03:41 PM
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

Senate Passage Of Phone Records Privacy Bill Likely

Buying, selling, or obtaining phone records without a customer's permission could become a felony if no one in the U.S. Senate objects to a bill that lawmakers have put on a fast track for passage.

Buying, selling, or obtaining phone records without a customer's permission could become a felony if no one in the U.S. Senate objects to a bill that lawmakers have put on a fast track for passage.

The bill, the Telephone Records and Privacy Protection Act of 2006, could pass Friday or in the early morning hours Saturday, when observers expect the Senate to wrap up business for the year. Senate staffers said Thursday their chamber had hot-lined the so-called "pretexting" bill, which passed the U.S. House of Representatives on April 25. That means if no one objects before the close of session, the technology-neutral bill will pass the Senate by unanimous consent.

Pretexting is the term used to describe lying, deceit, or impersonation to obtain private phone records. The issue gained widespread attention when Hewlett-Packard revealed that its investigators had engaged in the practice while trying to pinpoint the source of media leaks from its board. The company, several of its former officials, and investigators are facing civil and criminal charges resulting from the disclosure.

However, several lawmakers and law enforcement authorities were already trying to address the problem when the HP scandal broke. The Chicago Sun-Times revealed that reporters had obtained cell phone records of undercover FBI agents from companies selling the information on the Internet. Law enforcement authorities and lawmakers immediately recognized that the practice opened the way for criminals to gain information about investigations, as well as harm investigators, informants, and others. They also said the practice violated people's expectation of privacy.

"If this were not enough of a privacy violation for the average consumer, the [Senate Judiciary] Committee also learned that criminals were employing these services to learn the identity of undercover law enforcement officers, as well as suspected confidential informants and witnesses," U.S. Representative James Sensenbrenner told his colleagues while urging passage of the bill. "In addition, this practice also endangers victims of domestic violence and stalking, since stalkers and abusers can use cell record information to track a victim's location and associates. Amazingly enough, none of this is clearly illegal under federal law."

In the HP case, California demonstrated states' abilities to prosecute such cases using laws that prohibit impersonation, fraud, unauthorized computer access, and unfair business practices. However, Sensenbrenner, a Wisconsin Republican, said that many "unscrupulous" companies were operating in a gray legal area by obtaining and selling the information on behalf of anyone willing to pay their fees. He introduced a bill that clearly lays out the reasons for its passage.

"The unauthorized disclosure of telephone records not only assaults individual privacy but, in some instances, may further acts of domestic violence or stalking, compromise the personal safety of law enforcement officers, their families, victims of crime, witnesses, or confidential informants, and undermine the integrity of law enforcement investigations," the bill states.

Congress held several hearings on the issue before passing H.R. 4709, which would make it a felony to use pretexting and other means of buying, selling, and obtaining private phone records without a customer's permission.

During the hearings, Congress found that telephone employees were selling data to unauthorized data brokers, data brokers were pretending to be customers in order to obtain the information from phone companies, and people were gaining access to data from the Internet by improperly accessing customer accounts or through data brokers who traffic the records.

The bill allows for fines and imprisonment of up to 10 years for those who use fraud, deceit, or computer access in a successful or an unsuccessful attempt to obtain, transfer, or disclose phone records without prior customer authorization. The bill, which applies to phone and IP-enabled communications, contains additional penalties for aggravated cases. That covers those engaged in numerous violations, as well as those who use the information to commit other crimes such as stalking, witness intimidation, or crimes against law enforcement.

It exempts legitimate law enforcement investigations and emergency services. It also extends the limited exemptions to telephone service providers that are contained in the U.S. Communications Act.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.