New bill in Congress targets phone record fraud
Congressional panel approves more penalties targeting sales of personal phone records without customer consent.
A new bill called the "Prevention of Fraudulent Access to Phone Records Act" won unanimous approval from the U.S. House of Representatives' Energy and Commerce Committee on Wednesday.
Rep. Jan Schakowsky, an Illinois Democrat who offered some of the language used in the new measure, called pretexters "modern day pirates" for whom "the Internet is their seven seas and consumers' privacy is their booty." Rep. Cliff Stearns, a Florida Republican, called them "cybercreeps."
Those comments were aimed at online brokers engaging in "pretexting"--that is, the act of posing as legitimate customers--to obtain phone records and then sell them on the Web for an average of $100. Locatecell.com and Celltolls.com are two of the companies that have been accused of the practice.
In an odd twist, the 16-page measure, dated March 3, has not been introduced formally. It was unclear which politicians would be its official sponsors, though it includes input from Democratic and Republican committee leaders. Committee Chairman Joe Barton, a Texas Republican, indicated he would soon submit the text and register the committee's stance.
The action came less than a week after House and Senate committees each endorsed proposals that would throw convicted phone record scammers behind bars. Congress in recent weeks has made no secret of its disgust over the activity.
Because the other committees' punishments vary in details, the multiple bills would likely be combined into one package before a floor vote. That's what happened in the case of the Can-Spam legislation, which took aim at senders of junk e-mail, a few years ago.
A portion of the new bill focuses on the Federal Trade Commission, which has for decades enjoyed the power to stop "deceptive" business practices, and already has the authority to target phone pretexting.
The bill approved Wednesday would explicitly define a number of fraudulent actions as falling under the FTC's jurisdiction, including obtaining or attempting to obtain records, causing disclosure or attempting to cause disclosure of records, or directly selling or disclosing that data.
Another section gives instructions to the Federal Communications Commission, which already has the power to fine telecommunications companies that fail to protect the privacy of personal consumer records--and has exercised it amid the recent pretexting buzz.
The FCC would be tasked with devising new security regulations for wireline, wireless and voice over Internet Protocol phone companies. These would include rules such as mandatory encryption or other safeguards for personal data, prompt customer notification of breaches, and logs of requests for customer information. It also calls for tripling the fines the FCC could levy on those companies found to have flouted those new regulations, moving them from $100,000 to $300,000 per offense and imposing a maximum of $3 million for multiple violations.
Like the bills approved by committees last week, this measure carves out an exemption for law enforcement officials, allowing them access to confidential phone records within the confines of "applicable laws."
The committee also approved one amendment to the bill that would bar phone companies from disclosing the wireless phone number of any customer without their express consent. Rep. Joe Pitts, the Pennsylvania Republican who offered the amendment, said the proposal arose from concerns that companies are in the process of compiling a 411-equivalent for wireless numbers, which he deemed "a very serious privacy concern."
CNET News.com's Declan McCullagh contributed to this report