Sometimes, I think the Public Interest Advocacy Centre loses sight of its primary raison d’être: “legal and research services on behalf of consumer interests, and, in particular, vulnerable consumer interests, concerning the provision of important public services.”
I recently wrote [see “Strange bedfellows”] about how PIAC is acting in a coalition with the pulp and paper industry in a CRTC review of paper billing practices.
In another CRTC proceeding, examining ways to control consumer fraudulent wireless customer transfers (“SIM-swapping”), PIAC filed a letter seeking disclosures that again left me wondering what the public interest organization is thinking. In that proceeding, the CRTC asked a series of questions of the parties, including seeking more details on methods being developed to thwart the purveyors of fraud.
Some of the responses [such as this one by CWTA] have portions redacted, with a claim for confidentiality. CWTA wrote “The information submitted contains detailed fraud prevention measures, and its release would enable fraudsters to better understand the measures implemented by the industry to protect Canadian consumers from fraud, thus circumvent these measures and expose consumers to further harm.”
One would have thought the reasons for this is somewhat self evident.
Last week, PIAC filed an application for public disclosure. “PIAC is in receipt of the heavily redacted responses to these RFIs, as well as the responses regarding implementation of the CWTA’s proposed (confidential) measures to address SIM-swap fraud, which fail to provide any meaningful information nor even the expected date of implementation of the CWTA and industry’s secret protocol.”
That is actually a good thing, isn’t it? In the public interest, wouldn’t PIAC want to help make sure that these public disclosures “fail to provide any meaningful information nor even the expected date of implementation of the CWTA and industry’s secret protocol.”
Wasn’t that precisely the idea behind the redactions?
PIAC writes “the responses argue that keeping this information confidential is important to protect the information from being disclosed to fraudsters who could circumvent the purported controls and/or to shield this information from competitors.” PIAC goes on to express “dismay” at the “lack of transparency” and the “clandestine approach” that has “not only deprived consumers of access to vital information but also denied them of an opportunity to engage in a well-informed dialogue on this serious issue.”
According to PIAC “The specific information and data being withheld is timely and relevant to SIM-swap victims and all consumers. Consumers need to have access to these details to be able to provide input and raise any concerns they might have at this stage, rather than after the subject measures are implemented.”
Why? Consumers can provide input on requirements without the details of the implementation.
PIAC claims “Adoption of security measures by keeping consumers in the dark is unfair and unnecessary.”
It is unclear how satiating PIAC’s voyeuristic curiosity will lead to better operational procedures than those developed by professionals bearing the potential risk of financial liabilities if methods fail, coupled with a review by regulators.
At the risk of publicly displaying fraud control methods, it is difficult to see how the public interest outweighs the risk of disclosure.
Aren’t internal fraud prevention methodologies an area that just might merit less transparency?
Can we keep the drapes closed when reviewing procedures to counter fraud?