Software

Lenovo provides an excellent example of how not to handle user data

Improper user data management policy can create threats to the privacy of your users. A leading laptop manufacturer and vendor has inadvertently provided an example of how not to manage your users' data.

Someone close to me recently purchased a new ThinkPad laptop from Lenovo. She made her order through the Lenovo Website. In the process, she had to fill out some information in a Web form, of course, including email address, shipping address, name, and a daytime telephone number.

All of this information was specific to her, with one exception: the daytime telephone number. That number was her work number. It is the same as the work number for all of her coworkers and her boss -- the company's owner. The way to reach one person in particular at her place of employment is via an extension number.

In the process of completing the order, she was informed she would receive a confirmation email, and she was provided with a tracking number so she could check up on her package's progress on its way to her hands. She checked on it a couple of times a day, impatient for it to arrive. When it finally came, she was excited, of course -- but she still had not received a confirmation email.

Then . . . at work one day, her boss told her he had received some confusing emails about a laptop purchase.

It seems that her boss had used that telephone number to make an order before, and had of course used his own email address at the time. When she ordered using the same telephone number, Lenovo used the shipping address she provided, but ignored the email address she used to complete the order process and sent the confirmation emails to the address already on file for that telephone number.

This turned out to be inconvenient in her case, but hardly damaging. That was just a matter of luck, however. For others, it could very well be far more problematic. If your telephone number is recent, and the previous user of that telephone number is still using the same email address he or she used before giving up that telephone number, he or she could get the details of your order. That would include your name, address, order number, and more.

Information like that could be used for a number of nefarious purposes, most of which involve being able to effectively steal your shipment by any of several different tactics. Worse yet, there may be times that you don't want your boss knowing about your private purchases. Some people really like to keep their private and professional lives separate, and Lenovo's user data management policies shouldn't violate that privacy.

It could be even worse. Have you ever noticed that when you order a pizza by telephone in the US, the pizza place might ask whether you live at an address they have on file? Like Lenovo, apparently, they keep track of user data based on telephone numbers.

If you know someone's cellular telephone number, though, and have the necessary skills, you can clone the cellphone and call local pizza places in the hopes of getting lucky and learning the person's address as well. This could be a significant security issue for people who are trying to avoid stalkers, abusive ex-husbands, and other dangerous people with an unhealthy interest in finding them. The same could be true of Lenovo's user data management policy.

In some cases, legitimately ordering from Lenovo could conceivably lead someone from which you're hiding directly to you, if you used to live with that person.

The lesson to take from this is at least two-fold:

  1. You might want to consider changing contact information when you end relationships -- be they romantic, professional, or otherwise -- on a bad note, to ensure your privacy when dealing with organizations that manage user data the same way Lenovo and your local pizza delivery store do.
  2. You should think very, very hard before you decide to base your entire user data management system off a single piece of contact information. You may be inadvertently violating your users' privacy. Depending on the consequences of such a violation, you may even open yourself up to liability lawsuits as a result of that kind of poor security design.

In the case of the Lenovo order, the problem could easily have been avoided by associating a password with the prior contact information, and require that password to be entered before revealing it to the user. If such a password could not be provided, default to using the contact information provided with the telephone number this time, instead.

The fact an unwarranted assumption was made that a single telephone number means a single email address for a single person was, frankly, an inexcusable lapse. Don't make the same mistake. In short, you should always verify identity before assuming it.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

15 comments
chris
chris

I also hate companies that use "the original CC" as their security. we often (at the office) change and therefore the original card is replaced and forgotten. or even better, something is setup using someone's personal card (to get the miles or convenience, etc) and two years later they leave the company. We have no access to that card. what a pain. sorry, I'll go now.

tkensc1
tkensc1

This incident is symptomatic of what is going wrong with our economy and society. We have been so focused on making the sale and completing the task that we have overlooked the fine art of important details involved in each transaction. It would see that someone at Lenovo should be checking this laptop order and could well have flagged the record to note the different email address compared to a previous order with the office phone number. That is a potential security detail that needs checking via a telephone conversation to determine why there is a discrepancy. Yes, it takes more time to do this- but the added level of customer contact and due diligence in trying to make this order correct and secure from the start should pay added dividends for Lenovo in the future.

rfolden
rfolden

Pizza delivery companies (Domino's et al.) would be hard pressed to find another "key" to their customer database other than the phone number. This information information is fed to their system at order time in able to make their PhD (Push Here, Dummy) system as foolproof as possible. In those situations, a phone number is really all they have to key on at first, because to try and extract your info by name from the caller ID could prove both cumbersome and potentially make the order taker dude short out. This happening if the screen reads: "Please choose one:" Smith, Robert Smith, Robert Smith, Bob Smith, Robby Smith, Robert C Jr. Smith, Rob and Marianne This is why some sort of information overide must exist at the order-taker level to change the info for that order that follows THAT ORDER and no others... Basically what others have said... Rob-o

JohnMcGrew
JohnMcGrew

I'm constantly amused by the bad data that companies have on me. Once you through a spouse into the mix, companies get even more confused. Clearly Lenovo hasn't thought through their system very well. I wonder how much time and money they end up wasting cleaning up the collateral damage.

seanferd
seanferd

as to why behavioral targeting with DPI and other data collection and retention schemes are prone to fail in the privacy and security arena.

khenson
khenson

Lenovo has left an extremely bad taste in my mouth. When they first released their S10 netbook, I went to their website to place an order. What followed was the most deceptive and unprofessional practice I have ever encountered with a "company". Misleading ship dates, erroneous stock information, lack of communication, inconsistent customer service, a $400 hold on my credit card for an item that was nowhere close to being ready to ship, and all-around just lying to and ignoring the customer. This article further proves (to me) that Lenovo has a great deal of learning left if they want to deal with their customers the right way. I, for one, will never in my life order another Lenovo product again. In hindsight, I can now say the best thing that ever happened was when they automatically canceled my order that had been standing for 6 weeks. To be successful in business, you have to have offer more than just a great product.

apotheon
apotheon

When IBM sold its PC business to Lenovo, I worried that the legendary quality of ThinkPad laptops might suffer. So far, I still love ThinkPads as much as I ever did, and I'm thinking about getting a new one before long. I didn't expect a problem like I described in the article to arise, though. It seems that, regardless of laptop quality, the security design quality for the ordering process has slipped a little.

apotheon
apotheon

Yes, it takes more time to do this- but the added level of customer contact and due diligence in trying to make this order correct and secure from the start should pay added dividends for Lenovo in the future. . . . instead of the current behavior potentially losing Lenovo some customers directly, and also possibly turning off many potential customers indirectly by inspiring articles like this one.

apotheon
apotheon

The problem with the way the pizza delivery store handles things is not so much with the fact that they associate customers with telephone numbers, but that they give out the address to anyone who calls from a given number.

Sterling chip Camden
Sterling chip Camden

... if for no other reason than that the newly entered data should always be considered more accurate. When placing a personal order, I would not enter an employer's phone number. For "work phone", I'd put in my mobile number, even if it's off most of the time.

boxfiddler
boxfiddler

Whether I have to work for it or not, you're pretty interesting.

apotheon
apotheon

. . . if it contributed to interesting discussion rather than merely being vague and condescending.

santeewelding
santeewelding

May need to encompass predation and predators, Corporate Ethics Officers, Corporate Bastards, active voice, and tracking, that last with respect to a nose so close to sign the owner is unaware of having been circled. Apotheon is taken with sign, it seems.