Tidbits (Autumn, 1991) ---------------------- You would think after all of the commotion about privacy invasion and lack of security that big corporations would begin to learn something. MCI can therefore be defined as learning disabled. You may have seen the ads for their Friends and Family Circle gimmick. Basically, you get your friends and family to sign up for MCI. Then, whenever you call them (assuming you too have MCI), you can save on the regular rates. In a way, MCI has gotten their customers to do their selling for them. That part is actually rather clever. In fact, we ve even heard of families putting the guilt trip on relatives who refuse to sign up with MCI. But where MCI really messed up is with their 800-FRIENDS update service. This number exists so that customers can check the status of their calling circle find out who s currently on it, who's been dropped, etc. The touch tone service would ask you to key in your telephone number and then, to verify that it was really you, your ZIP code! Obviously, when you know somebody s phone number, figuring out their ZIP code isn't all that difficult. Yet this was the only bit of security standing in the way of anyone having access to customers frequently dialed numbers. It made no difference if these numbers were unlisted. If they showed up on your calling circle, anybody could get them. And, not only that, but the relationship of the people in your circle was also announced. Example: "Your wife at 516-751-2600, your brother-in-law at 202-456-1414" and so on. One could get quite a bit of information on MCI customers rather quickly. We had a bit of fun with this on WBAI's Off The Hook, the weekly telecommunications radio program in New York. We demonstrated the absurd security live on the air and told everybody to call MCI to complain. Apparently they did because the system was quickly changed. Now you need the last three digits of your account number for verification.