Today's Article
Businesses which
obtain the telephone
records of individuals
'for marketing and
even for criminal
purposes' have long
been a growing
problem.
obtain the telephone
records of individuals
'for marketing and
even for criminal
purposes' have long
been a growing
problem.
The American Spark
 |
 |
 |
 |
 |
Congressional Report Reveals Danger Of Data Brokers
By Cliff Montgomery - Apr. 11th, 2008
A March 10th, 2008 Congressional Research Service (CRS) report on data brokers--businesses which obtain
the telephone records of individuals "for marketing and even for criminal purposes"--reminds us that our
Natural Right to privacy may be breached as much by private entities as public ones.
As the statements quoted below from the CRS study make clear, we ignore this danger at our peril:
"Telephone records contain a large amount of intimate personal information. Recent years have seen a rise in
the use of this information for marketing and even for criminal purposes.
"The purchase and sale of telephone record information, therefore, became a booming business. Websites
and data brokers claiming to be able to obtain the phone records for any phone number within a few days
abounded.
"However, the methods by which these data brokers obtained their information came under intense fire from
public interest groups concerned about consumer privacy. Consumer groups and news outlets reported that
telephone records were being obtained fraudulently by data brokers or other individuals without the knowledge
or consent of the customers to whom the records related.
"Data brokers are thought to employ three different practices to obtain customer telephone records without
the approval of the customer.
"The first method occurs when an employee of one of the phone companies sells the records to the data
broker.
"The second method occurs through a practice called 'pretexting', where a data broker pretends to be the
owner of the phone and obtains the records from the telephone company under false pretenses.
"The third method is employed when a data broker obtains the customer’s telephone records by accessing the
customer’s account on the Internet.
"In response to increased concern over the unauthorized disclosure of private telephone records, Congress
and other regulatory agencies have taken a number of steps to improve the security of this information.
"Congress enacted the Telephone Records and Privacy Protection Act of 2006, which makes 'pretexting' a
federal offense.
"In the 110th Congress, bills have been introduced to ensure greater security of phone records.
"The Federal Trade Commission has instituted a number of enforcement actions against data brokers.
"And the FCC recently amended its regulations governing the disclosure of Customer Proprietary Network
Information (CPNI) in an attempt to address the concerns raised by Congress, the Electronic Privacy
Information Center (EPIC), and other consumer groups regarding the unauthorized disclosure of such
information.
"In response to a petition filed by EPIC concerning numerous websites advertising the sale of personal
telephone records, the FCC conducted a rulemaking to determine the extent of the problem and construct
regulations in response to consumer concerns.
"Specifically, EPIC and other commenters pointed out that data brokers advertise the availability of cell phone
records, which include calls to and from a particular cell phone number, the duration of such calls, and may
include the physical location of the cell phone.
"In addition to selling cell phone call records, many data brokers also claimed to provide calling records for
landline and Voice over Internet Protocol (VOIP) phones, as well as non-published phone numbers. Data
brokers claimed to be able to provide this information fairly quickly, in a few hours to a few days.
"Although personal information such as Social Security numbers can be found on public documents, phone
records are stored only by phone companies. For this reason, data brokers are alleged to have obtained phone
records from the phone companies themselves, albeit [presumably] without their approval.
"It is also believed that data brokers had taken advantage of inadequate company security standards to gain
access to customer telephone information.
"Pretext calling for customer telephone records occurs when the data broker or investigator pretends to be the
cell phone account holder, and persuades phone company employees to release the information. The public
availability of personal identifiers, like the Social Security number, made it easier for someone to impersonate
the account holder to convince the employee that they were the account holder.
"For this reason, it was suggested that phone companies cease the use of readily available biographical
information, like the Social Security number, for identity authentication.
"Telephone companies are encouraging customers to receive electronic statements and to access customer
accounts online. Typically, online accounts are set up in advance, to be activated at a later date by the
customer.
"[But] if someone can figure out how to activate and access the online account of the customer, the call
records can be obtained."
Like what you're reading so far? Then why not order a full year (52 issues) of the The American Spark e-
newsletter for only $15? A major article covering an story not being told in the Corporate Press will be
delivered to your email every Monday morning for a full year, for less than 30 cents an issue. Order Now!
By Cliff Montgomery - Apr. 11th, 2008
A March 10th, 2008 Congressional Research Service (CRS) report on data brokers--businesses which obtain
the telephone records of individuals "for marketing and even for criminal purposes"--reminds us that our
Natural Right to privacy may be breached as much by private entities as public ones.
As the statements quoted below from the CRS study make clear, we ignore this danger at our peril:
"Telephone records contain a large amount of intimate personal information. Recent years have seen a rise in
the use of this information for marketing and even for criminal purposes.
"The purchase and sale of telephone record information, therefore, became a booming business. Websites
and data brokers claiming to be able to obtain the phone records for any phone number within a few days
abounded.
"However, the methods by which these data brokers obtained their information came under intense fire from
public interest groups concerned about consumer privacy. Consumer groups and news outlets reported that
telephone records were being obtained fraudulently by data brokers or other individuals without the knowledge
or consent of the customers to whom the records related.
"Data brokers are thought to employ three different practices to obtain customer telephone records without
the approval of the customer.
"The first method occurs when an employee of one of the phone companies sells the records to the data
broker.
"The second method occurs through a practice called 'pretexting', where a data broker pretends to be the
owner of the phone and obtains the records from the telephone company under false pretenses.
"The third method is employed when a data broker obtains the customer’s telephone records by accessing the
customer’s account on the Internet.
"In response to increased concern over the unauthorized disclosure of private telephone records, Congress
and other regulatory agencies have taken a number of steps to improve the security of this information.
"Congress enacted the Telephone Records and Privacy Protection Act of 2006, which makes 'pretexting' a
federal offense.
"In the 110th Congress, bills have been introduced to ensure greater security of phone records.
"The Federal Trade Commission has instituted a number of enforcement actions against data brokers.
"And the FCC recently amended its regulations governing the disclosure of Customer Proprietary Network
Information (CPNI) in an attempt to address the concerns raised by Congress, the Electronic Privacy
Information Center (EPIC), and other consumer groups regarding the unauthorized disclosure of such
information.
"In response to a petition filed by EPIC concerning numerous websites advertising the sale of personal
telephone records, the FCC conducted a rulemaking to determine the extent of the problem and construct
regulations in response to consumer concerns.
"Specifically, EPIC and other commenters pointed out that data brokers advertise the availability of cell phone
records, which include calls to and from a particular cell phone number, the duration of such calls, and may
include the physical location of the cell phone.
"In addition to selling cell phone call records, many data brokers also claimed to provide calling records for
landline and Voice over Internet Protocol (VOIP) phones, as well as non-published phone numbers. Data
brokers claimed to be able to provide this information fairly quickly, in a few hours to a few days.
"Although personal information such as Social Security numbers can be found on public documents, phone
records are stored only by phone companies. For this reason, data brokers are alleged to have obtained phone
records from the phone companies themselves, albeit [presumably] without their approval.
"It is also believed that data brokers had taken advantage of inadequate company security standards to gain
access to customer telephone information.
"Pretext calling for customer telephone records occurs when the data broker or investigator pretends to be the
cell phone account holder, and persuades phone company employees to release the information. The public
availability of personal identifiers, like the Social Security number, made it easier for someone to impersonate
the account holder to convince the employee that they were the account holder.
"For this reason, it was suggested that phone companies cease the use of readily available biographical
information, like the Social Security number, for identity authentication.
"Telephone companies are encouraging customers to receive electronic statements and to access customer
accounts online. Typically, online accounts are set up in advance, to be activated at a later date by the
customer.
"[But] if someone can figure out how to activate and access the online account of the customer, the call
records can be obtained."
Like what you're reading so far? Then why not order a full year (52 issues) of the The American Spark e-
newsletter for only $15? A major article covering an story not being told in the Corporate Press will be
delivered to your email every Monday morning for a full year, for less than 30 cents an issue. Order Now!