News
News
8/30/2005
04:55 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Private Phone Records Sold Online, Privacy Group Complains

The Electronic Privacy Information Center wants telecommunications carriers to do more to prevent customer information from being sold online.

The Electronic Privacy Information Center (Epic), an online privacy advocacy group, on Tuesday petitioned the Federal Communications Commission to require that telecommunications carriers establish better policies and procedures to prevent customer billing records from being sold illegally online.

The group's request that the FCC establish stronger security standards governing the release of consumer proprietary network information follows a July 7 complaint against the illegal sale of consumer information by Intelligent e-Commerce Inc.

Intelligent e-Commerce operates BestPeopleSearch.com, a Web site that advertises the sale of telephone records along with other sensitive personal information. Epic charges that the company is violating the FTC Act, the Telecommunications Act of 1996, and U.S. Postal Regulations.

In an update of a July 7 complaint filed Tuesday, Epic identifies an additional 40 Web sites engaged in the practice of selling telephone records.

The Telecommunications Act forbids telecom companies from using or disclosing consumer proprietary network information without customer approval, unless required by law or permitted by certain exceptions. The data "is protected by statute and regulation," Chris Jay Hoofnagle, Epic's West Coast director, said in a telephone interview. "The problem is, in implementing the regulations, the main concern was marketing use. And the regulations do not adequately address other uses, such as a private investigator calling up and getting the data."

And that's what Epic contends is happening. Just as ChoicePoint Inc. was conned into revealing data to criminals, telephone companies are being duped by social-engineering attacks. "Private investigators are calling up and saying, 'I am the account holder and I didn't get my bill. Can you send me another copy of it?' Hoofnagle explains. "Then out of the fax machine comes the data, and they provider it to the buyer."

If that's the case, telecom companies aren't admitting it. But they insist they're eager to protect customer privacy.

"Our customers' privacy is very important to us," SBC Communications Inc. said in a statement. "We carefully protect the confidentiality of each customer's account and calling information. SBC's Code of Business Conduct prohibits employees from disclosing customer records or customer communications to unauthorized persons."

Asked whether Verizon Communications had encountered these social-engineering attacks, a company spokesman said, "We share our customers' concerns about the protection of data and continually take industry-leading steps in this area. We also continually look at ways to enhance the protection of such data." The company said in a statement that it would file comments about specific steps outlined in the Epic petition when the FCC issues a Notice of Proposed Rulemaking.

Hoofnagle believes the FCC has to do something. "This data can be used to track people, to figure out their associations," he said, "and it's a matter of time before the data is sold to a stalker who harms someone."

That's happened in three well-known cases. Actresses Theresa Saldana and Rebecca Schaeffer were attacked in California by stalkers in 1982 and 1989, respectively. Saldana survived, but Schaeffer was killed. In both cases, the stalkers used information obtained by private investigators. In 1999, Amy Lynn Boyer was killed in New Hampshire by a stalker who found her with the aid of a private investigator.

The domain registrant behind BestPeopleSearch could not be immediately reached for comment because that person has chosen to conceal his or her contact information through a third-party privacy service.

Reached by phone, a customer-service representative at BestPeopleSearch said that Chuck, her boss and the person who could explain how the company obtained its phone billing records, would not be available Tuesday but would call Wednesday. Dutifully protecting his privacy, she declined to provide his last name.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.