Private Data Sold From Indian Call Center

Matt Freman writes to mention a ZDNet article on reports that private data is being sold out of an Indian call center. A U.K. television programme, 'Dispatches', follows a 12-month investigative report on illegal privacy-related activities. During the taping of the show thousands of U.K. bank customers had their personal information sold by the staff of a call center. From the article: "Indian IT trade organization Nasscom criticized Channel 4 for refusing to show it any of the footage before it was broadcast on Thursday evening. It urged the program makers to cooperate in rooting out and prosecuting any 'corrupt' call center workers. 'The whole issue of data security is a global problem,' said Sunil Mehta, a vice president at Nasscom. 'There are bad apples in every industry around the world, and these incidents happen in India and the U.K. This is not a widespread problem in India. Security measures and practices that Indian companies have are the best in the world.'"

Re:Hmm...

[weave]

Amen. We just recently had an esoteric problem with Windows and roaming profiles where in about 1% of the logons, the user's perms to their user hive in the registry would be removed, preventing any GPOs from applying. After two weeks of debugging and not being able to faithfully reproduce it, we called microsoft and paid for an advanced support call to troubleshoot mission critical issues. This is one where "senior management" is allegedly notified of your issue.

We never got out of India, as evidenced by the emails that went back and forth and their origin (you can't always judge by accent because there are Indian citizens working domestically). However, as you stated, the ability to understand what they were saying was enough to drag each call out to twice as long as it should have been.

Then there's the quality of the "support." We were treated as if we were Grandma with a PC problem. We provided clear userenv logs and asked specific questions like "What causes migratent4tont5 process to invoked? What exactly is it checking for since we have no nt4 machines left?" No answers to our specific questions. Instead we got "advice" like.

• It's probably a virus problem.
• Please remove all non-microsoft services from all of your machines. "What? Including our Anti-virus software?" The answer was, yes.
• It's a driver issue with nvidia video cards (we don't have any machines with nvidia cards)

After a while the case person stopped returning our calls and their email started bouncing. Emailing the manager on record for this also bounced. Seemed like their email server was having problems.

They never followed-up on the call. After another week we found out what the problem was. If the ProfileList HKLM key didn't match what local cached profiles of roaming profiles exist on any given machine, it *sometimes* triggered this process that ended up changing the ACLs on the user hive preventing GPOs from being set. Solution was a machine startup script to check that list and remove any entries that conflicted.

They never even hinted to us where to look. We just found it through a heck of a lot of trial, errors, and observations. As far as I know, over a month later, the case is still open with them. They have never bothered to follow up. Then again, they probably closed the call with some lame excuse like "Customer refused to cooperate" (yes, we refused to remove anti-virus from all 2000 of our desktops. It was a stupid suggestion and had nothing to do with the problem at all)

Re:Blame it on India!

[Danga]

People with either a xenophobic agenda, or a protectionist agenda will jump on this with the whole "India is evil! Don't outsource to India" paranoia and hysteria, when in fact there is no reason to believe your data is more secure anywhere else.

There is a reason to believe my data would be more secure somewhere else and for me that would be here in the US. The reason it would be safer is because if someone were to sell my information working at a company here in the US then they would be held accountable to the laws we have against that and they would pay the price because I certainly would go after them myself if necessary. If the person who sells my data happens to be in another country then I would not have the choice to go after them myself and even though they most likely would lose their job their home country may not have any laws against what they did with my information so they could basically get away with it. So while there truly are "bad apples" everywhere there would be MUCH more deterent to sell someones personal information in a country that has laws against it than in a country where those laws do not exist.

I think if I was making $2/hr (I made that up, I don't know what the real number is but I am sure it is low compared to the US) while I knew I was being exploited for cheap labor and was offered a large sum of money in exchange for personal data knowing I would lose my job but not be in trouble legally that I would probably take the money and go hunting for a new job.

Basically I hope that some laws are passed in the US (and other countries) that already have laws guarding personal information to make sure if companies outsource access to that information that they are only allowed to outsource it to a country that has at least the same laws in regard to personal information. The best choice would to not outsource that information at all (so if the company in another country did not persue the employee legally I could do it myself) but at least this way if someone did do something with my personal information I would have some hope that they would be punished more than just losing their job.