Congressional Report Reveals Danger Of Data Brokers

Businesses which obtain the telephone records of individuals ‘for marketing and even for criminal purposes’ have long been a growing problem. Congressional Report Reveals Danger Of Data BrokersBy Cliff Montgomery – Apr. 11th, 2008A March 10th, 2008 Congressional Research Service (CRS) report on data brokers–businesses which obtain the telephone records of individuals “for marketing and even for criminal purposes”–reminds us that our Natural Right to privacy may be breached as much by private entities as public ones.As the statements quoted below from the CRS study make clear, we ignore this danger at our peril:“Telephone records contain a large amount of intimate personal information. Recent years have seen a rise in the use of this information for marketing and even for criminal purposes.”The purchase and sale of telephone record information, therefore, became a booming business. Websites and data brokers claiming to be able to obtain the phone records for any phone number within a few days abounded.”However, the methods by which these data brokers obtained their information came under intense fire from public interest groups concerned about consumer privacy. Consumer groups and news outlets reported that telephone records were being obtained fraudulently by data brokers or other individuals without the knowledge or consent of the customers to whom the records related.”Data brokers are thought to employ three different practices to obtain customer telephone records without the approval of the customer.”The first method occurs when an employee of one of the phone companies sells the records to the data broker.”The second method occurs through a practice called ‘pretexting’, where a data broker pretends to be the owner of the phone and obtains the records from the telephone company under false pretenses.”The third method is employed when a data broker obtains the customer’s telephone records by accessing the customer’s account on the Internet.”In response to increased concern over the unauthorized disclosure of private telephone records, Congress and other regulatory agencies have taken a number of steps to improve the security of this information.”Congress enacted the Telephone Records and Privacy Protection Act of 2006, which makes ‘pretexting’ a federal offense.”In the 110th Congress, bills have been introduced to ensure greater security of phone records.”The Federal Trade Commission has instituted a number of enforcement actions against data brokers.”And the FCC recently amended its regulations governing the disclosure of Customer Proprietary Network Information (CPNI) in an attempt to address the concerns raised by Congress, the Electronic Privacy Information Center (EPIC), and other consumer groups regarding the unauthorized disclosure of such information.”In response to a petition filed by EPIC concerning numerous websites advertising the sale of personal telephone records, the FCC conducted a rulemaking to determine the extent of the problem and construct regulations in response to consumer concerns.”Specifically, EPIC and other commenters pointed out that data brokers advertise the availability of cell phone records, which include calls to and from a particular cell phone number, the duration of such calls, and may include the physical location of the cell phone.”In addition to selling cell phone call records, many data brokers also claimed to provide calling records for landline and Voice over Internet Protocol (VOIP) phones, as well as non-published phone numbers. Data brokers claimed to be able to provide this information fairly quickly, in a few hours to a few days.”Although personal information such as Social Security numbers can be found on public documents, phone records are stored only by phone companies. For this reason, data brokers are alleged to have obtained phone records from the phone companies themselves, albeit [presumably] without their approval.”It is also believed that data brokers had taken advantage of inadequate company security standards to gain access to customer telephone information.”Pretext calling for customer telephone records occurs when the data broker or investigator pretends to be the cell phone account holder, and persuades phone company employees to release the information. The public availability of personal identifiers, like the Social Security number, made it easier for someone to impersonate the account holder to convince the employee that they were the account holder.”For this reason, it was suggested that phone companies cease the use of readily available biographical information, like the Social Security number, for identity authentication.”Telephone companies are encouraging customers to receive electronic statements and to access customer accounts online. Typically, online accounts are set up in advance, to be activated at a later date by the customer.”[But] if someone can figure out how to activate and access the online account of the customer, the call records can be obtained.”Like what you’re reading so far? Then why not order a full year (52 issues) of thee-newsletter for only $15? A major article covering an story not being told in the Corporate Press will be delivered to your email every Monday morning for a full year, for less than 30 cents an issue. Order Now!