| Page 2 of 3 < > |
Online Data Gets Personal: Cell Phone Records for Sale
The only place cell phone call records are kept is with the phone companies.
(By Bebeto Matthews -- Associated Press)
TOOLBOX
   Resize
COMMENT
 Discussion Policy
 CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Who's Blogging  |
Mark Siegel, a spokesman for Cingular Wireless, said his company constantly is on guard against people trying to get at customer information. But he called the acquisition of call records "an infinitesimally small problem" at his firm.
Some experts in the field aren't so sure.
"Information security by carriers to protect customer records is practically nonexistent and is routinely defeated," said Robert Douglas, a former private investigator and now a privacy consultant who has tracked the issue for several years.
Experts say data brokers and private investigators who offer cell phone records for sale probably get them using one of three techniques.
They might have someone on the inside at the carrier who sells the data. Spokesmen for the telephone companies said strict rules prohibiting such activity make this unlikely. But Joel Winston, associate director of the Federal Trade Commission's Financial Practices Division, said other types of data-theft investigations have shown that "finding someone on the inside to bribe is not that difficult."
Another method is "pretexting," in which the data broker or investigator pretends to be the cell phone account holder and persuades the carrier's employees to release the information. The availability of Social Security numbers makes it easier to convince a customer service agent that the caller is the account holder.
Finally, someone seeking call data can try to get access to consumer accounts online.
Telephone companies, like other service firms, are encouraging their customers to manage their accounts over the Internet. Typically, the online capability is set up in advance, waiting to be activated by the customer. But many customers never do.
If the person seeking the records can figure out how to activate online account management in the name of a real customer before that customer does, the call records are there for the taking.
Federal law expressly prohibits pretexting for financial data -- which at one time was a primary means of stealing credit card and other account information -- but does not cover telephone records, which are covered by a patchwork of state and federal laws governing access to personal information.
Some privacy advocates argue that the federal pretexting law needs to be broadened.
At the very least, "there need to be audit trails to detect employee access to this personal information and a data retention schedule that mandates deletion of records" after a certain period of time, said Chris Jay Hoofnagle, West Coast director of the Electronic Privacy Information Center.
