RealTime IT News

House Has Eyes on Black Market Data Sites

The House Committee on Energy and Commerce unleashed its full investigative and subpoena powers Friday on online data brokers selling confidential phone records. The panel "demanded" the brokers disclose how they are obtaining the records.

The committee sent demand letters to First Source Information Specialists of Tamarac, Fla., which manages the datafind.org, locatecell.com, celltolls.com, peoplesearchamerica.com sites, and PDJ Services of Granbury, Texas, which operates phonebust.com.

"It is very disconcerting that certain online data broker companies are exploiting consumers' personal records and selling the information to whomever pays for the records," the letters state.

"With the exception of the legitimate activities of law enforcement authorities, who in any event have legal means for acquiring such information, we struggle to find any ethical justification for marketing this data."

First Source is also under a Federal Communications Commission (FCC) citation for failing to comply with an FCC subpoena seeking the same information.

"I can only guess at the excuses that will be offered by people who profit by engaging in an obvious fraud, by invading personal privacy and by assisting criminal behavior," Energy and Commerce Committee Chairman Joe Barton (R-Texas) said at a hearing last week.

The committee wants to know all methods used by the data brokers to acquire the information they sell and if any efforts are made to obtain consent from consumers before selling their confidential data.

In particular, the committee aims to find out if the data brokers' employees pose as telephone company customers in order to seek account information, a practice known as "pretexting."

The telephone carriers maintain their customer records are secure and that the data brokers are obtaining the data through pretexting. Current law contains criminal penalties for obtaining another person's financial records under false pretexts, but similar penalties do not exist specifically for telephone records.

Under the Telecommunications Act of 1996, telephone carriers are obligated to protect the Customer Proprietary Network Information (CPNI) of consumers. The CPNI is considered sensitive personal data, because it includes logs of calls that individuals or businesses initiate and receive on their phones.

In August, the Electronic Privacy Information Center (EPIC) revealed that the carriers' confidential consumer data is available over the Internet. EPIC petitioned the FCC to force the agency to establish stricter rules to protect consumer data.

Since then, the FCC has launched an investigation into the matter, and lawmakers have introduced a raft of bills to curb the practice. The House has already held a hearing and the Senate Commerce Committee has a Wednesday hearing on the matter scheduled.

"In essence, within literally a matter of hours, someone who purchases such information from a data broker Web site can gain unauthorized access to an individual's daily calls and contacts, home and billing addresses, and other valuable confidential information," the House letter states.