President Bush on Friday affixed his signature to the Telephone Records and Privacy Protection Act of 2006. The measure threatens up to 10 years behind bars to anyone who pretends to be someone else, or otherwise employs fraudulent tactics, to persuade phone companies to hand over what is supposed to be confidential data about customers' calling habits.
Even before Bush's move, federal law banned pretexting to obtain someone's financial records. Some states, such as California, have already outlawed telephone pretexting. But many politicians and consumer advocacy groups urged passage of a federal law to clarify that the practice is illegal.
"Sales of fraudulently obtained phone records flourished because the possibility of criminal prosecution was remote," Rep. Lamar Smith (R-Texas), the bill's original sponsor, said in after the legislation cleared the Senate last month.
Calls for criminalizing such a practice took on renewed urgency last summer afteradmitted that its investigators had used false pretenses to obtain the phone records of journalists, including three from CNET News.com, and board members in an elaborate effort to uncover the source of boardroom media leaks. One data broker hired by HP on Friday to using "fraud and deceit" to nab such records.
The president, who signed the bill along with six other unrelated measures, did not release any comments specific to the antipretexting legislation, a White House spokesman said.
The bill signed Friday was one ofintroduced last year by members of Congress who said they were incensed by reports that ordinary citizens could buy others' phone records online for $100 or less. Most, but not all of the proposals, however, also contained exemptions for law enforcement and intelligence agents, who, according to published reports, have been for their own work.
The U.S. House of Representatives approved the measure that ultimately went to the president's desk in May by a 409-0 vote. But until the Senate's final day in session last December, in part because of disagreements over competing versions of the legislation. Some senators had hoped to impose themselves to protect their subscribers' data, though the industry urged against new regulations, saying it was already taking numerous steps to stave off fraud.
A push for additional legislation could be on the way. In the early days of the new Congress, Sen. Ted Stevens (R-Alaska) reintroduced a bill (click for PDF) designed to require wireless, Internet, and wireline phone companies alike to implement new safeguards against unauthorized access to their customers' records. Among other things, it would also allow consumers to sue those who managed to secure their records without their permission.