whined to Sprint that I thought this was insecure and a violation of my privacy. They sent the following reply: ********************************** Dear Mr. Ptasnik: I appreciate the time you took to express concerns about the access method we use in our automated response system. I have forwarded your complaint to our Corporate office for review and consideration. The information that can be accessed with the area code and phone number is balance and payment history. To add a FONCARD to an account, it is necessary to provide the account number. The convenience of accessing information with the telephone number is offered to customers only on non-service affecting transactions. Besides informational announcements, all other contacts are handled by customer service representatives. Screening techniques are in place to ensure that only account holders have access to the most sensitive information. I agree with you that the methods we use do not provide "absolute" security. Unfortunately, even the most elaborate security system can be penetrated given the right amount of determination and skill. Please be assured that most local telephone companies and other long distance carriers utilizing this technology are employing the same access method. We value you as a customer and appreciate your business. Your comments and concerns will be given serious consideration by our Corproate office. Again, I thank you for taking the time to provide us with your opinions. Sincerely, Kathleen Mc Mahon Customer Service Manager ******************************** Any typos in the above were my fault. While I appreciate the response to my complaints, I intend to pursue it further. I don't want "absolute" security, just some. I really doubt the idea of AT&T using so insecure a method. It is my general understanding that AT&T has a call back system, requiring you to be at a predetermined phone number, ready to enter a security code. I'm not sure if this is for long distance balances, or just equipment purchase balances to larger users, but it is more secure than Sprint. The suggestion that "screening techniques are in place to ensure that only account holders have access to the most sensitive information" implies that my account balance is not sensitive. It is to me. I'm going to write them again, and keep you all informed of the continuing saga. davep@u.washington.edu