This week's tirade stretches the rule about the pieces of nonsense that I write for this space having to be at least vaguely technology-related, but I was alerted to the subject by an item in a compendium of technology stories that, at my request, The Washington Post emails me daily. If The Washington Post considers it to be a technology story, that's good enough for me. In case it's not good enough for you, allow me to point out that, despite the fact that the activity I'm about to discuss doesn't necessarily require technology, the instance of it that I reference involves the telephone, which, of course, is a technology. Furthermore, the reason the practice is now in the news is that it was recently undertaken by an enterprise that is most definitely a technology company. For good measure, in order to bolster the technology context, I'll also include a paragraph that refers to an existing e-mail and Web issue. Thus, I do think that, if I have to, I can corroborate this week's column technology-related credentials.
Now that I've thrown in enough words of mindless preamble to make absolutely certain that, after any edits, I will still have spewed out the maximum word count that MC Press will pay me for, let's get started.
This week, I'm going to talk about the "business" practice referred to as pretexting. In case you're not familiar with this term—if you're not, don't feel bad because it's a coined word (not coined by me) that you won't find in most dictionaries—I'll explain it. Pretexting has absolutely nothing to do with preparations taken before sending a text message. Nor does it refer to the period of human history before the dawn of text messaging. Instead, it's the practice of using a pretext to extract information from someone when they would likely not have given you that information if you told the truth. Many people would say it's the practice of using a "false pretext," but that would be redundant because the dictionary definition of "pretext" is a misleading or untrue reason given for something. And redundancy is a waste of time as it makes you spend time without gaining any value from its expenditure.
To illustrate pretexting, a September 9, 2006, Washington Post article used an example of a hypothetical company that gathers data by claiming to be a reputable research firm when, in fact, it's not. The article didn't suggest what purposes other than valid, anonymous research that the company might use that information for, but, on a personal rather than a corporate level, think in terms of the caller selling your personal data for big bucks to a whole mess of scum-like companies that will then annoy the hell out of you with a deluge of telemarketing calls, junk mail, and, if they can get your e-mail address, spam for the rest of your life and for the rest your heirs' lives and their heirs' lives thereafter. Your third-generation heirs are probably safe, but I make no promises in that regard. On a corporate level, think of industrial espionage or the raiding of companies to try to hire away employees.
This is an old practice. Because you can do pretexting in person without any modern technology, I'd venture a guess that, while it may not be the world's oldest profession (wink, wink, nudge, nudge), it probably ranks right up there. Pretexting gained media prominence recently because investigators hired by Hewlett-Packard were caught doing it in order to attempt to find out who at HP leaked confidential corporate information to the media. The investigators obtained personal information, including Social Security Numbers, of various journalists and HP directors. The investigators used that information to trick phone companies into turning over the cell and home phone records of the people under investigation.
Despite the fact that this pretexting exercise was instigated as a result of the unauthorized disclosure of confidential corporate information by an insider—an activity that was, at best, likely unscrupulous and, at worst, possibly illegal—there are many people, myself included, who think that the pretexting was itself at least unethical, if not unlawful. Using a pretext, without any prior reference to a court, to spy on a bunch of people, most of whom are innocent, sounds very much like dirty pool to me.
As I mentioned, the practice of pretexting is not new. The term isn't new either, at least not in here Canada, but I can't speak for the rest of the world. About 20 years ago, I worked with a couple of former IT headhunters. One of them, who quit headhunting because she was uncomfortable with the lies she was expected to tell, told me about the pretexting that headhunting firms undertake in order to get the names and contact information of employees at targeted companies. Back then, headhunters in Canada and, although I can't say for sure, probably elsewhere, were already referring to it as pretexting.
Why anyone ever had to invent a word like pretexting is beyond me. There is already a perfectly good word that covers it: lying. If you are pretexting, you are deliberately saying something that is untrue. I checked the dictionary. That pretty much exactly matches the definition of lying.
The invention of the term "pretexting" is all part of the great human endeavor to soften uncomfortable things by couching them in manufactured, comfy language. It's like the word "downsizing," which is salve for the consciences of the downsizers but does little to help the downsized. When "downsizing" lost its comforting abilities through overuse, someone came up with the word "rightsizing."
A word to the downsizers and rightsizers: You're not downsizing or rightsizing. You're firing people. Many of those people are hard workers with strong work ethics. You're doing it because you think your business will be more profitable without those people than with them. I'm not opposed to that practice as long as the fired workers are treated as fairly as possible when dismissed. As they say, the business of business is business. Employment is not charity. All I'm saying is that if you're going to do it, have the guts to call it what it is: firing. And if you're going to make up some false story to get information that you would not otherwise get, have the guts to call that what it is too: lying, not pretexting.
The Washington Post article said that the laws concerning pretexting are, to use its term, fuzzy. A U.S. law already prohibits using false information to get financial data from individuals or corporations, but the legality of doing it to gather something other than financial data is a grey area. According to the article, Congress recently stiffened the penalties for using pretexting to access phone records, and some states are considering measures against pretexting as well.
Um, excuse me? I have no legal training, so I'm probably missing something, but aren't there already laws that prevent this practice? A pretexter tells lies in order to gain something of value. Clearly, the pretexter considers the data to be of value because otherwise he or she wouldn't go to the bother of trying to get it. Equally clearly, pretexters must think that the victims of pretexting believe that the nondisclosure of the information holds some value for themselves; otherwise, it wouldn't be necessary to use pretexting to obtain it. Let's sum this up. A pretexter lies in order to gain something of value from someone who wouldn't have given it to the pretexter if the truth had been told. Would someone please explain to me how that differs from fraud?
This has implications beyond the telephone pretexting discussed in the article. (I promised to relate it to email and the Web. This being the final paragraph, it's my last opportunity to keep my promise and avoid being accused of using a pretext to get you to read this column.) Phishing uses emails and Web sites that pretend to be something they're not—namely, the product of reputable, well-known companies—to gain information from you that you would otherwise not provide. If pretexting is legal, why shouldn't phishing be legal? Or, at the risk of being redundant again, if pretexting is legal, why shouldn't fraud be legal? As I said, I have no legal training, but my understanding is that fraud is not legal. Am I wrong about that?
|This article originally appeared as part of a weekly series of "Tech Tirades" in MC TNT from MC Press Online. The first year's worth of Tech Tirades does not appear here. Instead, you can find them in BYTE-ing Satire.|