Private Phone Records Sold Online, Privacy Group Complains

The Electronic Privacy Information Center wants telecommunications carriers to do more to prevent customer information from being sold online.

Thomas Claburn, Editor at Large, Enterprise Mobility

August 30, 2005

3 Min Read

The Electronic Privacy Information Center (Epic), an online privacy advocacy group, on Tuesday petitioned the Federal Communications Commission to require that telecommunications carriers establish better policies and procedures to prevent customer billing records from being sold illegally online.

The group's request that the FCC establish stronger security standards governing the release of consumer proprietary network information follows a July 7 complaint against the illegal sale of consumer information by Intelligent e-Commerce Inc.

Intelligent e-Commerce operates, a Web site that advertises the sale of telephone records along with other sensitive personal information. Epic charges that the company is violating the FTC Act, the Telecommunications Act of 1996, and U.S. Postal Regulations.

In an update of a July 7 complaint filed Tuesday, Epic identifies an additional 40 Web sites engaged in the practice of selling telephone records.

The Telecommunications Act forbids telecom companies from using or disclosing consumer proprietary network information without customer approval, unless required by law or permitted by certain exceptions. The data "is protected by statute and regulation," Chris Jay Hoofnagle, Epic's West Coast director, said in a telephone interview. "The problem is, in implementing the regulations, the main concern was marketing use. And the regulations do not adequately address other uses, such as a private investigator calling up and getting the data."

And that's what Epic contends is happening. Just as ChoicePoint Inc. was conned into revealing data to criminals, telephone companies are being duped by social-engineering attacks. "Private investigators are calling up and saying, 'I am the account holder and I didn't get my bill. Can you send me another copy of it?' Hoofnagle explains. "Then out of the fax machine comes the data, and they provider it to the buyer."

If that's the case, telecom companies aren't admitting it. But they insist they're eager to protect customer privacy.

"Our customers' privacy is very important to us," SBC Communications Inc. said in a statement. "We carefully protect the confidentiality of each customer's account and calling information. SBC's Code of Business Conduct prohibits employees from disclosing customer records or customer communications to unauthorized persons."

Asked whether Verizon Communications had encountered these social-engineering attacks, a company spokesman said, "We share our customers' concerns about the protection of data and continually take industry-leading steps in this area. We also continually look at ways to enhance the protection of such data." The company said in a statement that it would file comments about specific steps outlined in the Epic petition when the FCC issues a Notice of Proposed Rulemaking.

Hoofnagle believes the FCC has to do something. "This data can be used to track people, to figure out their associations," he said, "and it's a matter of time before the data is sold to a stalker who harms someone."

That's happened in three well-known cases. Actresses Theresa Saldana and Rebecca Schaeffer were attacked in California by stalkers in 1982 and 1989, respectively. Saldana survived, but Schaeffer was killed. In both cases, the stalkers used information obtained by private investigators. In 1999, Amy Lynn Boyer was killed in New Hampshire by a stalker who found her with the aid of a private investigator.

The domain registrant behind BestPeopleSearch could not be immediately reached for comment because that person has chosen to conceal his or her contact information through a third-party privacy service.

Reached by phone, a customer-service representative at BestPeopleSearch said that Chuck, her boss and the person who could explain how the company obtained its phone billing records, would not be available Tuesday but would call Wednesday. Dutifully protecting his privacy, she declined to provide his last name.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights