“Verizon royally fucked up,” Poppy told me in a phone call. “There’s no way around it.” Verizon, she added, was “100% at fault.”
Verizon handed Poppy’s personal data, including the address on file and phone logs, to a stalker who later directly threatened her and drove to an address armed with a knife. Police then arrested the suspect, Robert Michael Glauner, who is charged with fraud and stalking offenses, but not before he harassed Poppy, her family, friends, workplace, and daughter’s therapist, Poppy added. 404 Media has changed Poppy’s name to protect her identity.
Glauner’s alleged scheme was not sophisticated in the slightest: he used a ProtonMail account, not a government email, to make the request, and used the name of a police officer that didn’t actually work for the police department he impersonated, according to court records. Despite those red flags, Verizon still provided the sensitive data to Glauner.
Remarkably, in a text message to Poppy sent during the fallout of the data transfer, a Verizon representative told Poppy that the corporation was a victim too. “Whoever this is also victimized us,” the Verizon representative wrote, according to a copy of the message Poppy shared with 404 Media. “We are taking every step possible to work with the police so they can identify them.”
In the interview with 404 Media, Poppy pointed out that Verizon is a multi-billion dollar company and yet still made this mistake. “They need to get their shit together,” she said.
Seriously? What a stupid mistake to make. There should always be internal processes right?
Yup. I used to work for a much smaller tech company, and we had a perfectly reasonable process for dealing with cour orders and search warrants that involved crazy things like “get it in hard copy”, and “verify the information contained in the order”.
For some things, we would even just ask the officer to physically come in and that was weirdly never a problem.
And now they will probably overcompensate with frustrating security theatre beyond sensible precautions.
I see no problem whatsoever with having frustrating levels of obtuse security required before complying with a request from law enforcement.
There is no downside.
Maybe I am missing a joke, but why would a service provider need to jump through any security hoops to comply with a request from law enforcement?
You mean like… verifying it is a legitimate request from law enforcement? That kind of security hoop? Ensuring there is a warrant or subpoena? Ensuring proper security in transmitting the sensitive personal information?
Civil rights matter more than making cops’ jobs easy.