Politicians call for better phone record privacy

After disclosures that phone records are for sale online, Congress wants to know if telcos are protecting customers.

Anne Broache Staff Writer, CNET News.com
Anne Broache
covers Capitol Hill goings-on and technology policy from Washington, D.C.
Anne Broache
3 min read
In response to disclosures about phone records being sold on the Internet, politicians want federal regulators to verify that the biggest service providers are adequately protecting their customers' information.

According to a letter (click here for PDF) sent by the chairmen of the U.S. House of Representatives Energy and Commerce Committee, all telecommunications providers must "certify annually" with the Federal Communications Commission that they are in compliance with the federal rules.

The politicians asked the FCC to turn over the latest certifications from the five largest wireless and wireline providers, along with statements from the companies describing "how their internal procedures protect the confidentiality of consumer information." Citing their ongoing investigation about the matter, the legislators imposed a Jan. 30 deadline. The House returns from its winter recess Jan. 31.

The issue of the illicit brokering of phone records has drawn attention recently, with carriers such as T-Mobile, Verizon Wireless and Cingular Wireless and also the state of Illinois filing suits against third-party brokers accused of the practice. On Monday, T-Mobile landed a temporary restraining order, which prohibits at least two companies from directly or indirectly obtaining its customers' information.

It's not entirely clear how Web sites such as Locatecell.com and Celltolls.com obtain logs of calls made by a telephone customer, but some kind of law is probably being broken in the process. Possibilities include a telephone company insider who is bribed for the information, a security breach that's exploited electronically or physically, or "pretexting"--the practice of posing as a customer asking for an e-mailed or faxed copy of a bill.

Locatecell.com was offline Thursday, its site replaced with a message from GoDaddy.com asking the site's owner to call the domain registrar. Meanwhile, Celltolls.com had a note on its site saying that it was not currently accepting queries regarding Cingular Wireless phone numbers.

Members of the U.S. Senate have already taken steps to legislate on the issue. Sen. Chuck Schumer, a New York Democrat, and four colleagues introduced a measure last week that would impose fines and up to five years in prison--or double that in extraordinary cases--for those who knowingly obtained phone records in violation of federal law.

Rep. Joe Barton, the Texas Republican who chairs the House Energy and Commerce Committee, plans to introduce legislation of his own at some point and will likely convene a hearing on the topic in early February, spokesman Terry Lane said Thursday.

FCC representatives did not immediately respond to requests for comment about the letter. But last week, Commissioners Michael Copps and Jonathan Adelstein issued statements that voiced alarm at the reports of illegal records sales. The FCC has launched its own investigation into the matter, they said.

The commissioners also said they'd move more quickly on making new rules for data protection, citing an August petition from the Electronic Privacy Information Center as a catalyst for their work.

Among EPIC's suggestions are limiting retention of records that are no longer needed for billing purposes, encrypting data stored by phone service providers, allowing customers to set passwords on their accounts, issuing notifications if any security breach occurs, and supplying "audit trails" that record whenever a customer's record is accessed.