Congress Mulls Pretexting Laws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

08:00 PM

Congress Mulls Pretexting Laws

Friday's hearing focused on the practice more generally, although several members of the panel mentioned the previous day's hearing, which focused exclusively on HP.

Though nearly every member of a congressional panel investigating Hewlett Packard's role in a pretexting scandal said it is illegal for people to deceive in order to obtain phone records, Congress is considering legislation to make that more clear.

The U.S. House Energy and Commerce Subcommittee on Oversight and Investigation held a hearing Friday that continued to explore pretexting a day after current and former HP leaders testified about the company's role in the practice. HP tried to distance itself from the practice of its investigators, but employees testified under oath that they did not believe the investigators were obtaining people's personal records legally.

Friday's hearing focused on the practice more generally although several members of the panel mentioned the previous day's hearing, which focused exclusively on HP.

Joel Winston, an associate director for the privacy and identity protection division of the Federal Trade Commission requested increased penalties for pretexting. He also requested that law enforcement authorities be allowed to use the practice, though it is unclear why, since law enforcement authorities can subpoena the records if they can show cause.

Federal Communications Commission' enforcement leader Kris Monteith told the panel that the F.C.C. has served about 30 subpoenas on data brokers, charging that they obtain and sell phone records illegally.

Veteran columnist Christopher Byron, a Yale College and Columbia University School of Law graduate, testified about his experience with pretexting in 2002. After Byron wrote a critical piece about a technology company, a phone company representative called his wife to follow up on an earlier call from Byron, who the representative claimed had complained about not getting a phone bill. Byron had not called and later discovered that he had been pretexted.

"To discover that someone has spent weeks trying to obtain access to you and your family's most personal and private records, and finally succeeded at it, is like learning that a Peeping Tom has been spending weeks on end hovering at night outside your bedroom window, watching and videotaping everything that goes on inside" he testified. "And it doesn't end there. When a pretexter goes unpunished, his victims can easily enough start to worry about things that never before concerned them -- things they can ultimately do nothing about except worry even more, until all of life becomes a parade of imagined catastrophes. Is someone reading my mail? Is there a tap on my phone line? A bug in my bedroom?"

Byron said the effects touched his wife and three children and lingered for years.

"Our lives have been convulsed in ways that set our nerves on edge even now, whenever the phone rings unexpectedly or at an odd hour in my home office," he said.

Representatives from Verizon, Cingular and Sprint said that their companies are fighting the practice. In fact, two of the companies filed lawsuits this week against investigators who they allege illegally obtained records as part of HP's quest to identify the source of media leaks. The man identified, former board member George Keyworth denies ever giving reporters confidential or damaging information.

The phone companies cautioned lawmakers not to impose restrictions that would hamper their ability to provide legitimate customers with their own call details. As it stands, most companies request a name, phone number and a social security number in an attempt to confirm the person requesting the records has authorized access to the account. Investigators commonly have access to the personal information and use it to obtain account records.

Members of the committee said that the House could vote soon on a bill that would require phone companies to increase protections and impose harsher penalties on data brokers. The bill, which passed the committee in March but never made it for a full vote on the floor, would allow phone companies and their contractors or partners to be fined up to $300,000 for each time they released records to an unauthorized party.

During Thursday's hearing, several panelists mentioned that efforts to clarify the issue had stalled and questioned HP leaders about whether they had any idea which lobbying firms may have pushed for a hold on the bill. One exchange resulted in an assurance from HP CEO, President and Chairman Mark Hurd vowing to support congressional efforts to pass what lawmakers are referring to as "bright line legislation," which would eliminate apparent confusion about the legality or illegality of the practice.

Current telecommunications and wire fraud laws cover the practice, according to congressional representatives who introduced those laws, but lawyers defending clients accused of pretexting claim that the laws are unclear. The issue has yet to be worked out in the courts.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
IT Spending Forecast: Unfortunately, It's Going to Hurt
Jessica Davis, Senior Editor, Enterprise Apps,  5/15/2020
Helping Developers and Enterprises Answer the Skills Dilemma
Joao-Pierre S. Ruth, Senior Writer,  5/19/2020
Top 10 Programming Languages in Demand Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  4/28/2020
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll