Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uwm.edu!lll-winken!telecom-request From: lauren@vortex.com (Lauren Weinstein) Newsgroups: comp.dcom.telecom Subject: Sprint Says NO to Increased Account Security Message-ID: Date: 23 Mar 91 21:15:41 GMT Sender: Telecom@eecs.nwu.edu Organization: TELECOM Digest Lines: 66 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 231, Message 3 of 12 Greetings. There have been reports in various forums recently of various concerns regarding U.S. Sprint's new policy of allowing access to almost all (1+ long distance dialing) customer account balances based only on ten-digit phone numbers (previously, account numbers had been needed to obtain such information). Account balances for all phone numbers with 1+ service selected to Sprint, except for those customers connected to Sprint by high volume leased line facilities (e.g. T1) are apparently accessible via the system. Concerns have been expressed about misuse of this data by outside organizations, competitors, or even other carriers looking to target the "big" customers. Certainly most people have been assuming that the amount of their long distance bills was not "public" information. I have been following this rather closely, and over the last several weeks have had a complaint working its way up the chain in Sprint. As a user of Sprint (as well as other carriers) I personally feel that account balance information should be private between the carrier and the customer. If reasonable protections cannot be provided for that information in automated systems, customers should at least have some method for "opting out" of the automated account system itself. Sprint has been very good about staying in touch about this issue. The "end of the line", so to speak, has been Ms. Rochelle Richter at the Sprint Executive Offices. She's an "Executive Analyst" in the offices of the President of Sprint (Mr. LeMay) and the Sprint CEO (Mr. Esrey). She tells me that they have been informed of the concerns I expressed over this system. The number for the Sprint Executive Offices where Ms. Richter (or the other persons mentioned above) can be reached is (800) 347-8988. Ms. Richter also discussed the issue with the gentleman in charge of the development and management of the automated system itself, Mr. Rick Shield at (816) 276-6242. I'm sorry to report that Sprint at this time does not view the privacy issues involved as a problem. They do plan to add a requirement that users enter their zipcode as well as their ten digit number, apparently viewing the zipcode as a security measure. I assume that most of us agree that the addition of the zipcode does not represent any real security improvement, since it is trivially available to anyone who wants it in most cases. The Sprint view is that they have had very few complaints from customers about the system (she claims only two), that they don't see what the concern is about account balance information, and that they haven't heard of any similar systems causing problems for the customers or the companies providing information. She invites those with concerns about this issue to contact her directly at the toll-free 800 number above. She made it clear that unless they get significant numbers of complaints from customers, there is currently no intention for any change other than the "zipcode" requirement mentioned above. She also invites comments to herself or Rick Shield from persons who have documented evidence of the privacy/security problems which could result from such systems. If any of you are Sprint customers and *are* concerned (either as an individual or as an organization) about the privacy issues involved with this system, or even if you are a non-customer and can offer Sprint some insight into the issues involved, I would suggest that each of you take Ms. Richter up on her offer and express your views, so that Sprint will have more opinions on which to base any future decisions about their system. --Lauren--