Private Data Sold From Indian Call Center

Matt Freman writes to mention a ZDNet article on reports that private data is being sold out of an Indian call center. A U.K. television programme, 'Dispatches', follows a 12-month investigative report on illegal privacy-related activities. During the taping of the show thousands of U.K. bank customers had their personal information sold by the staff of a call center. From the article: "Indian IT trade organization Nasscom criticized Channel 4 for refusing to show it any of the footage before it was broadcast on Thursday evening. It urged the program makers to cooperate in rooting out and prosecuting any 'corrupt' call center workers. 'The whole issue of data security is a global problem,' said Sunil Mehta, a vice president at Nasscom. 'There are bad apples in every industry around the world, and these incidents happen in India and the U.K. This is not a widespread problem in India. Security measures and practices that Indian companies have are the best in the world.'"

How are cases prosecuted?

If a worker who works in same country as the company is caught in fraud, they are prosecuted and thrown in jail. If a megacorp outsources off-shore and the employees of that company are involved in fraud, exactly what assurances does that company or its customers have that the perps are prosecuted?

Also, I always wondered why companies that outsource are assured their trade secrets are not sold too.

Re:can the fired bad guys sue easily?

Fired? That's it? I'm curious of the economics of the crime then. Is it possible that one can earn enough coin by selling information where they never have to work again, and hence firing is worth it?

Re:How are cases prosecuted?

Most shady people who would sell others' information would not care about being fired from some $7.50/hr call center job. Prosecution is not a big threat either, as rare as it is for people to be aggressively prosecuted for data theft. This is true no matter what country the call center operates in. It's just what will inevitably happen when you farm out important corporate operations to the lowest bidder. Of course they will take shortcuts and of course there will be shady people willing to exploit the situation. The only thing surprising about this article is that people didn't realize the potential for these problems a lot sooner. And the only thing that surprises me about fraud is that it isn't more common, as easy as it is to do. All it takes to succeed is a little common sense is a complete lack of morals.

Its the Economics, STUPID

When you pay someone a wage, that relative to those of the people they deal with, they will become angry and resentful. The point of moving offshore is to save costs because the cost of living is so low, making the wages low.

Thus, the people who know they are making a great deal less than people in the UK or US feel that they are doing this to equalize themselves. It is a psychological phenomenon. People don't just want to do well, they want to do better than others.

Nope. India is just a morass of corruption.

They can not even prosecute clear cut cases of murder, when there is ample proof.

Just a somwhat current example: the murder of Jessica Lal.

The victim, an attractive model, worked at the bar at a friend's party in a fancy restaurant. A son of a powerful politician comes in with his entourage and asks for a drink. She refuses to give him one, because the bar is already closed. The man - offended beeing refused in front of his friends - pulls a gun and shoots her direct in the face.

Numerous witnesses. Ample evidence. OJ Simpson was a mystery compared to that. And yet, after seven years of judical wrangling, the man walks away free (not that he ever spent a day in jail). Witnesses who can not remember anything, a police that just happens to destroy or devalue all evidence - the case stinks of corruption.

Its been a major scandal in India half a year ago. But only because the victim was well known and had many influential friends of her own. Had she been a simple rural woman, we wouldn't even know. Local observers note that affairs like that are standard practice - if you are rich enough in India, there is no law that applies to you, because everybody is corrupt and can be bought.

Don't believe me ? Just google for Jessica Lal, and read the whole sordid story.

Blame it on India!

Of course, there isn't any reason to believe that private data couldn't be illegally sold in the UK... or in the U.S., or France, or Canada, or Germany, or Japan, or whereever. In fact, data theft has most certainly happened in all those countries!

But you are going to have a salvo of posts demonizing India as a place to do buisness. People with either a xenophobic agenda, or a protectionist agenda will jump on this with the whole "India is evil! Don't outsource to India" paranoia and hysteria, when in fact there is no reason to believe your data is more secure anywhere else.

Re:Blame it on India!

People with either a xenophobic agenda, or a protectionist agenda will jump on this with the whole "India is evil! Don't outsource to India" paranoia and hysteria, when in fact there is no reason to believe your data is more secure anywhere else.

There is a reason to believe my data would be more secure somewhere else and for me that would be here in the US. The reason it would be safer is because if someone were to sell my information working at a company here in the US then they would be held accountable to the laws we have against that and they would pay the price because I certainly would go after them myself if necessary. If the person who sells my data happens to be in another country then I would not have the choice to go after them myself and even though they most likely would lose their job their home country may not have any laws against what they did with my information so they could basically get away with it. So while there truly are "bad apples" everywhere there would be MUCH more deterent to sell someones personal information in a country that has laws against it than in a country where those laws do not exist.

I think if I was making $2/hr (I made that up, I don't know what the real number is but I am sure it is low compared to the US) while I knew I was being exploited for cheap labor and was offered a large sum of money in exchange for personal data knowing I would lose my job but not be in trouble legally that I would probably take the money and go hunting for a new job.

Basically I hope that some laws are passed in the US (and other countries) that already have laws guarding personal information to make sure if companies outsource access to that information that they are only allowed to outsource it to a country that has at least the same laws in regard to personal information. The best choice would to not outsource that information at all (so if the company in another country did not persue the employee legally I could do it myself) but at least this way if someone did do something with my personal information I would have some hope that they would be punished more than just losing their job.

Re:Blame it on India!

I think if I was making $2/hr (I made that up, I don't know what the real number is but I am sure it is low compared to the US) while I knew I was being exploited for cheap labor and was offered a large sum of money in exchange for personal data knowing I would lose my job but not be in trouble legally that I would probably take the money and go hunting for a new job.

A call center employee in India does make about $2.3 dollars per hour. However, I am really tired of people quoting these low Dollar figures for pay, while forgetting to mention that the "low pay" tends to be rather high for the local economy.

Let me give you some estimate of costs and expenses in US Dollars. These numbers are for cities like Bangalore and lie closer to the upper limit. I have considered the kind of restaurants and other establishments a young and hip call-center employee is likely to haunt. In the interest of full disclosure: I am Indian, and am quite familiar with the goings on in India in the IT and BPO fields.

Here is the summary before I give you the details: A call-center employee has the potential to save about 35% of his monthly pay. I wish I could do so in the US. Even by Indian standards, 35% is very good savings potential. For comparison, my sister and brother-in-law live in Bangalore, do not work in IT or BPO, and together earn less than the average call-center employee does. Mind you they both have daily expenses. They also have other expenses (schooling and feeding children mostly) an average call-center employee tends not to: The average call-center employee is single, in early 20s, and quite often not contributing much financially to his family.

With numbers like these, I can argue that call-center employees in India have a lot less incentive to sell out. That is, people in the US might look for "supplemental income" more than an Indian call-center employee does. Now, I don't believe that is so, just like I don't believe the argument that the lower Dollar-wage makes Indians (or other nationals) sell out data.

Here is the deal: For every 100 guys selling data, there is one guy buying it. The buyer shops in India because doing so is less expensive for him. So, how about we also look at where the buyers are coming from and what they do with it?

Average Monthly Numbers

• Pay: $444.44
• Expenses: -$276.75 (Everyday expenses (-$150.9), and rent and other montly expenses (-$125.85)
• Savings: $167.69 (37.7% of income)

Everyday expenses (Note: Call centers in India give their employees free refreshments and free/subidised transportation)

• A cup of coffee at a really fancy coffee house: $0.33 (yes, 33 cents)
• A cup of ice cream at a really fancy parlour: $0.65 (must buy ice cream for the girl that tags along)
• A pack of cigarettes: $1.5 (cigarette smoking seems to be on the rise)
• A full meal at a really fancy restaurant: $2.22
• A day pass on a city bus: $0.56 (though the average call-center employees are unlikely to take a bus: they ride bikes)
• A can of beer: $2.00 (most people don't drink beer everyday, but I list it here in case you are wondering)

Monthly expenses

• Rent: $44.00 (A native is likely to live with parents, and pays well below this number)
• Hair cut: $0.55
• Movie tickets, for four shows: $3.00 (movies are the most popular form of entertainment)
• Concessions at the movies for four shows: $4.50
• Apparel for self: $10.00
• Apparel for the person you are wooing: $10.00
• 10 gallons of gas: $48.8 (yes, gas is that expensive)
• Vehicle maintenance: $5.00

Big-ticket

• A new motorcycle: $1000.00

Good to know

It's good to know that there isn't anyone in America who'd do the same thing...

Is it necessarily just Indian call centres?

While the report focuses on Indian call centres, has any research been done into centres in other countries? It may be that it's not an 'Indian-only' phenomenon, but something that happens everywhere else as well.

Of course

I goes without saying that the security measures in Indian companies are among the best; why, with all those CMM level 5 companies, security comes for free !

Courts and Law

While I'm no fan of offshoring, in all fairness, it is true that data theft as described is not a problem unique to India. The real question is, how are these things handled by the courts and laws of the countries in which they occur? If there is some assurance that perpetrators will be brought to justice and things put to rights, as much as possible, then it may not be as big a deal. However, if the courts or laws are weak/corrupt and the penalties associated with data theft are laughable compared to the benefits, then you have a big problem. Many companies have been attracted to India and other countries by relatively cheap labor, but they really need to look at the rule and culture of law in any country they plan to do business in as well. This of course assumes that they are truly interested in benefitting the customer and haven't just added in data theft as a cost of doing business.

What can you say

A related atricle on BBC.
http://news.bbc.co.uk/2/hi/business/5405438.stm [bbc.co.uk]
Not every Indian is necessarily corrupt. However, even an handful can ruin the reputation of the entire bunch. The Indian Govt. has to crack down really hard on the people caught seeling the data.

PS: I am an Indian too...

Wow...

I knew this would happen...Not that I am some great predictive mind, but I knew it. I stopped using Bank Of America when they made their IT people train their own replacements in India (and other countries). When this fellow says that their security is the best, I wonder exactly what that means...Do they have patched and updated systems, do they use top tier vendors for their security hardware (firewalls, etc) do they practice and follow the same financial/disclosure regulations that American companies have to? (SoX, HIPAA, etc). Do they do background checks on all of their employees, and if they get a hit, do they not hire that peson? I have a million questions for this guy, do you think we can line up our questions and have the answered? I doubt it. I am damn near to the point that I am going to move to freaking Alaska, cut my Internet connection, and start living off the land!!! This identity theft crap is about to push me over the edge! Anyone else feel this way?

corruption in India

I think the problem lies with the attitude that the majority of the people have in India. To this day there is widespread corruption throughout the entire government and this process has been accepted by a majority of the people because they grow up with it as kids. In India, kids bribe the cops when they ride around on scooters without a license and get caught.

This leaves many of the people without a sense of ethics because they consider bribes just part of life.

Dont get me wrong, many of the people are not bad inherently, you dont see school shootings in India like you do in the US, but there is the issue of ethics because kids grow up in that environment and accept it. (Similar to the extermists that think Americans are evil, they really do think that because that is what they grew up around)

This is not going to change overnight, it will take atleast a couple of generations to change.

It's not that it's everywhere that's the problem!

It's that it is beyond the reach of local law enforcement which complicates things.

Let's say that the same crime happpens locally. Local laws are applied against local criminals. If I recall correctly, the last time this issue was discussed, "identity theft" and related fraud weren't necessarily a crime in India or at least they didn't have the same level of urgency out there. Whatever the case, there is no guarantee that the handling of these problems would reflect the same level of justice as it would locally due to disparity of law enforcement priority, communications among law enforcement, etc.

On the other hand, if we had some sort of international treaty regarding these matters, that might balance out the problem. For example, all employees of these call centers should be made to operate under the laws of the city, state and nation of the company they are representing and if they are suspected of being in criminal violation of such laws, they should be extradited to the city, state or nation for criminal prosecution.

But in my opinion, that wouldn't really be enough. These people are simply too far out of reach to be held accountable. I just feel like we're at risk having some rather critical information exported to other countries for processing where our laws and regulations do not necessarily apply. It's bad enough when it happens here on our own soil, but at least we can take SOME action against it. Internationally, it's just all the more complicated.

Credit card numbers anyone?

(imagine Indian accent) Hello? Yes, you want credit card numbers? Of course sir, no problem sir. How many would you like to have? 100,000? Certainly sir. I will e-mail them to you now sir. Anything else? No? Have a nice day sir. Thank you sir.

I watched this,

last night, people were selling amazing amounts of information. One person claimed (and showed a recording as proof) to have actual voice recordings of people handing over credit card and security numbers...

Whilst this might be just a few bad apples it does make the whole sector look bad, and I'm not sure I want to be giving my card numbers to compainies who outsource so readily without checking fully what staff are up to.

Interestingly though was the response from the banks, which amounted to "so what". They really don't care. Whenever someone is a victim of fraud through these, or other, means they simply pay up and give the customer their money back, which apparently is cheaper than making sure that it doesn't happen - besides not everyone will notice, and they profit from the people who are scammed and don't notice

Re:I watched this,

I saw it too, and realised where the three cold calls i recieved earlier this year may have originated from. I was called on my mobile by an middle eastern sounding man or woman, and told that they could move me to a much better contract, and if i was happy they could go ahead and make the change straight away as they had all the details they needed. They hung up when I demanded to know what details they had and where they got them from. Scary stuff; I'm careful with my details, and I haven't bought a mobile 'phone over the 'phone or online like most of the people mentioned.

It was eye opening for my wife, she had no idea how easy it was to commit fraud with a few card details and the CSV number on the back. She doesn't buy anything remotely, so wouldn't know better, but i was shocked that many people could be this open to potential fraud.

Banks move call centers, we pay the price.

I saw this coming last year when several banks here stated they were moving many services unrelated to call centers, out of the US for financial reasons. It would appear that people generally don't care about others, which is only exacerbated by national identity detracting from emotional identification. What does an Indian care about some schmuck from the UK? About as much some guy in the UK cares about an Indian.

Then again, it could be argued that by sending financial services to the lowest bidder, banks are encouraging wholesale fraud. It's probably a combination of many factors, these only being the low-hanging fruit. I'd like to think banks would be more responsible with our money, but apparently charging outrageous interest rates on loans and transactions isn't enough of a profit.

The best in the world

"Security measures and practices that Indian companies have are the best in the world."

And what about the rest of world like US, Japan, Europe ?

Well, I guess the "best in the world" just follow "cutting edge", "breakthrough", "leading", "enterprise", "professional" in the list of expressions Marketing department sucked the meaning.

Mind you, I'm not bashing India, that happens everywhere: in Europe Spain, France and Belgium all declared at various time that they have the best healthcare system in the world ...

offshore identity theft too

Why should IT and manufacturing be the only ones benefiting from offshoring? Let crime do so also!

(I think this might be a joke, but its not funny.)

Call center employees shouldn't be able to do this

If the company designed its security and auditing correctly, call center employees should never have the ability to do this in the first place. Why are they trusting call center employees with wholesale access to customers' private data? Competent companies will require the employees to provide an explanation every time they access a record, and these will be tied to their phone records to make sure they are only accessing information relevant to their current task. A good audit trail, flagging unusual access behavior, combined with limiting access only to individual records at a time would have stopped these breaches.

Yes, some of these outsourced call centers are inexpensive because they don't do things like this. But you get what you pay for, right?

This is why I don't outsource

I don't believe in cuttting corners, I don't think that's a long term strategy. For example, I don't hire people I don't trust. I hear people talking about outsourcing and they mention giving them a part of the non-critical portion of the code. Why bring these people on board who you don't trust? Short term profit? What about long term profit when these people you don't trust steal the rest of your code and compete against you?

Or, since you're just looking at them on a cost basis, paying them as little as possible, they aren't motivated. So their productivity is lower. I believe you should hire people and give them ownership and high pay. That's a long term strategy. All these companies outsourcing right now are going to get a rude awakening down the line.

I'm shocked... shocked...

to discover people making 15% of 1st world wages can be corrupted with large amounts of money for valuable private data.

It would be no different in the 1st world-- except it would take about six times as much money to corrupt them at the same level.

Just The Tip of The Iceberg

This is just the tip of the iceberg. Consider what happens to code development shipped offshore. It amuses me that businesses with strict non-open source code policies offshore code development because it's pretty much a de facto, if unofficial, grant of open source. It's even worse when people use offshore resources for "secret" prototype development and the such in an attempt to save money on project startup. I cannot think of a worse venue to put confidential new development into.

This problem is a compound problem. First you have low wage workers that are more likely to succumb to temptation of selling such secrets. Second, you have jurisdictional problems - technically you could make a legal claim through treaties and the like, but the hassles and delays would take years and years to resolve and probably give no real satisfaction (this is why I say de facto in the above, even if you disallow something, if there is no real useful legal remedial process behind it, whatever agreed is basically unenforcable). Third, there are cultural problems where intellectual property and consumer privacy are fairly artificial constructs of the legal systems of developed countries.

The bottom line is that this is only going to get worse and I imagine that Western companies will soon face legal liability for outsourcing in two ways:

1. To shareholders for assigning development to offshore resources that results in compromise of trade secrets or the like.
2. To consumers for breaches of privacy and resulting identify theft and the like.

The companies will argue that they entered into contractual agreements with third parties so it wasn't their fault, but I suspect that many of these cases could and will be successfully pressed on the basis of a lack of due diligence, especially against the backdrop of known incidents such as this.

Cheap shot journalism

These type of "fear the indian call center" play really well because they hit such a high number of issues.

ID theft- scary, currently a nice hot issue.

Privacy - little recourse for violations,

Offshoring - They're stealing jobs!!
Jobs people don't want. FWIW there are some larger call centers in various parts of North America that are growing.

Indian accents - some people have trouble with them.

Racism - Some people just don't like them even if we solve all the other issues.

This is just cheap shot journalism at an easy target that gets people upset. This same type of privacy violation can and does happen in every part of the first world.

Re:Cheap shot journalism

The programme did speak to someone working in a call centre in the UK. That person pretty much said that the security was so lax that any of the breaches levelled at India could also take place within UK call centres. So the programme wasn't making cheap shots.

The difference between India and the UK was the manner in which this data was marketed. Outside Hyderabad, which had G.Bush visiting and high security at the time of the investigation, the personal information was being dealt as any other commoditiy. That is, openly traded. The makers of the programme weren't able to gain access to data as readily within the UK. The speculation, as it was untested, as to why this was the case was down to jurisdictional issues.

A large number of UK companies have taken advantage of the services supplied by Indian call centres. The security of data is a genuine concern. The numbers being talked about were in the 50,000 - 100,000 new leads per month. This is fraud on a large scale even if its only being carried out by a relatively small number of people. Some of the sample data, which when challenged was said to be made up, was used to track one person down that was prepared to appear on camera and confirm it as true. Interestingly this data was obtained because the person had a credit check done in a UK shop which happened to go through to an Indian call centre.

Incidentally the programme did say that the information was garnered not from banking call centres but mostly from ones used by mobile phone companies. The implication being that the banking call centres had a higher level of security.

Also..

I think we should also worry about the guys who are paying for this illegally sourced data - in my opinion that is where the problem begins.

Not suprised

Money talks in any language....

news video on the scandal

http://www.channel4.com/player/v2/player.jsp?showI d=2053 [channel4.com]

everything is cheaper in India

....including crime. People can be bought off for lesser. This is sad, but true.

statistic

by the time i finish writing this post indian population will add 100,000 to the total number

Legal recourse

The law is being made a lot more stringent, and every person whose personal data has been compromised can get compensation upto 5 crore INR (50 million INR) as civil damages, as well as criminal action leading to fines and/or imprisonment. Under Indian law, any affected individual can bring a criminal lawsuit, without having to wait for the government to intervene.

http://tech.groups.yahoo.com/group/cyberlaw-india/ message/2848 [yahoo.com]

What Channel 4 didn't mention

What Channel 4 didn't mention is that there have been far greater losses through the same kind of fraud within the UK than from India. So taking the figures to their logical conclusion, it's safer to have your call centres in India than in Britain. But that doesn't make such good headlines!

Barreling Bad Apples

Of course there are bad "apples" in every industry, in every country. That's why we have laws against bad "apples", government oversight of industry, reporting requirements, consumer watchdogs... a whole infrastructure the people use to protect ourselves from irresponsible and criminal corporations.

US corporations often avoid handling data inside the US because even our crude and inadequate privacy laws still add costs and risks to those operations, but overseas there's little to no risk to the US operation that dispatches the profits (or at least extracts them from our pockets).

Real privacy laws in the US would protect Americans from corporations sending data overseas avoiding US controls. And good ones would make the entire chain required to protect the strongest link in the dataflow, rather than letting everything spill out the weakest.

We'd protect our privacy, and protect our jobs that treat private data right. If we forced foreign competitors to pay the full cost of the privacy protections we require, we'd have a truly global workforce we could use, rather than letting the world work against us at our expense.

Meanwhile.. here in UK

http://www.theregister.co.uk/2006/07/26/offshoring _misperception/ [theregister.co.uk]

http://www.theregister.co.uk/2006/10/05/india_expo sed/ [theregister.co.uk]

"In June, an Indian worker was arrested for allegedly defrauding £233,000 from the accounts of about 20 HSBC customers. However, the Royal Bank of Scotland lost nearly 100 times that amount of money (£21m) to a man working for the bank in Edinburgh."

Incidents of reported fraud in the UK have tripled in since 2003, according to BDO Stoy Hayward. The British government is conducting a review of unreported fraud the UK, which is it describes as "chronic".

But that never makes it to the prime time TV or headlines!! ?

Guess we would rather get fleeced by our white bretheren?

Still think outsourcing is a good idea?

If they're doing this with personal information, just imagine what they're doing with code and other sensitive information!

GJC

All your Data are Belong to Us

or whoever will pay us more than the paltry $5000 a year we make.

Somehow, this should have been filed under the category "obvious consequences of outsourcing and offshoring".

Racism Xenophobia or simple economics

Time for the people in the UK to show a reaction to the news that their ID has been stolen, by doing what they do in the US, file a law suit against the bank employing the call center. What happens in the call center is partly the responsiblity of corporation that employs them. There.. matter settled....right? Shipping jobs off to India that "no one wants"? One of my good friends works in a call center in the UK. She, and others like her, are college students trying to get through school. The extra cash helps keep them going and makes it so they can occasionally buy something from one the places that makes something "that no one wants the job to make" It's all interconnected. Everytime you remove an income generator (for people) from an economic system you weaken that system and displace people. Lets face it, they may not be good jobs, and you're not going to spend your life doing it, but their is a need for this sector of jobs. I know, why don't they just get jobs at walmart, or starbucks, or... well think about it... if you keep moving jobs like these out of an economy, it won't be long before people in that economy can't afford to buy the things these people sell. (I know .. slippery slope... poor arguement right?) WRONG, ask Walmart why they withdrew economic support from the GOP (Republican Party) because their politics allow and ecourage (They pay companies to "relocate" to othe coutries, not directly, but they offer "Economic incentives for helping under privledged nations") the movement of jobs to other countries, thus removing the ability of Walmart to sell products, and thus reducing their profits. People don't get that globalization isn't a good thing, and not just because these people's ID was stolen, but because the process of shipping off "jobs no one wants" take away income from the country who ships it off. The goal of most mega-corporations, and certain governments is to create a global economy where each country depends on another for goods and services, but not just a little like now, completely and totally. It sounds great on paper, every country working towards common goals, sharing the labor and making sure all products and services are provided to all people.... of course the last countries that tried that didn't fair so well.. or am I the only one who remembers pre-democracy USSR? (Wait.. I didn't say globalization is as bad as communism did I?) YES! They both have the same fatal flaw. They assume everyone will do what is best for everyone else. In the real world it doesn't work that way. Greed over rides the drive to do good. Which brings us back to this issue.... If these people were A) in the same country as their callers, it wouldn't have taken a year to catch them. B) If they were paid decent wages, an offer of $9.50USD wouldn't so easily pursuade them to sell the info. So.. Step 1, sue the company util they move their call center back to the UK. Eliminate their "savings" by causing so much legal damage that they can't afford not to, but remember, you have to agree to drop the law suit, as soon as they agree to move the center back to the UK for at least 10 years. (I can hear it already, that's blackmail!) No, it's the consumer demostrating the one power they all have and using the one resource they all have access to. It's an unfortunate truth in the modern world. You can't legislate change for the good, you can't use consumer power to change behavior (not in the short term anyway) but the threat of a good old law suit can change behavior quickly... very very quickly. Don't beleive it? I have one word for you OREO. Step 2: If you can't get them to move it back, don't do business with them at all... or any other UK financial instiution that uses foreign call centers. That my rant, respond as you wish.

Cheap to hire, cheap to bribe....

...I bet you can bribe Indian workers for 1/6th what you can bribe American workers for.

How about fixing the source?

Almost every post here is just anti-outsourcing. How about fixing the source of the problem: a few numbers (social security, credit card) are required to get anything done, and these same numbers can be used to destroy your identity. This is what makes the data so valuable in the first place. I can't believe that all the money saved by outsourcing is not enough to provide a more secure platform for online commerce. Changing laws in one country is not a solution by itself in a global economy. This will just make it more expensive to do business in that country and US/UK companies will find a call center in a place with more lax laws. A quicker and more effective solution is to hold companies liable for identity loss, so that some of their profits from outsourcing can be channeled to building more secure infrastructure.

We have to realize that this is an inevitable cost of globalization. If we believe that globalization is a good thing overall, then the first world has to adapt too. A country like India has "information services" to offer to the global market and is competing on price. How is this different from any other commodity being traded globally?

Sucks, but what can be done?

I wonder if the indian 'computer' police still staple floppies and compact discs to their crime reports? Or still equate taking a monitor away to taking the 'computer'.

Seriously, what can I do to stop the indians even getting access to my data in the first place? I would rather my particulars were held with some kind of sanctity.

Absolutely nothing we can do probably. There ought to be something though, right?

Sucks

Offshore concerns

I was ordering a new Dell PC online yesterday. For some reason the order kept refusing to include the XP Pro media kit. Called Dell, got put through to an Indian lady 'Online Sales Asst' who had absolutely no idea what I was talking about. Escalated me to someone who's VM box was full which caused immediate disconnection.

Called Dell back, asked for a Sales rep (it's like my 12th system this past year). Finally got routed to a sales rep in India (asked him). I then chose not to place the order with him, since I didn't feel comfortable handing my CC information to someone 10,000 miles away - operating with little oversight, rudimentary knowledge of English, and in a country whose laws and practices regarding information privacy are probably sub-standard at best.

I eventually completed the online order instead. It wasn't xenophobia or some other politically incorrect impulse that caused me to cancel the order with the online rep. I'm a Canadian, and live in a community heavily populated by South Asians. I just didn't have that comfort level handing over my CC info to this fellow.

I'm an independent IT consultant. I naturally find these out-sourced call-centers repugnant by definition, but realize they are a fact of life. But surely Dell can do better! Why is basic comprehension of my problem an option? The original responder had zero clues as to what I was talking about. Why was the Tier 2 rep's voice-mail full? Why isn't Dell monitoring this crap?

Finally, why aren't they building call-centers in New Orleans, or other impoverished places in USA and Canada? Y'know - where English is not a second language, and they'll be happy for minimum wage? Sheesh!

Lets take a step back

So I've heard a lot of anti-India, anti-outsourcing, anti-brown people and so on. Lets go back and clear up a few basic points, the stuff that can be readily checked by spending 5 minutes on google.

Indian call center employees aren't being exploited, they don't go through every day burning with the knowledge that Chuck from Portland makes more money than they do. People need to stop looking at this from their perspective, in America you could barely eat on $5000 a year but in India, where the buying power of one dollar is much much higher than compared to the 1st world, that's enough to comfortably put you into the lower middle class income bracket. There are people who make less than $10 a month. So nobody's doing this out of some misdirected anger at the white oppressors making them slave at their terminals, many Call Centers are Indian companies, locally managed and recruiting from colleges and universities where they can get young, educated people who are doing this as their first job out of school, anything they make is good money.

On the issue of accents: Compared to the level of English the average American high school graduate can accomplish, any one of these people could run circles around you in a literary duel, if ever there was one. We speak with accents because we're not native English speakers, we learn hindi/benglai/punjabi/gujrati/tamil as well as English, and take on the speech patterns of the language spoken most often. So, if you choose to ridicule us because of our accents, know that the average Indian high schooler usually knows 3 languages (at least 2) and can probably understand a couple more, as compared to the American kid who's struggling with his one. And guess what? I bet Shakespeare had a pretty funny accent too ...

Third, and this point has been made already but its worth reiterating, this isn't a local Indian problem. I remember 4 separate instances of large scale personal data theft in the U.S over the last year, and I don't even pay that much attention so there's probably more. So, before you break out the stones, look back at the glass walls you're in.

Does anyone really believe...

...that a foreign government is going to sit on a treasure trove of information about US citizens and not use it? That's right up there with believing democracy is going to break out in the middle east. You don't think the Indian and Pakistani governments aren't data mining our data and systems for competitive intelligence? Wake up already. We're outsourcing data on millions of Americans to potentially hostile countries and yet no one sees that development in the same light as keeping all our war ships in one harbor in Hawaii.

These days they can start while kids are in grade school and track their whole lives. Grades, attendance, medical issues, legal problems, everything. I'm really grateful to be old enough that some of my electronic history happened before the days of endless inter-connected databases being hosted in Asscrapistan.

Re:Hmm...

Amen. We just recently had an esoteric problem with Windows and roaming profiles where in about 1% of the logons, the user's perms to their user hive in the registry would be removed, preventing any GPOs from applying. After two weeks of debugging and not being able to faithfully reproduce it, we called microsoft and paid for an advanced support call to troubleshoot mission critical issues. This is one where "senior management" is allegedly notified of your issue.

We never got out of India, as evidenced by the emails that went back and forth and their origin (you can't always judge by accent because there are Indian citizens working domestically). However, as you stated, the ability to understand what they were saying was enough to drag each call out to twice as long as it should have been.

Then there's the quality of the "support." We were treated as if we were Grandma with a PC problem. We provided clear userenv logs and asked specific questions like "What causes migratent4tont5 process to invoked? What exactly is it checking for since we have no nt4 machines left?" No answers to our specific questions. Instead we got "advice" like.

• It's probably a virus problem.
• Please remove all non-microsoft services from all of your machines. "What? Including our Anti-virus software?" The answer was, yes.
• It's a driver issue with nvidia video cards (we don't have any machines with nvidia cards)

After a while the case person stopped returning our calls and their email started bouncing. Emailing the manager on record for this also bounced. Seemed like their email server was having problems.

They never followed-up on the call. After another week we found out what the problem was. If the ProfileList HKLM key didn't match what local cached profiles of roaming profiles exist on any given machine, it *sometimes* triggered this process that ended up changing the ACLs on the user hive preventing GPOs from being set. Solution was a machine startup script to check that list and remove any entries that conflicted.

They never even hinted to us where to look. We just found it through a heck of a lot of trial, errors, and observations. As far as I know, over a month later, the case is still open with them. They have never bothered to follow up. Then again, they probably closed the call with some lame excuse like "Customer refused to cooperate" (yes, we refused to remove anti-virus from all 2000 of our desktops. It was a stupid suggestion and had nothing to do with the problem at all)

Re:Hmm...

Are you saying that a security expert in the UK couldn't provide security in India, because he can't speak Hindi? What does language ability have to do with Security skills?

Re:Hmm...

Don't be too quick to downgrade the parent. His message may seem trollish but his point is valid. They claim that their security measures are the best in the world but they also make other claims that are done purely to make their industry look more appealing to potential customers - not necessarily with any basis in reality(whether that is sales abilities, communciation skills, work ethic etc.). So if one claim is pure marketing then who is to say that the claim regarding security is anything other than an attempt to ease the fears of potential customers?

Re:Hmm...

You mean none of them speak Troll?

How alarming.

Re:Well, in my case...

Not necessary. There is a lot of worms, that once penetrating your computer read your address book and submit all addresses to spammer's website. So they don't have to sell your address, this happens automatically once your e-mail address is saved on infected machine... Or once machine, where your address was saved, becomes infected.