It's Official: Pretexting Is Illegal
The controversial practice gained more attention after the HP scandal broke.
President Bush signed a bill last week making a controversial practice known as "pretexting," a federal offense.
The law specifically forbids the act of misrepresentation, impersonation or deception in order to obtain personal telephone information. Just five months ago, pretexting fell into a gray area of the law.
- Government Analytics: Set Goals, Drive Accountability and Improve Outcomes
- 2012 IBM Chief Information Security Officer Assessment
The issue gained national attention when Hewlett-Packard filed a document with the U.S. Securities and Exchange Commission. The computer maker said its investigators had used tactics to find out which members of its board where leaking private company information to the media, which ended up as news reports. The scandal led to testimony before Congress and the resignation of several board members and HP employees.
Several lawyers and private investigators -- including some working for HP when the company obtained journalists' and board members' personal phone records during an investigation into leaks from its boardroom -- said that it was unclear whether pretexting was against the law.
The legal line is clearer now. The text of the Telephone Records and Privacy Protection Act of 2006 now states it is illegal to use fraud in order to obtain billing records and other information phone companies retain on individual customers. Law enforcement officers are exempted but generally need warrants to get the information.
Breaking the "pretexting" law allows for fines and imprisonment of up to 10 years for those who use fraud, deceit, or computer access in a successful or an unsuccessful attempt to obtain, transfer, or disclose phone records without prior customer authorization. It applies to phone and Internet-enabled communications and contains additional penalties for aggravated cases. That covers those engaged in numerous violations, as well as those who use the information to commit other crimes such as stalking, witness intimidation, or crimes against law enforcement.
Emergency services employees as well as telephone service providers are exempt under the U.S. Communications Act.
Last year, several federal agencies and former California Attorney General Bill Lockyer began investigating HP and the tactics used by people working on the company's behalf. Lockyer filed charges saying that investigators, one employee and former board president Patricia Dunn, violated state laws. More recently, federal prosecutors filed felony charges against Bryan Wagner, one of the investigators hired by HP, as a result of an FBI investigation. Dunn and most of the others have denied any wrongdoing. Wagner pleaded guilty to the federal charges. HP settled a civil suit.