Private Phone Records Sold Online, Privacy Group Complains - InformationWeek
04:55 PM
Connect Directly

Private Phone Records Sold Online, Privacy Group Complains

The Electronic Privacy Information Center wants telecommunications carriers to do more to prevent customer information from being sold online.

The Electronic Privacy Information Center (Epic), an online privacy advocacy group, on Tuesday petitioned the Federal Communications Commission to require that telecommunications carriers establish better policies and procedures to prevent customer billing records from being sold illegally online.

The group's request that the FCC establish stronger security standards governing the release of consumer proprietary network information follows a July 7 complaint against the illegal sale of consumer information by Intelligent e-Commerce Inc.

Intelligent e-Commerce operates, a Web site that advertises the sale of telephone records along with other sensitive personal information. Epic charges that the company is violating the FTC Act, the Telecommunications Act of 1996, and U.S. Postal Regulations.

In an update of a July 7 complaint filed Tuesday, Epic identifies an additional 40 Web sites engaged in the practice of selling telephone records.

The Telecommunications Act forbids telecom companies from using or disclosing consumer proprietary network information without customer approval, unless required by law or permitted by certain exceptions. The data "is protected by statute and regulation," Chris Jay Hoofnagle, Epic's West Coast director, said in a telephone interview. "The problem is, in implementing the regulations, the main concern was marketing use. And the regulations do not adequately address other uses, such as a private investigator calling up and getting the data."

And that's what Epic contends is happening. Just as ChoicePoint Inc. was conned into revealing data to criminals, telephone companies are being duped by social-engineering attacks. "Private investigators are calling up and saying, 'I am the account holder and I didn't get my bill. Can you send me another copy of it?' Hoofnagle explains. "Then out of the fax machine comes the data, and they provider it to the buyer."

If that's the case, telecom companies aren't admitting it. But they insist they're eager to protect customer privacy.

"Our customers' privacy is very important to us," SBC Communications Inc. said in a statement. "We carefully protect the confidentiality of each customer's account and calling information. SBC's Code of Business Conduct prohibits employees from disclosing customer records or customer communications to unauthorized persons."

Asked whether Verizon Communications had encountered these social-engineering attacks, a company spokesman said, "We share our customers' concerns about the protection of data and continually take industry-leading steps in this area. We also continually look at ways to enhance the protection of such data." The company said in a statement that it would file comments about specific steps outlined in the Epic petition when the FCC issues a Notice of Proposed Rulemaking.

Hoofnagle believes the FCC has to do something. "This data can be used to track people, to figure out their associations," he said, "and it's a matter of time before the data is sold to a stalker who harms someone."

That's happened in three well-known cases. Actresses Theresa Saldana and Rebecca Schaeffer were attacked in California by stalkers in 1982 and 1989, respectively. Saldana survived, but Schaeffer was killed. In both cases, the stalkers used information obtained by private investigators. In 1999, Amy Lynn Boyer was killed in New Hampshire by a stalker who found her with the aid of a private investigator.

The domain registrant behind BestPeopleSearch could not be immediately reached for comment because that person has chosen to conceal his or her contact information through a third-party privacy service.

Reached by phone, a customer-service representative at BestPeopleSearch said that Chuck, her boss and the person who could explain how the company obtained its phone billing records, would not be available Tuesday but would call Wednesday. Dutifully protecting his privacy, she declined to provide his last name.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Tech Vendors to Watch in 2019
Susan Fogarty, Editor in Chief,  11/13/2018
Getting DevOps Wrong: Top 5 Mistakes Organizations Make
Bill Kleyman, Writer/Blogger/Speaker,  11/2/2018
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Register for InformationWeek Newsletters
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll