WASHINGTON-Amid a swirl of publicity over the apparent widespread theft and sale of cell-phone users’ call records, two federal agencies along with both houses of Congress jumped to try to address the issue.
Indeed, wireless carriers may find themselves in hot water because of the situation; FCC Chairman Kevin Martin threatened “enforcement action” if the Federal Communications Commission determines carriers have not adequately protected customer call records from the prying eyes of data brokers.
The issue appears to have even caused a rift within the wireless industry: Even as the four nationwide mobile-phone carriers applauded legislation that would make it illegal to get another person’s cell-phone records, their trade association said existing laws are adequate to address the problem.
All of the nationwide carriers said they would prefer a legislative solution-rather than regulation or continued self-policing-to stem the theft and sale of cell-phone records. But CTIA, despite applauding the legislative efforts, sang a different tune. “The wireless industry believes that generally applicable consumer-protection laws currently exist that allow law enforcement to aggressively pursue and prosecute online brokers who are illegally obtaining and marketing consumer call records,” said John Walls, CTIA vice president of public affairs.
In the days following a “CBS Evening News” story critical of the mobile-phone industry’s efforts to protect customer call records from online brokers, the FCC and the Federal Trade Commission each said they were investigating the matter. Separately, Senators introduced a bill to outlaw the practice, and similar efforts are under way in the House.
All the frantic action on the subject prompted one online data broker to stop selling call records, even though a spokesman for the company-which does marketing for private investigators-said it was much ado about nothing.
“There was never a problem until it came out in the media. The only people that used to get this information were licensed professionals,” said Noah Wieder, spokesman for Intelligent eCommerce Inc. “Everyone wants regulation and laws. How many millions of taxpayers’ dollars will that cost? We already know that certain laws are not the way to solve this problem.”
Legislators disagree. Members of both the House and the Senate argued that pretexting should be illegal. Online data brokers appear to be using pretexting-impersonating the subscriber whose records they are trying to get-to obtain cell-phone call records. Pretexting is not specifically addressed in existing laws.
“It seems to me that the most sensible action we can take quickly to thwart the buyers and sellers of personal phone records is to make pretexting illegal. I will introduce legislation to accomplish that, and my bill will substantially increase the penalties if telephone companies release consumer telephone records without the permission of the consumer,” said Rep. Joe Barton (R-Texas), chairman of the House Commerce Committee. “The principle behind all of this is simple and straightforward: Our private lives belong to us, not to either the telephone company or the con artists.”
“Stealing someone’s private phone records is absolutely a criminal act and the fact that it can’t be prosecuted as one has got to change. Stealing a person’s phone log can lead to serious personal, financial and safety issues for just about any American,” said Sen. Charles Schumer (D-N.Y.).
Schumer introduced legislation that would make it a federal crime to obtain call records without the authorization of the account holder. The bill also outlaws the sale of such records. The bill is called the Consumer Telephone Records Protection Act of 2006.
The Senate Commerce Committee plans to hold a hearing soon on what legislative remedies are necessary to stem the sale of cell-phone records, said Sen. Ted Stevens (R-Alaska), chairman of the Senate Commerce Committee.
Meanwhile, the FCC said it will enforce existing laws. “We are looking into how companies who are selling these records have obtained customer proprietary information. To the extent that they have acquired this information from telecommunications carriers, we will take strong enforcement action to address any noncompliance by carriers with their obligations to protect customer proprietary information under the Communications Act and the FCC’s existing rules,” said Martin, the FCC’s chairman.
The FCC sent letters to two data brokers, DataFind.org and Locatecell.com, indicating they had not complied with subpoenas issued in the fall seeking information about them and now could face fines.
As the FCC and Congress swarm over the issue, the nation’s carriers are taking steps of their own.
Verizon Wireless said it has met with all of the FCC’s bureaus to brief staffers on the data brokering/pretexting issue. Cingular Wireless L.L.C. said it has been speaking with all levels of government including the FCC. However, T-Mobile USA Inc. said it had not been contacted by the FCC’s enforcement bureau. Sprint Nextel Corp. did not respond to questions on the issue.
Martin also said that each year carriers have to certify that they are protecting customer proprietary network information (CPNI). “Each carrier must certify annually that it has established operating procedures that are adequate to ensure compliance with these rules and must provide a statement explaining how its operating procedures ensure such compliance,” he said.
These certifications are not filed with the FCC, but rather each carrier must make it available upon request, said David Fiske, director of the FCC’s Office of Media Relations.
In its certification for 2004, Cingular said that all employees who have access to customer data, have outbound marketing responsibilities or are officers of the company completed privacy training by March 2003. Any employee that violates the privacy policies faces disciplinary action including possible termination. Its certification for 2005 has yet to be filed. The other nationwide carriers did not respond to requests for their certifications.
On the legal front, Cingular obtained a temporary restraining order Jan. 13 against two companies it believes have sold mobile-phone records online.
The federal court in Atlanta granted the order against Data Find Solutions Inc. and First Source Information Specialists Inc. Cingular said it believes Data Find Solutions once owned and operated several Web sites, including locatecell.com and celltolls.com, which advertise the sale of cell-phone records. The Web sites are now believed to be owned and operated by First Source Information Specialists.
And last year, Verizon Wireless sued Source Resources Inc. of Cookeville, Tenn., and obtained an injunction barring the company from obtaining and selling customer call records without consent or a court order.
Despite the recent attention over the sale of customers’ cell-phone records, the issue is not new. Rep. Edward Markey (D-Mass.), the author of the provision in the Communications Act that requires carriers to protect CPNI, brought up the issue in November. Markey asked both the FCC and the FTC what they were doing about the problem.
“High-tech hucksters are using the Internet to sell illegally obtained consumer telephone records and I urge the FTC and FCC to step up their enforcement efforts already under way to ensure that consumer telephone records do not become commodities in a cyberspace bazaar,” said Markey in a statement on his Web site accompanying the release of the responses he received from the FCC and FTC.
Markey is the ranking member of the House telecommunications subcommittee.
For its part, the FTC acknowledged that telephone records are afforded less protection than financial records, but the agency said it is considering enforcement actions.
“Although consumer telephone records are not generally covered (by the Gramm-Leach-Bliley Act, which protects financial records), the FTC may still bring a law-enforcement action against a pretexter of telephone records if it has reason to believe that the pretexter’s activities constitute unfair or deceptive practices,” said FTC Chairman Deborah Platt Majoras.
Privacy advocates too have petitioned for stricter rules governing the release of CPNI. The Electronic Privacy Information Center petitioned the FCC last summer to tighten rules to cover third-party data brokers specifically. FCC Commissioner Jonathan Adelstein said last week that the EPIC petition “could be an appropriate vehicle for tightening our rules.”
However, CTIA rallied against the EPIC’s petition, arguing that the cost of implementing such rules would be passed on to consumers.
